Privacy is Changing Outsourcing in Canada
posted by:Terry McQuay // 11:46 PM // April 25, 2006 // ID TRAIL MIX
![trailmixbanner[1].GIF](http://www.anonequity.org/weblog/archives/images/trailmixbanner[1].GIF){kind=small}
Outsourcing in Canada is changing because of privacy laws, changes in government outsourcing policies and business concerns resulting from the USA PATRIOT Act. Increasingly, Canadian service providers are finding themselves with a competitive advantage simply because they keep their customers’ data in Canada. Conversely, US-based service providers are finding themselves at a disadvantage, often scrambling to move their data processing to Canada.
Background
Privacy laws in Canada provide consumers with the ability to file complaints on organizations located in Canada with provincial and/or federal privacy commissioners’ offices. Complaints typically result from real or perceived mishandling of the consumer’s personal information by the organization, but consumers can file complaints even if they are not directly subject to the privacy issue or breach.
Privacy laws also provide the privacy commissioners’ offices with the power to investigate consumer complaints and an obligation to identify, expose and where possible influence privacy issues that impact Canadians. Over the last year, privacy commissioners in Canada have increased their focus on cross-border transfers of personal information. This privacy issue results from personal information being sent to locations that don’t have the same level of legislated privacy protections as Canada does.
Although offshore transfers to countries like India (that don’t have privacy laws) might seem like the logical target for this increased focus on cross-border transfer of information, they’re not. Organizations that outsource to India typically have contractual and other means to secure personal information, thus providing more than adequate privacy protections. The focus is on the USA. The USA PATRIOT Act is considered by some to be anti-privacy because it provides US federal authorities seemingly unfettered access to any personal information held by US firms, whether it is on US citizens, Canadians, or anyone.
Cross-Border Privacy Concerns
Privacy laws provide consumers the ability to complain, and provide privacy commissioners the powers to investigate these complaints. But do consumers really care if their personal information is transferred to the USA? As a Canadian, ask yourself these questions:
“Would I like my personal information reviewed by a US authority, like the FBI?”
“Would I like my purchasing habits, my medical information and my resume accumulated and accessed by US government agencies?”
If you answered ‘no’ to these questions, you are not alone. According to a survey published in June 2005, and conducted by EKOS Research Associates on behalf of the Privacy Commissioner of Canada, 64% of Canadians have serious concerns about companies transferring their personal information to the US.
Privacy Commissioners Influence Corporate Outsourcing Policies
Cross-border transfers of personal information are a major concern of privacy commissioners across Canada, and they have taken many steps to build the awareness of this issue. The Office of the Privacy Commissioner of Canada has stated on several occasions:
“At the very least, a company in Canada that outsources information processing in this way should notify its customers that the information may be available to the US government or its agencies under a lawful order made in that country.”
In a recent precedent-setting finding from the federal commissioner’s office about a complaint of an organization’s transfer of personal information outside of Canada, the finding stated that an organization must comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), the law that governs all customer personal information transferred to the US by corporations in Canada.
Principle 4.1.3 of Schedule 1 states:
“An organization is responsible for personal information in its possession or custody, including information that has been transferred to a third party for processing. The organization shall use contractual or other means to provide a comparable level of protection while the information is being processed by a third party.”
Principle 4.8 states:
“An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.”
To comply with PIPEDA, the Commissioner’s finding states:
“What the Act does demand is that organizations be transparent about their personal information handling practices and protect customer personal information in the hands of foreign-based third-party service providers to the extent possible by contractual means.”
Transparency requires providing notice to consumers that their information will be located outside of Canada. Thus, organizations have only two viable options:
1. Provide notice to consumers that their personal information is being transferred to the US and is subject to US laws; or
2. Keep the data in Canada.
Outsourcing Rules are Changing
Organizations are avoiding this issue completely by keeping personal data in Canada. The location of the data is now one of the decision factors when selecting a new service provider for an outsourcing contract. Many, if not most, government organizations are demanding personal information remain in Canada. Banks, insurance companies and healthcare providers are pressuring their current suppliers to keep personal information in Canada, and selecting new suppliers that keep their data in Canada. Privacy has changed outsourcing in Canada.
Competitive Advantage for Canadian Service Providers
Canadian companies are finding they have a competitive advantage, simply because the data remains in Canada. One such company is ThinData, a Canadian e-marketing solutions provider. Wayne Carrigan, VP of Client Services at ThinData explains:
“We are a Canadian company and we have always processed our customers’ data in Canada. We never expected privacy laws and concerns about the USA PATRIOT Act would provide us a competitive advantage, but it has.”
As for customer demand, Wayne states:
“We are increasingly responding to proposal requests that specifically ask if we keep clients’ data in Canada. Our customers have stated that one of the reasons they have chosen ThinData is they want their data to remain in Canada”.
Similarly, Gabe Mazzarolo, Chief Privacy Officer of Workopolis, Canada’s biggest job site, states:
“Almost every piece of information contained in an individuals resume is personal information. Both our corporate clients and Jobseekers feel more secure knowing their information remains in Canada.”
Nymity, a leading privacy research firm, has seen substantial growth in both its training and its subscription services as both US and Canadian organizations are looking for pragmatic solutions to mitigate the impact of privacy on outsourcing, or looking for a means to capitalize on this privacy issue. Jin Shin, Nymity’s General Counsel explains:
“Outsourcing personal information to the US can be done in compliance with PIPEDA, but doing so doesn’t mitigate all privacy risks, and in some cases it introduces new privacy risks. For example, although providing Notice is required, it can have unanticipated results. A few of Nymity’s customers have provided Notice that resulted in complaints to the Federal Privacy Commissioner’s office.”
Linda Drysdale, a privacy expert at PricewaterhouseCoopers states:
“We foresee huge growth in service providers conducting audits against the new Generally Accepted Privacy Principles (GAPP) from the AICPA/CICA, partially due to their customers’ concerns related to transfers of personal information outside of Canada.”
Conclusion
Privacy is changing outsourcing in Canada. Government policies virtually mandate personal data remain in Canada and corporate Canadian is finding it best to simply avoid the issue completely by keeping their customers’ data in Canada.
The bottom line for services providers is: Canadian service providers have a competitive advantage—US service providers have a business risk.
Terry McQuay is President of Nymity Inc., a privacy research firm that provides privacy training, risk mitigation subscription solutions and research services for corporations and not-for-profit organizations.| Comments (0) |
Anonymity As a Way of Managing Stigma: The Case of Narcotics Anonymous
posted by:Catarina Frois // 08:47 AM // April 19, 2006 // ID TRAIL MIX
I would like to take this opportunity to talk a little about the use of anonymity as a way of managing stigma, specifically in the case of the association known as Narcotics Anonymous. The saying “once a Junkie, always a junkie” used by NA members, is closely related to three ideas that I presently address: stigma, anonymity and addiction. Narcotics Anonymous are a non-professional self-help association conceived for individuals with drug-related problems. They follow a model known as the 12-Step program, consisting so many stages or principles which individuals must follow if they are to successfully engage in a process of abstinence from drugs instilling on members a “life philosophy” that will be useful to them in all the areas of life.
The oldest register I found for Narcotics Anonymous in Portugal, dates back to 1983: the first group was started in Lisbon, and today, according to the data made available by the association’s portuguese website, there are 164 groups distributed throughout the country. The research included here relates specifically to a nine month period of participant observation in two groups of the Lisbon area. Each of these groups had an average of 20 members, with ages ranging from 25 to 45, an with a ratio of 60% men to 40% women.
Members in this association describe themselves as “addicts”, that is, people suffering from an illness called addiction, which is not merely a dependency of toxic substances and alcohol but a disease with underlying behavioral problems of which obsessive-compulsive and self destructive behavior are symptoms. The 1st Step, which states: indicates that they believe that abstinence is only possible when someone is ready on one hand, to acknowledge that they are powerless toward their use, and on the other hand, that they can recognize themselves as addicts.
Therapy is based mainly on the exchange of common experiences among participants during the course of reunions arranged for this purpose – the meetings. This event lasts approximately 90 minutes, during which those who have gathered there speak of their drug-related problems, past and present. As an association made up exclusively of people afflicted by the same problem, not by professionals, they act on the conviction that “the therapeutic value offered by one addict to another is irreplaceable” and thus members experience what they call “identification” free of judgment and prejudice. Everyone present admits having lost control of their lives due to drugs and their need to seek a solution for this problem through the sharing of their experience.
If initially persons seeking help think of themselves as failures, as “bad” people with no principles, as soon as they get acquainted with NA philosophy and with other people sharing the same problem, they realize that they were not responsible for their behavior under the influence of drugs. They are no longer junkies; they are people with a disease. At this point there is a whole transformation in the way members define themselves ant their relationship with others. This starts in the first moment a person introduces him/herself in a meeting stating his/her first name and acknowledging their situation: “Hello my name is Pedro and I am an addict”.
The idea of illness is to some extent, a way of denying responsibility for past actions and releasing a burden of shame and guilt which everyone points as those feelings which were prevalent when they first joined this association. According to NA philosophy, drug abuse and addiction are in fact two different concepts. For NA members drug abuse refers to a person who is still actively using toxics substances and who may or may not be an addict, since addiction implies an illness that is more than just a question of drug use. An addict’s obsessive compulsive behavior reveals itself in different area of a person’s life, such as his work, relationships, etc.
A drug abuser is a junkie, someone who society rejects and condemns. It has an immediate negative connotation. An addict on the other hand, is a sick person who has no responsibility over his conduct “under the influence” but who has a responsibility to keep cleat of that influence. How does this distinction relate to stigma and anonymity? Erving Goffman (1963) speaks of stigma as a condition of difference and distinguishes two types of stigmatized persons: the “discredited” and the “discreditable”. The discredited is someone bearing a visible stigma, which is evident at first glance and which, according to this author, has an immediate influence on the way interaction occurs.
