On Mar 30, 2011, at 2:20 AM, Lawnun wrote: > I actually disagree. There's a strong divide between what's mathematically > possible, and what' happening on a day-to-day basis. Ignoring the > 'bureaucratic factions' (which I guess is geek for lawyers and policy nerds?) > misses the nuance in the system. You gotta remember -- we're dealing with > people here, and most of us (myself included) don't think strictly in the > framework of ones and zeros.
Allow me to restate my point, which was not well-stated. That we are dealing with people *is* the issue. Satisfying the desires imposed by various government parties protecting their political turf routinely turn what could be a pragmatic result into requirements that are not technically deliverable. The individuals imposing those requirements frequently do not care if something is technically possible, such issues are a secondary concern. The net result is that there is a lot of privacy policy theater -- which risks little -- and negligible constructive policy. That said, I do not think this matters much anymore. > Until we're a) only dealing with machines, which I suppose makes my job > obsolete anyway, or b) programming the law, to ignore context, intent and the > like, I still argue there's a viable argument _for_ privacy, and > privacy-enhancing mechanisms. The desirable result is incompatible with the practical technical reality, short of forcibly erasing 20 years of technological development. When technology icons state "privacy is dead", it is usually not a statement of personal preference. If it is not possible to usefully anonymize data, of what use is a policy which states that all data must be anonymous? If a person actively puts their personal data in the public domain, intentionally or unintentionally, how is one supposed to prevent that? How effective is regulation of official databases when someone can reconstruct much of the content of those databases without official access? A big challenge is that almost everyone's intuition about what would constitute an effective privacy policy is incorrect. > Lots of things are possible -- doesn't mean they're legally permissible. Nor > should they be. We can't outlaw computer science. It did not work in the 1990s, it certainly won't work now. While it seems unlikely that a useful privacy policy can be designed at this point, a strong argument can be made that even if serious measures had been taken 20 years ago it would only have delayed the inevitable. It would probably be more constructive at this point to work on policies that ensure the increasing loss of privacy is symmetric (or asymmetric in favor of the private citizen) rather than trying to guarantee a level of privacy that is no longer practical.
