Privacy

Questions of Digitizing Identity

/ Christopher Parsons

A common element of the (various) streams of thought that I’m usually engaged in surrounds the question of identity. What constitutes identity? How is this constitution being modulated (or is it?) in digital spaces? What can past and contemporary theorists offer us, in response to these questions? What are the strengths of these responses, and what are their weaknesses?

Over the next six months or so, I want to begin taking up these questions more seriously. I plan to begin constructing an account in order to gain a better appreciation for both how granularly we often attempt to separate identities, and how at the same time those are often shared, surveyed, or otherwise modified without our ever being aware. My thoughts are that a core difference between ‘analogue’ and ‘digital’ identities follows from the (relative) ease of surveying and modifying digital identities without the source of that identity ever being made aware. While unobtrusive surveillance is possible in an analogue space, there is an emphasis in the West on the development of homogeneous protocols that are intended to facilitate the diffusion of data across digital pathways, and this carries with it new ways of collating and modulating available dataflows. Continue reading

Update: Mobiles and Your Identity

/ Christopher Parsons

Last year I authored a post entitled “Mobiles and Your Identity“, where I attempted to unpack some of the privacy and surveillance concerns that are associated with smart phones, such as RIM’s Blackberry and Apple’s iPhone. In particular, I focused on the dangers that were associated with the theft of a mobile device – vast swathes of both your own personal data, as well as the personal information of your colleagues and friends, can be put at risk by failing to protect your device with passwords, kill switches, and so forth.

Mark Nestmann, over at “Preserving Your Privacy and More” has a couple posts discussing the risks that smart phones pose if a government authority arrests you (in the US). He notes that, in a recent case in Kansas, police examined a suspect’s mobile phone data to collect call records. When the case was brought to the Supreme Court, the Court found that since the smart phone’s records were held in a ‘container’ (i.e. the phone itself) that the police were within their rights to search the phone records. Mark notes that this ruling does not apply to all US states – several have more sensitive privacy laws – but leaves us with the warning that because laws of analogue search are being applied to digital devices that it is best to limit the data stored on smart phones (and mobile digital devices in general).

Continue reading

Review: Protectors of Privacy

/ Christopher Parsons

Newman’s Protectors of Privacy: Regulating Personal Data in the Global Economy is exemplary in its careful exposition of Europe’s data protection regulations. Using a historical narrative approach, he demonstrates that Europe’s current preeminence in data protection is largely a consequence of the creation of regulatory authorities in member nations that were endowed with binding coercive powers. As a result of using the historical narrative method, he can firmly argue that neither liberal intergovermentalist nor neo-functionalist theories can adequately account for the spread of data protection regulations in the EU. Disavowing the argument that market size alone is responsible for the spread of data protection between member nations, or in explaining Europe’s ability to influence foreign data protection regulations, Newman argues that the considerable development of regulatory capacity in European member states, and the EU itself, is key to Europe’s present leading role in the field of data protection.

Drawing on recent telecommunication retention directives, as well as agreements between the EU and US surrounding the sharing of airline passenger information, Newman reveals the extent to which data protection advocates can influence transnational agreements; influence, in the EU, turns out to be largely dependent on situating data privacy issues within the First Pillar. For Newman, Europe’s intentional development of regulatory expertise at the member state, and subsequently EU level, as demonstrated in the field of data privacy and tentatively substantiated by his brief reflection on the EU’s financial regulatory capacity, may lead the EU to play a more significant role in shaping international action than would be expected, given its smaller market size as compared to the US, China, and India.

Overall, I would highly recommend this book. If you are interested in the role of regulatory capacity in the ongoing issues of personal data (especially as it pertains to the EU), or if you just want to read an inviting, concise, and well-developed historical account of the development of EU data protection regulations, then this book is a great way to spend an evening or three.

Common-law = Snooplaw

/ Christopher Parsons

Rather than talk about the FBI’s desire to patrol the Internet backbone, have your laptop searched without warrant or any particular reason when facing US Customs officers, or Microsoft’s Computer Online Forensic Evidence Extractor (COFEE), I want to quickly talk about the Australian government’s desire to give law enforcement and corporate IT the power to monitor and inspect any and all electronic employee communications. What is most concerning is that it continues an Australian trend to insert American attitudes into common-law.

Terrorism Down Under

I don’t want to come off seeming as though I think terrorism is a small or unimportant issue. It’s not – terrorism is a very real issue, and it has incredible financial and human costs. That said, whenever someone mentions either children or terrorism as a justification for a new piece of legislation that would dramatically extend the surveillance powers of public and private actors, I immediately want to know just how invasive those new powers might be. Whereas Australian law presently only allows security companies and those dealing with the government to survey communications without permission, after a four year fight to revise the Telecommunications Interceptions Act the government may be successful in extending those surveillance powers. If the amendments are passed, all corporate IT groups will be able to survey employees’ digital communciations. The government’s reason for extending the surveillance powers is that, by monitoring workers’ emails, it will be possible to stop/deploy coercion towards those who would;

attack to disable computer networks that sustained the financial system, stock exchange, electricity grid and transport system “[and would consequently] reap far greater economic damage than would be the case of a physical [terrorist] attack”. (Source)

Continue reading

Boost Up Your Net With ISP Injections

/ Christopher Parsons

I’ve written about Deep Packet Inspection (DPI) technologies before, and their various potential privacy issues. Generally, I’ve talked about how the possibility of having your ISP persistently monitor your online actions could stifle the substantive abilities exercising of autonomy, liberty, and freedom of conscious. I won’t revisit those issues here, though I’d recommend checking out my earlier post on DPI. What follows examines how ISPs are injecting information into the webpages that you visit, which prevents you from viewing webpages as they were designed.

Web Tripwires

When you visit a webpage, your computer downloads a little bit of code and renders it on your screen – the web is an environment where visual stimulation necessitates copying data. Recently, researchers from the University of Washington and the International Computer Science Institute have discovered that about 1.3% of the time what is displayed on your computer’s screen has been altered. This having been said,

Continue reading

Identification, Identity Systems, and the REAL ID Act

/ Christopher Parsons

In a recent presentation to the Summer 2007 Privacy Symposium, Jim Harper lays out a series of concerns about a national identification system. I’m just going to run through them quickly – watch the video that I link to at the end of the post to view his presentation yourself.

Authentication versus Identification

  • Authentication is where you are challenged to provide a set of items/data in order to gain access to something. An example would be the requirement to have both a banking card and a PIN to access your bank account – this authenticates your access to the resource, but it isn’t a wholesale validation that it is actually Christopher Parsons who is accessing my bank account. Instead, what this does it is gives enough information to the bank that it is comfortable providing access to my bank account, without actually knowing for sure that it is me accessing the account.
  • Identification draws on unique characteristics that make up who you are, and validates that person attempting to gain access to X or do Y against the recorded characteristics that identify that person. This involves validating a person against facets of their constitutive being, with a popular identifier coming from biometric information. This passes beyond authentication systems because the person is certifiably identified. Whereas I can give you my bank card and PIN, I would have a far harder (and more painful) time giving you my right eye and left thumb.

Continue reading