This is the case, for example, of someone with a visible physical deformity, or of the junkie wee see begging on the sidewalk. The second type, the stigmatized discreditable, will be someone who has a stigma which is not immediately visible to others, and which will only become “discredited” from the moment he reveals his condition to others. This is the case of an “addict” attending to NA.
To NA members a recovering addict will only reveal without restraint his/her stigma within a meeting: outside the group he will omit his/her problem, including his/her membership. This is where anonymity, the last idea mentioned in the opening paragraph, plays its role.
Anonymity is one of the rules of this association and it is observed both within meetings and outside of them, as a way of protecting the legal identity of individuals. As such, within one meeting members identify themselves merely as addicts, concealing all other identifying elements – family name, address, profession, etc. – and outside the meetings members will keep their membership, as well as other’s anonymous. Revealing their membership to non-members is tantamount to revealing their stigma.
The decision to do this is referred to as “breaking anonymity”; in other words, revealing their identity as someone who has had a drug-related problem makes their stigma visible to others, exposes them to judgments made on the basis of this information. This brings us back to the difference between drug abuse and addiction. NA members share the idea that other people view drug users as “criminals”, as untrustworthy people who are capable of acting in bad faith and incapable of change; “Once a junkie, always a junkie”. Because of the weight this stigma bears on the image of drug users, as soon as someone breaks their anonymity and reveal themselves as somebody with a drug problem, they will immediately be identified by others as a “junkie”.
Anonymity is therefore a choice, a useful instrument for managing stigma. In such a context, a person is free to choose what is revealed, and who it is revealed to. Thus, anonymity is a kind of empowerment for those who use it.
Catarina Frois is a PhD student in Anthropology at the Institute of Social Sciences, Lisbon University, Portugal.| Comments (0) |
Myspace: a network without borders
posted by:Melissa Cheater // 11:34 PM // April 11, 2006 // ID TRAIL MIX
MySpace is the current hot little number in the world of online social networking sites, boasting 66 million members, and growing. It is ranked 8th in alexa.com’s global top five hundred websites, and 5th on the English Language top five hundred. What started sixdegrees.com (no longer online), lead to friendster, and the current groundbreakers, Myspace and Facebook. There is no need to get nitty-gritty about all the little distinctions between the various OSN (online social network) services that have come and gone over the years. The important facts to remember is that anyone with an email account can register on myspace, and that facebook (ranked 53 in the global five hundred) is only open to individuals with email accounts accepted university mail servers. Friendster is considered a past trend in North America, having faded from administration/user conflicts and a period of technological trouble, but still claims 27 million accounts. Facebook rests at 7 million participants. At more than twice the population of Canada, Myspace is by far in the lead and has a significance all its own.
Social networking sites are characterized by a “self-descriptive profile” featuring photos, personal information and a public display of “personal connections” (Donath & boyd) Though OSN websites have risen and fallen over the year, the popularity of this type of service has only increased. Offline, a study by Wellman has observed that “a typical personal network included 3-6 close and intimate ties, 5-15 less close but still significant and active ties, and about 1000 more distant acquaintances” (Wellman in Donath & boyd 80). Networking sites are very efficient at allowing users to maintain an increased number of weak ties and an overall larger network of connections (Gross & Acquisti 73, Donath & boyd 80). Granovetter’s “Strength of Weak Ties” describes how a weak tie should not be undercredited as a “trivial acquaintance tie but rather a crucial bridge between the two densely knit clumps of close friends,” in a context where otherwise these “clumps” would have no connection whatsoever and would be isolated from each other (Granovetter 202). By connecting different groups, weak ties give access to the different resources and opportunities available in different groups. In terms of privacy, a social network structure supporting an inflated number of weak ties (users boast anywhere from 1 to 1000’s of myspace “friends”) is an environment where a huge amount of information is moving very freely – and in a network of 66 million individuals, this can be quite significant. (On Monday, April 10, Tom had 69,998,034 friends connected to his profile – and while every new member is given Tom as a friend, not all of them chose to keep him on their friend lists. This would put myspace membership somewhere above Tom’s 69,998,034). If gossip and rumour are considered social concerns in an offline network of 1000 connections (Wellman), imagine the consequences in a network of 70 million paired with increased weak, “bridging” ties.
danah boyd’s concept of the “super public” is also very relevant to this discussion. It is recognized that in our daily lives we actively manage our identity, performing different faces in different situations (Goffman). We perform work to maintain our various faces in separate publics, and to avoid overlapping these performances. boyd proposes that as myspace.com shifts from a niche service for musicians, to a mainstream community, a super public is emerging. Where else can we find a context where we would present the same face so openly to such a large body of individuals? Previous network sites have involved features that allow members to adjust how visible their profile is to different degrees of connection. For example, Donath and boyd discuss a situation where a teacher with a friendster account was confronted with having students from her classes add her as a “friendster” and having to decide whether she was comfortable with students being able to view the profile she had created with friends in mind. Friendster allowed her to set who was able to view her profile but this option is not offered by myspace. Myspace, in fact, has no privacy options available for adult users.
Acquisti & Gross discuss that while offline ties or connections can be “loosely categorized as weak or strong,” they are actually “extremely diverse in terms of how close and intimate a subject perceives a relation to be. Online social network, on the other side, often reduce these nuanced connections to simplistic binary relations: “friend or not”” (73). Nowhere else is this more true than on myspace. In the absence of privacy settings, the only way to deny a member complete access to your myspace profile is to deny their friendship – and even then, they can still view all your content (except for blogs posted as private or “friends only”).
Those of us who were present at the SSHRC site visit in February might remember Joel Reidenberg’s question about myspace, regarding how he could witness his son’s (or any other member’s) behaviours within the network without explicit permission. All you need to start surfing myspace is a membership, you don’t need any friends. This is one of the primary differences between myspace and facebook (facebook was the topic of a talk given by Alessandro Acquisti). While myspace allows anyone with an email address to start an account, only emails from approved university domains are able to start accounts on facebook – and you can only freely “lurk” people who attend your specific school. Facebook also has a variety of different privacy settings, that Acquisti finds are rarely used. Anyone, even without a membership, can click through the myspace network viewing almost everything. Membership gives you access to individuals photo galleries and blogs. Being someone’s “friend” gives you permission to leave a public comment on their profile page, and will also cause all of their “bulletin” broadcast messages to be listed on your myspace console page.
Users are given the option of making posted photos entirely private, or entirely public (no middle ground). A setting is available that allows members to screen public comments before they are posted on their profile for everyone else to see. Individuals under 16 are able to create “private profiles” so that their content is only available to “friends,” however, the individuals display photo, name, age and location information are still publically displayed.
Beyond the clashing of “publics” into a super public, and the inability to control how visible your profile is to other 66 million members of the site, there are further privacy concerns considering how much information users tend to disclose on their personal profiles. This is a phenomenon seen on most online social network sites, but swelling the potential network to ten times the average size of other similar services makes the situation a little more significant in the case of myspace.
As I browse through the myspace directory (publicly available without an account), I notice that almost every member has opted to upload a display photo. The vast majority of these photos appear to include the individual him/herself and clearly show their faces. Most members seem to prefer presenting themselves with real, or realistic, first names. Clicking through the network of profiles reveals each page filled (to the limits in some cases) with endless lists of favourite movies, books and music, age, sexual orientation, hometown, current town, motivation for joining myspace, who they’d like to meet and open ended fields such as “about me” where users type out mini (and sometimes lengthy) diatribes about what makes them “them” and express whatever parts of their identity aren’t covered by the previous categories. In light of the discussion put forth by Jackie Strandberg, “Giving it up for free: Teens, Blogs, and Marketers’ Lucky Break,” myspace seems not only to contain a similar wealth of information just asking to be exploited, but also does it in a standardized series of tables and headings that can only facilitate the process. “dbickett” posts on the Kuro5hin website, the many technological flaws of myspace that leave users open to serious privacy and security breaches caused by loopholes in the sites coding, leaving the submitted information further open to violation.
Datamining is not the concern that the media are warning us about however. A Google News search on myspace gives us almost 5500 results, most of which are on the topic of youth safety and the dangers of strangers online. Catherine Saillant, LA Times, starts her article with the following:
I've covered murders, grisly accidents, airplanes falling out of the sky and, occasionally, dirty politics.
But in nearly two decades of journalism, nothing has made my insides churn like seeing what my 13-year-old daughter and her friends are up to on MySpace.com.
And just what was her daughter up to that lead to the loss of her myspace privileges? “Giving a one-fingered salute.” This comparison might seem extreme, but in fact this is the tune of most mainstream media coverage of the myspace phenomenon. March media were flooded with accusations that using myspace had lead to the abduction of two teenage girls. Interestingly enough, danah boyd’s interview with Bill O’Reilly – one of television’s most conservative journalists – was able to present a less loaded portrayal of the website. But maybe this could be connected to FOXnews’ parent organization News Corp. having purchased myspace.com.
So is myspace significant to those of us interested in privacy: socially, technologically or legally? I know my opinion, but I might be biased as self-proclaimed myspace addict. Whether or not myspace lasts, it is certainly here for the moment. It might just be a fun way to keep in touch and up-to-date on your friends but it’s not just you, me and joe who are watching. Myspace isn’t just self-expression among friends, it has recently become a form of legal surveillance.
