I was just roaming the internet for some interesting reads and I came across this very interesting paper about how to define a legal framework for the "reasonable expectation of privacy" when it comes to our new cyber-existence. I thought I'd share it with you guys, and see what you think about agencies being able and allowed to collect and analyse huge amounts of data about any individual they like.

The main point of the article is that the conventional wisdom that says that when you roam outside, in public places, you can't expect privacy (i.e., people (incl. authorities) could be watching what you do) doesn't work when it comes to roaming the cyber-world (visiting sites, blogging, chatting, posting on forums / leaving comments / tweeting, etc.) because, in that world, people can collect and analyse all of your actions (past and present) as a whole and this way, they can infer so much about who you are, what you do, who you associate with, what your views are, etc..., that it amounts to things that anyone would consider to be their "private business". And in most countries, private citizens (and by extension, companies) are not allowed to look into other people's "private business" too much (i.e., it's illegal, and usually a felony), and authorities are not allowed to do that either unless they can show "probable cause" and obtain a warrant.

Currently, many agencies and private companies are taking huge liberties in this regard, enjoying the legal void and the lack of any serious policy to guarantee people's right to privacy, to do anything from customer profiling (to drive product suggestions and ads) to full-blown cyber-espionage.

What are your opinions about this?
Do you expect your cyber-activities to be private?
If not, what about the sum of all your cyber-activities and all the information that can be inferred from that?
Can you think of a practical way to guarantee people's right to privacy in this information-rich environment?
If information collection and analysis needs to be controlled, what does that imply for internet freedom and net-neutrality?

Recommended Answers

All 78 Replies

I expect certain things to be private. These are typically communications with financial institutions via https. I assume that everything else is, or could be, public. I assume that every email, every phone conversation (land line or cell), and even every snail mail letter can be laid open for examination by some person or agency. If I really need to communicate securely it's either face to face or encrypted email. But to be honest, most of what I say is not worthy of scrutiny.

The problem comes when the data or information collected id mis-interpreted.
Lets say you read a news article about an 'urban terrorist' who just blew up a supermarket using a home made device, and the article mentions how the guy got the recipe for the device on the internet. Now, being a curious and cynical chap, you think 'no way!', and proceed to test this out by googling 'Bomb making' or something equally as stupid.
The next thing you know is Swat is battering down your door, and you are hauled off in chains, or worse shot because you twitched when they told you not to.
Do 'they' filter all this information, or do they act on it all?
I concur with Rev Jim that nothing I say is worthy of scrutiny, but I am careful with Internet searches!

The other day I was looking for piano scores on the web, just looking, not buying or free downloading. (I have enough piano scores for my two left hands to bother about hé,hé ) I next went to a weather site and it struck me that I was suddenly overwhelmed with piano buying adds on that weather site. Now I have no problem if the whole world knows I'm a bit of a piano player( well I try :) ), but as TonyG cyprus mentions I would not like to be known as as bombmaker. But as in real live I'm not going to look for weapons, illegal drugs etc., I'm surely not going to do that on the web. So as far as me is concerned, everything I've put on the web may be seen by everybody, but please think twice before you put it there. The traces you leave (even this post) can have a long survival time.

Jim: But to be honest, most of what I say is not worthy of scrutiny.
..
ddanbe: But as in real live I'm not going to look for weapons, illegal drugs etc., I'm surely not going to do that on the web. So as far as me is concerned, everything I've put on the web may be seen by everybody.

I always feel a bit queezy when I hear what is essentially the "it's OK cause I have nothing to hide" argument. Why do people have opaque walls to their houses, why do they put up curtains, why do they surround their property with a fence or bushes, if they truly consider that it is OK for other people to know everything that they do, since they got nothing to hide. I think that equating the need for privacy with the desire to hide your criminal activities is a false equivication.

First, it generally makes the assumption that the only reason why anyone might look into your private business is to discover criminal activity. The reason there are warrants is because the law is structured as: if you want to look into someone's private business to discover criminal activity you suspect, then get a warrant, if you have any other reason to look into someone's private business and you do so, be prepared to go to jail. That's how the "it's OK cause I have nothing to hide" perspective is resolved by the law and how it has been in one form or another since at least the Magna Carta, and certainly every legal document since. In the current state of affairs, in the cyber-world, things are reversed, i.e., anyone can look into anyone's private business as much as he likes, for whatever reason (incl. no good reason), and the only "protection" is anonymity (not in the sense of hiding your identity, but in the sense of being just another ordinary unknown person that is "not worthy of scrutiny"), but that's quite a weak protection.

