|
<<
^
>>
Date: 1998-12-29
Privacy 1998: Andy Oram resuemiert
-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
Andy Orams (Computer Professionals for Social
Responsibility) Resumee zum Stand der Bürgerrechte am
Ende des IT-Jahrs 1998 muss entgegen sonstiger
Gepflogenheiten im Volltext übermittelt werden. Jeder Eingriff
in diesen Text, der von CALEA über ENFOPOL &
Wassenaar nichts auslässt, was die Privatsphäre des
Individuums bedroht, wäre zuungunsten der klaren Linie des
Autors & des sorgfältigen Textaufbaus gegangen.
Besonders bemerkenswert daran ist, dass dieser Text die
traditionelle US-Perspektive der Nabelschau wohltuend
vermissen lässt.
-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
YEAR-END WORLDWIDE ROUND-UP ON INTERNET
PRIVACY by Andy Oram American Reporter Correspondent
CAMBRIDGE, MASS. -- The most prominent cyber-rights
issue of the year is privacy. Several other pressing problems
vie for top billing -- such as freedom of expression, which was
the subject of a recent Human Rights Watch report, or
universal service, which got a battering in the United States
as the government fought over the E-Rate for schools and
libraries -- but in historic world trends, privacy saw the most
interesting developments.
The fight for privacy took contradictory paths this year. In
toto, there will be more snooping and more data collection
over the next few years. But some positive developments can
also be seen. The right of consumers to protect their
personal information from businesses took a couple steps
forward.
At the same time, protections against snooping (particularly
from the government) were weakened. Encryption, which is
essential to all forms of privacy protection -- as well as
freedom of expression, as pointed out in the Human Rights
Watch report -- remains legislatively crippled.
A natural place to start our survey is the Communications
Assistance to Law Enforcement Act, the earliest legal
attention given by government to the Internet and,
appropriately enough, the area also providing the most recent
news. CALEA, a law extending traditional wire-tapping
capabilities to digital telephones, was proposed during the
Bush Administration and passed in 1994. Every step was
dogged by debates over how much power the law should give
to the police.
Amazingly, four years after the law's passage and months
after the original deadline for implementation, the combatants
are still arguing over it. The outlines of the new wire-tapping
capabilities are now clearly drawn. But on December 14,
various telephone companies submitted comments to the
FCC complaining about some details in its proposed
technical requirements. Several civil liberties groups (the
Electronic Privacy Information Center, the Electronic Frontier
Foundation, and the ACLU) raised similar concerns. The
technical arguments over requirements are arcane: for
instance, should call-completion information include the keys
pressed by a suspect after making a call, or should that
keying information be given only when the police have the
right to listen to the content of the call? Arguments over
details are not worth retelling here.
The point made by the telephone companies is that the FBI
is demanding, and the FCC willing to ratify, wire-tapping
requirements that would raise telephony costs substantially,
or worse still, require major technical design changes to
wireless phones and networks. Telephone companies fight
parts of CALEA for financial reasons, while the civil liberties
groups talk of the frightening extension of governmental
power. Digital, wireless telephones expand the range of
activities available to the public. It is now clear that, at least
in small ways, CALEA will also expand the information
available to the police through wire-taps, which have
increased in number over the years. Expanded access to law
enforcement was not the intent of the law, but it is the
outcome of negotiations over its implementation.
One provision that law enforcement didn't win as part of
CALEA, "roving wiretaps" that cover a suspect rather than a
particular phone, was granted in a separate law that passed
the House in October. The goal of CALEA, which is to permit
the government to tap into digital communications, spread
internationally this year. Governments as diverse as Great
Britain, Russia, and India proposed requirements for Internet
providers to give law enforcement access to their customers'
personal communications -- bypassing, in all cases,
traditional legal checks on wiretapping. Four weeks ago, the
European Union proposed a sweeping surveillance system to
be called ENFOPOL. It goes beyond CALEA by covering all
digital communications (such as electronic mail), not just
telephony.
ENFOPOL is an imitation of a mysterious global surveillance
system called Echelon, whose operation is shrouded in the
same kind of secrecy that used to completely hide the
National Security Agency. Recent news reports exposing the
existence of Echelon led some privacy advocates to hope
that European governments would fight it, but they have
taken warmly to the idea instead.
There is another wave sweeping the world, however, driven by
public opinion. This movement calls for restrictions on
databases, both in government and in private industry, and for
control by individuals over critical data like their medical
histories and purchasing habits.
October 1998 was to be the date when all member countries
of the European Union were to adopt strict laws regulating
what information is collected from people, how it is collected,
and with whom it can be shared. On the same date,
European countries were supposed to stop sharing data with
companies in countries that lacked similar protections -- a
bold threat to bring international trade to a halt.
