Get off my lawn

← Wordpress on Nginx | posts | Understanding Debian →

What is privacy? "Get off my lawn!" a grandpa would say when law enforcers came on behalf of corporations to take away his land. But some generations later, people would probably say something that sounds more like "I don't need to hide anything, since I'm not doing anything wrong".

What has gone wrong between the generations?

Probably mostly nothing :P The concept of privacy is simple in itself, but the implications that revolve around it are so numorous and touch so much different areas of our lives that it can be difficult to come to a grasp of the concept that encompasses a broader view. Also, the majority of people nowadays don't really want to hear anything about laws and politics and thus they shoo away the implications in this field.

The thing is: privacy in law is not about hiding yourself from the police and judges. It is about leveraging the power that was given to law enforcement:

Check out the other videos at unlawfulaccess.net, they are very informative.

A colleague of mine pointed me to this website, which presents different papers on privacy around a couple of fields:

http://hatswitch.org/~nikita/courses/ece598nb-sp12/schedule.html

I'm particularly interested in the first article of the list, which tries to debunk the "I have nothing to hide" argument and goes on to show that this same argument is actually a crooked response to a flawed question and thus that the whole argument is useless:

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565

This argument was so widely publicized in the media in the last decade or so, that poeple from all fields have become confused about the subject of privacy and are allowing such stupid bills as U.S.A.'s SOPA and Canada's Lawful access that are usually part of trade agreements like the WIPO and the ACTA to be accepted and make it into the laws that regulate our lives, without too much scrutiny, grinding away our right to privacy.

But the problem with the attack on privacy, to the benefit of the so-called security it brings to law enforcement, goes beyond copyright enforcement, says Cory Doctorow (see video below; the linked article is a transcript of the presentation). What we're seeing right now, if we take a step back from all those court rulings, personal suits and bill propositions, are demands for "building general-purpose computers, networks and software that let you do all that you want, except for what upsets a certain group". And, like he says, we're probably going to see more and more buisinesses -- and at that, ones far more powerful and influential than the MPAA -- come up with that sort of demand:

The thing is, we don't know how to build a machine that lets you do all the things that you want except those that are prohibited. Building such a thing means that you'll have malware in your computer continually listening to what you're doing in order to block certain things.

What does actually differentiate one computer activity from another? How can you say that one process is evil and another isn't? Up to now, only humans that analyze what a particular process is doing are able to tell if the process is wanted or not. Not because the algorythms and heuristics for determining a process' intents are lacking, but because determining a process' intents is not something that you can do reliably with an algorythm that can run on current computers. There are pretty much an infinite ways you could come up with something that ultimately is used for illegal activities. And most of the times, the ways those illegal activities are achieved are by using methods that could also be used by legitimate actions.

So, regulating what a computer can do means you need to have human oversight. Also, regulating how it can do things is acutally not a realistic demand because people will always come up with ways to upsmart laws that try to do that. And to go further: how a computer does things is actually not the root cause of the problem! It's just a technological means of doing something. There'll be other technologies in the future to continue sharing music, movies, political wires, trade secrets and whatnot. Finally, in all those attempts to prevent crime, the ones that get penalized are mostly only the legitimate users.

How do you stop someone from committing fraud? The best way you could do this would be to implement an easy way to verify that the numbers balance out in periodical reports and to send an alert to request human oversight when something smells fishy. Heck, sometimes the fishyness is so well hidden that even the previous method wouldn't be enough. How far would you go, then to ban fraud? Would you force computers to kill any network connection that looks like it's about to change information in a suspicious way? Hah! that's not even effective. Actually, by doing so you run the risk of blocking totally legitimate transactions, and we all know that that would destroy the economy.

So the problem in my opinion is not about not having laws for copyright (or whatnot) that deal with new technology, it's actually about having laws that deal with a certain set of technology. And to go deeper, it's about using the wrong set of guidelines to set regulation: laws are meant to define what We, as a society, deem is acceptable or not; they should not be built with the focus on how to stop people from doing what is not acceptable.

So my conclusion will sound like a grandpa. To all of you lobbyists, law enforcers and judges: Get off my lawn!