A year of thank you’s to Dr. Jacquelyn Burkell who has given me advice, experience, and encouragement (through the Anonequity project, on this ID Trail Mix, and in my own studies as my undergrad comes to a close). And to everyone that has listened to me prattle about myspace over the past few months, it’s almost over!| Comments (2) |
Using the right lenses for developments in identity management
posted by:Dr. Miriam Lips // 11:48 PM // April 04, 2006 // ID TRAIL MIX
Many of you may have noticed that an important Bill for the future of UK central government’s Identity Management Policy recently has passed an important hurdle for further implementation. Having received Royal Assent after being bounced between the House of Commons and House of Lords several times, the UK Identity Cards Bill will now be passed as law. Aims of the UK central government are to introduce a national ID card containing three biometric identifiers, together with a National Identity Register acting as a central database in which a range of details about individuals will be stored. After a political tussle between the House of Commons voting for the ID cards to be compulsory whilst the House of Lords continually voted for the cards to be kept voluntary, the House of Lords offered a compromise to the House of Commons that anyone renewing their passport will have details put onto the National Identity Register but will not be forced to have an ID card until 2010. One reason for the compromise is that 2010 will be after the next general election in the UK: if the Conservatives gain power at the next vote they claim that they will look to abandon the ID card scheme.
As things stand, every UK citizen over the age of 16 who applies for a new passport from 2008 will have details added to the National Identity Register, including biometric information. The first ID cards will be issued to passport applicants in 2009. The intention is that ID cards may be used as travel documents for within the EU, meaning that passports might not be needed. Those who never apply for a passport will not need to have an ID card, but will be able to apply for a ‘stand alone’ ID card if desired. Foreign nationals that abide legally in the UK will also have details entered onto the Register. A card will be issued that acts as a residence permit. Research findings show that UK citizens are generally supportive of a national ID card (Dutton et al, 2005, p.114; Home Office, 2003; Detica, 2004), or even consider their introduction as inevitable (Cragg Ross Dawson, 2004, p.6).
The UK government has defended its proposals for a variety of reasons, including prevention of benefit fraud, prevention of terrorism, prevention of identity theft and authentication in e-government services. Besides for a whole range of e-government applications it believes the cards will be used by a number of different organisations, such as banks, Royal Mail, libraries, video/DVD rental companies, mobile and fixed line communications service providers, travel agencies, airlines, higher education institutions, retailers, property rental companies and vehicle rental companies. To further facilitate this development the government will provide Identity Verification services for accredited organisations to check an individual’s identity, for instance when opening a bank account or registering with a GP.
Critical voices in the UK point at seemingly unrealistic technical expectations of this ID card scheme, using arguments such as the fact that neither the major contractors nor the government have shown themselves capable of organising and implementing an outsourced IT scheme on this scale: for instance, no country has attempted to use biometrics technologies to register a population the size of the UK (The LSE, 2005); the proposed requirement for 100 per cent accuracy seems to be unrealistic: has there ever been an identification system which is 100 per cent accurate? (Neville-Jones, 2005); trials of the card scheme have demonstrated that a substantial number of specific groups of the UK general population (e.g. disabled people) may not be able to enrol on biometrics based verification schemes (UK Passport Service Biometrics Enrolment Trial Report, 2005); a critical voice from industry: ‘a national ID card for the UK is overly ambitious, extremely expensive and will not be a panacea against terrorism or fraud, although it will make a company like mine very happy' (Tavano , 2005)(Biometrics specialist for Unisys, one of the companies considering bidding for contracts. Quoted in The Guardian, 21 October 2005); and, from a collective group of LSE academics, that the government proposals for a secure national identity system are too complex, technically unsafe, overly prescriptive, massively more costly than government is itself estimating and lack a foundation of public trust and confidence (The LSE, 2005, p.3).
Looking at the UK national ID card debate from the academic, “ivory tower” this debate seems to be illustrative for the way in which identity management (IDM) issues have been tackled by governments so far. Optimal security, technical reliability, ID “theft ” (ID theft as a concept has only emerged recently. The theft or fraudulent use of ID documents however exists for a long time.), privacy, public safety, and accuracy repeatedly have been important topics in public decision making about personal identification and authentication systems at many occasions in the past. This debate therefore is not a new debate emerging in the current era, but can be observed regularly in many national public decision making arenas since the implementation of the paper-based passport system several centuries ago. Interestingly, through time, there have not been notable changes in the use of the passport as an authentication system in various service related procedures between government and citizens.
This similarity in restricted, mainly technically focused IDM topics may also explain the current ease with which governments are trying to copy ID card systems or authentication systems from ‘best practices’ available in other countries, with the Belgian eID card as a clear favourite at present. From a technical perspective new forms of personal identification, authentication and IDM seem to be acknowledged as enhanced technical ‘solutions’ to be used in similar identification and authentication practices compared to the past.
However, in the UK context some critics have pointed at the overemphasis in the public debate on the visible, technical means of identification proposed by the UK government, the ID card itself, and, with that, the lack of public attention for the more invisible aspect of how citizens’ data will be handled by the UK government (eg Davies, 2005, p.38; the UK House of Lords Constitution Select Committee). It is this particular insight that seems to trigger some important questions. What empirical understanding do we actually have about the implementation and use of new forms of personal identification, authentication and IDM in citizen – government relationships? Has the UK been engaged in the right public debate so far to be able to effectively address the more fundamental question of potential change in citizen – government relationships due to new IDM means and forms, namely potential change in important institutions in the public domain, such as citizenship?
The history of the use of the passport for instance shows us that personal identification procedures especially changed during moments of societal ‘crisis’, such as the French Revolution, the First World War and the Second World War (Torpey, 2000; Agar, 2003). Although the authentication system itself, the paper-based passport, more or less stayed the same through time, the frequency and intensity of its use as well as the officials executing the authentication process usually changed during these periods of crisis. A similar effect can be observed in more recent times after the events of 9/11 and the London bombings.
By using an historical perspective it is very interesting to see the changing meanings, uses, and values attached to a similar technical means and process for personal identification through time, the passport. For instance, the first passports and passport controls for that matter were not so much used to regulate citizens’ access to spaces beyond their home country as we are used to today, but to prevent people from leaving their home territory. Consequently those citizens leaving their Kingdom (i.e. under the old regime in France) were required to be in possession of a passport authorising them to do so. The main purpose of these documentary requirements was to forestall any undesired migration to the cities, especially Paris (Torpey, 2000, p.21).
Somewhat further in time, in the early 19th century in Prussia, the practice could be found whereby incoming travellers were provided with a passport from the receiving state rather than by the state of the traveler’s origin. These passports were no longer issued by local authorities but by higher-level officials. The foreigners and unknown persons circulating in the country were to be subjected to heightened scrutiny by the Prussian security forces, with the assistance of specific, legally defined (The 1813 passport law in Prussia) intermediaries like landowners, innkeepers and cart-drivers (Torpey, 2000, p.60).
Generally in the 19th and 20th century we may observe a development towards two models for citizenship attribution and the related issuing of passports to citizens, namely on the basis of ius soli (“law of the soil”) and ius sanguinis (“law of the blood”) (see for instance Brubaker, 1992). The latter model had to do with the development of enhanced mobility of citizens beyond the state’s territorial boundaries, especially for economic reasons, and the possibility for nation states therefore to continuously keep a relationship with citizens living abroad.
What this alternative, empirical perspective reveals to us is the profound influence these new forms of personal identification and authentication may have on the governance of citizen – government relationships. Institutional innovation, the renewal of traditional citizen –government relationships as a result of the creation and development of new information practices, appears to be happening due to the introduction of IDM in various electronic citizen – government relationships . A new ‘law of informational identity’ may soon replace the existing models of citizenship attribution in the analogue world, ius soli and ius sanguinis.
Similarly to the analysis of the passport’s history we may observe that borders between customers and non-customers of government organisations; identified or non-identified subjects of the state; authenticated citizens or non-authenticated citizens, are being reset as a result of these newly available forms of authentication and identity management in e-government relationships. Not only does the same authentication system allow the possibility for government to provide people with access to its virtual territories; it also allows governments to keep people out of them. Analogously to the Prussian era where intermediaries like landowners, innkeepers and cart-drivers supported the government in the checking and validation of a person’s identity, new trusted third parties are emerging, such as banks, telecommunications providers, and credit reference agencies, to help government to check people upon their trustworthiness.
The history of the use of passports and their changing meaning in society shows us how important it is to look beyond their technical characteristics and, thereby, to make use of alternative perspectives in empirically exploring the introduction and functioning of new identification ‘technologies’. It also makes us aware of the importance to perceive the use of IDM systems in an evolutionary way and for instance to look for punctuated equilibria (Baumgartner & Jones, 2002) in the historical evolution of ICTs, e.g. the periods of crisis during the history of the passport, as important moments where changes often may happen in the use of these technologies.
What will happen in eras of crises with the application of this newly developing model of citizenship attribution, the ‘law of informational identity’, remains to be seen. Whilst there is this chief concern with enhancing e-government service provision to entitled, trusted citizens, there is, nonetheless, recognition that the security agenda of modern government is adding to a climate wherein the identification of the citizen is seen as of paramount importance. If services to the citizen are to be provided effectively, then identity issues come to the fore. If enhanced personal and State security is paramount then, once more, the means of identifying individual citizens becomes of crucial importance.
Dr Miriam Lips, Research Fellow at the Oxford Internet Institute, University of Oxford.
Together with professor John Taylor and Joe Organ she is working on an empirical research project on ‘Personal Identification and Identity Management in New Modes of E-Government’, sponsored by the UK Economic and Social Research Council’s e-Society Programme
References
Agar, J. (2003), The Government Machine: a Revolutionary History of the Computer, The MIT Press.
