Post on 10-May-2015
description
transcript
Privacy Reconsidered: The Ethic of Privacy and
Why Anonymous Matters
Brian J. Alseth, Esq. Technology and Liberty Director ACLU of Washington
WHAT IS PRIVACY?
There are knowable unknowables and then there are unknowable unknowables, and then there is the internet
Majority of Americans state they are very concerned about their privacy and what online companies are doing with their data
Facebook has over 600 million users and has overtaken Google as the top visited site.
Zuckerberg’s Law – Sharing will grow exponentially whereby people will share twice as much this year as last, and next year will see people sharing twice the amount of content as this year, etc. (track’s with Moore’s law).
Top 100 websites include mostly user generated content
Youtube – 24 hours of new content is posted to youtube every minute of every day.
Industry’s Response
So once again, what is privacy?
We say one thing . . .
But we each have a different threat model
Behold!
The PowerDATA
of
Firesheep
MOORE’S LAW
Charts: Zoomer Magazine, Computer Measurement Group
The Future of Moore’s Law
Today: $349.99 In 20 years: $0.04
Consumer and Online Records
Government and Court Records
Elections
And so much more…
The story of your life…in data
Customer and
Commercial Records
Government Records
Court Records Census Voterfiles Secretary of State Filings
ELECTION DATA
VoterfileParty Data
Where is my web data going?advertising.com
AOL Ad Server/Tracker
ap.org Associated Press
atdmt.comMicrosoft Ad Server/Tracker
brightcove.vo.llnwd.net Streaming Media
doubleclick.netGoogle Ad Server/Tracker
googlesyndication.com Ad Server
nwsource.comSeattle Times Parent Site
quantserve.comSite Analytics Tracker
realmedia.com Streaming Media
scorecardresearch.com
Site Analytics Tracker
seattletimes.com Main Sitezedo.com Ad Server/Tracker
Total Distinct Sites 12Tracking Sites 7
Data Brokers
Data from all sources is interrelated and is compiled, analyzed and sold by Data Brokers – The used car dealers of data
InfoUsaHooversExperionDunn and Bradstreet Reed Elsevier -(Choicepoint, Lexis)CACI
Facial-Recognition
Video Analytics
DNA
TechnologiesCombined
“Ring of Steel”
• Link thousands of police, private cameras
• Combine with license plate readers, central monitoring, Face recognition
• Access-control gates
TIA Lives
Cracked Magazine
THE HAXORZ ARE REAL?!? OH NOES!!!
Identity Theft & Data Security
Over 600 million records containing private info lost in security breaches since January 2005ID Theft is allegedly more profitable to organized crime than drugs.Cost per valid CC# on carder sites: $.04
Apps, ATMS and Google, oh my.
SO, PRIVACY IS DEAD, RIGHT?
Would You Define Privacy Already?
Public and Private are relative terms, like hot and cold, wet and dry. One defines the other and neither exists alone.
Every revolution in communication technology has resulted in IRL revolution once the public is given the means to speak without fear of reprisal; to speak anonymously.
Since Brandeis and the Kodak, however, each new bit of technology also brings with it a measure of privacy fear.
Fear isn’t everything though.
Not all 600 Million Facebook users are crazy.
Privacy fears can lead to lead to censorship of that which should be public
,
Self regulation and market regulation of privacy leads to industry being the sole regulator and protector of privacy.
Germans hate Google Street View, so Google now blurs German houses in street view to continue to do business in Germany.
Google has censored Chinese search traffic and the Aurora Attacks arose out of a Chinese Politburo Member Googling his name and finding unflattering things.
In the US, Google obscures a number of public buildings including the Vice President’s mansion.
If Google can be pressured to pixelate images of public buildings, what next?
Why do we trust Google?
Why is the private private and the Public Public?
Because some things are just creepy, right?
Define “Creepy” Policy Shouldn’t be based on an undefined emotion
Scandinavian countries publish salaries.
U.S. publishes mugshots.
Absolute Privacy, Trust and Duty
What is absolute privacy? Only that which you keep in your head. (Cat’s
third name, PD). For all other knowledge exchanges, the
individual provides information based on some trust/value calculus.
No matter how small the reveal, the provider has certain expectations as to how the recipient will receive and use the information. These expectations are privacy.
What if you could share and speak anonymously?
