Ross's TCPA paper

bear bear at sonic.net
Sat Jun 29 22:03:33 PDT 2002


On Wed, 26 Jun 2002, Barney Wolff wrote:

>Do you really mean that if I'm a business, you can force me to deal with
>you even though you refuse to supply your real name?  Not acceptable.

I don't think that privacy (in the sense of having the right
to keep private details of your life from being linked for
use unauthorized by you) is ever going to happen if merchants
have the right to demand true identities.

As a merchant, you have the right to be paid and to be sure of
your payment.  I don't think you have the right to collect
data that you can correlate with every public and business
record in the universe and build a profile linked to my identity
that says what brand of breakfast cereal I eat, how much a month
I spend on sex toys, what kind of books I read, and whether I'm
in trouble in divorce court.

The problem is that there is no way to check what merchants
do with the data once they've got it; customers are prevented
from getting into the customer databases and finding out what
a merchant's got on them.  Merchants have no motive whatsoever
to police or restrain their actions in invasion of privacy, and
they have a financial motive to link data -  so there is no
reason to believe that DRM stuff on consumer machines is going
to apply to their data handling in the least.  I just don't see
any possible application of DRM that merchants would allow that
protects consumer privacy.

So yeah, I think that the right to privacy implies the right to
use a pseudonym.  For any non-fraudulent purpose, including
doing business with merchants who don't know it's a pseudonym.

And I think that's a constitutional right, whether the merchants
happen to like it or not, just like the right to eat in a
restaurant even if the manager don't like colored folks, or picket
outside a merchant's business on public property seeking redress
of grievances, or tell the truth about a merchant even if it's
not flattering to him, or otherwise exercising ordinary civil
rights the merchant might prefer you didn't.  You can't have
privacy without the option of pseudonymity, any more than you
can have bread without flour.

>I won't give up the right NOT to do business with anonymous customers,
>or anyone else with whom I choose not to do business.

A few years ago merchants were equally adamant and believed
equally in the rightness of maintaining their "right" to not
do business with blacks, chicanos, irish, and women.  It'll
pass as people wake up and smell the coffee.  Unfortunately
that won't be until after at least a decade of really vicious
abuses of private data by merchants who believe in their
god-given right to snoop on their customers.

>The point about DRM, if I understand it, is that you could disclose
>your information to me for certain purposes without my being able
>to make use of it in ways you have not agreed to.  At least in
>theory.  But this debate appears largely to ignore differences in
>the number of bits involved.  To violate your privacy I can always
>take a picture of my screen with an old camera, or just read it
>into a tape-recorder.  I can't do that effectively with your new DVD
>without significant loss of quality.

Understand that I don't really give a flying crap about the
DVD player; if I want a nice movie, I'll get together with
some buddies and make one.  And I'll let anybody who wants
to watch it download it.

What I want is the right to prevent my customer records at
the bookstore from being correlated with the customer records
at my doctor, my dentist, my insurance agent, my therapist,
my attorney, my grocery store, my pharmacist, the comics
shop, the sex-toy shop, the car dealership, the art gallery,
the stained-glass place, the computer store, the video-rental
place, my favorite restaurants, and my travel agent, and sold
as a nice totally invasive bundle back to the marketing databases
of all of the above.  This is not a question about "number of
bits".  I figure the database will have an efficient, no-nonsense
representation of all of these things, and a photo of the screen,
if it can be scanned back, is just as good as a binary copy.

I don't see any way that DRM addresses the privacy concern
of database linking.  Especially since I expect database
linking to be done using specialized software that doesn't
have to get inspected by anybody with a motive to prevent it,
on "professional" (Non-DRM) machines if necessary.


				Bear





More information about the cypherpunks-legacy mailing list