June 19, 2003

Grimmelmann on Accidental Privacy Spills

The "most read" story about privacy at Yale's LawMeme site is LawMeme - Accidental Privacy Spills: Musings on Privacy, Democracy, and the Internet. In this February 2003 piece, James Grimmelmann reminds us about the story of an individual who sends an informal but lengthy and broadly interesting email to a few friends, thinking it will be kept private, and within two weeks finds it picked up on MetaFilter, republished and discussed throughout the Internet. Of course, the author was Laurie Garrett, a Pulitzer prize winning science journalist and author, and the story was a chatty report of the goings-on she saw inside the controversial Davos conference of the World Economic Forum.

Grimmelmann's comprehensive and thoughtful posting muses about the social and ethical situation where one's informal email "crosses the bloodstream" and becomes a digital global phenomenon, and the revelations that the story has for privacy and the Internet. He insightfully notes that despite all the high-powered security technology one may employ, the weak link is always the unscrupulous, tactless or just plain clumsy person who has access to private information and lets it out. As he notes, "people make secure systems insecure because insecure systems do what people want and secure systems don't."

He also notes that in the age of cheap, ubiquitous scanners, even paper-based writings can be spread throughout the world in a matter of hours. The "CLICK-FORWARD" world that caught Laurie Garrett is becoming the "SCAN-FORWARD" world of tomorrow. As Grimmelmann observes: "The problem isn't just that the Internet is leaky; the Internet makes everything leaky."

The entry includes several reader comments on Grimmelmann's piece that reflect on whether various new technologies such as Microsoft's Palladium or Microsoft's Digital Rights Management tools might have been useful in this context. Such tools are designed to allow one to control with whom particular content may and may not be shared, at the architectural layer of the information medium, and have become of commercial interest in the context of peer-to-peer file sharing via Napster, Kazaa, etc.

Grimmelmann also cites a February 2000 paper "What the Publisher Can Teach the Patient: Intellectual Property and Privacy in an Era of Trusted Privication"
by Jonathan Zittrain of Harvard Law School. about the application of technology tools developed for the music industry to the preservation of personal medical information (an application of interest to those subject to HIPAA compliance). The point being to change an "Era of Promiscuous Publication" to an"Era of Trusted Privication": "one in which a well-enforced technical rights architecture would enable the distribution of information to a large audience while simultaneously, and according to rules generated by the controller of the information, not releasing it freely into general circulation."

Both articles are valuable reading to anyone dealing with privacy and the Internet.

Posted by dougsimpson at June 19, 2003 10:13 PM | TrackBack
Comments