TL:DR – knowledge = duty = privacy + Anon tease
Privacy as an Ethic – The Duty of Knowing
First, The Ethic of PublicnessThat which is public must be: Generous Transparent AuthenticWe must demand publicness from those who protect our privacy.
Publicness is a potential tool and a weapon.
Wikileaks didn’t bring about the apocalypse, and the work of the people should be done before the people.
The Ethic of Privacy Don’t Steal Information Protect Information Context Matters (threat model (g-chat v.
Obama’s Blackberry, culture, etc.) Give Credit Be Transparent about use of information Give Access Don’t Use Information Against the Individual Where information is collected, a return value
must be provided. (free services for data – google, facebook, OKCupid).
That’s why we have laws and stuff, right?
No expectation of privacy or warrant needed for information we turn over to third parties.
Electronic Communications Privacy Act (ECPA) of 1986
Feudal age of data regulation – Assorted state and local statutes
Law enforcement officials have claimed that records of online activities are not protected.
What result for data in the cloud? E-book, iPad, phone GPS tracking?
What Must Be Done?
Update ECPA and enact comprehensive technology specific privacy laws
Technology Did Not Kill Privacy . . .
But Privacy by Policy Alone Might
If Not Privacy By Policy, then What?
www.privacybydesign.ca - Dr. Ann Cavoukian Information & Privacy Commissioner of Ontario
7 Foundational Principles of Privacy by Design
1. Proactive not Reactive; Preventative not Remedial
2. Privacy as the Default 3. Privacy Embedded into Design 4. Full Functionality – Positive-
Sum, not Zero-Sum 5. End-to-End Lifecycle Protection 6. Visibility and Transparency 7. Respect for User Privacy
Clever Transition to Anonymous Portion
Anonymous Speech
This country is founded on the freedom of speech which includes a right to speak anonymously. Publius
When an oppressive regime shuts down open channels of communication only anonymous speech can continue to safely question the
Anonymous speech requires no trust relationship, allowing people to freely speak their minds without fear of persecution or shame
No trust and no duty, however, also allows people to divorce themselves from responsibility for their speech - None of us are as cruel as all of us
The Anonymous Internet
What happens when people have the ability to use the internet as an anonymous forum to interact with strangers?
Sadly, ChatRoulette answered this question all too clearly
4Chan – The Soul of The Internet What is 4Chan?
Anonymous Image Board No Archives The likely source of everything amazing
and horrible you’ve seen on the internet.
Lolcats, Image macros and Chanspeak
Rule 34 and memes
Anonymous allows the community to take hold of something and make it something new.
Original content barely exists
Anonymous allows the community to take hold of something and make it something new.
Original content barely exists
Anonymous also brings out the worst
Anonymous will test the limits of the first amendment.
The Other Side of Online Anonymous Speech
The Tor Project Navy built to provide anonymous channels State department funds efforts to train foreign
dissidents of oppressive regimes to use Tor to communicate anonymously.
Used by journalists, military, students, dissidents and anyone and everyone else.
Also forms the backbone of the secure wikileaks document submission process
Wikileaks Provides anonymous means for those in possession of
secrets to release them. Secrets are power. Wikileaks seeks to return that
power to the people.
Anonymous & Hackers in the Middle East
Anonymous in the Middle East After Egypt and other regimes shut down
the internet, a volunteer militia of volunteer hackers and other interested parties set to work restoring communications and attacking the government Anon_Ops –
developed makeshift comms 1-pager Faxbombed wikileaks Egypt docs to Egypt. LOIC lasers pointed at Government Targets
Others Voice to tweet invented and deployed Ad Hoc networks and other support
Anonymous the Collective Roots in 4Chan Although clans exist, and leaders necessarily
emerge Anonymous is nebulous and without leadership.
Longstanding fight with Scientology Things changed about a year ago with
Wikileaks Operation Payback Gawker HB Gary Scott Walker the Furry? Anonymous is the internet The internet is feeling threatened.
Anonymous Speech is Threatened The right to connect is fundamental Anonymous is frightening Fear again leads to censorship and curtailing
of rights New Digital ID systems threaten online
anonymous speech as one would essentially log in to use an ISP
Blogs, newspapers, and even 4Chan have been ordered to divulge identifying information about anonymous posters which chills speech.
No one entity should have the power to shut down the internet.
We are all anonymous and we all need our protection.
Brian J. AlsethTechnology and Liberty DirectorACLU of Washingtonbalseth@aclu-wa.org206-624-2184@balseth
Contact info: