Communications - June 2008

In democratic societies, citizens’ behavior is unduly
restrained if they fear being watched at every turn.

and participating in online parent-support social networks and chat rooms. She then applies for a job and is rejected, suspecting it’s because a background check identified her Web activities and flagged her as high risk for expensive family health costs.

Such tales are offered to support the argument for Web privacy. Did, say, the online bookstores assert that the titles of Alice’s purchases would be kept confidential? Did AOL promise never to release information about her online searches? Did the chat service guard against lurkers in the chat room, recording the names of every participant? A policy regime based on information hiding would focus on these potential acts of data release, perhaps even taking the position that it is Alice’s own personal responsibility to inform herself about the privacy policies of Web sites before using their services. This focus is misplaced. The actual harm was caused not by the disclosure of information by the bookseller, AOL, or chat service, but by the decision to deny Alice the job, that is, by the inappropriate, discriminatory, and possibly illegal use of the information. It is quite conceivable that Alice wants to be publicly identified as someone with an interest in her child’s illness. Forcing her to hide it to protect herself against improper information use significantly limits her ability to exercise her right to freedom of association. Rather, Alice (and everyone else) should be able to live in an online environment that provides transparent information use and accountability to rules that limit the harmful use of personal information.

COPYRIGHT

Looking into copyright and government surveillance reveals deficiencies in the reliance on information hiding as a policy tool. In the copyright context, information hiding commonly takes the form of digital rights management (DRM). As with personal privacy, locking up information is extremely difficult, and efforts at up-front control over the information flow results in user frustration and substantially imperfect security. This is a lesson that even the most ambitious online businesses have learned. For example, in early 2007, Apple CEO Steve Jobs wrote that DRM has not worked nor is it

ever likely to work [ 5]. Soon thereafter, Apple changed the way it sells music online by offering a higher-priced version of its download service unencumbered by DRM. Apple now implements a basic form of information accountability. The newly unlocked tracks include the purchaser’s name and other personally identifying information. That way, if he or she shares the purchased music with, say, a hundred million closest friends through the Internet, the purchaser could be held accountable.

The Creative Commons, another approach to online copyright protection, likewise does not rely on up-front enforcement of licenses. Rather, its architecture, based on rights expression, not access restriction, recognizes the value of having information flow freely around the Internet but still seeks to impose certain restrictions on how the information is used.

GOVERNMENT DATA MINING

Recent government use of advanced data mining techniques is another example of the deficiency of access-control and collection-limitation approaches to privacy compliance on the Web. Laws that limit access to information do not protect privacy here because so much of the data is publicly available. To date, neither law nor technology has developed a way to address this privacy loophole [ 2].

Airline passenger screening by law enforcement and national security agencies illustrates the growing complexity of information handling and transfer. Society may be prepared to accept (and even expect) national security agencies to use aggressive data mining techniques over a range of information in order to identify potential terrorism risks. But citizens find it unacceptable to use the same information with the same powerful analytic tools to investigate domestic criminal activity. Therefore, we need rules in the U.S. (and globally) that address the permissible use of certain classes of information, in addition to simple access and collection limitations.