Computers, Freedom & Privacy
Last week, Seattle played host to the annual Computers, Freedom & Privacy conference, which is a gathering of leading experts on privacy, encryption, anonymity, and human rights mingling with enthusiasts and novices interested in learning more about the topics. While I'm aware of issues relating to privacy and anonymity, I'm generally not thinking about them directly until something bubbles up in the news about some security breach or exploitation of information by an individual or group with malicious intent. I password protect my information but I don't lay awake nights wondering who might be trying to access it. Now that I've attended a small portion of CFP2005, it may be one conference I try to keep on my annual agenda for years to come.
Having this conference fall in the same week I invested a massive amount of time in going through my financial data to work toward completing my taxes caused more reflection on the topics of encryption and privacy than I might devote in any other week. There's a whole ton of information about me available online. It's all secured behind password protection and secure sites, but in theory it's all just a few keystrokes away. Anonymity is one of the things that's got me most intrigued at the moment. The overall likelihood of someone spying on my data is relatively small. Maybe the likelihood of someone spying on my data is slightly higher than the average person because I make myself widely available online, but it would certainly be more interesting and presumably more profitable to spy on someone like Harrison Ford. In the process of trying to determine certain details about a person's online habits, it would be infinitely easier to figure out a bank password if you know the bank where someone does their business. So my logging into Bank of Lake Washington site may be secured to the point my password is undetectable, but the fact that I'm connecting to the Bank of Lake Washington site would be more obvious. Calculated reasoning might suggest that my visiting the Bank of Lake Washington site three or four times per week is because I bank there. Now instead of trying to track down my password at any bank, someone interested in accessing my bank records would know that Bank of Lake Washington is the right place to start. Adding a layer of anonymity with an application like Tor, still allows me to connect securely to the Bank of Lake Washington site without anyone but the bank knowing it's me connecting to their site. Add that to the encryption protecting my password and the chances of anyone finding out where I bank and what my password might be are further reduced.
Encryption and anonymity aren't just about trying to keep secrets from people who may be eaves dropping on you. It's about the right to keep your private life private. While it's arguably a bad idea to put anything you might regret later in writing (this message will self-destruct, anyone?), having people see something that was none of their business in the first place is potentially a violation of your rights, depending on where you live. It can also be an effective means of validating someone is who they claim to be. Using a public key encryption mechanism, you make it quite possible to let people know you are really you when you send them a message. That's one way of making sure you aren't falsely accused of sending junk or infected messages. If you always digital sign your messages and someone receives a message from you without that signature, it's pretty easy to say if it wasn't signed then it wasn't really me; this is the digital equivalent to the Notary Public only considerably less fallible based on my experiences signing documents. Sometimes software tools that obscure our online habits are meant to provide safety - one of the key uses for tools like the recently featured Tor browser plug-in.
What about all that data we back up to blank media on a regular basis. Bank statements, credit card information and personal identification numbers are all data apps like Quicken and Microsoft Money graciously offer to store for a convenient snapshot of our financial picture. Make a backup of that data and then years later decide the disk is no longer of any use because the information is horribly out-of-date. Is the data encrypted, or could anyone dig the plastic from the trash and pull up your financial records? Old or not, the information may still point to live accounts. Of course, the obvious solution here is to destroy the disk before throwing it away, but a better idea would be to encrypt the data so when it's stored to disk.
And then there are services offering to sell your information or provide background checks. ZabaSearch turns up more information than I necessarily want to share about my previous residences and phone numbers. The president of PrivacyActivism.org got a surprise when she read through all the details about her own life provided by ChoicePoint. At least in the United States, it's getting steadily easier for anyone to find out all the gory details about anyone else. Maybe it's time to move to Montana and raise dental floss after all.
Computers, Freedom & Privacy isn't about feeding on the collective paranoia of a world gone mad with information. It's a hard core examination of the issues surrounding privacy and freedoms as they relate to computing. It's a chance to get some of the best information on the issues straight from the experts who understand them better than anyone else. Next year, it might be a chance to engage some of the decision makers who influence policy when Washington D.C. plays host to CFP2006. With any luck, I'll be there.