Monday, April 07, 2008

Transparency and Fair Rights

Long time between posts...sorry. I am doing fine and feeling great for those who recall I had a stem cell transplant last year. Things are progressing nicely on all fronts right now, work is good and picking up and my energy levels are high so I am finally catching up on some writing.

The subject of ISPs selling my internet traffic along with all those companies that track it via cookies, etc came up today. I have some thoughts on this below.

Sounds to me as if two things need to happen

1) laws imposed to protect users by returning ownership to their information to them. Information about where they go and what they do should be held in trust by the ISP's and other entities

2) fair rights management should be put in place to digitally encode the fair rights policy each user establishes for their information use. This is the goal of the work Slawek has been doing here in eLearning. Not just digital rights around an object like a picture, but rather fair rights of any node on a network, including the person represented in a FOAF network.

Of course absolutely nothing will prevent governments from intercepting and spying on private communications when they deem it necessary or justifiable (in the broadest terms). The use of ultra-secure encryption by private citizens would, I am certain, be considered probable cause for a warrant compelling the user to unlock the encryption, so even that route is not going to be secure.

The best defense is probabilistic obscurity...the notion that there is so much traffic that no government can or will seek to intercept everything and as long as you are not engaged in illicit activities at the national security level, you will probably be ignored even if they do happen to intercept your communications. As an example, the TSA do not publish lists of what they find in travelers' luggage no matter how embarrassing or lucrative that might be. And agencies DO typically react when it is revealed their employees have done so, such as in the case of the contractor's looking at candidates passport info in the US.

For normal traffic, citizens demanding better protection of their data from ISPs and corporations will remain the only viable there has to be speaking up and out.

David Brin wrote that the only secure policy is one of total transparency..If I can learn as much about a national leader as he or she can learn about me they will show a natural reticence to pry into my life.