privacy regulations suck also (Re: Formal apology)

Gil Hamilton gil_hamilton at hotmail.com
Tue Feb 20 19:35:33 PST 2001 

Someone named Paul writes:
> > So here's the problem: these laws will if anything make it less
> > visible what information companies and governments have on you because
> > they will restrict uses.  How the data is handled and used isn't the
> > problem, the problem is that the information is collected, and
> > available to law enforcement, national intelligence and your average
> > dick (private detective).
>
>The purpose of the laws is to make MORE visible the information that
>businesses and government have on you. None of these laws call for
>"restricting" the use of information, unless of course you the consumer are
>requesting the restriction, in which case the laws mandate that said
>organization must comply with the restriction.

Somehow, for you, there is no contradiction between "none of these laws
call for 'restricting' the use of information" and "must comply with the
restriction".  Must be some other language you speak.


>Like I said before, the information MUST be collected in order to perform
>most normal business transactions (especially in health and finance).

Health care is clearly an exception since the subject matter of the
field is the person himself.  For most purposes, finance does not (read:
would not in an ideal world) require any personal information.

(Sic 'em, Hettinga! He doesn't understand the concept of a bearer bond.)


>                                                                       The
>way the information is handled and used has TREMENDOUS implications for
>privacy. I'm not sure why you think that the "way" the information is
>handled has "nothing" to do w/ privacy.. uhh.. to most people working in 
>the
>privacy field, this has EVERYTHING to do w/ privacy..

Well, Adam, after years of experimenting with, analyzing, implementing,
writing about, and discussing crypto and privacy, isn't it great
to have some bozo show up on the list and start lecturing to you about
what "most people working in the privacy field" think?


> > Privacy to me means being able to keep my affairs private from
> > governments if I choose.  The UK princple allowing you to use any name
> > you want (so long as it is not for committing fraud or a crime) is
> > agood one.  (I'm hoping that using an alias does not affect the legal
> > systems evaluation of the severity of the crime -- and that there are
> > no "use of an alias in the commission of a crime" types things in
> > effect though I don't know the details).
>
>That is an interesting definition of privacy, but it is really a subset of
>the more general definition that is more widely used in the industry, which
>is namely the ability to control secondary uses of personal information.

Ahh, the classic "Euro" privacy kleptocrat: got to "control" what those
evil corporations can do.  But pay no attention to that man from the
government: he is your Friend (or Do You Have Something To Hide?).


>Your example about the UK allowing you to use multiple names seems to me to
>be a classic case of what one would call "security through obscurity." Most
>professionals would consider this to be EXTREMLEY weak security (or, in 
>your
>case, privacy).. I'm not sure why you think this makes you more secure or
>private than a legal/economic/technical regime that allows you property
>rights over personal information..

I'm not sure why you think you have any right to tell me (or my company)
what I can do with information that resides on my private hard disk or
a piece of paper in my desk drawer.



> > So the solution appears to be technological countermeasures, and
> > repealing laws.  Neither of which appear even remotely likely within
> > the political system.  The political system has a systemic desire to
> > create more laws.  Every new law introduces more problems.  The people
> > writing the laws don't know the technology, they are control freaks,
> > and pander to media and take bribes and broker favors with special
> > interest groups.  So at this point I firmly believe in "write code not
> > laws", and think that "cypherpunks write code" is important.
>
>I'm not certain what you mean by "technological countermeasures". If you
>mean "anonymization" technology, or "zero-knowledge proofs", you can talk
>till you're blue in the face and it still won't happen, although that has
>nothing to do w/ the current political system.

It already has happened to some extent: see anonymizer.com (or the new
safeweb.com).  Digital cash will happen eventually; it's just too useful.
Other stuff will follow.


>                                                It has to do w/ the fact 
>that
>businessmen won't conduct business w/ people they can't trust (ie., people
>who are anonymous) and even IF they could, the economic reality is that
>NOTHING in the infrastructure (of banks, hospitals, retail, etc) is even
>remotely prepared for this, so why bother talking about it?

I don't know what planet you live on.  I visit a retail store nearly
every day, walk up to the counter, plop down my bills and walk out
with merchandise.  Nobody asks me my name or my social security number
or where I live.


>Better to guarantee privacy through systems that engender communication of
>adequate amounts of personal information for the transaction at hand
>(whether financial, medical or retail), but that ensure trusted handling of
>the info on the transaction is complete..

"This is _very_very_ complicated, son. Just leave it to us professionals."


>PrivacyRight, Inc. - www.privacyright.com
>Chief Technology Officer

Kinda hard to believe the CTO of a place called privacyright.com hasn't
thought a bit more deeply about this stuff.


- GH

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

More information about the cypherpunks-legacy mailing list