I've watched the tweetsters, blabsters and blogsters debate privacy for the last several months.
The invective against government-sponsored intelligence gathering is colourful, but not very helpful. Meanwhile, their opponents see every wish for anonymity as a sign of tax evasion, money laundering, terrorism or pornography.
Both sides cite real or imagined
constitutional constraints, wallowing in the kind of law that
relies on 'Thou Shalt Not'. Tell someone
“Don't think of blue!”, and they must think of blue in
order to understand your command. That's why legislated prohibition often produces the opposite result.
Odd thing though, neither side seems
particularly competent in the other kind of law. You don't go to jail for gaining altitude too quickly.
The airplane simply stalls, crashes and you die. The laws of nature and mathematics.
That's why thousands of software engineers and data architects are quietly
building new systems that will soon succeed where enforcement has failed, because "that's just the
way it works"? They're called 'disruptive technologies', not
because they upset the rest of us, but because they might make spies,
regulators and most banks seem a little silly and beside the point
eventually.
These disruptive technologies all have
one fascinating thing in common. They store identity separately from
service information. Ta-dah!
Wait a minute. Is that all there is to
it?
Yep. That's it. Anonymous data.
The database with your name, birth
date, address, finger prints and retinal scan won't include your
eyeglasses prescription, your bank balance, your blood pressure
readings, your parking tickets, your ethnicity, your religion or your
shopping preferences. All that stuff will be kept in separate data tables
that aren't linked to your identity, except when you authorize it. Or when
a qualified judge orders it. Not because it's not allowed, but
because that's just the way these databases will be built.
Spies, regulators, banks and business
hackers will be thrilled. They won't have to break in to profile service
data anymore. The NSA and Homeland Security will have a ball. They will be allowed to monitor traffic patterns to their heart's content.
They can track how
many Muslims with high blood pressure, a university education and
more than two pairs of bi-focals are boarding a flight from Amsterdam
to Madrid after requesting a vegetarian meal.
But they won't be able to link that information to individual identities on their own any more.
But they won't be able to link that information to individual identities on their own any more.
Not because it won't be allowed, but
because that's just the way these systems will be built. That's how
they'll work.
Anonymized data bases will free national defenders to engage in much more powerful terrorist
profiling than current legislation allows, all without inappropriately
invading innocent individual identity. Those
data tables just won't contain identity information.
When the profilers detect a
threatening pattern in the service stream, they will request corresponding identity information, only on reasonable grounds, in a process similar to getting a
traditional search warrant.
These 'disruptive technologies' will
have preemptive anonymity embedded at the very core of their
architecture. They will restore a bunch of democratic and
civil protections that earlier information architectures could not.
Curious political operatives won't
bother to hack Watergate offices or voter registration systems hoping to
find out how you vote. Neither will a terrorist or thief disguised as
a pharmacist, nor a Walmart cashier, nor a bank teller be able
to hack payment systems to learn where you live, or how much credit
you have, or whether your home is unoccupied while you travel.
Disruptive technologies will
embody a whole new architecture of individual privacy and consent at their very
core, not because the Walmart clerk isn't allowed to pry into your
affairs, but because they simply can't. They won't have access. It won't work that way
any more.
Engineers call this astonishing,
elegant, even beautiful structure, 'claims-based authentication'.
It is almost ready. Several pioneering health care and health
records systems are already using it, testing it in the most
sensitive data area of all.
Epidemiologists will love the enhanced profiling ability and patients will relish their absolute control over who peeks at their personal records.
Epidemiologists will love the enhanced profiling ability and patients will relish their absolute control over who peeks at their personal records.
The only difficulty I foresee is that
when claims-based authentication systems come to the world of finance, they
might neutralize some of the distorted processes that have unfairly
fattened Wall Street at the expense of Main Street. That might indeed upset certain people.
Oh, and by the way? Bitcoin already appears to be 'claims-based-compliant'.
Next time I'll examine the role
anonymity plays in consent and a third essay is in the works to explain how
claims-based systems work between you, your doctor, your pharmacy and your bank account.
continue to part 2 :
continue to part 2 :
No comments:
Post a Comment