The Book Club

Do the Math

Dear Jeff and Eugene,

Many thanks for your thoughtful posts. Let me try to respond to the points both of you raise about how effective privacy-protecting technologies can be.

Just to be clear, I’m talking about email-scrambling services like Hushmail, hard-drive-encrypting programs like PGPdisk, and distributed systems like the one Zero Knowledge Systems has created to provide at least somewhat-anonymous Web browsing.

In all three cases, the underlying encryption technology is based on the laws of mathematics–so if you use these products and the programmers did their jobs, your privacy no longer depends on the whims of Congress or society.

Jeff correctly says these technologies can protect “responses to clickstream data collection in cyberspace,” but in truth they’re much more useful than that.

For example, if I’m chatting with friends using Hushmail, my e-mail will be stored in scrambled form on their servers–and the company won’t be able to decrypt them even in response to a subpoena. If nothing else, that would have given Monica Lewinsky additional protections from Kenneth Starr. Compare this to Microsoft’s notoriously snoopable Hotmail service, or Yahoo’s practice of turning over information in response to subpoenas without notifying its users.

Another example: We can choose to trust police not to do illegal wiretaps, even though history and the recent LAPD scandal suggest that would be unwise. Or–and I argue this is a better idea–we can use technology instead of the law to shield our privacy. Starium is designing a product to scramble phone calls, and Speak Freely does it for Internet telephony users. I’ll bet Newt Gingrich wished he had used something like that after a Florida couple eavesdropped on his cell phone conversation–even though such snooping was illegal.

I’ll admit, of course, that my view is a controversial one. If people can have absolute privacy and absolute anonymity through technology, what are police to do? How should the FBI react when agents come across encrypted e-mail in a kidnapping case? A lot of mischief can be done through anonymity (though I think the benefits outweigh the drawbacks). The three of us might be willing to err on the side of freedom, but it’s not clear to me that the rest of society is quite as sanguine.

This brings me to Eugene’s point. He writes, “Many privacy technologies, at least today, are too cumbersome or at least too little known to 95 percent of the public.” And, Eugene, you’re right. But are you sure you’re comfortable saying that’s always going to be the case? I remember a conversation we had not long ago about the future of e-books–I was inadvisedly skeptical of current technology, and you took the correct long-term view. Remember how pathetic word processors in the early 1980s were? We might be at roughly that stage now when it comes to privacy technology. (Let’s just hope it develops more rapidly!)

Eugene, you mention we still use credit cards, but one reason (among others) that digital cash hasn’t become more popular is regulatory pressure from governments. Truly anonymous digital cash–so neither side in the transaction can trace it–is something that officialdom, in this age of worries over money-laundering, does not want to see happen. That’s an unfortunate, if predictable, interaction between law and technology. But it’s not an indictment of technology because it’s ineffective: Digital cash is controversial precisely because it’s so effective.

Back to your point, Jeff. You write, “Maybe we need new Brandeis torts for the 21st century.” Like Eugene, I can’t let that pass without some comment.

Jeff, you say Justice Brandeis was a guiding light for your book, so let’s go back to the original Brandeis torts. As you know, an influential 1890 article he coauthored in the Harvard Law Review complains that free-speech rights must give way to privacy. “The press is overstepping in every direction the obvious bounds of propriety and of decency. Gossip is no longer the resource of the idle and of the vicious, but has become a trade, which is pursued with industry as well as effrontery,” Samuel Warren and Brandeis wrote.

Now, they were irked because the tabloid press of the day was airing gossip about Warren’s daughter’s wedding. That may be annoying, but it doesn’t seem to me to be adequate grounds to restrict free-speech rights. Put another way: Brandeis’ view of privacy was flawed from the beginning, since it includes muzzling what others can say or do.

I prefer another Brandeis saying, that seems to err more on the side of freedom rather than restrictions: “Sunlight is the most powerful of all disinfectants.”

Let me take this up one level of abstraction, if I may. It seems to me that there are at least three ways to protect privacy:

1. Prohibit people from collecting personal information (restrictions on using scanners to eavesdrop on cell phones, for instance).

2. Prohibit people from disclosing personal information (reference Jeff’s discussion about laws passed in response to Robert Bork’s video rental records being disclosed, or Brandeis, for that matter.).

Given the technologies–extant and forthcoming–we now have, it seems to me that the third is the most appropriate one for the future:

3. Never give out your personal information in the first place.