Someone named Paul writes:

...

So here's the problem: these laws will if anything make it less visible what information companies and governments have on you because they will restrict uses. How the data is handled and used isn't the problem, the problem is that the information is collected, and available to law enforcement, national intelligence and your average dick (private detective).

The purpose of the laws is to make MORE visible the information that businesses and government have on you. None of these laws call for "restricting" the use of information, unless of course you the consumer are requesting the restriction, in which case the laws mandate that said organization must comply with the restriction.

Somehow, for you, there is no contradiction between "none of these laws call for 'restricting' the use of information" and "must comply with the restriction". Must be some other language you speak.

Like I said before, the information MUST be collected in order to perform most normal business transactions (especially in health and finance).

Health care is clearly an exception since the subject matter of the field is the person himself. For most purposes, finance does not (read: would not in an ideal world) require any personal information. (Sic 'em, Hettinga! He doesn't understand the concept of a bearer bond.)

The way the information is handled and used has TREMENDOUS implications for privacy. I'm not sure why you think that the "way" the information is handled has "nothing" to do w/ privacy.. uhh.. to most people working in the privacy field, this has EVERYTHING to do w/ privacy..

Well, Adam, after years of experimenting with, analyzing, implementing, writing about, and discussing crypto and privacy, isn't it great to have some bozo show up on the list and start lecturing to you about what "most people working in the privacy field" think?

...

Privacy to me means being able to keep my affairs private from governments if I choose. The UK princple allowing you to use any name you want (so long as it is not for committing fraud or a crime) is agood one. (I'm hoping that using an alias does not affect the legal systems evaluation of the severity of the crime -- and that there are no "use of an alias in the commission of a crime" types things in effect though I don't know the details).

That is an interesting definition of privacy, but it is really a subset of the more general definition that is more widely used in the industry, which is namely the ability to control secondary uses of personal information.

Ahh, the classic "Euro" privacy kleptocrat: got to "control" what those evil corporations can do. But pay no attention to that man from the government: he is your Friend (or Do You Have Something To Hide?).

Your example about the UK allowing you to use multiple names seems to me to be a classic case of what one would call "security through obscurity." Most professionals would consider this to be EXTREMLEY weak security (or, in your case, privacy).. I'm not sure why you think this makes you more secure or private than a legal/economic/technical regime that allows you property rights over personal information..

I'm not sure why you think you have any right to tell me (or my company) what I can do with information that resides on my private hard disk or a piece of paper in my desk drawer.

...

So the solution appears to be technological countermeasures, and repealing laws. Neither of which appear even remotely likely within the political system. The political system has a systemic desire to create more laws. Every new law introduces more problems. The people writing the laws don't know the technology, they are control freaks, and pander to media and take bribes and broker favors with special interest groups. So at this point I firmly believe in "write code not laws", and think that "cypherpunks write code" is important.

I'm not certain what you mean by "technological countermeasures". If you mean "anonymization" technology, or "zero-knowledge proofs", you can talk till you're blue in the face and it still won't happen, although that has nothing to do w/ the current political system.

It already has happened to some extent: see anonymizer.com (or the new safeweb.com). Digital cash will happen eventually; it's just too useful. Other stuff will follow.

It has to do w/ the fact that businessmen won't conduct business w/ people they can't trust (ie., people who are anonymous) and even IF they could, the economic reality is that NOTHING in the infrastructure (of banks, hospitals, retail, etc) is even remotely prepared for this, so why bother talking about it?

I don't know what planet you live on. I visit a retail store nearly every day, walk up to the counter, plop down my bills and walk out with merchandise. Nobody asks me my name or my social security number or where I live.

Better to guarantee privacy through systems that engender communication of adequate amounts of personal information for the transaction at hand (whether financial, medical or retail), but that ensure trusted handling of the info on the transaction is complete..

"This is _very_very_ complicated, son. Just leave it to us professionals."

PrivacyRight, Inc. - www.privacyright.com Chief Technology Officer

Kinda hard to believe the CTO of a place called privacyright.com hasn't thought a bit more deeply about this stuff. - GH _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com