Reply to: RE>Privacy Marketing

Nick -

I read your well-reasoned and articulate post just after sending my own (much less complete) one which largely contradicts your view.

Either future is plausible. I think the key issue here is risk. The commercial market for transaction detail exists today. Call it a mature industry. The market for individual digital privacy has been identified at a general level, but, as you point out, has not exactly crystallized. Call it an embryonic industry.

Does the former need to die in order for the latter to gain ground? Probably not. There's a lot of mutual dependence here. Each needs the other to be relevant - kind of a Yin/Yang thing. Depending upon how the regulatory environment shapes up, it may be quite possible that both are thriving businesses in the future, with transaction service providers enjoying revenue streams from both selling data and selling anti-data (privacy). Look at Caller ID and Caller ID Blocking services for an historical precedent.

- Art

Art Hutchinson E-mail: hutchinson@ncri.com Senior Consultant Phone: (617) 654-0635 Northeast Consulting Resources, Inc. FAX: (617) 654-0654 One Liberty Square WWW: http://www.ncri.com Boston, MA 02160

This dovetails into a conversation currently going on in inside the cypherpunks alias, here is a reply I posted to a query about Transaction Models, and security or anomymous status of the transaction initiator or closer. --- Snip ---

I must disagre here and side with *gasp* FC.

Ughhh, Me too..., Dr. Fred scores 2 Points!

If your so called *secure* server happens to get broken into by grace of god, you want to know at least where the attack came from. If Netscape wants to hide internet hostnames they would to well setting up to DNS servers, one for internal resolutions where IPs resolve to their real hostname, and one in front of the firewall that resolves all IP's to unkown.netscape.com.

I think there are reallty two bigger conceptual issues up for bashing about here, and they are different. It is unlikely that they can be by the same protocol... They both are valid transaction models and must be met. The one - Authentication Based transactions, i.e. I am doing *stuff* from a "known" system or "authenticated channel". These transactions are based upon a level of trust that I say I am who I am and that my "tresources" are as they are protrayed to be. Clearly there is an electronic trail generated here. This is the "credit card" model. and The other, - What I now call "Unauthenicated transactions" are based upon the actual resource's being authenticated rather than myself being authenticated. ----- Hence if you follow this model to extrapolate that these two types of "environments" exist, that of "known and trusted users" and that of "unknown users, but trusted cash". They are inb and of itself what will drive the need to both collect and enforce privacy for both types of transactions. IMHO - Anything less just wont fly long term. This concept of collecting client data has to be a part of the "Known Entity" Transaction Models and relegated to stay within that context. "Unknown Entity" transaction processing will have to be made avalaiable as well with anonimity being insured as part of the process model. Todd Regards, T. S. Glassey Chief Technologist Looking Glass Technologies todd@lgt.com (415) 324-4318 -----BEGIN PGP SIGNATURE----- Version: 2.6 iQB1AwUBMFu5E6gNRnWhagU5AQHI+gL+Mwpcd3lAWd8FF06qcG6rnLhIYveHW71a XC7xh1T0uu8qnYX31yMp17OG28jWpKUbWec1IM9/eXOi+gInA7rKICWczV8zo9Z0 0puxjRRN7yO4KfRb3cPpk+r0p6pDg01Y =bTYb -----END PGP SIGNATURE-----