## Tuesday, August 01, 2006

### Privacy

I have used Gmail extensively as my main email system for a couple of years now. I often get asked about letting Google have access to all my email. Is my email more secure on a machine run by Google or by the University of Chicago? Hint: Which one can my employer read without a court order?

Actually I don't care, I use Gmail because I like the interface and the ability to read my email on any browser on any internet-connected computer.

Computer scientists take as a given that everyone worries about privacy. But in fact, outside of computer scientists and a few other techophobes, most people don't. Google not only has my email but also my calendar and if they ever started Google Money, my financials as well. Nearly every major and most minor transactions I make leave an electronic trace. With the right passwords on the Internet you can see what products I buy, what books I read, what movies I rent. So what?

Best as I can tell worries about privacy come from an inflated notion of self-worth. In reality nobody really cares about your private information. The safeguards we have against privacy, while far from completely secure, are enough to deter people for looking for information that just isn't that valuable. Damage will come from people writing in the open; Something someone is writing in their Myspace account today will come back to haunt them thirty years from now when they run for public office.

I do worry about my information online. I worry that people will could delete my files, assume my identity or steal my assets. However I have the ultimate protection against privacy concerns: If you look very carefully at my email, my calendar, the web pages I visit and the stuff that I buy, you'll truly discover that I'm just a really boring person.

1. Well said!

2. Why not have encryption of user data in web applications?

You could have a client-side cache of unencrypted data to allow for such features as search.

There's really no reason to trust Google when there are alternative solutions.

3. This one of the worst posts I have read in this blog. It seems like nothing more than a repetition of the old argument in favor of government survelance that if you have nothing to hide, you have nothing to fear.

Computer scientists take as a given that everyone worries about privacy. But in fact, outside of computer scientists and a few other techophobes, most people don't.

This is false. Take a poll; ask people if they are worried about people finding out their medical records, financial records, and identity theft. You'll find that most people in the US are worried about privacy.

You may be "boring", but your financial information isn't. You may be quite healthy, and not worried about being denied insurance, but many people are not.

Of course, one shouldn't live a life in fear. Fortunately, most people will never have their identity stolen, and using gmail for discussing work and your social life isn't something I worry about. On the other hand, I suspect you'd refuse to post your brokerage account name and password on your blog, and that shows why privacy can be very important.

4. As a cryptographer, I should be outraged by this post. And, to some extent, I am :). But I have to admit that I personally also take very little effort to ensure my privacy.

What I think is important, is not whether one is personally paranoid about its own privacy, but whether one CAN be paranoid if one chooses to. I live in Manhatten, and I have to admit that I am very far from exploring all the exciting things that happen here everyday :). Still, the few times I do, and the fact that I always CAN if I choose to, makes me extremely happy to live in the City. I think the same thing is true about privacy. I think it's your choice how private you want your life to be. But one should have options.

Of course, the above thing is not very deep, but it does have an implication. If one is using mainstream services like Gmail, Yahoo!Mail, Amazon, EBay, etc., their default privacy policy should be acceptable and not to invasive from the privacy perspective. Because if it's not, and I want to be paranoid, I am severely limiting my choices in terms of popular services which have little variety on the web. Thus, even if we currently do not care about own own privacy, the fact that someday we may want to care, or some people we want to interact with already care, means that we MUST be outraged by obvious violations of privacy.

Additionally, when you said you don't care about privacy, I think you really meant you don't care about a PASSIVE observer who just records what are doing. I am sure, however, the moment the passive observer turns into an active attacker, your attitude would change, Spamming is a perfect example. I don't care if people know my email, in fact, I want them to. But I don't want to be bombarded with spam. Thus, we all take elementary precautions like using a spam-filter and non publishing our email in clear text. So even the most boring of us actually care and at least somewhat enforce privacy, without perhaps explicitly admitting it :).

To sum up, I am with Lance regarding my personal "non-private" lifestyle, but I think not worrying about privacy --- because one currently (thinks that one) doesn't enforce it,--- is too big of a leap, which I am not willing to make.

Finally, as a researcher in cryptography, working on privacy-related problems is pretty exciting from a technical perspective. So, even I never get to use it, it's too much fun to help ensuring it :).

PS. As a proof of my lack of privacy, the above blog should easily reveal my identity :).

5. The difference Lance, is that Google as a corporation has a duty to extract value from your personal data, while the University of Chicago doesn't. When an insurer comes knocking asking google for a copy of all your emails so that they can search for illnesses in your family Google will be strongly inclined to say yes.

6. What exactly requires Google to continue to support my gmail account? Is there anything (other than bad publicity and my ire) that would prevent Google from dropping it overnight?

7. Is there anything preventing a university from dropping your email account?

Is there anything preventing Google from dropping web search?

It wouldn't be good for business.

