Privacy, Openness, Security, Logic, Common Sense

Publication Date: 2006-09-08

Have we, as a society, abandoned hope of data privacy on the Internet (and anywhere else) in the name of security?

In the late 90s I was working on installing a Microsoft Exchange system with hooks to Internet email; the employees wondered how private their communications were. There was sufficient interest in the subject of privacy to merit me, as the project manager, to seek a ruling from the VP of Law so that the privacy policy would be correct.

Of course, it turned out to be pretty much a non privacy policy. Think about it: you are at work, using a PC, which is owned/leased by the company. You are using wiring to get to an internal network, which is owned/leased by the company. Your data is stored on a server that - you guessed it - is owned/leased by the company. It is not a stretch to think that the correspondence conducted on that system, particularly that occurring during normal business hours, is owned by the company. The net result is that your expectation of privacy is non-existent. To send a series of abusive emails to a lover that jilted you would therefore be a bad idea. Same goes for web surfing. Visiting the Canada Post site might be something you'd need to do in your job and, in the case of looking up your grandma's postal code, a harmless personal activity. Visiting your favourite nude person site for stress relief would be an obvious no-no.

Most corporate privacy polices state:
a) You must use the equipment and net work for business purposes even during off hours and,
b) We are enforcing the rule. Therefore you have no privacy.

So what about your home based connection to the Internet? Let's say you were doing something anti-social in your house (like signing Abba songs loudly in a high pitched falsetto) but no neighbours could hear you. Nobody knows; nobody cares.

However, imagine that, in your own home with equipment you purchased, you start sending abusive emails and making political statements about people you don't like. You post material on web sites; people send you hate mail back. Where does privacy start and end? In an email exchange between two people, there's a "postal" sense; it's bad or illegal to open someone else's mail. However, email leaves tracks all over the place. You are likely hooked to an ISP (Internet Service Provider) who is providing transmission and storage of your emails. Assuming no stops occur on the way, any email you have written is on your machine, your friend/enemy's computer and on at least two email servers.

In the United States, the US government asked Google for data it had on its customers surfing activities, particularly around pornography. Google initially refused but then was forced to provide every query typed into its search engine over the course of one week without providing identifying information about the people who conducted the searches. (See for more detail.)

I honestly can't imagine what this data told the US government. Without knowing the demographics behind the queries, the data might tell you it was a slow week for Tom Cruise inquiries. But it does start to sound like the US government is thinking corporately: that data on common use machines is theirs.

In a way it is. Google says they respect and protect privacy of their users, but at the same time will adhere to regulations and the law. So if a law comes into place that says "give us your data," companies are likely to hand it over and say to its customers: "we did the best we could."

In a totally creepy move, Bell Canada, which operates the Sympatico ISP, announced on June 15 2006 that it "reserves the right from time to time to monitor the Service electronically, monitor or investigate content or the use of the Service Provider's networks." In addition, Bell would "disclose any information necessary to satisfy any laws, regulations or other government request." See for more.

If computer networking was entirely peer-to-peer, things would be different; Bell or Telus or anyone else would not be pig-in-the-middle. And, despite how much people like to hate Bell, Telus and other major phone companies, they have a point. Let's say you personally owned a server and shared with in a mini-ISP with your friends. But one of your friends went to the Dark Side and started a kiddie porn site. Would you not be hitting the delete key on the now ex-friend's data files faster than you can say "holy shit!"?

I hope you would.

But where does that leave privacy? Is a situation where a small community of friends who enforce common ethical behaviour different than a large agency (e.g. a government or corporation) enforcing common behaviour? Today it seems that governments feel that when there are people like the recent Toronto and London hopeful bombers, that personal privacy is a nice-to-have.

But in the end, I couldn't help but remember a line from Orson Welles' A Touch of Evil, where Charlton Heston's character says, "A policeman's job is easy in a police state. That's the whole point."

Remember these things as you work through your day:

  • If you have a secret, it's not a secret if you tell someone.
  • A secret between two or more people is not a secret, particularly if you use email to discuss it.
  • Privacy is a right only if the government agencies where you live believer and respect it.
  • Robert Ford is a Vancouver entrepreneur who has secrets that he's keeping to himself.
    Google+ Profile