Second, what is criminal activity? For instance, I'm sure we all know about the current signature drone strike policy of the US, where associating with suspicious groups or expressing "terrorist" opinions is taken to infer that the person in question is "dangerous" and it is considered sufficient grounds to order a strike on them. Even putting aside the fact that this is execution without a trial, it also creates the precedent that some kinds of associations and some kinds of speech can be considered criminal activity, R.I.P. free-association and free-speech. The point is that the label of "criminal" is very flexible, and one's privacy rights, a corollary of personal sovereignty (i.e., free-will), is one of the last lines of defense against abuses in other realms, such as redefining what is and isn't criminal. This is exactly why, in Orwellian stories (1984, V for Vendetta, etc.), the deprivation of privacy plays a central role, i.e., one of the key features of the tyranical system is to deny people any kind of privacy (surveillance system, the 1984 "Thought Police", etc.), and in all cases, the protagonist's first act of rebellion against tyrany is an assertion of privacy (and unsurprisingly, in all those regimes, seeking privacy is, by itself, a criminal / treasonous / rebellious act, under a direct application of the "it's OK cause I have nothing to hide" doctrine).

Third, you guys have really exemplified well what it means to forget what liberty is. If, out of pure curiosity, I am interested in how bombs are made, or in learning about the rhetoric spewed by jihadist imams, or in various kinds of weapon technology, why should I restrain myself from making google searches on those topics under the silent threat of being flagged as a dangerous or criminal individual (and be put under watch or worse). The very concept of liberty is that as long as your activities are legal (according to the laws you and your fellow country-men have agreed to), you do not have to worry or censor your actions or speech. Self-censorship in the presence of over-reaching surveillance systems is not the behavior of a free man.

I'm quite astounished actually that you guys would seem to challenge the premise, i.e., the right to privacy, rather than the subject, i.e., how to define and protect privacy rights in the "Turing Era".

The problem comes when the data or information collected is mis-interpreted.

I would say, mis-interpreted and mis-used. There have been countless incidents already of collected information being used for digging dirt on political candidates, for assessing the "moral character" of prospective employees, or for putting forth "character evidence" in the context of a trial (e.g., Trayvon Martin vs. Zimmerman). In such an information-rich environment, it is incredibly easy to destroy someone's character by grabbing bits of information here and there and create a mosaic that paints a very poor picture of the person, and it often diverts attention from the more substantial issues or evidence. For example, based on my past posts on Daniweb alone, one could probably paint a reductionist picture of me as an "evil godless communist", although I don't think anyone who knows me would describe me as such. And I'm sure you guys could be made to fit into similar reductionist pictures just as easily, depending on the agenda of the person who seeks to profile you.

I think this is one of the main dangers. As the author of the article points out, the accumulation of all the bits of data about a person can be used to construct a very complete mosaic picture of the person, which is already bad enough from a right to privacy perspective, but I think an even greater danger is in the ability to filter that collection of data in a way that the resulting mosaic paints a very skewed picture.

Then, add a time component to that and things are even worse. Today, we have the younger generation completely plugged-in and leaving a rich trail of information on the web. If I had to defend, today, all the opinions and dubious interests / activities that I have expressed or engaged in as a stupid teenager / young-adult, I wouldn't be able to, and you can't reasonably ask teenagers and young-adults today to censor themselves or dim down their enthusiasm in anticipation that they might later regret or have to justify the trail they've left behind in the cyber-world.

I expect certain things to be private. These are typically communications with financial institutions via https. I assume that everything else is, or could be, public.

Yeah, I understand that, but the interesting issue is about the sum of all things you expect to be public, do you expect that sum to be private? Because any one element that you expect to be public (e.g., this Daniweb thread, or an email communication) is generally inconsequential by itself, the sum of them can be substantial and furthermore can be twisted to mean just about anything. If someone has a reason to want to destroy your character (e.g., in a political race, in a court of law to attack your credibility or moral-fiber, in a job setting to try and get you fired such that they can take your place, etc.), then they can very easily do so with the existing (semi-)open databases and web-crawling tools.

And btw, communications via a secured (encrypted) channel only means security from malignant interception (when I mean private / public I don't mean "subject to malignant interception", only in terms of official legitimate data collection agencies and databases). But most financial data is not really private (except, of course, credentials that allow you to access your accounts). That data travels a lot, and you certainly can't expect that data to be private, nowadays. One of the last bastions of privacy-protected data are medical records (physical and mental). AFAIK, this is pretty much the only type of data that you can expect to be private today, but even then, some pharmaceuticals and other health-related companies are very eager to get to it, for obvious reasons.

There are many ways in which "private" data leaks. Financial data can leak to almost any credit institution (e.g., people are certainly used to getting credit-card offers in the mail, but today, these offers are no longer blind fishing, they are specifically tailored to your financial situation, which is public knowledge). Financial data also leaks to law enforcement databases, if they make an investigation about a person, they generally rein in financial information, sometimes medical information, and just about any piece of governmental data, and it's important to remember that the vast majority of investigations that law enforcement does is not on criminals, it's on the victims and witnesses (i.e., any given case will generally involve more victims, suspects and witnesses than guilty people). For example, the French database contained, in 2008, the profiles of 5 million criminals (incl. minor offenses) and about 34 million law-abiding citizens (victims, witnesses, etc.), that's more than half of the country's population. And these are not databases that are too hard to consult for any non-legitimate purpose, you just have to know a cop, or be one.

One of the problems today is that these types of systems are made to be streamlined and quick: if a cop starts a mundane investigation involving "John Doe" (as a victim, witness, suspect, whatever), he can click a button and rein in virtually all data that exists about "John Doe", and then worry about picking out the interesting bits for his investigation; but from then on, anyone else with access to the database can just look up that file with all of John Doe's personal information (and leak it elsewhere). The point is that there is systemic carelessness about privacy-protection, due to a legal void on this matter.

I assume that every email, every phone conversation (land line or cell), and even every snail mail letter can be laid open for examination by some person or agency.

This is true for emails, there are generally no laws against intercepting and/or reading other people's emails (some (more repressive) countries have even outlawed the use of encryption when sending emails). Normally, phone conversations can only be monitored with a warrant, although those laws have largely been ignored or trampled on in the post-911 era. And in most countries, reading someone's snail-mail is a felony, law enforcement can do it with a warrant, of course, but individual people are prohibited to do so by law (e.g., if you get mail addressed to a previous tenant of your appartment, you are allowed to either hold on to the mail (remained sealed) in the hopes the tenant will eventually show up to pick it up, or throw it in the trash, or return to sender, but opening it is a felony (or illegal in some way) in virtually all countries), and you can, for instance, call the police and have a criminal investigation done if you find that your snail-mail has been tempered with, something you cannot do even if you have solid evidence that someone has intercepted and read your emails. This is a great loophole. Somehow the laws that have applied to snail-mail since its inception (since wax seals) are completely ignored in the domain of email communications, every email you send is more like a post-card, it can be read at will by any man-in-the-middle.

But again, the privacy issues I'm raising here really aren't about people intercepting (i.e., wire-tapping) your communications or whatever. It's about all the data about you, that is, financial, medical, or otherwise "official", and all the traces you leave in the cyberspace. Once an agency can collect all that data (and today, this is routine), there really isn't much left to know about you, or at least, there's enough information to be mined that for almost any purpose (good or bad), but in any case, there isn't much left of your privacy as a person.

I don't want to seem paranoid or anything. I don't self-censor my activities on the internet. You can easily find out who I am, where I live, what I do, and what my opinions are. I am a free man. But I do think that these issues of privacy are a concern for everyone.

commented: I'm with you on this -it drives me crazy +0

I concur with Rev Jim that nothing I say is worthy of scrutiny, but I am careful with Internet searches!

See, this is the Panopticon affect; already you are self-censoring - avoiding saying anything that could be mis-interpreted, mis-used, or O'Reilly-ed (taken out of context for sensationializing).

Everyone ever read this book?
We are sort of living in it right now!
In my country they have cameras at crossroads that automatically penalize you if you dare to drive through red.(not so bad btw.) Your speeding is monitored at some places. If you buy catfood, "they" know it: postbox full of catfood publicity the next week. If you have cable TV, "they" know what shows you are watching Etc. So how free am I and and how much liberty do I have?
So I sort of gave it all up. I live in one of the best countries in the world. Try to enjoy life as much as I can. He! I even gave Mr.Norton a big goodbye kiss last week!

What occurred to me recently is that if you simply keep telling people over and over again that they have no expectation of privacy, they'll start to believe it.

I've read 1984 and seen the movie (John Hurt/Richard Burton). Scary stuff. Orwell (Blair) had it right except for the timeframe.

