Last night I had the pleasure of having dinner with several members of the local free unix group. While the conversation was interesting, stimulating, and extraordinarily geeky, a particular exchange struck a chord with me.
We were discussing opportunistic encryption and how, despite its shortcomings, it’s still better than nothing (( For example, STARTTLS for SMTP offers no protection from a man-in-the-middle attack, as certificates are not checked against a list of trusted authorities. However, this is no different than if the message was sent over an unencrypted link, but STARTTLS offers protection against passive wiretapping. )). Several of us lamented that implementing strong security is often hard, and usually beyond the abilities of most average users. Thus, having opportunistic encryption on the server end (e.g. having webmail, IMAP, POP, SMTP, etc. connections use SSL by default) can often add security to an otherwise insecure connection without needing any action on the user’s part.
One of the other folks at the meeting mentioned that if we had a completely open, transparent society, then we wouldn’t need to worry about such security, as there’d be no secrets to protect.
An interesting concept, to be sure, but not one I can really see taking off; people have too many secrets.
Perhaps it’s not secrets on the scale of nuclear weapon schematics, orders of battle, or other secrets of that magnitude, but most people have information that they either wish to keep to themselves or share with a limited number of people without that information being known to the general public: medical records, business plans, love letters, financial information, etc. Most people have a reasonable belief and expectation that their phone calls and emails are private, even though such communications are almost always insecure. This, I think, needs to change — private citizens need more control over their personal information, particularly when their information is stored and transmitted by third parties.
Take, for example, Facebook: people post an enormous amount of personal information to Facebook on a daily basis, and feel comfortable doing this because Facebook allows various degrees of control over who can access that information (( Of course, that information can always be re-published by users who are authorized to see it, or through security breaches and other nefarious methods.)). Whether or not they should feel comfortable posting personal information online is an entirely different matter, but users do have some degree of control over their information and they can choose to not post their information in the first place.
On the other hand, look at ChoicePoint. They gather information from a huge variety of services, collect it, and sell it. The amount of data they store is staggering. There’s a lot of issues with ChoicePoint which, to me, relate to control of information: private citizens are not ChoicePoint’s customers, and have no leverage or ability to change the information collected or stored by the company. Once the company has the information, they’re unlikely to let it go.
As a personal example, I recently moved from Tucson to another city in Arizona to live with my wife. I filled out the change-of-address form with the USPS. She filled out the forms with various government agencies to change her last name after the wedding. Suddenly, we’re bombarded with mail saying, in general, “Welcome to the neighborhood, [last_name] family! Here’s [various_commercial_offers] for new residents!” She’s lived at that address for years. We don’t want this crap, nor did we sign up for it, yet our names and addresses have become public record by the simple act of changing my address and her changing her last name. At the very least, there should be a means of preemptively opting-out from the disclosure of this information to entities outside the post office and government. Same thing with voting records — evidently voter registration information is public, including one’s name, address, and telephone number (I’m not sure about political affiliation, but I wouldn’t be surprised if it were public.). Every election cycle, we get bombarded with?political?mailings and phone calls, with no means of opting-out from them.
My wife and I have no problem with certain information being used for legitimate purposes. For example, the post office needs to know my new address so they can forward mail. This is fine. The Social Security Administration and Motor Vehicles Department need to know that my wife changed her last name. That’s also fine. We even understand that credit and insurance companies need to have some means of evaluating how much of a risk a potential customer might be, and that some information must be shared (( Though it’d be nice if information-sharing was prohibited by default, and that one would need to authorize an individual company before they’d have access to the information. Of course, a creditor would rightly refuse to offer credit to someone unless the individual authorized that company, but right now that data is basically free-for-all.). But we do have major problems with a lack of control over personal information.
In short, the default state for information relating to private citizens should be “private”, and individuals should have the ability to control the distribution of their personal information. Basically, it’d be nice to have Fourth Amendment-type protections against corporations, as well as government. Cryptography only goes so far, but it can help.
Public companies and governments, on the other hand, are a completely different matter. With certain limitations (trade secrets, legitimate national security interests, etc.), I think that information should be open and transparent to the public, particularly when an organization interacts with private citizens or their personal information.