8. It's the same old tired argument used against encryption in the 80s: only people who have something to hide care about secrecy, and ordinary folks like you and me shouldn't. Truth is, many of us do have something to hide at one point or another in our lives (think grades, employment or dating history). Moreover, if we do care about civil liberties, we want to give _other_ folks a chance to freely exercise _their_ liberties, express _their_ opinions, and make _their_ choices without _their_ being fearful of repercussions.

There is a different, pragmatic argument for privacy in most mundane areas such as income or shopping preferences. If this information is available to the highest bidder, it greatly enhances effectiveness of on-line and off-line spam and other invasive marketing strategies, which in turn, increases (rather than decreases) their amount. I would rather receive Viagra e-mails and let my spam filter deal with them than the same quantity of e-mails peddling skiing gear and advertising clearance sales of textbooks in cryptology that I might be vaguely interested in.

9. here is a related link

http://www.cnn.com/2006/TECH/internet/07/20/china.internet.ap/index.html

....Yahoo! has been criticized after its China arm provided data which helped jail two dissidents.
....

10. It's simply much easier not to worry about such things.

But in fact, how would Lance feel if Google (or U. chicago) are asked/required to reveal all the emailshe sent, including say recommendation letters and referee reports? If it boils down to being their interest to clear their name on some matter against yours, you will desparately read into every word in the policy you say you don't even care about.

In fact, I would argue that the smaller ISP the better, as there are less chances these guys will try to lay their hands on it.

11. Indeed, your email archives not only contain information about you, but also about people who wrote to you, and whether this information is confidential or not is not your decision to make. In particular, when you receive papers to referee, the authors assume that their paper won't be read by more than a few before their work is aknowledged. Or when you receive reviews for those papers, the referees assume that their identity will be kept secret, it is not your decision to make if this could be published or not.

Another reason to protect confidentiality, is that it represents money. Many auction systems are based on confidentiality, and partial information about how much competitors or clients are ready to pay for an item or service can often be turned into cash, giving an unfair advantage to the ones with the information (in this case, the organisation which had the money or the influence to extract the info from Google).

"Shoppers Cards" and other fidelity cards are used to monitor consumers habits, to create profiles. Even though those profiles are anonymous, they model the commercials you see, the prices you pay, the optimal time for sales. At a conference many years ago, I think that it was Papadimitriou who was arguing that one should refuse to answer consumer's survey without any contribution in return, because such a survey can help the organisation commending it to make profit while it can harm (indirectly) the user filling it (if he is part of a minority and that the global results of the survey show it).

I am not sure that I bought the argument described above (most customers benefit from the survey I think), but the fact is that information can mean money, and that in the same way that your constant leaking of small change adds up to some big amoung at the end of the year, you may care or not about regularly leaking small bits of information.

12. OK, and Raghav's credit card number is.... JK

Wacka wacka wacka!!!

13. One issue that permeates all these comments
is that there are very different types
of privacy. Here is a quiz

1) Would you mind of a corporation like
amazon kept track of what items you
purchased so that they could alert
you to products coming out that you

2) Would you mind if amazon then sold your
name and buying habbits to another
company?

(In both of these if it really was
just to help the consumer, maybe it
would be okay.)

3) Would you mind if this list got into
the hands of the government?

(Here Lance might say that his buying habbits have nothing embarassing for
him. But now we are sliding fast down
a slippery slope.)

4) Would you mind if the government
kept track of where you travelled
so that they could give you a
let him through security without
a search, he's okay'' card.
(Such things are being discussed)

This sounds really good in the short run.
But I know someone who has the same name
as an IRA terrorist and he has to get to
airports 6 hours ahead of time to get
cleared.

5) Do you want the government to have
the authority to look at peoples bank
records so that they can track down
terrorists?

Sounds good, but do we trust the government to stay within their mandate.
There are two Iranian and one Egyptian
Theory Students at UMCP. Should the
government be able to track the advisors
bank account based just on the nationality
of his students. Surely not!

The government has showed itself very
very bad at these sort of things.
Hence Privacy is important, even for
boring people.

bill gasarch

14. Thank goodness for people like you, who make people like me (who take care to protect our privacy) a little more secure, in that most thieves go for unlocked doors.

15. Lance sez: If you look very carefully at my email, my calendar, the web pages I visit and the stuff that I buy, you'll truly discover that I'm just a really boring person..

Gee, Lance, aren't you worried that this may be a symptom of academia-induced cognitive impairment syndrome (ACIS)?

This issue is raised only partly tongue-in-cheek. The neuropsychological effects of the battlefield are the object of much recent cognitive research (review here):

"The term battlemind captures the way in which deployed military personnel develop ways of adapting that are appropriate and helpful when vigilance is required, decisions have to be taken quickly, targeted aggression is appropriate, and emotional control is essential. Many returning veterans report difficulties switching from these normal responses to the responses required at home. The final question for concerned veterans is whether the changes will persist."

If we take this work seriously, it's clear that the academic environment is similarly likely to exert strong effects on cognition---effects of which the subjects themselves are likely to be unaware.