While governments around the world passed laws to protect
privacy so that their trade with Europe would not be
disrupted, U.S. representatives expressed confidence that no
drastic severance of trade would occur. Their gamble paid off,
because data exchange between the U.S. and Europe
continues while negotiations over the privacy directive drag
on. Even in the EU, several countries have missed the
deadline for passing privacy laws.
But it is important to realized that many, notably Germany,
have strong laws in place. These laws have proven that a
modern economy can include privacy protection, and have
formed the basis for the EU directive. In the U.S., government
and business tend to agree that restrictions on data sharing
are costly and (the ranking sin of government) an expression
of over-regulation. Polls show that the public takes a
dramatically different view. In the absence of laws,
sophisticated tracking continues to encroach on privacy,
through such systems as the Doubleclick service that allows
multiple Web sites to share purchasing information. But a
few cracks have appeared in the government's anti-regulation
position.
In June, after a year of investigating commercial practices on
the Web, the Federal Trade Commission suggested for the
first time that Congress pass a law to protect privacy. The
scope of the proposed law was narrow -- to keep sites from
asking children under 13 for personal information unless their
parents approved -- but the very idea was an admission that
self-regulation by businesses is not always enough.
Furthermore, the FTC's report contained an enormous
amount of evidence that businesses were not taking privacy
seriously.
The final major issue for our privacy wrap-up is encryption.
Here, the status quo remains relatively untouched.
Encryption is a rare instance of a technology that works well
and whose spread is hampered only by law. The U.S., where
most encryption products are developed, has held back the
export of strong encryption for decades through Commerce
Department regulations, unshaken by many Congressional
attempts to remove them.
Unlike the past few years, no law was introduced into
Congress this year either relaxing or strengthening laws
against encryption. Luckily, government proposals for
cumbersome key escrow systems -- where central
databases keep users' keys and hand them over to
governments upon receiving legal wiretapping requests --
have waned. Perhaps the FBI is busy with other things, such
as the investigation of campaign finance law violations
(although one could ask then why it have done so little about
them). Congress and the Clinton Administration also seem
preoccupied with other matters.
The British government, however, has floated a plan for key
escrow, and a law remains on the books in France requiring
it for all encryption used in that country. There is no reason
to believe that such a system will actually be feasible,
though. The main encryption battle took place around the
international Wassenaar Agreement, which tries to control
the spread of military and "dual use" technologies. The
agreement always contained a place-holder for encryption,
but it had serious holes and left many encryption experts
hoping that it would prove useless in the face of movements
in many nations to liberalize encryption. Instead, at a
conference that met earlier this month to update the
agreement, the U.S. persuaded delegates to add clauses
that essentially committed the 33 member countries to adopt
restrictions like those in the U.S. Encryption of any strength
can be developed and sold within these countries, but cannot
be exported to a non-member country unless it includes a
maximum key length of 56 bits -- a length making it easy for
governments (or anyone with a lot of computing power) to
break the key and view the communication.
Having completed our privacy wrap-up, I will follow the poor
example of many other journalists at this time of year and
leap into the crystal ball with some predictions: - Privacy
protection laws will spread. They are popular, and the
experience of European nations show that they are feasible. -
Front-line volunteers in the privacy battle, through well-tested
techniques like submitting personal information under
invented names, will expose the sale of information by
famous businesses in violation of privacy laws or posted
policies.
Finally cornered into obeying privacy restrictions, businesses
will solve the problem by expanding the obnoxious practice of
offering discounts to customers who volunteer their personal
information. - Law enforcement agencies will continue to
push unworkable schemes like key escrow and ENFOPOL
just to enhance their images in the eyes of legislatures and
ministers. - More effectively, governments will continue to
hold the line against strong encryption. Although such
policies hamper commerce and threaten civil liberties, they
are clearly winning over more governments as reports come
out about pornography rings and terrorist networks. - Most of
us will muddle along using 56 bits or whatever kind of
encryption governments allow. Few of us will experience
difficulties, because it takes work to track down our
communications on the Internet.
Given the use of weak encryption, occasional scandals will
emerge concerning sensitive communications that are broken
by unethical business competitors, sensation-mongering
journalists, or angry opponents in lawsuits. These breaches
will be reported as if they were sad acts of nature, not the
preventable results of public policy. - Meanwhile, law
enforcement will continue to spar with political dissidents
(including that tiny fraction that can legitimately be called
terrorists) to find ways to alternately conceal and break
communications, cheerfully ignoring applicable laws. So
that's the scene. If you don't like it, there is still time to
speak up. Unless you feel safer keeping your opinions private.
Text Source mit Links
http://www.american-reporter.com/
http://www.oreilly.com/~andyo/ar/roundup_privacy.html
relayed by Andy Oram via [email protected]
-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
edited by
published on: 1998-12-29
comments to [email protected]
subscribe Newsletter
- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
<<
^
>>
|
|
|
|