I am more of a "Brave New World" believer - that seem like a more probably future; I think there are even more horrid possibilities available that make even a merger of 1984 and Brave New World seem like the free life. Neither of those worlds included nanotech, MRIs, or any of the more modern technologies that can be turned against us.

I think a combination is happening. Big Brother watches everything while the masses are distracted with fluff. How is it so many people are more concerned with what Kim Kardashian is up to than what the government is up to? Religion was supposed to be the opiate of the masses and now all it seems to do is fire people up. And not in a good way. TV = SOMA. I'd write a real scathing letter to the editor about that but Amazing Race is on. Maybe tomorrow.

Has anyone (other than me) seen THX1138; it was George Lucas' directorial debut - it show a pretty dystopian world that is 1984/Brave New World-ish. The 'illegal drug crime' scene that opens the movie is someone not taking their drugs. All the actors have shaved heads and wear white onesies; essentially, the entire population are freckled except for one character (who is not the main character) and it is extremely difficult to tell people apart - lots of fun things happen. Also masturbation is obligatory and screwing is illegal.

I saw THX1138 many years ago. Don't recall much about it other than there was a lot of white and Robert Duvall escapes at the end (I think).

Whenever I drive my car through a tunnel with 3 or more driving lanes, THX1138 comes into my memory.

It took place underground after a (supposed) worldwide nuclear blowout. Some of the scenes are oddly current. The POV shifts often sometimes it is the view from the medicine cabinet (you see someone open the cabinet, take some pills and drop them into the toilet - illegal drug behavior), sometimes it is a corridor (a robot cop walks into a wal, adjusts his gun-belt, then walks into the wall again with a voicer-over saying "officer malfunction in corridor"). There are an unlimited number of tv channels including a channel that is just officers beating someone. On and on - I loved it but if you see it, it is a thinking about it movie so it does not move at a pace we are now adjusted to (er, it is slooowwwww). And yes, at the end, the hero appears to escape to an opening to the sky with the sun rising (since it was filmed in California they ran a sunset backwards which leads to seeing a seagul flying backwards - heh,heh but a sunrise is a good note to end on).

An email sent to a close friend should not be read by any pimple faced government intern, whose father happened to contribute big to one of our politicians. So, it would be simple to write a short program to encrypt the thing.

Now I am afraid that the government snoops think that there is something hidden in there and send the stormtroopers to knock down my door and blow my place with bullets. Strange world we live in, sort of "1984 on steroids".

I use 'track me not' which searches the major databases for random phrases about evry 30 seconds - I wish I could put some of my more interesting phrases into the search db.

It seems we were even watched in the time we still wrote letters to each other. See this joke

True that, we've always been able to be tracked the only difference now is that automation allows it to be done on a massive scale and remotely. OTOH the population has increased so much and transportation/communication is so much faster there is way more stuff to track too.

Might be a loosing battle for the govs, since the volume of email is increasing almost exponentially.

JW - back to your old tricks again; fanning hysteria with multiple links that are all about the same thing and that thing is going nowhere. Email tax, internet tax,modem tax - it is all a tempest in a teapot.

I told you explicitly it's only the latest such attempt...
It's been tried before and no doubt will be tried again, and at some point it will succeed when some government somewhere gets either greedy or desperate enough for cashflow in a digital world in which the sale of postage stamps no longer brings enough revenue to keep the postal service union wages paid and still make a profit.

But as usual you can only resort to ad hominem attacks rather than present valid arguments yourself.

I agree with jwenting. It's only a matter of time until bandwidth/email is taxed. Especially in the US, governments need money. They can either get it by closing loopholes for the wealthy and forcing large corporations (some of which are reaping in record profits and still getting tax rebates) to pay reasonable taxes, or they can pile more taxes on the rest of us. Politicians get campaign money from the wealthy so where do you think they are going to get more tax revenue from? If the tax is applied at the ISP level then that extra cost will just be metered in to the individual user accounts. The government, also, would have little incentive to eliminate spam because more spam = more bandwidth = more tax revenue.

It doesn't matter that currently in the US there are regulations that prohibit a bit tax. First of all, those regulations have expiry dates and must be periodically renewed in order to remain in force. Second of all, the government can do what it wants regardless. Here in Manitoba the provincial government raised the sales tax by one percent and started collecting it on July 1 even though

  • current laws require a referendum before this can be done
  • they started collecting it before the new legislation was even passed

Maybe we should thank the spammers for that :) Let's all email the government lots of spam.