Baumgartner, F. & B. Jones (eds) (2002), Policy Dynamics, Chicago, University of Chicago Press
Brubaker, R. (1992), Citizenship and Nationhood in France and Germany, Harvard University Press, Cambridge
Cragg Ross Dawson (2004), Public perceptions of ID cards. Qualitative Research Report, COI Ref: 262 151.
Davies, W. (2005), Modernising with purpose: a manifesto for a digital Britain, Institute for Public Policy Research, London, UK.
Detica (2004), National Identity Cards: The View of the British Public, April 2004
Dutton, W.H., C. di Gennaro & A. Millwood Hargrave (2005), The Internet in Britain : The Oxford Internet Survey (OxIS), May 2005, Oxford Internet Institute, University of Oxford.
Home Office (2003), Identity Cards – A Summary of Findings from the Consultation Exercise on Entitlement cards and Identity Fraud, Cm 6019.
Neville-Jones, Dame P former chair of QinetiQ. Reported on 18/10/05 by silicon.com, 'Lack of "balls" in Whitehall will hinder ID cards' Will Sturgeon http://www.silicon.com/publicsector/0,3800010403,39153447,00.htm| Comments (0) |
Subjectright (S), a reciprocal to Copyright (C)
posted by:James Fung // 11:59 PM // March 28, 2006 // ID TRAIL MIX
Author(s): Steve Mann (stevemanncorp.com), James Fung, Kyle Amon Inc.
This article presents the argument that any debate about copyright is inherently unbalanced, because it preferentially considers the right of a source entity, without equal regard to the right of a destination entity. Accordingly, we propose the concept of Subjectright, i.e. recipient rights, as a reciprocal to copyright.
In contrast to the analogous mechanisms of Intellectual Property (Copyright, Trademark, Patent, etc.) that protect that which is offered through predominant volition of a “transmitient”, Subjectright also covers that which we give off without conscious thought or effort, as well as that which we are exposed to simply through our existence.
Subjectright includes our physical facsimile, as might be protected by the Humanistic Property License Agreement (HPLA), http://wearcam.org/clerks.htm, http://wearcam.org/hpla.htm, http://wearcam.org/hp_manifesto.htm as well as our spoken word, molted detritus and mental engrams.
In this paper, we expand upon the principle of Subjectright to include that which we receive through eminent volition, and, in particular, that which we receive as subject, thus have been SUBJECTed to, often without our consent and sometimes even against our will.
In order for information to propogate, five functions must exist. There must be a creator, a transmitter, a conduit, a reciever and a processor of information. All five may reside within the same entity or be distributed, singly or multiply, between various entities. If any one of these five functions is lacking, information propogation can not occur.
Current Intellectual Property law and practice only affords privledges to the “transmitient” (creator, transmitter and conduit functions of information propogation). While Copyright(c), for example, provides extensive powers to the creator, transmitter, and/or conduit of information (e.g. an author, publisher, broadcaster), Subjectright, recognizing that individuals are recievers (eg. consumers) and processors (eg. users) as well as creators (e.g. producers), transmitters and conduits of information, extends commensurate powers to them as such.
Since we hold it to be self evident that all entities come into existence free, subject to none but their own mortality, having an inalienable right to maintain this freedom, we propose that a reciprocal set of privileges to those afforded by current Intellectual Property law to creators, transmitters and conduits of information, as instigators, be extended to conduits, recievers and processors of information, as subjects, under Subjectright(s), and, furthermore, that information instigators be morally and legally bound by Subjectright(s), necessitating them to respect the inherent, independent volition of all entities as free beings, and their right to maintain this freedom, in order to provide a means of redress when information instigators contaminate entities with unwanted information as subjects.
While Copyright is intended to protect the deliberate creation and transmission of information, Subjectright is intended to protect the primarily involuntary disclosure of information (e.g. physical facsimile, spoken word, molted detritus, etc.), as well as the often involuntary receipt of information (e.g. marketing and advertising, music, video, etc.) as mental engrams.
Note that in this sense of reciprocality Copyleft (i.e. Gnu Public License, GPL) is not really a reciprocal for copyright, in the sense that both Copyright and Copyleft attempt to protect a transmitient, although in quite different ways. In particular, to the extent that fame and fortune are fungible, Copyright and Copyleft are two sides of the same coin, whether that coin be a coin of commerce, or a coin of recognition and social status.
In view of the often involuntary nature of this exchange with regard to the recipient (eg. subject), it has been argued that Subjectright deserves stronger protection than Copyright. See, for example, First Monday, volume 5, number 7 (July 2000), URL: http://firstmonday.org/issues/issue5_7/mann/index.html
A scholar’s right to cite sites
Legal development is sometimes said to be significantly more dilatory than technological development (notwithstanding our desire to state that “The trouble with law is that so many new laws are created so quickly that technology is having a hard time catching up.”). As society evolves, the original intent of old laws is often lost and they begin to be misapplied as a result. In some cases, after a significant amount of subtle, social evolution, the results can be egregious. It is therefore not very surprising that many Intellectual Property laws are now in conflict with the reasonable freedoms of scientific, scholarly, or academic pursuit.
Consider, for example, the Felton case, http://eff.org/sc/felten/ Felten
v. RIAA.
"Freedom of Speech should not be sacrificed in the recording industry's war to restrict the public from making copies of digital music.
...
When a team led by Princeton Professor Edward Felten accepted a public challenge by the Secure Digital Music Initiative (SDMI)to break new security systems, they did not give up their First Amendment right to teach others what they learned. Yet they have been threatened by SDMI and the Recording Industry Association of America (RIAA) to keep silent or face litigation under the Digital Millennium Copyright Act (DMCA). Professor Felten has a career teaching people about security, yet the recording industry has censored him for finding weaknesses in their security. USENIX regularly publishes scientific papers that describe the weaknesses of technologies, but they are chilled by RIAA litigation threats.
EFF is asking the court to affirm the right of these scientists to publicly present what they have learned and the right of USENIX to publish the scientists' paper in their conference proceedings. EFF has also asked the court to overturn the anti-distribution provisions of the DMCA as unconstitutional restraints on the freedom of expression.
...
"When scientists are intimidated from publishing their work, there is a clear First Amendment problem," said EFF's Legal Director Cindy Cohn. "We have long argued that unless properly limited, the anti-distribution provisions of the DMCA would interfere with science. Now they plainly have."
"Mathematics and code are not circumvention devices," explained Jim Tyre, an attorney on the legal team, "so why is the recording industry trying to prevent these researchers from publishing?"
USENIX Executive Director Ellie Young commented, "We cannot stand idly by as USENIX members are prevented from discussing and publishing the results of legitimate research.""
Another important case fighting the infringement of current Intellectual Property laws on the First Ammendment is the 2600 case: http://www.2600.com/ and the appeal to a loss against a Motion Picture Association of America (MPAA) suit in August 2000. http://www.2600.com/news/display.shtml?id=211 The 2600 website says of this appeal,
"The case arises from 2600 Magazine's publication of and linking to a computer program called DeCSS in November, 1999 as part of its news coverage about DVD decryption software. DeCSS decrypts movies on DVDs that have been encrypted by a computer program called CSS. Decryption of DVD movies is necessary in order to make fair use of the movies as well as to play DVD movies on computers running the Linux operating system, among other uses. The Studios object to the publication of DeCSS because they claim that it can be used as part of a process to infringe copyrights on DVD movies.
Universal Studios, along with other members of the Motion Picture Association of America, filed suit against the magazine in January 2000 seeking an order that the magazine no longer publish the program. In the case, formally titled Universal v. Remeirdes, et. al., the District Court granted a preliminary injunction against publication of DeCSS on January 20, 2000. By August 2000, after an abbreviated trial, the Court prohibited 2600 Magazine from even linking to DeCSS."
Scholarly discourse and academic research seeks to spread new ideas, new discoveries, and in general new thoughts. The medium of thought conveyence is language, without which there can be no transmission of thought and thoughts must remain privy to their creators alone. Language is thus the transmitter of thought and it’s medium is the articulate symbol, manifested in speech or inscription, conveyed by an ever increasing number of media.
The articulate symbols of language were initially transmitted, and thought thus propogated, exclusively synchronously by phonetic utterance through the medium of air (ie. speech). Asynchronous transmission, and thus mass propagation, of thought became possible with the advent of inscription since the mediums of inscription were less mutable than the medium of air. It was then discovered that even speech could be inscribed on certain media and electrically reproduced, engendering an asynchronous manifestation of a type of thought transmission that was previously possible only synchronously. Ultimately, electromagnetic media was found to be extremely versatile, facilitating both synchronous and asynchronous transmission of all antecedent media necessary for the transmission and propogation of thought and, with the advent of the internet, with a fine degree of control.
The extreme versatility of electromagnetic media fostered it’s rapid proliferation as a multiply manifested thought transmission medium second in prominence only to the medium of air in conveyance of the spoken word and pictorial symbol.
It’s prominence has resulted in a devolution toward the more mutable paradigm of television and away from the less mutable literary tradition of the book. This transformation, in concert with the expansion, misuse and abuse of intellectual property laws, not only threatens the right and ability of scholars to make enquiry and publish results, but also to make scholarly citations to build upon in the tradition of science and scholarly thought.
