Privacy Reconsidered: The Ethic of Privacy and

Why Anonymous Matters

Brian J. Alseth, Esq. Technology and Liberty Director ACLU of Washington

WHAT IS PRIVACY?

There are knowable unknowables and then there are unknowable unknowables, and then there is the internet

Majority of Americans state they are very concerned about their privacy and what online companies are doing with their data

Facebook has over 600 million users and has overtaken Google as the top visited site.

Zuckerberg’s Law – Sharing will grow exponentially whereby people will share twice as much this year as last, and next year will see people sharing twice the amount of content as this year, etc. (track’s with Moore’s law).

Top 100 websites include mostly user generated content

Youtube – 24 hours of new content is posted to youtube every minute of every day.

Industry’s Response

So once again, what is privacy?

We say one thing . . .

But we each have a different threat model

Behold!

The PowerDATA

of

Firesheep

MOORE’S LAW

Charts: Zoomer Magazine, Computer Measurement Group

The Future of Moore’s Law

Today: $349.99 In 20 years: $0.04

Consumer and Online Records

Government and Court Records

Elections

And so much more…

The story of your life…in data

Customer and

Commercial Records

Government Records

Court Records Census Voterfiles Secretary of State Filings

ELECTION DATA

VoterfileParty Data

Where is my web data going?advertising.com

AOL Ad Server/Tracker

ap.org Associated Press

atdmt.comMicrosoft Ad Server/Tracker

brightcove.vo.llnwd.net Streaming Media

doubleclick.netGoogle Ad Server/Tracker

googlesyndication.com Ad Server

nwsource.comSeattle Times Parent Site

quantserve.comSite Analytics Tracker

realmedia.com Streaming Media

scorecardresearch.com

Site Analytics Tracker

seattletimes.com Main Sitezedo.com Ad Server/Tracker

Total Distinct Sites 12Tracking Sites 7

Data Brokers

Data from all sources is interrelated and is compiled, analyzed and sold by Data Brokers – The used car dealers of data

InfoUsaHooversExperionDunn and Bradstreet Reed Elsevier -(Choicepoint, Lexis)CACI

Facial-Recognition

Video Analytics

DNA

TechnologiesCombined

“Ring of Steel”

• Link thousands of police, private cameras

• Combine with license plate readers, central monitoring, Face recognition

• Access-control gates

 

TIA Lives

Cracked Magazine

THE HAXORZ ARE REAL?!? OH NOES!!!

Identity Theft & Data Security

Over 600 million records containing private info lost in security breaches since January 2005ID Theft is allegedly more profitable to organized crime than drugs.Cost per valid CC# on carder sites: $.04

Apps, ATMS and Google, oh my.

SO, PRIVACY IS DEAD, RIGHT?

Would You Define Privacy Already?

Public and Private are relative terms, like hot and cold, wet and dry. One defines the other and neither exists alone.

Every revolution in communication technology has resulted in IRL revolution once the public is given the means to speak without fear of reprisal; to speak anonymously.

Since Brandeis and the Kodak, however, each new bit of technology also brings with it a measure of privacy fear.

Fear isn’t everything though.

Not all 600 Million Facebook users are crazy.

Privacy fears can lead to lead to censorship of that which should be public

,

Self regulation and market regulation of privacy leads to industry being the sole regulator and protector of privacy.

Germans hate Google Street View, so Google now blurs German houses in street view to continue to do business in Germany.

Google has censored Chinese search traffic and the Aurora Attacks arose out of a Chinese Politburo Member Googling his name and finding unflattering things.

In the US, Google obscures a number of public buildings including the Vice President’s mansion.

If Google can be pressured to pixelate images of public buildings, what next?

Why do we trust Google?

Why is the private private and the Public Public?

Because some things are just creepy, right?

Define “Creepy” Policy Shouldn’t be based on an undefined emotion

Scandinavian countries publish salaries.

U.S. publishes mugshots.

Absolute Privacy, Trust and Duty

What is absolute privacy? Only that which you keep in your head. (Cat’s

third name, PD). For all other knowledge exchanges, the

individual provides information based on some trust/value calculus.

No matter how small the reveal, the provider has certain expectations as to how the recipient will receive and use the information. These expectations are privacy.

What if you could share and speak anonymously?

TL:DR – knowledge = duty = privacy + Anon tease

Privacy as an Ethic – The Duty of Knowing

First, The Ethic of PublicnessThat which is public must be: Generous Transparent AuthenticWe must demand publicness from those who protect our privacy.

