Privacy in the Modern Age: The Search for Solutions
by Marc Rotenberg, Julia Horwitz and Jeramie Scott

The New Press 2015.
ISBN 978-1-62097-107-9 .

Reviewed by  Richard Austin   7/22/2015 

"Privacy" is a hotly disputed issue with significant policy implications. We are assured that "privacy" and "security" are a zero-sum game and that one must be given up in the interest of the other. We are also told that "Privacy is dead. Get over it" and that, somehow, when the Internet came to dominate modern life, privacy was tossed out the window as a practical impossibility. And we are also assured that if effective encryption is widely deployed, the only beneficiaries are terrorists, drug dealers, pedophiles ..., when the Internet goes "dark".

The editors take the view that the debate over privacy is much more nuanced than its simplistic, zero-sum portrayals in the media and have assembled an all-star cast of contributors to explore the dimensions of "privacy" and how it can be preserved.

Though each of the contributions are excellent, I will focus on the chapters by Ross Anderson, Anna Lysyanskaya and Bruce Schneier to provide a sampling.

"What goes around comes around" (Ross Anderson). What will be the legacy of the US? There are many contributions but "the architecture of the Internet and the moral norms embedded in it, will be a huge part of America's legacy" (p. 27). As the technological world embraces common standards, the costs of pervasive surveillance decreases. Anderson notes that in the past, things like phone systems were very different between countries and required significant investments to maintain surveillance capability in each of them. However, with the convergence on standardized technologies such as VoIP, emplacing a wiretap becomes relatively trivial. Also of note are the rise of advertiser-paid services in the form of "free" applications, "convenience" features such as tailored recommendations based on your geolocation, etc. Though developed and funded by business interests, the possibilities for use as surveillance tools are disturbing. The governance processes the US develops for its own uses (and abuses) of these capabilities will form a large part of its enduring legacy.

"Cryptography is the future" (Anna Lysyanskaya). What if, instead of interfering with the capabilities of intelligence agencies and law enforcement, cryptographic technology could make their jobs easier while protecting individual privacy at the same time? That sounds too good to be true but Lysyanskaya, a cryptographer, describes currently available technologies (some the result of research funded by US intelligence agencies) that could make this possible. For example, it has been asserted that intelligence agencies must collect all phone records so that they can query them (after obtaining legal approval) to avoid the phone company's discovering which of their customers is of interest. Lysyanskaya identifies this situation as an example of the "secure two-party computation problem" (p. 113) and notes that protocols are well known that would allow the intelligence agency to obtain the information it needs without the records custodian (the service provider) being able to determine which of its customers was of interest. She then asks a critical question with wide applicability beyond cryptography: "If solutions are available, why aren't they being used?" with the answer "Perhaps cryptographers and policy makers are not speaking the same language." (p. 115). This is a significant challenge to a profession that often can't communicate even with its own management but as our professional responsibilities increasingly affect the society in which we live, it is a challenge we must acknowledge and solve.

"Fear and convenience" (Bruce Schneier). Schneier asserts that we have been debating the privacy/security problem as if it were a technology problem rather than a people problem. By and large, we enable pervasive surveillance out of fear or for convenience. We fear terrorist attacks so we allow our government to conduct pervasive surveillance to protect us. We like "free" and convenient services that allow us to keep in touch, receive personalized advertising and other services. We seldom stop to think about the wealth of information we give up in order to enable those "free and convenient" services. Schneier's main point is that we need to move the discussion beyond technology (how who can surveil whom) and more to a reasoned discussion about how much surveillance we're willing to accept in return for which benefits. Without this type of reasoned, public debate, "the trajectory of technology is resulting in a level of surveillance that will change society in ways we can just begin to imagine." (p. 203).

This is a timely book that explores the complex issues at the intersection of "privacy" and "security" in clear, understandable language. Do read this book and share it with friends, book discussion groups and even elected officials. The evolving complex relationship between "security" and "privacy" affects us all and a public, intelligent discourse will assure that our voices are heard.

It has been said "Be careful, for writing books is endless, and much study wears you out" so Richard Austin fearlessly samples the wares of the publishing houses and opines as to which might most profitably occupy your scarce reading time. He welcomes your thoughts and comments via raustin at ieee dot org