For example, many web sites utilize CGI scripts that cause a single URL to reference multiple documents, making it impossible for scholars, critics, and scientists to cite and properly credit sources of reference and specific quotation, omission of which causes the work to suffer, thereby reducing it’s aggregate social benefit, when uncitable material is left out and exposes the author to intellectual property infringement liability when uncitable material is included for the benefit of the work and, consequently society, regardless. Moreover, complete web sites often vanish suddenly. For example, a scientific article referencing a January 22, 2001 article on Mediated Reality and EyeTap? Technology, published on the about.com wearables site, http://wearables.about.com/library/weekly/aa012201a.htm, will no longer be found by scientists wishing to extend work based upon this article in the future since it is no longer maintained on the about.com site, presumably because it is no longer considered profitable (e.g. does not generate enough advertising revenue, or the like).
One possible solution is to backup or mirror sites when cited. For example, an article published on the eyetap.org site, making a scholarly reference to this article, could cite a mirror site: http://about.eyetap.org/library/weekly/aa012201a.shtml. Each article being written would then contain all of its references to at least one level of recursion. With increases in mass storage capability, it might even be reasonable to bundle articles to two levels, but certainly one level would be reasonable.
While the creation of backup and mirror sites of scholarly citations helps ensure, in a technical sense, access to these works, current intellectual property law may criminalize those scholars who seek to preserve the works they reference. For instance, consider an academic journal which charges fees for access to their published articles. Such a journal is not responsible for ensuring long term access to the published article. However, were a scholar to mirror the article to help ensure its availability, existing intellectual property law may expose the scholar to potential legal action for circumventing the access fees charged by the journal publication. Furthermore, recent laws favor commerce by revoking the legal concept of fair-use and scholarly backup.
Consider, for example, Bill C-32 - As passed by the House of Commons http://www.pch.gc.ca/wn-qdn/c32/c-32toce.html
With the advent of wearable computing http://wearcam.org/ieeecomputer/r2025.htm Computer, Vol. 30, No. 2, February 1997 it is now possible that a person can remember everything they take in. Thus we are at a pivotal era (or will soon witness such an era) when an individual can remember what they have been taught, and that individual can also teach others. When abilities we currently attribute to ‘digital’ media move within the realm of second nature ‘personal abilities’ through such inventions, restrictions upon the person’s use of what they take in becomes akin to the notion of ‘thought police’.
In order to protect against such ``Thought Police what is needed is a new kind of agreement that is binding on the Transmitter (not just upon the Receiver) of information.
It is suggested, therefore, that Subjects would apply this Subjectright philosophy to information received, and that persons not wishing to release information under Subjectright, refrain from exposing Subjects to said information.
This ``right to teach therefore becomes recursive under Subjectright. A person bound to Subjectright simply declares: ``You have no right to teach me unless you grant rights for me to teach others, or more formally: ``By teaching me any new knowledge, you agree to be bound by the following Terms and Conditions: … one of which must permit re-teaching of what is taught.
Teaching is a form of brain damage, in the sense that once taught, we can never really forget. This brain damage is relatively permanent, e.g. the synaptic weights of the brain are permanently altered by advertising, loud (sometimes unwanted) music that is inflicted upon us, as well as by a good joke one can never forget. quote: ``There’s a song going around in my head… [words to a song about trying to forget a song, goes something like “there’s a song going around and around, there’s a song going around in my head and i don’t want to hear it no more, no more…”]
(This example underscores the difficulty in eradicating knowledge, and when that knowledge is unwanted, it causes a sort of pollution to one’s memory space…).
Thus there is a need for a concept such as subjectright that deals not only with the right to be free of unwanted violations of both privacy and solitude (such as being free of unwanted brain damage, unwanted insertion of material), but also to be free to provide scholarly discourse on what is learned.
Subjectright and Copyright
Even though under existing copyright laws, works may be reproduced for scholarly dissemination or criticism, such protections are not afforded to many of the day-to-day situations people encounter, whether or not conscious efforts are made to obtain or disseminate media. For instance, company logos used in advertising conveniently deliver the “stamp of the transmitter”, which provide the subjected and inflicted a clear target towards which to exercise their Subjectrights.
It was suggested that a fee could be charged by an unwilling Subject.
http://firstmonday.org/issues/issue5_7/mann/index.html (the cracker, hacker analogy of the brain as a computer being deliberately compromised by malicious spammers; realworld advertising as spam) The fee would be charged to the perpetrator of this pollution, or to those who benefit from the pollution (or both).
It would not be unreasonable to charge a fee for both the Reception of the unwanted information pollution, as well as for the storage, and for any damage that the pollution caused on the storage medium.
As if trying to add insult to brain injury, those bombarding us with unsolicited sounds, sights, and other forms of radiation pollution have the nerve to then try to charge us for remembering what we didn’t really want to learn. Such is the nature of Copyright, that one can be unwittingly or unwillingly SUBJECTed to input, and then be prevented from legally reproducing this same detritus. Stallman’s article entitled “Reevaluating Copyright: The Public Must Prevail”, examines the origins of copyright, pointing out that at the onset of the printing press, copyright was instituted as a method of encouraging the creation of works by publishers by restricting the freedoms of people to copy or redistribute those works. Such a system worked to allow the publisher to charge for access to their works. The article points out that at the time, since individuals could not distribute the works without a printing press, which few could afford, the agreement mutually favoured the public who gave up little, while allowing for publishers to profit from their work.
Since that time, however, technology has made it possible for individuals to distribute and reproduce material. Furthermore, while in the days of the printing press, reproduction of works had some physical cost associated with it in the form of the cost of paper and ink and transportation, modern distribution techniques have no such costs associated with them other than the rather small cost of electricity and bandwidth.
The situation has thus placed many works under copyright into a freely reproducible and publicly sharable medium where many people can benefit from the works without loss of quality in reproduction of the original.
Attempting to license or charge individuals for access to publicly accessible or mass marketed works which said individuals are bombarded with in an otherwise freely reproducible media is THEFT from Subjects. Attempting to block proliferation of reproducible, mass marketed teachings to Subjects is THEFT against those Subjects.
Perpetrators of this THEFT are asked to either cease and desist in such bombarding of Subjects with such material, or at the very least to allow Subjects to reporduce that which they are bombarded with.
If such works require an individual to pay a licensing fee or to agree to unethical or unreasonable conditions (see for example, http://wearcam.org/seatsale/poster/poster_agree_terms.htm) this is THEFT in the sense that it violates the Terms and Conditions of the Subjectright Transmitient License Agreement.
In such cases the Subject (Recipient) is thus required (by Subjectrights) to charge the content provider a de-licensing fee, or ``disservice fee.
Teaching as brain damage
Teaching involves stimulating the brain in order to impart knowledge, learn a skill or condition a frame of mind. The brain and consequently the individual, if affected by these stimuli, changes as a result. Teaching, a crucial component to human interaction and development, allows the exchange of ideas to take place. When neurological modification is undesired and unconsentual, the individual’s state of mental development does not progress, grow or improve, but instead regresses. The degree of regress is proportionate to the amount of mental clutter absorbed, due to the processing and filtering operations that must be done in an attempt to reverse the undesired teaching affects (in returning to the state of mind before the change). The persistence of memory and the absorption of information and feelings (the unconsentual nature of the teaching creates tension and conflict in the mind, bringing about negative emotions) into the subconscious mind ensure that neurological modification can never be entirely reversed. Is teaching brain damage? Perhaps we have a right to answer yes, if the teaching was unsolicited, and argue that this residual mental detritus constitutes brain damage proportionate to the quantity and intensity of the unconsentual teaching. Although the act of teaching is the same with or without consent, the consequences and resulting state of mind of the subject can differ substantially. Perhaps a good analogy is sexual contact: there’s a big difference between consentual sexual contact, and unconsentual. The physical activity is the same in both cases, but the result (happily married versus criminal activity) can be quite different.
Crime scene documentation
If the Subject witnesses or documents evidence of attempts to stop the proliferation of Subjectright media, the Subject is compelled to take legal action against such criminal activity (e.g. activity of causing brain damage with or dependency upon material that is not freely re-teachable).
Pirates are NOT Thieves (By who’s law?)
When it is said whether an act is legal or illegal, we must ask the question as to who’s law? Canadian law? American Law? EXISTech Corporation’s law? or Internic’s law?
Piracy did not, originally, pertain to software, but, rather, described captains of pirate vessels who were given permission by an issuing government to raid and plunder on the open seas ships of another government. The issuing government, in return, guaranteed safe haven at their ports, and allowed pirates to profit from their plunder (through what was known as a letter of writ). The accumulation of private wealth by this method was called “privateering”[Petrie, Donald A, “The Prize Game: Lawful Looting on the High Seas in the Days of Fighting Sail”, Naval Institute Press, Annapolis, Maryland, 1999], and was not regarded as theft, since pirates were acting legally within the domain of their own government.
Governments, at the time, made piracy and privateering not only legal, but also profitable. Thus pirates were the ones who were in fact government sponsored and supported. Privateering made trading and travel upon the otherwise open medium of the seas a dangerous proposition.
Today, “piracy” is commonly applied to the copying of software, or music. However, considering, the origins of privacy and privateering, we can re-examine the current trading on the otherwise open seas of moving digital bits around and determine who best fits the definition of a “pirate”.
There is also the notion of “fair use”. There is a well established “fair use doctrine” in the scholarly and scientific community which must be continued, lest we enter the “new dark ages”. As is well known, the origin of the internet has in its roots in the development of a method to share work between scholars. The development of copyable floppy disks, writeable CDs and widespread internet access allowed for ease of `trade’ upon the high seas.
However, many service providers and copyright holders are trying to prevent such “fair use”. Attempts to conceal, obfuscate, and prevent proper copying, backup and the spread of Subjectright works could thusly be labelled “privateering” (piracy). Many efforts to create pay systems and encryption to prevent copying within these mediums on behalf of the publishing companies would then be considered engaging in piracy. Certainly attempts to block/intercept the exchange of or extract payment for works exchanged between individuals (i.e. on the open seas) are also acts of “piracy”, supported through letters of writ issued by Copyright holding publishers.
