Peter Swire replies to Larry lessig, Jim Davidson on anonymity [fs]

[Declan McCullagh <declan () well com>]

---

From: "Peter Swire" <peter () peterswire net>
To: <declan () well com>
Subject: Response to Lessig and Davison
Date: Sat, 6 Dec 2003 13:16:11 -0500

Declan:

        Larry Lessig's post said essentially that it will be so
difficult to win on Net anonymity that we need to fall back to fighting
for better protections of "pseudononymous" transactions.  Jim Davidson
replied with his "string up the bastards" post, where the bastards seem
to be some mix of malevolent government officials and back-sliding
privacy defenders such as Lessig.

        Here's a perspective from someone who has worked within the
Washington scene on privacy.  My view is that Larry is saying more
clearly than he has before that technology alone won't do it and we will
we have to fight in the political system for due process and privacy
rules.  Larry wants to use the fancy Net term of pseudonymity to
describe traceable transactions.  That might be rhetorically a nice
move, but the fight on traceable transactions is much broader than Net
privacy.  The entire data protection structure in Europe concerns the
rules for handling personal data in traceable transactions.  The 15 or
so U.S. federal privacy laws (medical, financial, video, student,
wiretap, telemarketing, etc.) show that the privacy battle on traceable
transactions has been going on here for years.  The 4th Amendment shows
that the battle on rules for government access to traceable activity has
been going on for centuries.  Today is just the latest chapter in the
fight on traceable transactions.

        Jim Davidson wants to avoid the messy legislative debates.  He
writes: "A system which protects absolute anonymity is good . and it is
what the market wants."  The problem, sadly, is that he is wrong on what
the market wants.  I've gone to conferences for years at which David
Chaum and other really smart people have shown how to create systems of
untraceable e-cash.  But traceable payments (credit cards and PayPal)
have absolutely crushed the opposition.  (My Trustwrap article explores
the history in detail, www.peterswire.net.)  If payments on the Internet
are traceable, then we better have something effective to do on Plan B.

        There is no alternative to fighting in the messy political
arena.  The Internet is so big and important that governments, big
corporations, and everyone else is going to use their leverage to write
the rules to their advantage.  Most of us can't live like Gene Hackman
in "Enemy of the State" - living in a metal cage in our extreme efforts
to ward off all possible surveillance.  We are imperfect, sloppy souls
who constantly reveal information about our activities.

        So what is to be done?  Jim Davidson is correct that progress
should be sought on multiple fronts.  While tech people try to figure
out how to get acceptance for privacy enhancing technologies, privacy
supporters should also be engaged in "Plan B" - the messy art of the
politically possible.  The press, assorted deep thinkers, and others
will pitch in.

        Before despairing, it's worth a partial list of privacy
protections created at the federal level in the past five years:

.       The medical privacy rules created the first national standards
for when police can get access to medical records.

.       The 1999 financial privacy law included a ban on most transfers
of account numbers from your bank to marketing or other organizations.

.       The Homeland Security Department has the first Chief Privacy
Officer required by statute, as one counter-balance to the Department's
instinct for surveillance.

.       The law creating that Department said that nothing in the law
authorized the creation of a national identity card or system.

.       The Republican-led Congress has passed laws limiting or
eliminating Bush Administration surveillance initiatives such as TIPS,
TIA, and CAPPS II.

.       The 2002 E-Government Act required privacy impact assessments
for all new federal IT systems.

        Reader's of Declan's list can easily spot flaws in the above
list.  Many will wish that the legal protections were stronger.  Others
will have their own long list in mind of expanded surveillance powers
during the same period - the Patriot Act comes to mind.  With that said,
governments are too powerful to ignore.  The next chapter can easily be
mandatory data retention, making anonymity even more difficult.

        Berating the "congress critters" will not stop the government
from acting.  There is no alternative to engagement.

        Peter

Prof. Peter P. Swire
Moritz College of Law of the Ohio State University
Consultant, Morrison & Foerster LLP
Formerly, Chief Counselor for Privacy in the U.S.
     Office of Management and Budget
(240) 994-4142, www.peterswire.net
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)