So, I'm cheating a bit. This is not a proper book, but rather a series of lectures wrapped in an audio-book (the course material just happens to be a 198 pages PDF, so one might use that excuse too to call it a book) . At any rate, the surveillance state, big data freedom and you is a rather interesting listen. It's an introductory course to software security and privacy, but unlike many others, this book approaches the topic with the goal of covering the legal concerns, as well help the audience to understand why the subject is a complex one and how every choice made by a legislator is a choice of a specific balance between civil rights (that might conflict within themselves), safety & security, and technical soundness.
The "book" is comprised of 24 lectures, so I'll skip my usual chapter-by-chapter summary, and just go over some of the points that got my attention.
The first one is the claim that there's a trade-off between the government ability to protect its citizens, and its ability to track everyone, everywhere. This dichotomy sounds simple at first - of course we want our government to know where the terrorists are planning to plant a massive bomb, but even without going the length that Bruce Schneier does and claiming that this is a false trade-off, this book does raise the problems in this approach: Would we be as comfortable to allow complete surveillance in order to catch a drug deal? and tax evasion? Currently, we are willing to allow our government to invade our privacy only for certain reasons, and the fact that much of reality is moving to the cyber-space is changing what privacy means and how difficult it is to separate between "legitimate" invasions (such as espionage, counter terrorism and general anti-crime operations) and liberty limiting surveillance is becoming more difficult (there isn't a separate communication network for terrorists - they are using the internet, same as everyone else).
Another point I have not considered before was the necessity of some measure of transparency in order to have a meaningful policy discussion. The most obvious reason being that without it, the policy does not matter. However, transparency should also be limited in this game of balance - some actions are becoming ineffective when they are known to the target (wiretapping, for instance) and in other cases, just exposing that a nation has a certain capability is enough to thwart it (Today it is common practice to leave cell-phones out of top secret bases since the ability to track them is well known). A nice way to compromise for that sort of problems is to appoint an overseeing body of a sort, but one thing I gleaned between the lines was that protecting insiders who expose malpractice, since this observation mechanism is, in itself, something that needs to be checked.
I mentioned the word "privacy" once or twice already in this post, and this leads me to a question - what is privacy? In the 8th chapter (or lecture), the professor, Dr. Paul Rosenzweig, is mentioning that there's a need for a new concept of privacy. While he's not using those words himself, he's saying that the big data revolution has killed privacy. Since there is truth to that, he suggests a different was of looking at privacy - Since preventing collection and retention of data is not an option when it is the same data that also enables services we actually want, redefining privacy is what we can do to adjust to this new world we live in. He uses a definition I'm uneasy to accept, and for a reason I simply reject. He suggests that the limitations we set to protect this new type of privacy would be there to prevent use of data in a way that would cause some "actual harm to an individual". I reject this, because showing "actual harm" is difficult, and it's easy to brush aside non-bodily harm as "negligible". The chilling effect caused by the eye in the sky? "Oh, that's not actual harm, is it? everyone else agrees... ".
Privacy, for prof. Rosenzweig is "a desire for the independence of personal activity. a form of autonomy". This sort of 'autonomy' can then be protected in many ways - secrecy (for instance, no one knows who you voted for), direct protection on action (you are allowed to practice any religion you'd like) and anonymity - where our actions are not hidden, but they are, generally, stripped of consequence because the action is not linked to us in the relevant circles where this sort of link would cause us harm. For instance - a teenager buying condoms would very much like hiding it from their family and classmates, but might not mind the clerk or the other strangers in line having the same information. Or, in his words - "Even though one's conduct is examined routinely and regularly, nothing adverse should happen to us without good cause".
Personally, I prefer seeing privacy in simpler terms - privacy for me means that I can limit the knowledge about myself or my opinions and activities and to some extent, control who it will be visible to. I do not expect nor have complete privacy, and many bits of "my" data have different levels of privacy, but I believe we need to create a vocabulary that would help us identify the level of privacy I have for each such detail, and debate what it the appropriate level. For me, privacy is meant first and foremost to allow a person to save face. Avoiding additional harm is also desirable, but can be achieved by rules prohibiting some behaviors. In that sense, I think I agree more with the sentiment behind the GDPR principles, and why I really like the "right to be forgotten".
There's a lot more going in this course, and the more tech-oriented people might notice some inaccuracies or broad generalizations when the professor is explaining technology, but that's ok - it's a course about policy making.
The last section is a call for action - to participate in the public debate around privacy and help define boundaries and set up the grounding for the legislation to come. After starting with a claim that technological advancement always will be ahead of laws and policies, I completely agree - public discussion is probably the one way we can catch up on some of that gap, and even set the direction technology will be moving forward.
No comments:
Post a Comment