Putting works that we are Subjected to into a freely accessible, reproducible medium (to escape the plundering pirates), may then be regarded by some as a noble and publicly beneficial activity.
Some might even argue that one should extend this basic concept to include “ripping” CDs, scanning and copying books, de-encrypting DVDs, opening source-code, reverse-engineering software, and regarding these practices as a noble and publicly beneficial activity, to counteract the piracy caused by otherwise inflicting such material on Subjects, often without the consent of the Subjects.
Such piracy is often committed by those who seek to enforce copyright. For instance, in 1996 the American Society of Composers, Authors and Publishers (ASCAP) received much media attention when it applied a licensing fee to the American Campers Association (ACA) for use of campfire songs. ASCAP does and remains in a position to, under existing copyright laws, levy fines and require licensing for summer camps to hold campfire sing-a-longs which include songs such as “Puff the Magic Dragon” and “Happy Birthday”. Unfortunately, many people have been unwillfully exposed to such music in unlicensed situations and have developed, in a sense, a cultural addiction to these songs. A birthday would not be complete without a “Happy Birthday” song, and much would be lost at a silent campfire, or one where the singers sing in fear of litigation. Furthermore, notice is not given to the listeners that these songs are subject to copyright and licensing, and thus no choice is given to the listeners but to learn the music.
Such a situation could only have evolved under copyright laws where private performances are allowed and encouraged, thus teaching the dependency and placing it into the freely accessible and sharable medium of verbal tradition, but public performances must be licensed, and thus profit may be extracted from a taught dependency. However, within the SubjectRights? framework, by exposing individuals to songs, ASCAP must then allow subjects to share it freely and reproduce that which they
have been involuntarily exposed too. ASCAP is still allowed to own copyrights to songs, but must find a more responsible way to market them to ensure they are only heard by those who are truely willing to pay their fees. (See “WHEN IN DOUBT, DO WITHOUT: LICENSING PUBLIC PERFORMANCES BY NONPROFIT CAMPING OR VOLUNTEER SERVICE ORGANIZATIONS UNDER FEDERAL COPYRIGHT LAW”, Washington University Law Quaterly Volume 75, Number 3, Fall 1997 http://ls.wustl.edu/WULQ/75-3/753-5.html on page says “Cite As 75 Wash. U. L.Q. 1277”.)
“Privateering” which might better describe acts commited by large corporations, and their paid lawyers.
Software
Subjectright attempts to provide a sense of balance to an otherwise one-sided (e.g. Transmitter-only) point of view. Subjectright looks at both the Transmitter and Receiver of information.
As we enter the cybernetic era (from software to softwear, to implantables), we will see a blurring of the distinction between thinking and computing.
SoftWARE? embodies the idea of WARE:
Dictionary definition of “ware”
Main Entry: [^3]ware Function: noun Etymology: Middle English, from Old English waru; akin to Middle High German ware ware and probably to Sanskrit vasna price – more at VENAL Date: before 12th century 1 a : manufactured articles, products of art or craft, or farm produce: GOODS - - often used in combination
Main Entry: ve.nal Pronunciation: ‘vE-n[^&]l Function: adjective Etymology: Latin venalis, from venum (accusative) sale; akin to Greek Oneisthai to buy, Sanskrit vasna price Date: 1652 1 : capable of being bought or obtained for money or other valuable consideration : PURCHASABLE; especially : open to corrupt influence and especially
bribery : MERCENARY (a venal legislator) 2 : originating in, characterized by, or associated with corrupt bribery (a venal arrangement with the police) - ve.nal.i.ty /vi-‘na-l&-tE/ noun - ve.nal.ly /‘vE-n[^&]l-E/ adverb (C) 1997 by Merriam-Webster, Incorporated
Now having taught those 2 new words, WARE and VENAL, we hopefully all now have a right to use the English language without paying a word usage fee.
We were required to attend a public school, and we were exposed to these words against our will. We were forced to eat these words, now at the very least we should be free to use these words.
Likewise, the teaching of software skills (e.g. teaching someone how to use a program) must carry with it the free use of that program, in order to avoid brain damage arising from learning something (very hard to unlearn) that the person will not have free access to. Accordingly, it is our duty as teachers to teach people only how to use programs that are freely available to them at a later point in time.
Teaching a dependency (e.g. to get persons addicated to a certain product they must then buy) is theft.
Conclusions:
The effects of copyright, left, and center, tend to focus on protecting the interests of creators, producers, and distributors of information. We presented a reciprocal concept, namely that of Subjectright, that considers the rights of those who are exposed to informatic content, whether by choice, by accident, or against their will.
We believe that especially when people are subject to informatic content against their will, that they have every right to “rip, mix, burn” or do what they like with it. Moreover, we also believe that any discussion of copyright is inherently unbalanced if it does not also consider subjectright.
| Comments (2) |Surveillance in Spheres of Mobility: Privacy, Technical Design and the Flow of Personal Information on the Transportation and Information Superhighways
posted by:Michael Zimmer // 11:59 PM // March 21, 2006 // ID TRAIL MIX
A recent Nassau County Supreme Court ruling held that data retrieved from a vehicle’s black box - a computer module that records a vehicle’s speed and telemetry data in the last five seconds before airbags deploy in a collision - could be admitted as evidence even though law enforcement officials did not have a search warrant. The court ruled that by driving the vehicle on a public highway, “the defendant knowingly exposed to the public the manner in which he operated his vehicle on public highways. ...What a person knowingly exposes to the public is not subject to Fourth Amendment protection.” A federal judge in upstate New York made a similar ruling, stating that police officers did not need a warrant to secretly attach a Global Positioning System device to a suspect’s vehicle. The judge said that a suspect traveling on a highway has no reasonable expectation of privacy.
In January 2006, the web search engine Google resisted requests from the U.S. Department of Justice to turn over a large amount of data, including records of all Google searches from any one-week period, partially on the grounds that it would violate their users’ privacy. This event generated widespread concern over the privacy of web search histories, and prompted many users to question the extent to which this component of their online intellectual activities might be shared with law enforcement agencies. (Indeed, it was later revealed that three other search engine providers – America Online, Yahoo and Microsoft – had previously complied with government subpoenas in the case, without public notice.) Similar concerns have arisen over commercial access to search engine histories as the vast databases of search histories held by these providers are increasingly matched up with individual searchers and demographic information from other search-related services in order to provide individually targeted search results and advertising.
The two technological systems described above - networked vehicle information systems and web search engines - represent important tools for the successful navigation of two vital spheres of mobility: physical space and cyberspace. However, they also share a reliance on the capturing and processing of personal information flows, and provide the platforms for surveillance of the person on the move. Networked vehicle information systems, which include GPS-based navigational tools, automated toll collection systems, automobile black boxes, and vehicle safety communication systems, rely on the transmission, collection and aggregation of a person’s location and vehicle telemetry data as she travels along the public highways. Similarly, web search engines, striving to provide personalized results and deliver contextually relevant advertising, depend on the monitoring and aggregation of a user’s online activities as she surfs the World Wide Web. Taken together, these two technical systems are compelling examples of the increased “everyday surveillance” (Staples, 2000) of individuals within their various spheres of mobility: networked vehicle systems constitute large-scale infrastructures enabling the widespread surveillance of drivers traveling on the public highways, while web search engines are part of a larger online information infrastructure which facilitates the monitoring and aggregation of one’s intellectual activities on the information superhighway.
The political and value implications of these infrastructures on individuals as they navigate through these spaces cannot be understated, yet they generally remain unexplored. These implications include shifts in the contextual integrity of the norms of personal information flows, challenges to the expectation of privacy in public spaces, concerns over whether one’s online intellectual activities are shared with third parties, and the potential for the “panoptic sorting” (Gandy, 1993) of citizens into disciplinary categories. Taken together, these infrastructures of everyday surveillance increasingly threaten the privacy of one’s personal information, and contribute to a rapidly emerging “soft cage” (Parenti, 2003) of everyday surveillance, a growing environment of discipline and social control.
In his book Technopoly, Neil Postman warned that we tend to be “surrounded by the wondrous effects of machines and are encouraged to ignore the ideas embedded in them. Which means we become blind to the ideological meaning of our technologies” (1992, p. 94). As the ubiquity of networked vehicle systems and web search engines intensifies, it becomes increasingly difficult for users to recognize or question their political and value implications, and more tempting to simply take the design of such tools “at interface value” (Turkle, 1995, p. 103). It becomes vital, then, to heed Postman’s warning, remove the blinders, prevent the political and value implications of networked vehicle systems and web search engines from disappearing from public awareness, and to critically engage with the design communities to mitigate these unintended consequences.
To accomplish this, three things must happen:
1. Broaden conceptual understanding of privacy: Efforts must be made to broaden the conceptual understanding of privacy to fully appreciate how the introduction of these new technologies disrupt the norms of personal information flows in the contexts of their particular use. A starting point is embracing more contextually-based theories of privacy, such as Helen Nissenbaum’s formulation of privacy as “contextual integrity.” Contextual integrity is a benchmark theory of privacy where the privacy of one’s personal information is only maintained if certain norms of information flow remain undisturbed. Rather than aspiring to universal prescriptions for privacy, contextual integrity works from within the normative bounds of a particular context. If the introduction of a new technology into a particular context violates either the norms of information appropriateness or information distribution, the contextual integrity of the flow of one’s personal information has been violated.
The theory of privacy as contextual integrity is particularly well suited, then, to consider how the introduction of networked vehicle information systems and web search information infrastructures might impact the governing norms of the flow of personal information in the contexts of highway travel and online intellectual activities. (For a starting point in such an analysis, see my paper presented at the “Contours of Privacy” conference.)
