Technology, not law, is the only reliable means for ensuring privacy. For example, take this excerpt from the fairly standard privacy policy of a provider of anonymous internet surfing:
[W]e disclose personal information only in the good faith belief that we are required to do so by law, or that doing so is reasonably necessary to: comply with legal process; respond to any spamming and related abuses of netiquette claims; or protect the rights, property or personal safety of [our company], our customers, or the public.
This affords virtually no protection. “Good faith” is primarily defined by the absence of outright bad faith — not a particularly taxing standard by any definition. And “reasonably necessary” is pretty much any means that is not obviously unrelated to the ends of protecting “the … property … of [our company], our customers, or the public.” And, of course:
[We]reserve[] the right to disclose your information … [w]hen required by law or by order of a court.
In practice, the company is free to turn over personal user information to any number of third parties, including the government, if (i) there is any claim to a right to receive that information made by the third party, which passes the red face test; or (ii) the disclosure would promote the protection of someone’s rights or property, and not be obviously frivolous or abusive.
Don’t get me wrong. I am not faulting the company, these are the good guys. It just goes to show that meaningful online privacy can only be ensured by technological means, in particular encryption and anonymous architectures such as Tor, which hide a user’s encrypted communication in a cloud of others. When it comes to online privacy, the law has deserted us. But not all is lost. Compare the above privacy policy with this legal and technological privacy architecture from CryptoHeaven:
We would like to stress that confidentiality of your data is mostly protected by our encryption technology and not entirely by our policy. Technology prevents us from accessing your data in the plain form. Your data stored on our servers is always encrypted, including message subjects, message body, file data, file names, file descriptions, folder names, folder descriptions, contact names, various keys and other information. Service administrators have access to the encrypted files, but its content is illegible to them without your user name and your passphrase. Your passphrase is never transmitted to us in a plain or encrypted form. CryptoHeaven has strict protocols that limit access to collected information. Only selected administrators have access to the user database itself. CryptoHeaven never associates IP addresses with user accounts, we never log demographic user access trends or user access times.
As a user I prefer the “we can’t” to the “we won’t” any day.
[tags]privacy, anonymity, surfing, nsa, eff, CryptoHeaven[/tags]
License
This work is published under a Creative Commons Attribution-Noncommercial 2.5 License.
0 Responses to “Anonymous Surfing? Don’t Rely on the Law for Your Protection!”