Privacy: What Developers and IT Professionals Should Know
by J. C. Cannon

Addison-Wesley 2005.
ISBN 0-321-22409-4. Index, seven appendices, CD-ROM. 347 pages. $49.99

Reviewed by  Robert Bruen   January 15, 2005 

Most books about privacy today tend to focus on the very real things that threaten our privacy and on legal and social remedies for these ills. This book is slightly different in that it looks at the technical aspects of privacy. It is Microsoft-centric because the author works there and worked with their products for years before joining them. My preference is for vendor neutral books, but this one has enough useful material that it is worth a close look.

The privacy battles started back when cameras became available which allowed newspapers to publish invasive pictures of almost anyone. Thus early privacy papers and legal opinions had their birth from technology. As digital technology has progressed, the war over privacy has intensified. Unfortunately rational discussion has been lost due to continued legal struggles, media attention and business opportunities. And yet, technology keeps moving forward. The early newspaper photographers have been replaced by the prospect of every person on the planet with a mobile phone with a camera (still and video) that flashes images everywhere and anywhere. At the same time, developments have also provided privacy aware technology.

If the battle is being fought on the technical battlefield, there is not much choice about where we will spend our resources. Organizations like EFF and EPIC can fight the legal battles, but the technical folks need to ramp up their efforts to protect privacy. For example, Digital Rights Management (DRM) is one arena in which a battle has been engaged. Whichever side you enlist with, it is still an important struggle. The more you know about it and understand, the better able you are to deal with the issues surrounding it.

Obviously, Microsoft supports DRM because of the products they sell. Piracy is a legitimate problem for them. It also appears to me that this is their philosophical stance. Hence we see in Microsoft's CDROM burning software respect for any DRM that exists on the CD to be copied, where a warning appears, a refusal to copy or a copy which will not play on certain CD players. The technical answer is of course to either get software for your Windows machine that will not block you or use Linux. None of this is enough to end the battle. Reading the chapter in Cannon's book will provide a good background on the current developments in DRM, including language, architecture and other more sophisticated aspects that require consideration. This all looks like the one-oneupmanship game that the crypto guys have been playing for a couple of millennium, but if you take a stand you need to play. If you are going to play, you need to be armed.

I recommend Cannon's Privacy because it is an interesting take on the problem and he does a good job. If he is your friend, support him. If he is not then learn all you can about the other side. In any case, it is worth reading. The accompanying CD has source code for building a privacy enabled web service using WS-Privacy.