Privacy is self-evident natural law – it is deeply linked to individual dignity – and is a cornerstone of freedom.
Why the internet lacks privacy
The Internet was developed originally as a government, academic and research network on dedicated private telephone circuits. There was no perceived need to consider or anticipate security and privacy as critical components.
It was not until the Internet was opened to commercial traffic that ubiquitous connectivity was allowed and the Internet became accessible to everyone. Good manners prevailed on the Internet until after 1995 when the first malware began to appear.
It was too late; the Internet had been established and improved without security and privacy. Internet adoption was by then a revolutionary firestorm that could not be checked. Privacy was perceived important but not fully understood; the technologies to achieve it did not exist. It was generally believed that incremental improvements would solve the privacy problems. That has not worked out as hoped.
Early growth pains
As the Internet was becoming commercial in the late 1990s a new security industry was born to defend against the increasing barrage of invasive communications. It was just coming of age in 2001 when 9/11 occurred and security hysteria became rampant.
This historical coincidence imprinted the nascent security efforts with a defensive “gates, guards and guns” culture and made privacy a dirty word – imposing a conflicted birthmark on the Internet that continues to hamper privacy efforts to this day.
At the same time, Google and others were pioneering the mining of all customer traffic for marketing purposes. To do so, they pushed privacy aside completely, making the visibility of all content and user information crucial to their commercial business model.
This cleared the floodgates for the exploding social networking movement which can only operate if it ignores privacy.
Privacy is different than security
“Internet Privacy” is the seclusion of information in transit and at rest.
A good analogy is the diplomatic pouch that moves from sender to recipient with its contents locked in total seclusion.
“Internet Security” is defending against external threats.
The many companies in the security industry accept the Internet’s protocol weaknesses as they are, defending the fortress with malware blockers, firewalls and other expensive battlements. It now operates entirely in a combat mentality; fighting never-ending battles in wars it can never win (in fact, it is falling way behind.) Today, standard desktop antivirus solutions are less than 50% effective against the total range of common threats.
The small incremental security improvements that have evolved have had a marginally protective effect; but have come at a very high cost ($3.5 billion annual losses worldwide), without delivering any privacy. Today, you can buy a lot of security and not achieve privacy at all.
Security and privacy are not mutually exclusive – we can have both.
Government impediments to privacy
Governments have always been conflicted over privacy. While they may have some legitimate needs to communicate their secrets privately, they work diligently to deny private communications to everyone else – always behind the handy excuse of national security. In spite of watchdog and judicial efforts to curb invasive behavior, government agencies are now running amok with illegal snooping programs, domestic and foreign.
To many, it appears that we have now come full cycle from the constitutional framers’ original intentions in the Fourth Amendment to protect individual privacy from an invasive government (writs and general warrants, imposed by the British before 1791 and widely detested). We now have a new era of convoluted regulations and clandestine maneuvers that are arguably the de-facto restoration of the invasive writs and warrants.
Add in National Security Letters and other circumventions of prior privacy laws, and the picture gets uglier. These new assaults on privacy have been legitimized by creeping pre-9/11 regulations and post-9/11 terrorism hysteria, and driven home by widespread government dystopian behavior.
Online privacy enforcement
There is no practical way for laws to enforce privacy on the Internet. We already have dozens of laws that impose penalties for privacy breaches, but very few that require privacy be integral to communications. HIPPA, Sarbanes-Oxley and a few other laws require that certain industries take the reasonable steps necessary to secure medical, financial and other records. This has resulted in content encryption but that alone does not ensure privacy.
There is no evidence that fining corporations or jailing violators for online privacy breaches (the current basis for all privacy laws) is the least bit effective. An accidental breach like a misplaced laptop can compromise thousands of personal records, for which the corporation at fault is fined heavily, but the exposed victims are simply out of luck.
Once private information is compromised, no law or penalty can restore it to privacy status, or make the victims whole.
The Internet is in a painful adolescence, stuck with security-flawed protocols and questionable belief systems that stand in the way of privacy.
The Internet’s security-flawed protocols can be rendered safer with more advanced technology. But, the real challenges in deploying effective privacy will be in overcoming the hide-bound cultural issues from two decades of established government interests, commercial exploitation and a highly protectionist security industry that appears myopic about privacy.
Until 9/11 there had been strong enforcement of the rights of privacy across two centuries of privacy legislation and more than 300 privacy court cases. Those rights are now under siege on many fronts and have increasingly fewer protections under law. Overall, the space is highly fragmented and confused; the only hope lies in advanced technologies that provide truly private solutions – transcending the need for increasingly expensive security defenses and legislative or judicial struggles.
Harry Kalven, Jr. Law and Contemporary Problems Vol. 31, No. 2, Privacy (Spring, 1966), Duke University School of Law http://www.jstor.org/stable/1190675
… our still vivid experiences with totalitarianism remind us that a major tactic for the dictator is to subjugate by eliminating privacy. I start, therefore, from the premise that privacy is surely deeply linked to individual dignity and the needs of human existence …
Daniel J. Solove, Nothing to Hide: The False Tradeoff Between
Privacy and Security (Yale University Press 2011)
“If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.” Cardinal Richelieu
George Sidman is a serial entrepreneur with a number of software and Internet companies to his credit. For the past fifteen years he has been focused on highly private communications solutions and holds two patents for Internet privacy technologies. He is the CEO of TrustWrx, a Silicon Valley Internet security company.