Thoughts on privacy

Much of the current debate over privacy concerns focuses on paper tigers. The real problems are more about accountability and confusing identity with authorization.Businesses should be accountable for how they use my information. This lets you track down where the junk mail came from and ask them to stop. Governments should be accountable, too. This prevents "Big Brother" type scenarios. Accountability should be completely two-way: if some company knows my home address and phone number, then I should be able to easily find out the address and phone numbers of the managers & executives in the company. Basically, I'll show you mine if you show my yours. At that point I don't care if you know where I live or what my favorite color is, because I can find out the exact same information about you.

The lack of good authorization is masquerading as a privacy issue. Why are people concerned about the privacy of their Social Security Number (SSN) or their mother's maiden name? It's because of the rising occurrence of identity theft where people with bits of information like these can get credit cards in your name and run up bills in your name. They can also get things like driver's licenses which combined with credit cards let them commit crimes in your name. The problem is that prior to the information age we're living in now things like your SSN were hard for other's to discover. So companies used your SSN as a form of authorization. As far as the company is concerned, if the person on the other end of the phone knows your SSN then that's good enough for the company. The fundamental problem is things like your SSN are about identity, not authorization. Just because someone identifies them self as me (with an SSN) doesn't mean that a bank should go ahead and issue a credit card. Instead the bank should require authorization before issuing the credit card. With the free flow of information, previously obscure bits of identity like your SSN are no longer a good form of authorization. Companies should be using more secure forms of authorization like passwords and biometrics (e.g. fingerprints). At that point it doesn't matter if you know my social security number because that won't let you get a credit card in my name.

The problem with too much privacy is that it cuts both ways. When governments, companies, or powerful individuals have too much privacy it's easier for them to commit atrocious acts secure in the knowledge that their privacy means they may never be held accountable for their actions.

Many of my ideas and opinions about privacy have been influenced by David Brin. Although he's more well known as a science fiction writer, he's recently published The Transparent Society, a non-fiction book about privacy issues. You can read the first chapter online.

Leave a Reply

Your email address will not be published. Required fields are marked *