The china at the electronic-spy agency’s dining room was exquisite, as was the meal. Ron Rivest, inventor of the RSA approach to public cryptography, and I were having lunch with the National Security Agency’s director, Bobby Inman. We were trying to impress on him that the forthcoming growth of the Information Marketplace would create severe privacy problems and the agency should extend the role of cryptography from ensuring secure communications within the U.S. government (and breakable ones outside it) to protecting the privacy of U.S. citizens and organizations, with approaches like RSA. The admiral didn’t believe us-our claims of a widely interconnected civilian world in the ’90s sounded like pie in the sky. Twenty-five years later, in April 1999, at the other extreme, The Economist proclaimed on its cover “The End of Privacy.”
Under-reaction then! Over-reaction now!
No doubt, the technologies of information can be used to attack our privacy. But they can also be used to protect it. For example, if we agreed that everyone using the Internet did so under the RSA regime of creating and using their own public and private keys, we would end up with secure communications and files and the ability to digitally sign contracts and checks as effectively as we do now by hand. This high level of personal privacy would, however, preclude governments from legally tapping a suspect’s private data and would also prevent anonymity-thereby angering Right and Left simultaneously. If we don’t like this outcome, we have technologies on hand to establish nearly any desired blend of personal privacy, anonymity and governmental intervention.
Such cryptographic approaches would not stop companies with which you do business from selling personal data you give them, corrupting it, or tracking Web sites you frequent. Not to worry. There is technology around to handle these problems, as well: A scheme called P3P, developed by the World Wide Web Consortium, places software within your browser and in the Web sites of vendors. In a P3P personal profile, which you write once, you specify the personal information you are willing to give away along with what others are allowed to do with it. A similar script in the vendor’s software identifies the personal information the vendor requires and its planned disposition. These two pieces of software “shake hands” prior to every business transaction and allow it to proceed only if both privacy declarations are satisfied. In a variation of this scheme, governments can introduce absolute privacy policies, by requiring, for example, a minimal level of privacy in the P3P profile of every citizen.