[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Third generation privacy



> Date:          Mon, 11 Dec 1995 15:50:23 -0500
> To:            [email protected]
> Subject:       Third generation privacy
> From:          [email protected] (tallpaul)

> On Dec 11, 1995 13:07:22, '"Ed Carp ([email protected])" 
> <khijol!netcom.com!ecarp>' wrote:  
>   
> >Another, not-so-obvious reason to encrypt stuff, especially stuff   
> >that goes out over the net, is that folks can suck your email off the   
> >net and gather all sorts of useful information.  This has all kinds   
> >of annoying implications, especially for people who gather   
> >demographics and other data for constructing email lists for sale.  
> >  
> >-- short ed  
>   
> Another related issue is what I'll call "third generation" privacy. This 
> exists when I want privacy not for myself or even the person with whom I'm 
> communicating but to protect the privacy of innocent third parties. E.g.:  
>   
> Grandpa is getting senile and I'm communicating with a second family member
> 
> on how we should handle the problem;  
>   
> My friend Jane was just raped and I'm communicating with a mutual friend 
> about how we can help her.  
>   
> The anti-freedom forces have tried to define the parameters of the debate 
> inside the boundaries of the "four horsemen." We need to understand that we
> 
> do not have to remain within those false boundaries and, in fact, it is 
> very good not to.  

I run a sexual abuse survivor server, in which issues like these 
arise almost daily.  Anonymity and privacy are very important issues 
for these folks - for some of them, their survival depends on it 
(whether or not this is a provable issue is irrelevent).  I try, as 
best as I can, to provide an environment that encourages trust and 
openness by discouraging cheating - but the fact remains that 
people's trust in the server and the services it provides is a 
function of people's trust in *me*.  It would be, as Doyle might say, 
"simplicity itself" to violate people's privacy by reading their 
email, or watching their screen as they type, and I'd like to *not* 
have that ability, but the fact remains, I do.

I wish it weren't so - people should be able to have a place to go 
whereby their anonymity and privacy can be guaranteed, without having 
to trust the operator at all.  Zero-knowedge protocols can help, I suspect, but 
the fact remains that they have to trust *me* at some point in the 
process, much as people have to trust the folks running First Virtual 
and the other people doing the digicash thing.

I think that Pegasus with PGP will go a long way towards helping.  If 
someone is just using the server to store encrypted email and route 
end-to-end encrypted packets, then I'm "out of the loop" so to speak, 
and can concentrate on providing a common carrier service iostead of 
having the risk associated with being a publisher.  Most of these 
folks who use my server are pretty "computer illiterate" - the fact 
that some of them can even log in and send email is a miracle - no 
slight intended.  The point is, they need a *simple* solution to that 
privacy problem.

By the way, there's a well-known anonymous server whose operator does 
*not* have the same viewpoint, and considers himself a publisher, but 
doesn't recognize the inherent associated risks.  To him, people are 
using his system, and so he has the right to "see what goes through 
his system."  To me, this places both himself and the people who 
use his server at grave risk.  He is setting himself up for a massive 
court fight, and they are setting themselves up to having their 
privacy being violated.  I'd rather not take the risk, myself, but I 
suppose he has nothing better to spend his money on than lawyers.