The Book Club

Fighting Technology With Technology

Jeff and Eugene:

Indeed, who opposes privacy? It’s a rare person who says he wants less of it, at least for himself. Along with “freedom” and “liberty,” the concept of privacy resonates with any thoughtful person’s idea of what in life is appealing.

So when Sun Microsystems’ Scott McNealy snidely informs us that “You have zero privacy anyway, get over it,” we feel personally threatened. We should have the right to control who knows what about us–and who is McNealy to tell us otherwise?

Poll after poll says that Americans uniformly believe that our privacy is under siege, that direct marketers are the Stasi of the Internet, that the only group of people more deserving of social opprobrium than credit agency Equifax are social maladjusts who torture small furry animals.

Groups like the Electronic Privacy Information Center and Privacy International have been quick to amplify this feeling. In the starkest terms, they warn that corporations need to be reined in, that misbehaving dot-com firms must be regulated, and that the private sector can’t be trusted to police itself. Privacy International members even dressed up as Darth Vader to mock corporations at a conference this spring.

By and large, these groups agitate for more laws, and take a largely Washington-centric, or at least legislation-centric approach to privacy.

Jeff, I naturally enjoyed your well-written book. I think it’s wise to argue, as you do in your concluding chapter, for “the superiority of norms over law in protecting privacy, except in extreme cases.”

I’m kind of surprised, though, to see that you seem to be taking a somewhat alarmist point of view elsewhere. From your chapter on online privacy:

In cyberspace the greatest threat to privacy comes not from nosy employers and neighbors but from the electronic footprints that make it possible to monitor and trace nearly everything we read, write, browse, and buy. Most Web browsers are configured to reveal to every Web site you visit the address of the page you visited most recently and your Internet Protocol address. … Some Web sites send e-mail advertisements to everyone who accesses their pages.”

That’s not quite right. For one thing, unless you’re behind a firewall, all web browsers are configured to give out your IP address. This is simply the way TCP/IP and the Internet work. But Web sites don’t know your e-mail address unless you give it to them (or you’ve given it to another site that gives it to them). For instance, if someone visits the home page of my Web site,, this is what my server sees: - - [14/May/2000:23:31:37 -0500] “GET / HTTP/1.0” 304 -

From that, I know my mystery visitor is an AT&T dialup user from the Washington, D.C. metro area, but millions of people live there. I might be able to tell what link they clicked on to visit my site, and what kind of web browser they’re using, but that’s not terribly invasive. In any case, I don’t have access to their e-mail address, real name, home address, Social Security number, or anything that most people would find particularly distressing.

Back to the broader point. You stress that “social norms” can protect privacy better than legal standards. I think it’s a good idea to trust social norms more than bureaucrats at the FTC and FCC who may have their own interests in mind instead of the public interest. Worse yet are congressmen who have rarely, if ever, used the technology they’re trying to control through regulation.

But I don’t see social norms as sufficiently reliable ways to protect privacy or other freedoms, particularly when we’re talking about minorities. Ask anyone–at least until relatively recently–who was an out-of-the-closet gay man living outside a major city. Ask teen-age computer geeks who are ostracized in their high schools. Ask religious minorities, including Jews, who have for centuries been discriminated against. Ask folks living in some areas of America today. “I know an adult couple who were chased out of one rural community (Parowan) for the unforgivable sin of not being Mormon. I think by now they’ve left the state,” a Utah resident recently wrote me.

That’s why I think there’s a third option–beyond laws and social norms–that’s a better solution: Technology.

The beauty of technological solutions that protect privacy and anonymity is that they do not rely on the idiosyncratic views of Supreme Court justices or on mercurial shifts in public opinion. The combination of two large prime numbers to produce an encryption key that can scramble your conversation is straightforward algebra. It’s a solution that relies on the unchangeable rules of mathematics, not the whims of society. Congress can’t repeal the laws of addition and multiplication. (Click here for the Center for Democracy and Technology’s useful–if not impartial–guide to encryption.)

And I trust mathematical laws much more than I trust the probity of Kenneth Starr or the views of a frequently intolerant social majority.