Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

The china at the electronic-spy agency’s dining room was exquisite, as was the meal. Ron Rivest, inventor of the RSA approach to public cryptography, and I were having lunch with the National Security Agency’s director, Bobby Inman. We were trying to impress on him that the forthcoming growth of the Information Marketplace would create severe privacy problems and the agency should extend the role of cryptography from ensuring secure communications within the U.S. government (and breakable ones outside it) to protecting the privacy of U.S. citizens and organizations, with approaches like RSA. The admiral didn’t believe us-our claims of a widely interconnected civilian world in the ’90s sounded like pie in the sky. Twenty-five years later, in April 1999, at the other extreme, The Economist proclaimed on its cover “The End of Privacy.”

Under-reaction then! Over-reaction now!

No doubt, the technologies of information can be used to attack our privacy. But they can also be used to protect it. For example, if we agreed that everyone using the Internet did so under the RSA regime of creating and using their own public and private keys, we would end up with secure communications and files and the ability to digitally sign contracts and checks as effectively as we do now by hand. This high level of personal privacy would, however, preclude governments from legally tapping a suspect’s private data and would also prevent anonymity-thereby angering Right and Left simultaneously. If we don’t like this outcome, we have technologies on hand to establish nearly any desired blend of personal privacy, anonymity and governmental intervention.

Such cryptographic approaches would not stop companies with which you do business from selling personal data you give them, corrupting it, or tracking Web sites you frequent. Not to worry. There is technology around to handle these problems, as well: A scheme called P3P, developed by the World Wide Web Consortium, places software within your browser and in the Web sites of vendors. In a P3P personal profile, which you write once, you specify the personal information you are willing to give away along with what others are allowed to do with it. A similar script in the vendor’s software identifies the personal information the vendor requires and its planned disposition. These two pieces of software “shake hands” prior to every business transaction and allow it to proceed only if both privacy declarations are satisfied. In a variation of this scheme, governments can introduce absolute privacy policies, by requiring, for example, a minimal level of privacy in the P3P profile of every citizen.

0 comments about this story. Start the discussion »

Tagged: Communications

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me