The following text is copyright 2007 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.

 

Anonymity as a thing of the past

 

By: Scott Bradner

 

As is too often the case, the headline on the story was quite misleading.  Reading the AP headline "Intel Official: Expect Less Privacy" certainly got my attention.  So did the second paragraph of the story. "Privacy no longer can mean anonymity, says Donald Kerr, the principal deputy director of national intelligence. Instead, it should mean that government and businesses properly safeguard people's private communications and financial information."  But reading Kerr's actual speech and the Q&A session that followed it (http://dni.gov/speeches/20071023_speech.pdf) provides a rather different picture.

 

Some of what Kerr said could have been said by the most ardent privacy supporter (like me).  Kerr did not say that the government was taking away our anonymity.  He said that Google, just like Mr. Peabody's coal train, has hauled our anonymity away.  I can't argue with that fact.  (See Google: looking good by doing less evil http://www.sobco.com/nww/2007/bradner-2007-03-26.html.)  He also said that people toss away their own privacy every day on MySpace, Facebook & YouTube.  As he put it: "Protecting anonymity is a fight that can't be won." Kerr said it's time to understand that privacy is not the same as anonymity and it's time "to engage in a productive debate, which focuses on privacy as a component of appropriate levels of security ands public safety."

 

The comments on anonymity and privacy were a small but important part of a short talk that focused on the work of US intelligence agencies in areas as diverse as plotting hurricane damages and embassy bombings.  Kerr, as "principal director of National Intelligence," should know about such things. He also talked about how things were going (in very high level terms) with the cooperation between agencies that the 9/11 report called for.

 

While I can't disagree with much of Kerr's premise in saying it's time for a debate on privacy and security.  I also can't disagree with him when he says that if we make security and privacy "an either/or proposition, we're bound to fail" and that such a debate is "not necessarily best carried out in hearing rooms; it's certainly not best carried out in television environments where people just scream at each other." But I expect that we run out of agreement soon after that.

 

Kerr asserts that privacy "is a system of laws, rules, and customs with an infrastructure of Inspectors General, oversight committees and privacy boards on which our intelligence commitment is based and measured."  But this is the very system that has totally failed us again and again in the past and even now in the present.  In answering a question, Kerr noted that it is a felony for a federal employee to misuse data, with fines of up to $100 K and 5 years in jail but he also says that he does not think it ever happened.  Mr. Kerr how about decades of illegal spying by the FBI on the civil rights and other legal activities - where were the prosecutions of the FBI employees?  There are dozens of other similar examples.  There is no history that shows that the current system of checks has ever produced an actual balance between privacy and security when the system is primary controlled by the government.

 

Kerr is right that there needs to be a debate but it can not just be the debate between members of the Office of the Defense and the National Interest that Kerr says has started - the debate has to involve us all, individual citizens, universities, business interests, privacy advocates and, yes - importantly, national security experts.

 

disclaimer:  There are people at Harvard from across the security vs privacy spectrum but the university itself has not expressed an opinion - the above one is mine