27 August 2012

Privacy as a weapon

Remember the bogus bomb threats at the University of Pittsburgh? Apparently they were sent by email, anonymously, through a system called Mixmaster. The email passed through a computer in New York, which the FBI seized in April.

Now it is natural to wonder why we even have such things. Why is it OK for people to send email anonymously when it can cause such mayhem? Here’s what the computer’s owners have to say about it:

Q: Doesn’t Mixmaster/anonymous remailers enable criminals to do bad things?

A: Criminals can already do bad things. Since they’re willing to break laws, they already have lots of options available that provide better privacy than mixmaster provides. They can steal cell phones, use them, and throw them in a ditch; they can crack into computers in Korea or Brazil and use them to launch abusive activities; they can use spyware, viruses, and other techniques to take control of literally millions of Windows machines around the world.

Mixmaster aims to provide protection for ordinary people who want to follow the law. Only criminals have privacy right now, and we need to fix that.

All this is true, up to a point. Criminals have actually done all those things. It is also entirely plausible, though, that the particular culprit in question chose Mixmaster. Shortly after that server was seized, the bomb threats stopped.

My thoughts about privacy have changed. I used to think this:

People who keep secrets have something to hide.

I understood at the time that it was a simplistic truism, but it seemed useful anyway. But it’s not useful, because:

People who wear clothes have something to hide.

See? It just doesn't work. Here is what I think now:

Everyone has something to hide from a sufficiently reprehensible adversary.

It doesn’t trip off the tongue quite as lightly.

The FBI in this case was presumably acting with the best intentions, but many governments around the world are plenty reprehensible. Privacy cuts both ways. The ability to track down a miscreant sending bogus bomb threats is exactly the same thing as the ability of an oppressive government to track down activists and rebels and kill them. This is a real concern in some places, and people in those places have to use secure systems that protect their privacy or else give up the fight.

I do think it’s good to have some form of technological constraint on government surveillance, in addition to a reasonable system of checks and balances (requiring warrants for wiretaps, for example). Tracking people down and finding out every detail of what they’ve been doing should be hard. If it’s not, the government will eventually just track everything we do.

People who work on privacy and censorship-circumvention software have already shifted to building systems where there’s no central equipment to seize. Systems like Tor. Governments still have ways of attacking such systems, technologically and otherwise. How governments have tried to block Tor is a startling and absolutely fascinating 2011 talk about this. Watch the first five minutes of that.

One last thing. Anyone in the U.S. will recognize the “Criminals can already do bad things” quote as an argument against gun control. Whether it’s anonymity or a handgun, powerful tools have both offensive and defensive uses. Giving everyone such power is dangerous. Taking this power away from the people is dangerous.

No comments: