Privacy, Part Two: Unwanted Gaze

Can pseudonymous downloading, "snoop-proof" e-mail, digital pseuds called "nyms," PDA-like machines, allegedly untraceable digi-cash and other changes in software and the architecture of cyberspace, restore some privacy and restore the idea of the "Inviolate Personality?" Part Two in a series based on Jeffrey Rosen's new book, "The Unwanted Gaze: The Destruction of Privacy in America." (Part Two; Part One here.)

In The Unwanted Gaze: The Destruction of Privacy In America, law professor and columnist Jeffrey Rosen first blames expanding sexual harassment and gender discrimination law for wanton destruction of individual privacy. Cyberspace is second on his list.

A growing number of lawyers and scholars, including Rosen, say they now believe that fundamental changes in Net architecture are necessary to protect constitutional values and restore the notion of the "inviolate personality" to the private lives of Americans. These would include copyright management systems to protect the right to read anonymously, permitting individuals to pay with untraceable digital cash; prohibiting the collection and disclosure of identifying information without the reader's knowledge, or using digital certificates to create psudonymous downloading.

To Rosen, author of Gaze, cyberspace is posing a greater menace to privacy by the day. He details the l998 forced resignation of Harvard Divinity School dean Ronald F. Thiemann, who downloaded pornography onto his university-owned home computer. A Harvard technician installing a computer with more memory at the dean's residence was transferring files from the old computer to the new one and noticed thousands of pornographic pictures. Although none of the pictures appeared to involve minors, the technician told his supervisor. University administrators asked the dean to step down.

Harvard justified its decision by claiming that Divinity School rules prohibited personal use of university computers in any way that clashed with its educational mission. But the dean was using his computer at home, not work. And no student or colleague suggested he had improperly behaved in any way as head of the Divinity School. His work was never questioned. It's ludicrous to suggest that the school would have fired him if he'd been downloading sports scores or bidding for furniture on eBay. But although he'd committed no crime and performed well in his job, he was forced out in disgrace, while his intimate communications were discussed in public. Even in a supposedly freedom-loving and prestigious university, what Justice Louis Brandeis dubbed the right of every citizen to an "inviolate personality" -- the part of our private thoughts, communications and explorations once thought beyond the reach of exposure and dissemination -- that is private could be invaded and voided.

The Harvard case also underscores the blurring of boundaries between home and work caused by technology. Millions of employees and workers criss-cross between their employer's equipment and their own for work and personal communications.

The one serious omission in The Unwanted Gaze, perhaps because Rosen is a member of the Washington journalistic elite, is his unaccountable failure to consider the media's role in growing assaults on the idea of privacy. Journalism has become a prime instigator of the destruction of privacy.

Until recently, politicians were permitted the right private lives, along with other citizens, as long as their private behavior didn't compromise their work. But journalism has been breaching that tradition for years, considering even the most private details of public people, now considering even themost private d etails of public officials' lives to be its business, justifying intrusions like the Lewinsky story in the name of investigating character and protecting the public. The contemporary press, which should be defending the right of individual's to historic privacy protections, is demolishing the idea of the inviolate personality, particularly for public figures. This has driven countless people from public service and discouraged many more from entering.

Because the Net is the planet's largest and fastest Xerox machine, as well as the world's greatest new marketing opportunity, it constitutes a particular menace to privacy and is escalating its erosion. Personal information can be - is -- gathered and transmitted more rapidly and comprehensively than has ever been possible.

Corporations busy stealing their customer's private information are now eager to appear concerned about it. In June, more than 30 major technology companies -- AT&T, American Online, Microsoft, Hewlitt-Packard among them -- went to the White House to announce a Net protocol designed to serve as an automatic privacy-protection agent -- the so-called P3P-compliance. But a number of privacy addvocay organizations, including the Electronic Privacy Information Center, Computer Professionals for Social Responsibility and Junkbusters derided P3P's claim to being any kind of real privacy-protection.

Many of these critics referred to what's known as the "VCR syndrome," which holds that in a country where most people can't figure out how to program their VCR's, overly technical solutions to privacy concerns are doomed. Despite the White House-generated hype, this leaves the idea of privacy in trouble.

The idea of the "inviolate personality" is one of the greatest and newest freedoms in history. In our time it's not only being nibbled to death but obliterated, and almost all of us are willing, even enthusiastic participants.