2. Engage in value-sensitive design: The notion that the design and use of technical systems have certain political and value consequences suggests the possibility of achieving alternative technical designs that might help to resist or otherwise mitigate such threats prior to their final design and deployment. It becomes vital, then, to engage directly with these technical design communities to raise awareness of the political and value implications of their design decisions and to make the value of privacy a constitutive part of the technological design process.
The multi-disciplinary perspective known as value-sensitive design is well suited to guide this endeavor. Value-sensitive design has emerged to identify, understand, anticipate and address the ethical and value-laden concerns that arise from the rapid design and deployment of media and information technologies. Recognizing how technologies contain ethical and value biases, the primary goal of value-sensitive design is to affect the design of technology to take account for human values during the conception and design process, not merely retrofitted after completion.
3. Foster critical technical practices: Recognizing that the choices designers make in shaping these systems are guided by their conceptual understandings of the values at play, work must be done to ensure technical designers possess the necessary conceptual tools to foster critical reflection on the hidden assumptions, ideologies and values underlying their design decisions. This is best accomplished by fostering “critical technical practices” within the design community. Formulated by Phil Agre, critical technical practice works to increase critical awareness and spark critical reflection among technical designers and engineers of the hidden assumptions, ideologies and values underlying their design processes and decisions. An example of critical technical practice in action is the Culturally Embedded Computing Group at Cornell University, which seeks to elucidate the ways in which technologies reflect and perpetuate cultural assumptions, as well as design new computing devices that reflect alternative possibilities. Their work provides a model for integrating critical technical practices into the technical design communities of networked vehicle information systems and web search information infrastructures.
At a moment when concern over government surveillance of its citizens is high, the prospect of the creation of a nationwide networked vehicle system infrastructure capable of monitoring vehicle location and activity causes pause. Similarly, general concerns over the privacy of web search histories is further aggravated by the possibility of the information being shared with government authorities. Broadening the conceptualizations of privacy to include approaches such as contextual integrity can help raise awareness of the political and value implications of these emerging information technologies. Further, embracing the pragmatic tools of “value-sensitive design” and “critical technical practice,” will ensure attention to political and ethical values becomes integral to the conception, design, and development of technologies, not merely considered after completion and deployment.
These prescriptions mark the first steps towards avoiding the ideological blindness Postman feared, engendering critical exploration of both the privacy threats of these emerging technologies, as well as their potential to trigger widespread surveillance and social control within two vital spheres of mobility.
Michael Zimmer is a PhD student in the Department of Culture and Communication at New York University, and maintains a blog at www.michaelzimmer.org.
Escaping your history
posted by:James Muir // 11:59 PM // March 14, 2006 // ID TRAIL MIX
Imagine that every search phrase you have ever typed into Google from your home computer was recorded and stored in a user-profile on one of Google's servers. What would this profile say about you? No doubt you would consider some of this information private. It might alarm you when you realize that this information is now out of your control. Perhaps you trust Google not to divulge it, but there may be legal circumstances which would force them to do so.
You don't have to imagine this scenario -- Google does in fact keep a record of your search history and they are currently under legal pressure to release a subset of this data to the U.S. government. Some surprising facts about Google's user-profiling are discussed in a recent CNET article (D. McCullagh, 3 Feb 2006). One of the questions that Google's data collection practises raises is the following: Is it possible for a user to use a search engine anonymously from their home computer? For instance, is it possible to do a Google search for "picking magic mushrooms" without having this tied to your identity and possibly used against you at a later date? There is a very brief discussion of this question in the CNET article. Two specific recommendations made are to 1) regularly delete any Cookies your browser collects, and to 2) proxy your web browsing through an anonymizing service like Tor. In this note, we explain just what these two instructions mean and argue that they alone may not suffice to anonymize your Google searches.
We begin by recalling some basic facts about the Internet. Every computer connected to the Internet is identified by a unique number called its IP address. An IP (version 4) address is a sequence of four numbers in the range 0...255 separated by dots (e.g., 192.168.0.1). Your home computer's IP address is obtained from your ISP and they keep track of which IP addresses are assigned to which customers. If your ISP is subpoenaed, then they can be forced to match a customer's identity to a given IP address. When you surf the web normally, your IP address is submitted to the web sites you visit so that their content can be routed back to your computer and displayed in your browser. You can check what IP address you are advertising by visiting here.
Each time a user carries out a Google search, Google can record their IP address and their search phrase (as well as the current date and time). Thus, they can form a history of the search phrases which originate from a particular IP address. However, these IP address search histories are not necessarily the same as user search histories. There are two main reasons for this: 1) ISPs sometimes change the IP addresses of their customers; 2) the customers of some ISPs, like AOL, access the web through caching HTTP proxies which effectively results in many users advertising the same IP address to a web site. These issues can be overcome by using Cookies. A Cookie is a small data-file that a web site generates and stores in your browser. When you first visit Google, they set a Cookie in your browser which serves as a unique user-id. This Cookie can be subsequently read by Google each time you do a search through their web site and so it can be used to track your behaviour, even if your ISP happens to change your IP address.
Deleting Cookies regularly removes data that Google uses to track you and your web browser. Note that the Firefox browser can be set to delete its Cookies each time you close it. This explains the first recommendation. You may be wondering if there is a way to carry out a Google search while keeping your IP address hidden. This is where Tor fits in.
Tor is a network of 250+ Internet computers in various countries which run freely available software designed to facilitate low-latency anonymous communication. Tor has several interesting features but what is most relevant to our discussion is that it can allow anyone to surf the web without revealing their IP address. To start using Tor, you simply download a client program and then configure your browser to send its traffic to the client. Once the client is activated, it negotiates an encrypted pathway through the Tor network which will carry your browser's traffic. The pathway consists of three Tor servers and these are changed every minute or so. When your web traffic travels through the Tor network en route to Google, it appears to Google as though it was originated by the last server in the pathway. In particular, the IP address recorded by Google will be the IP address of the last server in the pathway. So, if you use Tor, your search phrases will likely be bound to an IP address other than your own.
However, the story doesn't end there. Even if you disable Cookies and surf through Tor, it may still be possible to maintain a profile of your web searches. If you take a look here, then you will see several examples of information that can be extracted about your browser and computer even when you have followed the two recommendations. For example, it is possible to learn what browser you are using, its version, what operating system you run, your preferred language, what timezone you are in, what plugins you have installed, and what the current settings of your display are. Google could compute a digest of this information and record it along with any search phrase you have submitted. It's not clear if this information would suffice to uniquely identify a user, but users who use less common browsers and operating systems are more at risk of this.
Much of this additional information about your browser and computer is accessible only through JavaScript and Java. If you do not want this information to be collected and then you can disable these components in your browser. Unfortunately, many web sites will fail to work with JavaScript disabled, but, if you want strong anonymity, then this might be a reasonable trade-off.
James Muir is a Postdoctoral Fellow in the School of Computer Science at Carleton University.| Comments (3) |
Privacy Issues and Canada’s Faith Communities
posted by:Travis Dumsday // 11:41 PM // March 07, 2006 // ID TRAIL MIX
Broadly speaking, public policy issues have an unfortunate tendency to become ghettoised, with particular problems being championed by certain segments of society while being mostly ignored by other interest groups and society at large. Thus certain segments become associated in both public and official consciousness, rightly or wrongly, with certain issues. The aboriginal community for instance tends to be associated mostly with issues directly relevant to that community, such as the economic development of reservations, preservation of native languages, etc. I call this ghettoisation unfortunate partly because it can lead to an accompanying tendency on the part of government and media to ignore the community’s involvement and stake in other issues. In the aboriginal example this might include the environmental advocacy undertaken by some native groups. Worse, it can lead to insular thinking in the group itself; when government and media link a community with a particular, narrow set of interests and issues, a subtle yet compelling psychological pull can be created in which the community unconsciously conforms itself to that image and ignores problems which may be of vital interest to it.
With that in mind, if someone asked you to write down a list of the issues of interest to Canadian religious communities, what would be the first item to pop into your mind? I realize that ‘Canadian religious communities’ is an exceedingly broad designating phrase, but humour me for a moment. What comes up first? Gay marriage? Abortion? Government funding of religious schools? I suspect that one of these three will be uppermost in the minds of many readers. Poverty relief and advocacy, peace initiatives, interfaith dialogue, these will tend to take a mental backseat, despite the tremendous time and resources which Canadian religious communities devote to these issues. How about privacy? Would that enter anywhere on the radar screen? I suspect not. I further suspect that this would be the case for most of those who would consider themselves members of these communities. Privacy is not seen as a ‘religious’ issue. But faith groups in this country are going to have to address some difficult questions relating to privacy in the near future, if they are not embroiled in them already.
In this context I think especially of the position of Canada’s Islamic community. If CSIS were to send undercover agents to attend services at mosques and monitor sermons given by Canadian Imams, in the hopes of spotting nascent terrorist sympathies or recruiting tactics, would this be a privacy violation? Leave aside for a moment the question of whether, if a violation, it would be justified. Is this even a privacy issue? It may be. In the philosophical literature on privacy and privacy rights the question has been raised as to whether groups, and not merely individuals, can possess a right to privacy. I think it has been convincingly argued that they can. For example, if a member of the Freemasons or some other secret society reveals to a reporter the group’s inner workings and rituals, it is plausible to think that the privacy of the group has been violated. Or consider some sensitive corporate meetings, or for that matter the meetings of the Canadian cabinet, whose minutes are kept sealed for decades. For a member of these groups to reveal what went on in such meetings is to violate the group’s privacy. And this is not merely a question of a group member violating the group’s trust. If an intrepid reporter were to plant a bug in the cabinet meeting room, he would be violating its privacy.
