Privacy snake oil
Remember how Bruce Schneier used to do those security snake oil posts? Somebody needs to start doing that for privacy.
Here's a great example of privacy snake oil. The primary NSA issue isn't privacy, it's authority by Jeff Jarvis.
I also think that my cancer hospital, Sloan-Kettering, should collect data about how many penises, including mine, still function properly after prostate surgery there because that information and associated metadata about surgeons and age and other conditions could be valuable to the patients who follow. Of course, I expect that data to be held anonymously.
But there is no such thing as depersonalized or safe data about a person. You can't magically assume that because some large instition has a policy where everyone has to raise his or her right hand and say something nice about privacy, that the data won't get out there.
And "white dude who chooses to write about his penis" shouldn't be the benchmark for privacy policy anyway, but that's a whole other issue.
Here's the real problem, explained in an Atlantic piece by Rebecca J. Rosen: It Is Trivially Easy to Match Metadata to Real People
As federal district judge Richard Leon wrote in his decision last week, "There is also nothing stopping the Government from skipping the [National Security Letter] step altogether and using public databases or any of its other vast resources to match phone numbers with subscribers."
Yes, that's right. Real people. Not hypothetical "wouldn't it be nifty if in the future..." people, but real people with all the stalkers, scammers, data brokers, and assorted creeps who have just as much access to the surveillance-marketing complex as anybody else.
Gervase Markham thinks it through, in Location Services and Privacy.
Now, as Mozilla, our initial impulse as an open organization would be to release all the raw collected data to the public so people can build awesome things we haven’t even thought of yet. However, it turns out that this data comes with some interesting privacy challenges.
Yes, code should be free, and so on, but what about wireless MAC addresses? What about all the other privacy use cases?
Privacy is hard.
Schneier's snake oilers were always trying to re-use one-time pads. You can't do that. Likewise, you can't collect and store PII—and it's all PII—and not have it come back to bite the people that it's about.
Bonus links
RAND: Commentary by RAND Staff: Opt-In, Opt-Out; Why Not Forced Choice?
Top News - MIT Technology Review: Data Discrimination Means the Poor May Experience a Different Internet (via Hack Education)
Doc Searls: Marketing isn’t getting the market’s message
Mike Williams: Easily block cookies, images, scripts and more with Chrome's HTTP Switchboard
Bruce Schneier: A Fraying of the Public/Private Surveillance Partnership
Michelle Richardson: Feinstein's NSA bill shows she doesn't have a clue about intelligence reform
Evgeny Morozov: The Real Privacy Problem
Chloe Green: Survey warns of looming consumer revolt on private data sharing
Bruce Schneier: Surveillance as a Business Model
Alice Marwick: How Your Data Are Being Deeply Mined