Publicness is a potential tool and a weapon.

Wikileaks didn’t bring about the apocalypse, and the work of the people should be done before the people.

The Ethic of Privacy Don’t Steal Information Protect Information Context Matters (threat model (g-chat v.

Obama’s Blackberry, culture, etc.) Give Credit Be Transparent about use of information Give Access Don’t Use Information Against the Individual Where information is collected, a return value

must be provided. (free services for data – google, facebook, OKCupid).

That’s why we have laws and stuff, right?

No expectation of privacy or warrant needed for information we turn over to third parties.

Electronic Communications Privacy Act (ECPA) of 1986

Feudal age of data regulation – Assorted state and local statutes

Law enforcement officials have claimed that records of online activities are not protected.

What result for data in the cloud? E-book, iPad, phone GPS tracking?

What Must Be Done?

Update ECPA and enact comprehensive technology specific privacy laws

Technology Did Not Kill Privacy . . .

But Privacy by Policy Alone Might

If Not Privacy By Policy, then What?

www.privacybydesign.ca - Dr. Ann Cavoukian Information & Privacy Commissioner of Ontario

7 Foundational Principles of Privacy by Design

1. Proactive not Reactive; Preventative not Remedial

2. Privacy as the Default 3. Privacy Embedded into Design 4. Full Functionality – Positive-

Sum, not Zero-Sum 5. End-to-End Lifecycle Protection 6. Visibility and Transparency 7. Respect for User Privacy

Clever Transition to Anonymous Portion

Anonymous Speech

This country is founded on the freedom of speech which includes a right to speak anonymously. Publius

When an oppressive regime shuts down open channels of communication only anonymous speech can continue to safely question the

Anonymous speech requires no trust relationship, allowing people to freely speak their minds without fear of persecution or shame

No trust and no duty, however, also allows people to divorce themselves from responsibility for their speech - None of us are as cruel as all of us

The Anonymous Internet

What happens when people have the ability to use the internet as an anonymous forum to interact with strangers?

Sadly, ChatRoulette answered this question all too clearly

4Chan – The Soul of The Internet What is 4Chan?

Anonymous Image Board No Archives The likely source of everything amazing

and horrible you’ve seen on the internet.

Lolcats, Image macros and Chanspeak

Rule 34 and memes

Anonymous allows the community to take hold of something and make it something new.

Original content barely exists

Anonymous allows the community to take hold of something and make it something new.

Original content barely exists

Anonymous also brings out the worst

Anonymous will test the limits of the first amendment.

The Other Side of Online Anonymous Speech

The Tor Project Navy built to provide anonymous channels State department funds efforts to train foreign

dissidents of oppressive regimes to use Tor to communicate anonymously.

Used by journalists, military, students, dissidents and anyone and everyone else.

Also forms the backbone of the secure wikileaks document submission process

Wikileaks Provides anonymous means for those in possession of

secrets to release them. Secrets are power. Wikileaks seeks to return that

power to the people.

Anonymous & Hackers in the Middle East

Anonymous in the Middle East After Egypt and other regimes shut down

the internet, a volunteer militia of volunteer hackers and other interested parties set to work restoring communications and attacking the government Anon_Ops –

developed makeshift comms 1-pager Faxbombed wikileaks Egypt docs to Egypt. LOIC lasers pointed at Government Targets

Others Voice to tweet invented and deployed Ad Hoc networks and other support

Anonymous the Collective Roots in 4Chan Although clans exist, and leaders necessarily

emerge Anonymous is nebulous and without leadership.

Longstanding fight with Scientology Things changed about a year ago with

Wikileaks Operation Payback Gawker HB Gary Scott Walker the Furry? Anonymous is the internet The internet is feeling threatened.

Anonymous Speech is Threatened The right to connect is fundamental Anonymous is frightening Fear again leads to censorship and curtailing

of rights New Digital ID systems threaten online

anonymous speech as one would essentially log in to use an ISP

Blogs, newspapers, and even 4Chan have been ordered to divulge identifying information about anonymous posters which chills speech.

No one entity should have the power to shut down the internet.

We are all anonymous and we all need our protection.

Brian J. AlsethTechnology and Liberty DirectorACLU of Washingtonbalseth@aclu-wa.org206-624-2184@balseth

Contact info: