-
viewpoints
DOI:10.1145/2408776.2408784
Privacy and SecurityThe Tangled WebWe Have WovenSeeking to
protect the fundamental privacy of network interactions.
THE LAST GENERATION is b e i n g
born whose brains will de-velop independently of theNet. From
now on, the waythe Web works will play a
dominant role in the socializationof the human race. But because
wehave built Web infrastructure with-out considering privacy, we
are alsoendangering our basic freedoms. Weare on the verge of
eliminating forev-er the fundamental right to be alonein our
thoughts.
At the beginning of the sixteenthcentury, moveable-type printing
cre-ated the experience of private read-ing, and with it the
Western idea ofthe individual self freely developed,self-made
through a private processof reading and thinking. In religion,this
led to the revolutionary adop-tion of individualist forms of
Prot-estant Christianity. Secular societyadopted the scientific
method, andwith it began radically improvingthe human social
condition. Theopening of learning also enabledthe gradual
transformation of theWestern political landscape towarddemocratic
self-government and the
constitutional protection of freedomof thought.
The Net should now universalizethat process throughout the
humanrace, should make it possible for ev-ery person on Earth to
read, watch,listen, and participate in every formof learning and
culture, everywhere,without discrimination between richand poor,
old and young, male andfemale. This truly universal learn-ing
system would immeasurably im-prove the welfare of humankind. Butif
we do not protect the fundamen-tal privacy of network
interactions.
We are on the vergeof eliminating foreverthe fundamentalright to
be alonein our thoughts.
Eben Mogien
if we permit not only active surveil-lance but also extensive
data miningof personal information in the Net,we will not achieve
that promise.Indeed, if the Net is not engineeredto protect
privacy, it will instead be-come a jail for the human body andthe
human soul.
We are failing at present becauseour Net is being used to spy on
us,constantly, as we use it to enrich ourlives. The innovations in
surveillancehave come from industry. Record-keeping about how we
use the Net—what we search for, what we read, whowe contact—is
intensively and instan-taneously "mined" for its value tothose who
want to sell us something.What we share with our friends andfamily,
even the content of our emailand other private communications,
isscrutinized to the same end by compa-nies that offer us
"services" in returnfor access to our private data. All thisdata,
assiduously gathered by busi-nesses seeking profit, no matter
howresponsibly they manage it, is also atthe disposal of any
government capa-ble—by law, force, or fraud—of gain-ing their
cooperation.
2 0 COMMUNICATIONS OF THE ACM FEBRUARY 2013 VOL. 56 NO. 2
-
viewpoints
Beyond the data itself lies the newmathematies of inferring from
it."Data mining," which now politelyrefers to itself as "data
science," is anew subdiscipline of statistics, direct-ed at using
all this individually iden-tifiable and aggregated behavioraldata
to predict human social action.Whether one is selling
pharmaceuti-cals, toys, advertising placement, ora political
candidate, data science isnow using our personal data to helpthe
seller identify, pursue, and per-suade us. Our consumption
suppliesinformation that can be used to readour minds.
The situation is made still worse be-cause we are rapidly
adopting personalservice robots that are not working ex-clusively
in our interests. Unlike therobots living intermixed with humansin
the science fiction of our child-hoods, these robots have no
handsand feet—we are their hands and feet.They see what we point
them at; theyhave ears to hear everything going onaround us; they
know our location all
the time. These robots we call smart-phones and tablets often
contain soft-ware we cannot read or understand,much less change. We
do not controlthem; rather, they offer others the op-portunity to
control us.
Development in the private marketof technologies to surveil,
predict, andinfluence individuals through the Nethas of course
drawn the attention ofstates. Governments are rapidly mov-ing, to
the fullest extent of their differ-ing means, to harness the power
of bigpersonal data to improve their socialcontrol. No matter what
your politics,somewhere in the world, right now, agovernment of
whose principles youcompletely disapprove is beginningto use the
Net to locate support, influ-ence the population, and find its
en-emies. Everywhere in the world, fromnow on, governments that
becometyrannical will have immensely pow-erful new tools for
remaining perma-nently in power.
This privacy crisis is ecological. Theunintended consequences of
tiny in-
dividual activities, aggregated over thevast scope of the Net,
are producing athreat to our common human interestson a global
scale.
Fortunately, because the parts ofthis crisis are all our
creation, we canremedy the problem. We need to re-build the
operating software of the Netin keeping with certain ethical
princi-ples. This does not mean forcing peo-ple or businesses to
change what theyare presently doing. It means providingthe
equivalent of green technologies,and helping people shift to
them.
First, then, we need to build re-sponsible replacement
software,providing existing functions in waysthat respect users'
privacy, to replacesystems that are hazardous to privacy.Current
webmail and social network-ing services, for example, put all
theirusers' communications with theirrespective social circles
inside hugecentralized databases maintained bythe service operator,
who in returnfor doing the storing and providingsophisticated
access services to users.
FEBRUARY 2013 VOL. 56 NO. 2 COMMUNICATIONS OFTHE ACM 2 1
-
viewpoints
gets the right to mine the data, whichis now centralized and
vulnerable togovernment acquisition.
But email and the Web are by de-sign federated services, in
which in-dividual servers can provide storageand access services
cheaply, securely,and with near-perfect reliability forindividual
users. Users began usingcentralized services that hurt theirprivacy
because they gained tangibleconvenience at no apparent cost. Noone
knew how to run her own mailserver or Web server, and we did
notmake it easy to learn. But we can—andwe should—help people to
use freesoftware and a coming flood of inex-pensive "personal
server" hardware tomake personal privacy appliances.
The FreedomBox Foundation I amcurrently advising is an example
of anattempt in this direction, making freepersonal privacy
software for creatingsuch appliances. Small,
inexpensive,power-miserly devices you just plug inand forget, they
keep your communi-cations private, help you navigate theWeb without
being spied on, and letyou share with the world, safely. Letme get
technical for a few sentences todescribe how.
Much of the implementation ofsuch a software stack involves
usingexisting free software tools. A privacyproxy located in the
router betweena user's smartphone or PC browserand the public Net
can remove adver-tising and Web bugs, manage cookieflow, and
improve browsing privacyand security by providing
"HTTPSeverywhere." Automating use of SSHproxies and personal VPNs
can notonly protect the privacy of Web ac-cess behind the
FreedomBox usedas a router, it can also provide se-cure
communications and privacy-protected Web access from a mobiledevice
used on untrusted networksaway from home.
Some of the tools needed for per-sonal privacy appliances are
com-binations of existing functionality.Combining a HTTPS Web
server anda XMPP server with OpenPCP-basedauthentication, for
example, along ,'with a method for building the "webof trust"
through exchange of publickeys embodied in QR codes (the 2Dbarcodes
that smartphones alreadyscan) yields a method for secure text.
When we actto improveour own privacywe are alsoprotectingthe
privacy ofour children,our families,and our friends.
voice, and video chat that is easy forordinary users to deploy.
That in turnalso easily extends to a method forsecure communication
with journal-ists and public media outlets for re-laying video and
audio recorded withmobile phones. Beyond our presentstage of
development lie the newtools we need to build, like feder-ated
social networking software thatcan smoothly and without disrupt-ing
the web of social sharing replaceFacebook and similar "services,"
thathave imposed centralized storage,data mining, and control.
Soon, such privacy servers will beavailable to replace your home
wirelessrouter or other similar device at evenlower cost, but with
enormous overallsocial benefit. Think of them as per-sonal
coal-scrubbers that cost next tonothing and improve the
atmospherewe all breathe.
But this is not all. We must alsoprovide clear, factual,
technical pub-lic education about privacy and "thecloud." Currently
basic technical in-formation is either altogether missingfrom or
else distorted in the publicdebate. We need to help people
un-derstand why they might be better offstoring their personal data
on physi-cal objects in their possession ratherthan in other
peoples' data centers in"the cloud." We should make the re-sults of
"data science" accessible to apublic that will never interest
itself inthe mathematics.
We must help people think eco-
logically about privacy. Users do notrecognize that their
correspondents'privacy is also reduced when they usea "free" email
service that reads anddata mines email sent and received.They do
not realize that everyone inthe photographs they post on
cen-tralized social networking services isbeing facially identified
and tagged.That the social networking service'soperator has access
to all those pic-tures and all the tags, and so doesanyone with
whom the operator "co-operates." We need to explain thatevery
little decision to give away one'sown information also gives
awayother peoples'. We can teach peoplethat when we act to improve
our ownprivacy we are also protecting the pri-vacy of our children,
our families, andour friends. If we help people aroundus to
understand the effects their ac-tions have on others, they will
decidefor themselves what changes theyshould make.
Untangling the Web, restoring pri-vacy in what we do and
anonymity inwhat we read, will not be easy. Manyfine businesses
will make a little lessmoney if we do not offer all our per-sonal
data to be mined by intermedi-aries on their behalf.
Governments—pretty much all governments of everystripe—are rapidly
discovering howmuch real control they can get with-out showing
their hands if they makeuse of the currently
misconfigured,anti-privacy Net. A consensus of thegreat and the
good against privacy isforming; the one against anonymityis already
full-blown. Imagine howdifferent our world would be if all thebooks
in the West for the last half-millennium had reported their
read-ers to headquarters, including in-forming the Prince or the
Pope howmany seconds each reader spent oneach page. The book, which
anyonecould read to herself in the privacy ofher mind, is being
replaced by an ap-pliance that tracks your reading forthe
bookseller, subject to the Prince'ssubpoena. It will not be easy to
saveprivacy. But if we believe in liberty,we have absolutely no
choice. H
Eben Moglen ([email protected]) is a law professorat Columbia
Law School and the founding directorof tbe Software Freedom Law
Center in New York.
Copyright held by author.
2 2 COMMUNICATIONS OF THE ACM FEBRUARY 2013 VOL. 56 NO. 2
-
Copyright of Communications of the ACM is the property of
Association for ComputingMachinery and its content may not be
copied or emailed to multiple sites or posted to alistserv without
the copyright holder's express written permission. However, users
may print,download, or email articles for individual use.
