[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Jamming and privacy problem



The emissions tracking proposal might have another sort of relevance to
cryptography.  Assuming (it's a big assumption, but entertain it for a
moment) that we agree that some type of automatic enforcement mechanism
for emissions-based repairs were a good thing, how could it be built
without identifying any individuals to the authorities?  What I find so
utterly over-the-top about the ARB proposal is that it is capable of
maintaining records on everybody everywhere, whether they are violating
any laws or not.  Of course they'll promise to protect privacy, and they
may even promise not to capture any records for people whose emissions
fault codes come up clean (though they say nothing about this in the RFP).
But such assurances would be nonsense, since once the system is in place
a simple software change would cause the system to revert back to the
total-surveillance functionality described in the RFP.  The key, then,
is designing systems so that simple software changes under the control
of the authorities can turn them into instruments of oppression.  This
design consideration is hard to even formulate accurately in the context
of traditional system design methodologies, which assume that everything
in sight comes with identifiers and that *the* way for a system to relate
to something is to represent it in terms of those identifiers.  Digital
cash and other such schemes are so profound precisely because they break
with this underlying assumption, forcing systems to think thoughts like
"this person (whoever s/he may be) has paid $1 to travel on this road",
"this person (whoever s/he may be) is eligible for an upgrade to first
class", "this person (whoever s/he may be) is obeying emissions laws",
and so on.  Philosophers and linguists call these "indexical" (or, more
precisely, "deictic") because they identify an individual contextually
without appealing to a name or other universal identifier.

Phil