Friday, May 7, 2010

Thoughts on Privacy

Kinda off-topic from current events, but I've been thinking somewhat about online privacy, and specifically how it could be protected. Now, being the small-government person that I am, my thoughts naturally shy away from idiotic notions like "we need government regulation" and "more government regulation would help", and toward more practical and potentially effective solutions. It's a hard problem, though, and it's ripe for abuse... already various government organizations are vying for the right to control our privacy. Rather than just rant about how stupid all those "solutions" are, though, I've been trying to come up with some actual good ideas.

One idea I've been evaluating is making telecommunications "gateway" providers civilly liable for any divulgence of personal data (which seems pretty straightforward). A step further, though, would be to make them also jointly liable for any illegal data access or activity (eg: content stealing, hacking, etc.), but only if they monitor, record, or otherwise oversee or store the data being transferred; there would be an explicit safe-harbor if the data is not monitored or recorded in any way. This would provide a significant advantage for service providers to strictly maintain privacy for their users by design, while not substantially increasing government overhead. Of course, this would require also modifying any laws which required storage or monitoring of personal data, but those [invasive] laws could be happily sacrificed. A similar safe-harbor law would be available to corporations, although I'd imagine less businesses would avail themselves of it, though it certainly wouldn't hurt (from a privacy perspective).

Another difficult area is financial privacy. Big government types would argue that the government needs access to all financial information, large and small, in order to track terrorist funding and other nefarious financial activities, as well as preventing market manipulation and ensuring financial stability. They're dead wrong, of course; not so much in their logic (ie: the government would need that data to optimally protect the people from those things), but rather in their premise (ie: that the government can or wants to protect the people at all). The "solution" for these concerns is twofold: first, apply the forth amendment liberally and repeatedly like a blunt hammer to the heads of the imbeciles who keep proposing these asinine laws, and second, develop separate mechanism to ensure financial stability and market fairness which don't rely on mythical government competence, but rather transparency and accountability.

There's one more issue which has been hot recently, and it's vexing to try to address: online information privacy. There's lots of information available on people online, and controlling access to that information is a logistical and legal nightmare, especially when most people don't know what information is out there, or how to effectively control their own information. Again, here, transparency would be our friend: if every online site were required to post, in an easily accessible format, all your data which they make available and under what circumstances, it would go a long way toward enabling private information to stay private. The other way the government could help is by making it illegal for companies to ask for and/or acquire sensitive information unless they assume legal liability for its release, similar to the laws which control health care information. A little more easily-applied liability could go a long way toward companies taking privacy more seriously.

Anyway, those are my thoughts on this difficult subject, which is only going to become more so as systems become more connected, and nefarious politicians try to capitalize on it to advance their own unrelated agendas. Hope it was interesting.

No comments:

Post a Comment