But can government surveillance of religious gatherings be considered in this light? After all, aren’t religious services public? Then presumably for the government to monitor their proceedings could not be a violation of privacy. I think this is a plausible argument, but am not entirely happy with it. For although the services may be open to anyone, it can be argued that there is an implicit understanding present whereby those in attendance at a worship service are there for friendly or at least neutral reasons (curiosity, for instance). If someone attends the service for potentially hostile reasons, this understanding is breached. Yet how does this relate to privacy?
This is where some further conceptual analysis comes in handy. Philosophers have been arguing for several decades about the nature of privacy. I believe that the proper view of privacy is essentially informational. Person X has privacy with respect to fact P if and only if P is not known and is in some way sensitive information, ie. information that if revealed might cause some harm to X. Now a loss of privacy occurs whenever such information is revealed, irrespective of to whom it is revealed. If someone reveals a fact to her priest in the confessional, she loses privacy with respect to that information and in regard to that person, the priest. But there has of course been no privacy violation. The information has been willingly relinquished. But there are times when information is willingly relinquished but in which privacy is still violated. If the woman confesses to someone she believes to be a priest, but who in fact is an imposter who gets a kick out of hearing people’s confessions, a gross violation of privacy has obviously taken place. Or consider a spy at a Freemason meeting, who is there only to gather information to release to the media. He too is violating privacy, in this case the privacy of the group.
But can this analysis be extended to public religious gatherings? Two questions arise here. One is whether any privacy violation can take place in the context of a public gathering. If this is possible, then it is possible of a public religious gathering. The other is whether, and perhaps to what extent, some religious gatherings, in this case services at a mosque, are truly public.
It is quite clear that violations of privacy can occur in a public setting. If Mrs. Jones stands up at a town hall meeting and tells of how her neighbour’s husband is having an affair, it is plausible to think that some sort of privacy violation has just occurred. So if private information is revealed in public, the fact that it is in a public setting does nothing to mitigate the violation; quite the opposite, in fact. But what about information which is revealed in a public setting which does not involve the violation of any individual’s privacy? Can a person violate privacy by virtue of his attendance at a public gathering? This may depend on what counts as ‘public.’ Here is another tricky conceptual problem. I think that sufficient conditions for a gathering to be public would be if it were held on public property and advertised as open to anyone with no explicit conditions of entry. A public town hall meeting, for example, or an organized and free gathering in a public park. But these are obviously not necessary conditions; a public gathering can be held on private property, for instance. A necessary condition is more difficult to come up with. But I think a plausible candidate would be that a gathering is public if it is open to anyone; more detailed specification is no doubt required here, but what I mean is something like a gathering in which no one is excluded on some specific grounds, whether explicit or implicit, such as being a woman, or of a certain race or political affiliation. Any meeting in which such exclusions are made cannot properly be termed ‘public.’
So is a worship service at a mosque a public event? Well, certainly no one is excluded on grounds of race or gender. But it is not unreasonable to think that someone would be excluded if it were known that he was there on behalf of CSIS to collect information for the government. You could say then that the gathering is restricted on grounds of employment, or perhaps motivation of the attendee. Thus the service is not a public gathering in the same sense as the town hall meeting would be, in which a CSIS agent presumably could not be excluded even if his presence were known, indeed even if he were there on behalf of CSIS, however uncomfortable it might make the other members of the public and the municipal officials.
So a mosque service is not a public event, or at least not fully public, if indeed it makes sense to speak of degrees of publicity. This being the case, someone might violate the privacy of those in attendance simply by virtue of his attendance, if it is understood that he is excluded from the event on some ground. If I sneak into a Freemason meeting and pretend to be a Mason, I am violating that group’s privacy. If I in bad faith and under misleading pretenses attend services at a mosque, I think it is reasonable to see this as a similar violation. This is the case even though the event is nowhere near as private as the Freemason gathering; it is still private to some extent, by virtue of the implicit exclusion of certain peoples, namely those of bad faith or inappropriate motives. This is an exclusion which would not apply in the context of more or fully public gatherings, such as the town hall meeting. Thus the surveillance of mosques by undercover CSIS agents can plausibly be thought of as a privacy issue.
Of course, so far as I know there is no evidence to indicate that such surveillance is going on. And again, it is quite possible that such surveillance would be justified in some cases, with interests of public safety overriding privacy concerns. But here we have an instance of a privacy issue which should no doubt be of concern to Canada’s religious communities. I think this illustrates that the stakeholders in privacy policy are much wider than one might think from a casual scan of the civil liberties groups one typically associates with the issue.
Travis Dumsday is a graduate student in philosophy at the University of Waterloo| Comments (2) |
With a Little Help from my Friends (and Colleagues): The Multidisciplinary Requirement for Privacy
posted by:Carlisle Adams // 11:59 PM // February 28, 2006 // ID TRAIL MIX
It is probably not unfair to say that many subjects of academic interest do not force, or even encourage, their researchers to look outside the confines of a fairly narrow field of study. An example with which I am familiar, but which is only one example of many that could be cited, is the field of cryptography. It is quite possible for a researcher in this field to spend his or her entire career – indeed, a rewarding and productive career – making, breaking, and repairing encryption algorithms and security protocols without ever thinking very deeply about where and how these might be used in the real world. The beauty, the elegance, and the mystery of the underlying mathematics can be more than sufficient to fill the researcher’s attention (providing both “stick” and “carrot”) without all those messy peripheral areas of implementation details, environmental considerations (how the surrounding applications and operating systems will make use of these algorithms and protocols), and user issues (interfaces, usability, performance, and so on). A researcher in cryptography does not have to be confined so narrowly (and many are not), but nothing inherent in the field requires this broader view.
Privacy differs from such subjects in that thinking about implementation details, the surrounding environment, and user issues is of the utmost importance. Furthermore, not only are these aspects important, but they also force us to recognize the multidisciplinary nature of this field: implementation details often fall into the domain of the technological; the surrounding environment leads to a consideration of applicable laws and policies; and user issues have to do with the social understanding and desire for privacy. It is difficult (perhaps impossible?) to successfully look at privacy through a purely technical set of glasses; researchers with a primarily technical focus must also think about the context of a situation and about the human users involved. Cryptography is about protecting data, and one can think in completely abstract terms about an equation that will fail to hold true if a single bit in a data stream is flipped from 1 to 0, or from 0 to 1. Privacy, however, is about protecting personal data from other people. It is a person or a legal system (not an equation!) that draws the distinction between “data” and “personal data”, and it is our social and legal understanding of privacy that determines when another person has inappropriately learned or used some personal data.
An example may help to illustrate the need for multiple disciplines in privacy. Consider a “tip line” to the police department. Tips can be helpful in crime prevention and, especially, in solving criminal cases, but many people (out of fear or a simple desire to “not get involved”) would prefer not to use a tip line if the tip could be traced back to them. Consequently, many police departments have established anonymous tip lines. Such lines are often implemented using a telephone number, but let us imagine that a police department would instead like to implement this as an anonymous e-mail service.
Technical Solutions for E-mail Tip Line Anonymity
Thinking about a solution from a purely technical point of view might lead us in one of two possible directions. The first direction is what we might call “anonymizing the channel”. Say a user named Alice would like to send a crime tip to the police department anonymously. As we know, Alice’s computer uses two important protocols, the Transmission Control Protocol (TCP) and the Internet Protocol (IP), to send data from her machine to any other machine on the Internet. Any data that she sends will be broken into small packets (typically fewer than 1500 characters); each packet is put into an envelope that contains a number of pieces of information, including the sender address, the destination address, a sequence number (so that all the packets can be reassembled into the right order at the destination), and a checksum that can be used at the destination to see if any errors have been introduced into the packet during transmission. TCP is responsible for breaking data into packets, putting packets into envelopes, and recombining packets into the original data message at the receiving end. IP is responsible for routing each packet through the network so that it arrives at the destination as quickly as possible (note that each packet, because it has full addressing information in its envelope, can be routed independently of all the others and may therefore take its own individual path to the destination).
The source address in the packet envelope is the obvious enemy in the battle for privacy. Techniques for anonymizing the channel seek to strip this identifying information from data without requiring massive changes to the way the Internet currently works (that is, without having to change the universally-deployed TCP and IP protocols). The idea behind the “onion routing” approach to this is simple and elegant: Alice’s machine will take her tip for the police department and put this inside a message destined for some other machine (say Machine X). When Machine X receives its message, it will find something inside for the police department and will send this to the police department. The police will receive their tip, but the IP packets of the tip will have a source address of Machine X (not Alice’s machine). In real onion routing networks (see, for example, Tor [1]), many such intermediate machines are used, and encryption is employed at each layer so that the contents of a layer can only be read by the intended recipient for that layer. Each recipient has no way of knowing whether the machine from which it received the message was the original sender or just some other intermediate node, so Alice’s identifying address is effectively hidden from all machines.
The other possible direction for protecting Alice may be called “anonymizing the source”. A popular technique in this area is the public Internet café. Alice can simply go to an Internet café in a large city and send her crime tip in the clear from one of the machines there. Because anyone in the world (theoretically) could have gone to the café and sent a message from that machine to the police department, the message cannot be traced to Alice. This is the Internet equivalent of Alice going to a public telephone in a busy shopping center to call in a crime tip.
A truly paranoid user might of course choose both alternatives: Alice can go to a popular Internet café and send her crime tip from that machine through an anonymizing channel such as Tor. Alice may then feel quite confident that her data