Rosen believes that changes in Net architecture and new encryption technologies ("snoop-proof" e-mail) could in a few years restore Justice Brandeis' ideal: the right of every individual to determine "to what extent his thoughts, sentiments, and emotions shall be communicated by others." Others agree. A professor in the United Kingdom sent me this e-mail in response to Part One of this series: "... one of my students has just completed a thesis that describes a system that allows you to send messages across the system that are guaranteed anonymous. The system assumes the use of PDA like machines but can definitely be made to work. Privacy of content can of course be obtained by encrypting the messages. (Up to a point etc ...) My student's system is a simple analogue of the public phone system. So it can work since the phone system allows anonymity."

Despite the clear and logical reasoning of his book, Rosen isn't persuasive on the idea that new software will protect our thoughts and secrets. The threshold of privacy referred to by Brandeis and outlined by the Constitution's framers has been nearly wiped out by the media, by gender-discrimination and harassment rulings, and by rabidly invasive and corporately-funded information-gathering software.

Rosen makes a great case that the idea of the inviolate personality has nearly been killed off. He fares a bit more poorly with the idea that it will magically be restored in a matter of a few years with digital cash and a handful of encryption programs.

"Already," writes Rosen, "user-friendly Web sites are spring up that give you the benefits of encryption without the hassles of having to understand the difference between public and private keys. A site like ZipLip.com, for example, allows you to send encrypted e-mails for free without leaving any records that can be subpoenaed or searched."

Rosen writes about the technology of anonymity and pseudonymity being developed bycompanies such as Zero-Knowledge.com, which is based in Montreal. For a modest fee, says Rosen, you can buy a software package called Freedom, which allows you to create five digital pseudonyms, or "nyms," that you can assign to different activities, from discussing politics to surfing the Web.

Should free citizens in a democratic society have to spend money for "nyms" to preserve the privacy they ought to be -- and once were -- accorded in law? How many millions of computer users will even know of this new technology, or have the money to use it?

Rosen's implication is that even if software caused the problem, then software will clean up. His assurances seem a bit "gee-whiz." But to ignore them cynically on that basis, or to trust them completely, ignores the history of technology. What people can create, others can and will undo. Technology that can be used will be used. In an otherwise powerful book, he also glosses over powerful incentives for eliminating privacy in cyberspace. First, the megacorporations dominating media, business and government will continue to aggressively explore ways of tracking potential customers as Net use grows. Secondly, law enforcement agencies like the FBI have been fighting for decades for the right to deploy tracking programs like "Carnivore" (see part one) and are hardly likely to back off. And finally, powerful institutions -- the entertainment and movie industry, professions like law and medicine, and entities like the U.S. Congress itself -- will inevitably seek to regain the primacy they had -- until the rise of the Net -- over copyright and culture, as well as the setting of social and political agendas. It seems naive to think that "user-friendly" Web sites are going to save the inviolate personality people once had, and are entitled to have again.

Privacy and personal sovereignity

A lot of people confuse privacy with personal sovereignity, the power to decide what you will do with your own life, control over your body and that sort of thing. The courts in fact may have ruled the woman's right to abortion based upon the right of privacy, but actually what they were ruling on was her right of personal sovereignty, to control herself. As proof of that, in many states it's not entirely private the fact that you had an abortion, but you have a blanket right to one.

The important thing about privacy is to recognize that there's always a tradeoff between it and accountability. Account demands light, privacy demands shadow. And whenever people get a choice between privacy and accountability, they always seem to choose privacy for themselves and accountability for everyone else. Especially those they don't trust.

How do you MAKE people care?

I don't know that you can.

People have given a lot of lip service in the past year to the idea that consumers on the internet really value their privacy, and are willing to take a stand against companies that abuse it. But I don't see it. I am one of those people, and I'm sure that a lot of people on slashdot are too, but I don't see that in the general IE using, priceline.com and ebay.com surfing general public. I don't think they're capable of caring, because for the most part, the technology used to track them isn't very well known. Of all websurfers, what percentage would you say even know about doubleclick, much less know what it is that doubleclick does?

I figure that while 98% of the population continues to be oblivious to the problem, market droids will never stop exploiting customer information on the net. You can't make people care about issues, particularly when they're not informed about them.

These Katz articles in that regard make me feel like he's preaching to the choir on this and other topics.

Re:A strong media is good for us

Having journalists who are unafraid to dig into the private lives of politicians means that there is a far greater chance of scandal and corruption being uncovered and exposed, something which can only benefit society in the long run - who wants corrupt leaders?

" La liberté de presse ne s'use que lorsqu'on ne s'en sert pas "

Freedom of press only wears-out when you don't use it.

That's the slogan of "Le Canard Enchaîné", that french icon of journalism that uncovered more than one scandal and caused many public figures to resign...

Interestingly enough, that weekly has no advertising whatsoever; it solely survives through what people pay to read it, so it is a truly free newspaper.

--
Here's my mirror [respublica.fr]

Re:A strong media is good for us

I have to disagree that the increasing intrusion of the media into the lives of politicians and public figures is a bad thing, at least for the rest of us. These people accept that they are to have their lives scrutinised to a far greater extent than normal people - it's part and parcel of being in the public eye.

What you say is true, but there is also the price to be paid. A lot of people who would have made excellent leaders and public figures avoid stepping into limelight for precisely that reason: they do not want their private life ripped to shreds by nasty people looking for any dirt they could find.

As usual, it's a matter of balance: allow people in power to hide their business and corruption will flourish. Strip them of any privacy and no decent person will want to become one. Hard separation between public and personal might help, but it's somewhat unnatural and not likely to work well. I don't think there is a good solution.

Kaa

Re:Long reply

Basing something on a book is technically copyright violation.

No, it's not. Even leaving aside fair use, ideas are not copyrightable. So don't pretend to be a hard-ass lawyer.

Who controlls the digital certificates?

So-called "certification authorities" (CAs). Who they would be is a subject of much debate.

Bah humbug. They own the computer, they dictate how it's used. Simple as that.

Not as simple as that. The poster correctly points out that finding, say, baseball statistics on the same computer would not have caused any problems at all. This is actually not a privacy story (other that the obvious moral: don't put personal stuff on other people's machines). This is a story about puritanical attitudes to sex and maintaining a facade of respectability.

But inappropriate use of company resources has always been a reason for firing somebody.

Don't be anal-retentive. Receiving a personal email on a company machine is, technically, inappropriate use of company resoures. Ditto reading Slashdot and a bunch of other stuff. I can assure you that a company that will fire people for sending/receiving personal non-offensive emails at work will soon find itself with a severe personnel problem. Send/receive a sexually explicit message, though, and things can get ugly very quickly. So, again, it's mostly not about privacy but about attitudes to sex.

However, people lost there individuality to the collective many moons ago

Speak for yourself.

The price of popular culture is losing yourself.

Is it really? Sometimes I eat at McDonalds, occasionally I listen to bubblegum pop music (so, shoot me), and I have been known to watch popular movies. So how does it make me lose myself?

Kaa

Re:Nothing transparent about this

Anonymous coward wrote (albeit in unexpurgated form):
"I f*** farm animals"

Interesting that you should write that in a discussion on privacy. Personally, I do f*** farm animals. I am a zoophile, an ex-FAQ-keeper of alt.sex.bestiality, and it's not much of a secret to anyone who knows me. (Why did you think I was using a psuedonym?)

And my situation is a good example of why David Brin's Transparent Society will never work. My personal life harms no one, and in my state of residence it's perfectly legal. But I guarantee you that if my personal life were revealed to everyone, I would have problems with my employer, not to mention my coworkers and possibly with over-zealous law enforcement who aren't familiar with the (lack of) sodomy laws in this state.

It's happened to me already, you see. A usenet.kook hired a private detective to ferret out information on me, then wrote to my previous employer. Although I broke no law, my career was nearly destroyed because of a private behaviour outside the mainstream, found by someone who was able to snoop on me too easily. I'm a little harder to find, now...although I have no illusions that I'm completely unfindable.

The premise behind Brin's Transparent Society is that we can catch corporations and governments doing illegal things also. But how many people have money to pay for investigation of every corporation or government agency they suspect of wrongdoing? Are corporations held responsible for legal-but-frowned-upon behaviour, or do they just ignore outcries until they affect their profits? And of course, any corporation has the funds to research the individuals opposing them, and destroy their lives if they can.

The Transparent Society will shift power away from individuals and towards those who have the resources to mine and act upon information. It will create a homogenized society, and threaten everyone whose lives differ from the mainstream by any minor behaviour or percieved difference from 'normal'. It's a dangerous concept, and I believe a very evil future for Brin (who I otherwise respect) to be promoting.

Factual error: PGP is *not* insecure.

Disclaimer: I am not, in any way, speaking for my company. More than that, I don't have my reference books handy, so I'm going purely from memory--I may be off on a detail or two.

PGP (more accurately, programs which implement the OpenPGP specification) is not insecure when properly used. By "properly used" I mean choosing a reasonable size for asymmetric keys, choosing a reasonably good passphrase, and practicing good email discipline--unrevealing subject headers, not sending anything cleartext which could compromise your key, etc.

Is it trivial to use PGP/GPG properly? No, and that's the biggest problem with PGP/GPG. Still, that's not what Jon Katz's source said; the strong implication was that government agencies could, either by brute force or cryptanalysis, break a PGP-encrypted email in a day. So let's address that now.

In order to break a PGP/GPG encrypted email, either the asymmetric or symmetric components of its cryptography need to be broken. Breaking the asymmetric component requires either an efficient way to factor large numbers[*] (for RSA) or an efficient way to solve the discrete logarithm problem[**] (for El Gamal).

After more than twenty years of study, such efficient algorithms remain Holy Grails of cryptographic research.

Breaking the symmetric component requires some efficient way to break the cipher. By "efficient" I mean better than brute force, better by several orders of magnitude. Being ragingly paranoid here, I'd expect government agencies (DGSE, NSA, etc.) to be able to break 80 bit ciphers by brute force. The weakest [+] cipher in the OpenPGP spec is Triple DES at 112 bits. That still exceeds governmental capabilities by a factor of four billion or so.

Basically, the claim that "the NSA can break PGP-encrypted email in a day" is so much hogwash.

That being said, there are undoubtedly attacks which government agencies can perform against ciphers. Cryptanalysis is just very rarely one of them. It's far cheaper for the government to Van Eck your monitor, or break into your apartment and plant eavesdropping devices, or crack your box to grab your private key and plant a keypress sniffer to take your passphrase. And if you're sending stuff which is so tempting to the government that they'd go to this effort, then you probably want to invest in something more than PGP/GPG.

There are many attacks which exist against PGP/GPG. It's just that, to the best of my knowledge, there are no good cryptanalytic attacks against PGP/GPG.

[*] Strictly speaking, this isn't true--we don't know for a fact that you have to come up with an efficient factoring algorithm to break RSA. It seems to be strongly implied, but there has never been a formal proof of this requirement.

[**] This isn't true, either--see the above footnote. Interestingly, coming up with an efficient factoring algorithm doesn't help you solve discrete logarithms, but an efficient solution to the DLP will give you an efficient factoring algorithm.

[+] 3DES is "weakest" in the sense that it has only a 112-bit keyspace, as opposed to the 128-bit keyspaces of the other ciphers used by PGP/GPG. There are some extremely esoteric attacks against 3DES which bring down its complexity somewhat, but it's still solid as a rock. 3DES has survived a quarter-century of cryptanalysis and nobody's been able to hit a home run against it yet; this means that 3DES, while "weakest" in the sense of keyspace, is probably the strongest cipher in common use today.

Dean's Firing

Harvard justified its decision by claiming that Divinity School rules prohibited personal use of university computers in any way that clashed with its educational mission. But the dean was using his computer at home, not work.

It's irrelevant if the Dean was at work or not. It was the universities computer, and I far I can tell, most religions would consider pornography to "clash" with an educational mission. Reading sports scores might not be one of the principles of the Catholic faith, but it certainly isn't a cardinal sin.

On this one, I have to agree with the university for sticking to its policies. The Dean should have known about them and clearly violated the rules. If it would have been on his own computer in his house, then you'd have a legitamate complaint.





Being with you, it's just one epiphany after another

A view from Europe

Hmm. here in .uk, we have learned to our cost that, once the government gets used to having access to personal data on its citizens, it is very reluctant indeed to give it up. in particular, the .uk government are in the final stages of passing a bill with the following characteristics:

1. Any government official (including local government, police inspectors and Tax/Customs) can self-issue a notice requiring your ISP to give up emails and/or HTTP traffic logs to them.
2. Notices don't expire
3. Notices can come with an attached "gagging order" that makes it an arrestable offence (5 yrs emprisonment) to tell anyone a notice has been served on you
4. Gagging orders do not expire
5. Notices can require you turn over a secret encryption key; if you are a company employee with access to the key (for example, a .uk technician with access to the .us based ordering system for a major multinational can be ordered to download the key from that system on the .uk government's behalf)
6. If you have the authority to order the production of the key (for example, a UK resident CEO of a US company) they can serve a notice on you to do so
7. If you fail to produce the key (and forgetting / losing the key is no defence unless you can prove it in court) there is a 2 yr jail sentence in your future.
8. Once they have the key, no-one is liable for its safety or for any losses you suffer as a result of its disclosure
9. What few safeguards exist are in a Code of Practice that can be re-written by the government at any time; in addition, there are no penalties for failing to follow the Code of Practice.
10. The target (and/or recipient) of the notice is not required to be suspected of a crime; it is enough that the official is investigating a potential crime
11. the "economic well-being" of the UK is a valid justification for notices - so trade unions, human rights organisations and foreign multinationals competing against government-lobbying firms are all valid targets with no further justification required

It shouldn't be too surprising to hear that three ISPs have already announced they are planning to move their servers overseas; the largest .uk worker's union and indeed most of the Trade Union Council are planning on following suit.
--

Re:Offline privacy

I have a pretty simple solution for this: a few times, I've swapped cards with someone! I just approach them as we exit the store if they are in line in front of me and I notice them use the card. I just explain "hey, do you know they use this to track buying habits? I'm kind of a privacy freak and don't like it, let's swap cards to confuse 'em. This isn't even my card, I have no idea whose it is!" The first time, I did it with a guy I knew. Since then, I've swapped it three more times. I also have two people I swap doubleclick cookies and the like with occasionally.

I think the best way to protest this crap is not to stop shopping there. If you complain to the manager and say "I won't shop here anymore, they just look at you like you are nuts and say "fine" and since the VAST majority of folks don't care, your boycott has no effect. Instead, do things like this to undermine the effectiveness of the data, so the fabulous things these companies are selling don't really come to pass.
---

Transparent Society

Here's a rather fascinating interview with David Brin (probably picked up from slashdot earlier) that I found a fascinating read. Its about having the light shine both ways.

Link is here [lycos.com]

--
Eric is chisled like a Greek Godess

PGP and the NSA

The algorithms that PGP uses with reasonable length keys are almost certainly not breakable by the NSA in trivial lengths of time (I am not discussing the actual implementation used by any specific version of PGP). The "programmer"'s quote establishes that he or she is obviously incompetent and probably does not work for any defense-related contractor. Jon Katz's use of the quote reveals that he is clueless, but we all suspected that already.

Hash function: PGP in its latest incarnations uses SHA-1, RIPEMD-160, and MD5 in that order of preference. SHA-1 was designed by the NSA and is almost unanamously regarded as the best public hash function today. The expansion function makes it very difficult to control and restrict bit changes within the hash function itself. Even if the NSA were able to create arbitrary collisions on SHA-1, this would not affect the security of the encryption algorithms, only the signature component of PGP. RIPEMD-160 seems reasonably designed; MD5 has serious weaknesses in its compression function. Luckily, almost nobody uses these two hash functions anymore.

Symmetric algorithms: A brute force attack on any encryption algorithm with prudently chosen keylengths (>128 bits) is impossible today and for the forseable future, even with customized hardware. The NSA has cryptanalytic techniques, even decades old, that the academic cryptographic community has not yet discovered. To give some trivial examples, let's look at double transposition, codes, and rotor machines. Even today, the analytic techniques used for the solution of double transposition (without multiple anagramming or known plaintext) were redacted from Friedman's Military Cryptanalytics. The state of linguistic and textual analysis is far more developed in military cryptanalysis circles; centuries of code reconstruction have seen to that. Moreover, the details of attacking advanced rotor machines (essentially anything more sophistocated than the Enigma/Hagelin machines) are still classified. The NSA has shown an ability to design algorithms so fragile that they apparently have precisely the strength they were designed for (visit Skipjack). Nonetheless, if the NSA can break academic algorithms (such as CAST, 3DES, and IDEA), they would be wise to avoid disclosing this fact on something as insignificant as a non-national security related criminal investigation.

Public key algorithms: Without QC, it's impossible that a 1024-bit RSA key will be factored using current algorithms. Even if an extension to GNFS that reduces the hueristic complexity to that of SNFS, 1024-bit RSA keys would require a large enough matrix reduction step that there is probably not enough memory in existence in the world today to do it (even with Balanced Block Lanzcos). It would even be more difficult for the DL problem; the matrix step would require entries to be mod p, rather than mod 2.

Privacy is what you make of it

First off, i don't necessarily agree with Rosen's first claim that sexual harassment is the leading cause of the violation of personal freedom. Sexual harassment, which can go against both sexes, is just another form of plain old harassment, which has been going on for centuries. People have learned to either learned to adapt to it and ignore it, or go off the deep end and sue whoever looks twice at them.

But enough of that. I see the internet as provding more freedom than the real world can. In the internet, through chat rooms and MUDs / MOOs, a person can REcreate themselves to be whatever/whoever they want to be. Most everyone wants to be someone else, a more gregarious character or someone without physical limitations. In the physical realm, this is not possible. The internet provides a place where we can be all that we want to be.

That true freedom also can be a form of privacy. In this other self you create, you can be as private as you like. You need not include all your actual personal identifications. False information flows abundantly on the internet.

--

The Tip of the Iceberg.

Katz isn't saying anything new, but that should hardly be a surprise by now.

We have known for some time--practically since the end of the Second World War (and to a certain extent before)--that the cloak of privacy is shrinking, and eventually it will be gone.

Already, the powers that be are training the public for the day when anyone can turn on a television or go to a website and watch the daily activities of a total stranger. Witness the success of shows like "Big Brother." The groundwork was laid years ago, and though people deride their banality, soi-disant "reality shows" like "Cops" and even (dare I say it) "The Real World" have been preparing people for this for years. Voyeur shows like "Big Brother" were simply the next logical step.

Eventually, the common citizen will have to conduct his or her life under the unblinking stare of the camera, not knowing who will be watching or when. I suspect that eventually, everyone will be watching everyone else. We will all be the stars of our own little Truman Shows.

And when this is in place, then they will have won. Intelligence agencies such as the FBI and NSA can be dealt, however ineffectually, because they can only do so much. The scenario I describe is akin to what's going on with distributed computing processes: you don't need just the best or the brightest to work on the problem. Every extra set of eyes helps.

We know that large segments of a population can be stirred up by mentioning a few key issues. How hard would it be for a fundamentalist figure to convince conservatives to spy on one another (and others) for evidence of sin? How hard would it be for some government official to say, "It's for the good of the children"? When you have a large body of motivated people working towards a common goal, little can stand against them. It is up to us, those who know and can see what is going on, to make sure that they act for the good of all, rather than for ill.

Fight the Power. Close your blinds and stay out of others' business.

Re:Long reply

Basing something on a book is technically copyright violation.

Pretending you know something about copyright when you obviously don't is technically stupidity.

The Public Eye, and Acceptance

Looking for a technology to preserve privacy is about as ineffective as looking for a technology to enforce copyright laws.

Increasingly, our privacy is disappearing, and this is not necessarily a bad thing. [businessweek.com]

Acknowledging this, we must predict that the world is going to become a bit more exposed. Cases such as the one involving the man at the university, fired for viewing porn on the school internet, will become more common.

I would hope that we, an increasingly online global community, would seek to make ourselves beacons of tolerance and acceptance towards others, rather than desperately clinging to our privacy, out of fear of what others may do to us.

Recently, on Slashdot, I have read that because my anime watching friends and I thought that Lime and Cherry in Saber Marionette J are cute (yes, they are young, and yes, they are sexual), that we must therefor be child molesting pedofiles, and that we should be prohibited from watching anime, at least in the Western hemisphere. This would be very amusing, if people just weren't so serious about it.

But I refuse to hide behind a wall of privacy (one that will be as effective as copyright law at that), and distribute Aa Megamisama and Ranma 1/2 episodes to my friends under the digital table.

I think it would be better to promote tolerance and acceptance in this world.

I believe that there is lots of hope for our society, and by extension, me and you. American Beauty was voted as the most popular film last year. This movie is about many of these issues: Tolerance, Acceptance, and even Privacy. Because people liked that movie, I believe that we will be able to become a more tolerant society.

Please consider re-considering privacy [businessweek.com], and please consider promoting tolerance and acceptance.

Offline privacy

Strangely enough, a lot of people who are concerned about their privacy on line seem to only care about it online. For years, Supermarkets have been correlating and cross referencing our buying habits, for more carefully targetted advertising, using loyalty cards.

They manage to convince people that this is what they want. How long will it be before they can convince us that online web tracking is also what we want? People are remarkable forgiving when you give them 1% of what they spend back.