On March 14th Google announced plans to improve their privacy practices by “anonymizing” their logs after 18-24 months. As usual, Google is getting bashed for implementing weak efforts, despite the fact that no other search engine is making any efforts at privacy at all. I am going to join in–not to pick on Google, but because this affords us a chance to discuss these issues and debate what the policy should be.
I have seen a couple of articles recently on the third attempt by Congress to pass an anti-spyware bill (this time H.R.964 aka “The Spy Act”).
False Sense Of Security?
Even if the law is needed to intervene, it is unlikely to impact a significant fraction of the offenders, who are operating in countries and jurisdictions that are uncooperative with US law enforcement. Foreign criminal elements will laugh at these laws, and there may be a danger if the passage of a law lulls people into a sense of false security, causing them to lower their guard.
It is interesting to see the Direct Marketing Association (DMA) fighting this legislation so aggressively. The plea for self regulation clearly indicates a desire to continue using these kinds of tactics. Specifically, Dave Morgan of the Interactive Advertising Bureau (IAB) described “consent” and “prescriptive notice” as “extreme measures.” while to me these seem the least requirement for “informed consent” and should form the baseline of privacy policy.
The core principle is that people need to have the ability to know when their information is being captured, know how it will be used, and have some ability to avoid this if they so choose. Legislation that effectively embodies this will be robust against the fast changing technological background, while narrowly tailored laws are likely to be easily bypassed by new technical tricks.
My purpose in creating this blog is to address trends and issues in online privacy and security. Having been in the trenches in these areas since around 1992, I bring a very applied, practical, and pragmatic viewpoint to the discussion.
My personal perspective is based in the strong principles of privacy and free speech. These absolutes have been tempered over the years, and especially flagrantly in the World Wide Web, which led me to pursue a career in providing privacy and identity protection services.
With this blog, I hope to help, educate, and spur lively debate around these and related issues. Your feedback is greatly appreciated as I look for the best structure for this blog.
