Wednesday, November 29, 2006

TEOS Lives On: And its time may yet come

For those who missed it the first time round, TEOS is the acronym for Trusted Email Open Standard, a proposal for reducing spam by increasing trust in email. TEOS was introduced in April of 2003 at a Federal Trade Commission Anti-Spam. More than 30,000 people downloaded the 35-page standards document in the first eight months that it was available online. The FTC still hosts a pdf copy of the document today, at the FTC web site. There is some archival coverage of the FTC summit here and coverage of TEOS here and also here.

But what has spam got to do with privacy?

First of all, a lot of people would probably agree that spam is an invasion of privacy, the privacy of one's in-basket. Second, it can be argued that, if there was a trustworthy way of ensuring that the privacy preferences of consumers were respected, it would be possible for email to be widely and beneficially used for commercial purposes without creating spam.

So what happened to TEOS?

Well, a lot of people read it (c.f. the 30,000+ downloads) and Bill Gates plagiarized it in a letter to Congress in May of 2003. Here is what he wrote:

...we support the establishment of an independent trust authority or authorities around the globe that could spearhead industry best practices, and then serve as an ongoing resource for email certification and customer dispute resolution. In short, these authorities could provide mechanisms to identify legitimate email, making it easier for consumers and businesses to distinguish wanted mail from unwanted mail. Of course, any technology designed to establish the identity of legitimate commercial firms and associate them with a trusted sender "seal" should be based on open standards and developed with broad input from affected industries.

This is exactly what TEOS had earlier proposed but he conveniently omitted mention of the standard or its authors at ePrivacy Group (which included me). However, TEOS also proposed, and depended upon, cooperation between the large email vendors. They talked about it. Meetings were held. But nothing came of it. Which is sad news for all email users.

Tuesday, November 21, 2006

Invasive Technology Has Its Uses: Teen Tracking

About ten years ago, when our daughter was a rebellious teenager, I gave serious thought to installing some sort of GPS recording and transmitting device in the car we let her drive. The goal was something like a web page where we could log in and see where the car was at any particular time.

And I mean serious thought. That girl could somehow put a hundred miles on the car in one evening and yet, when asked where she went, answer "Nowhere." Unfortunately, such devices were big and clunky and very expensive back then, mainly confined to commercial applications like trucking and emergency vehicle assistance. Now there are numerous ready-made solutions.

Would I use one if I had a teenage daughter or son today? You bet! Would it be an invasion of their privacy? No! Parents have a right [and a duty] to knowing where their teenagers are.

BTW, to be 'nice' about it, an invasion of their privacy would be showing them a tattoo located just above my butt crack--that's what invasion of privacy originally meant--putting your stuff in my face, which is what happened to me a few months ago when I was waiting to get off a plane. The young lady in front of me rose up and between her short top and low-cut jeans appeared a large tattoo that read "Daddy's Girl." I really didn't want to see that.

That was an invasion of my privacy.

Friday, November 17, 2006

Privacy Essentials: The Politech Connection

If you're serious about privacy in general, and privacy-as-impacted-by-technology in particular, I highly recommend subscribing to Declan McCullagh's Politech:


"the oldest Internet resource devoted to politics and technology. Launched in 1994, the Politech mailing list has chronicled the growing intersection of law, culture, technology, and politics."

I still meet privacy professionals who haven't found Politech yet, possibly because it is not purely about privacy, but it is well worth subscribing, for Declan's even-handed reporting, and for that early "heads-up" you sometimes get from insiders (e.g. it is where I first heard about the UCLA taser incident).

Thursday, November 16, 2006

UCLA Taser Video Incident Raises Many Privacy Questions

First of all, if you have not seen the video, you can view it here on YouTube.

Then read some of the comments people have left. Now ask yourself how you feel about our society today. What do you think is most disturbing:

  • Not having your student ID on you can lead to something like this?
  • The other students didn't leap to this guy's defense and prevent repeated tasing?
  • Taking pictures to post on the Internet seemed to be more important to some students than preventing a fellow student being physically abused?
  • A lot of people left comments on YouTube that are very disturbing?
  • Somebody in there was shouting something like "this is the Patriot Act in action."
When I was a high school student, my friends and I went toe-to-toe with police to protest racial injustice, risked suspension and worse, like being run down by mounted police. Has that kind of "teen spirit" wilted away?

On the narrow topic of carrying an ID, I actually think an ID is a good idea. But short of shooting the student who didn't have one, those UCLA campus police could not have more to poison the notion of identifying oneself to others.

Friday, November 10, 2006

Mixed Privacy Messages May Point to Future Trends

Numerous studies have shown that many people will hand over sensitive data about themselves in return for relatively minor benefits (an ice cream cone in one case I recall). This tendency has perplexed many privacy professionals and social commentators, myself included, as it seems to run counter to expressed fears about privacy (remember that privacy fears topped the chart of "what worries you most about the new century" in a large-scale 1999 survey, beating terrorism).

One way to resolve the apparent dilemma is to declare these studies flawed, suggesting they somehow fail to reflect people's underlying attitudes to privacy. But I can't accept that explanation. The empirical evidence of a strong "exhibitionist" streak in modern society is just too strong and you must account for it in an theory about privacy. Now I see that some people are making progress along these lines. Check out Douglas Rushkoff's perceptive piece in a recent issue of Discover magazine.

"It's as if we humans are not simply wiring up a communications infrastructure but creating a shared platform for self-awareness as a collective organism. And this goal--this almost instinctive push toward gaining access to one another--far outweighs our concern over how this data might be used."

This meshes quite nicely with my view of how humans are evolving. And it also jives with ideas I advanced in one of my first columns on privacy, back in 1994, which I will post here as soon as I can find the darned thing (Google probably has it somewhere).

Thursday, November 9, 2006

Here Begins Privacy Think

A blog about privacy, with a focus on the far horizon. Asking questions like:

  • Where is privacy headed?
  • If people fear Big Brother why do they reveal all on MySpace?
  • Could a loss of privacy ever be a good thing?
  • What's the difference between privacy and anonymity?
  • What does the exposure of hundreds of millions of personal records mean?

Interested? Stay tuned. Get the feed.

Stephen