Music writer Michele Catalano was googling pressure cookers. Her husband was doing the same to look for a backpack. Is it a coincidence that their home was selected for a raid by armed government agents? Obviously someone out there is watching. The agents mentioned that they do approximately 100 such raids per week.

They can either get it by closing loopholes for the wealthy and forcing large corporations (some of which are reaping in record profits and still getting tax rebates) to pay reasonable taxes

and what is "reasonable"? 100%? 10000%? Even if you were to take every last cent everyone and every company owns that owns more than a million or so you'd only balance the budget for a few months, the hole is that deep!

IOW reducing the entire part of the population that has any power at all to invest and create jobs to abject poverty, totally destroying any incentive to invest and create jobs in the process, will only keep the money drain that is Washington DC in its crack to smoke for a few months at most.

No, the only way to reduce the deficit and balance the budget is to go with a chainsaw and a massive axe through the entitlement spending, reducing the size of the government at all levels by like 70-80%.

And that includes the postal services, which could be a lot more efficient than they are now.

IOW reducing the entire part of the population that has any power at all to invest and create jobs to abject poverty, totally destroying any incentive to invest and create jobs

The problem is that the corporations didn't live up to their part of the bargain. The entire premise was that when we gave tax cuts to the wealthy, they would use that extra cash to create more jobs. Instead, they shipped the jobs out of the country and stockpiled the savings. So they are not investing and creating jobs, at least not here. The top hedge fund managers make (not earn) more money in an hour than I made in a decade, yet they pay taxes at 15% (capital gains) instead of the rate (income) that everyone else (the 99%) pays which I think is around 35%. What I am saying is that there should not be a tax code for the rich and a tax code for the poor. The wealthy should pay their fair share.

massive axe through the entitlement spending

Does that include the entitlements that the wealthy are getting like the massive subsidies to agri-business and the oil depletion allowance to the oil and gas industry? Or do you mean only the elimination of things like food stamps?

Could we please try some facts rather than hysteria?

and what is "reasonable"? 100%? 10000%? Even if you were to take every last cent everyone and every company owns that owns more than a million or so you'd only balance the budget for a few months, the hole is that deep!

Total USA national debt: ~$17,000,000,000,000
USA budget deficit: ~$800,000,000,000
(ref: www.usdebtclock.org)

Yearly income of the top 1% of americans: (rough estimate) 1.2million household x $1.87million/year = $2,244,000,000,000/year
(ref:http://globalpublicsquare.blogs.cnn.com/2011/10/18/fact-top-1-has-15-total-annual-income-pays-14-total-taxes/)

So a 100% tax rate on just the top 1% of american individuals (not counting corporations) could pay off the entire USA national debt in less than 8 years (correction factoring the current deficit would make it 11-12 years but that doesn't take into account the decrease in deficit as the amount spent on interest on the debt decreases).

Obviously I'm not suggesting it would be a good idea to try it but it points out that the USA debt and deficit is not insurmountable and even a reasonable tax hike like a top rate of tax ~50% like many other western countries (eg. the UK) would go a long way to balancing the buget. Whereas cutting benefits 20-30% likely won't.

IOW reducing the entire part of the population that has any power at all to invest and create jobs to abject poverty, totally destroying any incentive to invest and create jobs in the process, will only keep the money drain that is Washington DC in its crack to smoke for a few months at most.

So living on less than $500,000/year (that is the line to the top 1%) = abject poverty, I must tell my entire family right away! Maybe we could start a charity? Contribute to the poor desperate people who can only afford one summer home on a private lake.....

No, the only way to reduce the deficit and balance the budget is to go with a chainsaw and a massive axe through the entitlement spending, reducing the size of the government at all levels by like 70-80%.

That would mean: No social security, No Medicare, No pensions, No unemployment income, No welfare, No disability insurance, No department of defense, No Medicaid, No Health and Human services, and No spending on Transportation...

Hum I'll assume you don't want a bridge to collapse under you so lets keep Transportation, but to make up for that we have to get rid of Veterans Affairs and the State department & international aid.

If you want to keep the department of defense to protect your liberty (18.74% of total spending) and add the 4.63% of spending which is interest on the current debt then you get absolutely nothing else. Enjoy!

source: http://econperspectives.blogspot.co.uk/2009/10/us-federal-government-spending-by.html

And that includes the postal services, which could be a lot more efficient than they are now.

I tried to find the postal service on the graph to figure out the percent of total spending it represents but it is so small it isn't listed as a separate item.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.