Hello Scott,
Very interesting dialouge here but you jump to some assumptions which I always find facinating. For instance:
>How ever on the Internet the first step that you take is traceable. >Your connection to the Internet occurs through a "community" that >immediately knows and can trace where the other end of the wire is >connected. Whether by phone, cable, or DSL. So the "source" of any >Internet communications is easily pinpointed to a physical location. >(Ok ... in the case of wireless it's slight tougher ... cell can be >triangulated, but still identified.)
Just because it's trackable doesn't mean there is someone "looking over our shoulder" at all times. What you refer to is an aspect of he medium in which cyberspace exists. The internet is bound by the world that defines it (telcommunications, circuits, packets, addressing schemes etc) and that's inescapable. But don't fret, there is some light on the horizon :)
Masking my location gives me a false sense of anonymity like wearing a disguise or a ski-mask. It's still tracable to the point of origin and then again, wait...I'll get to that at the end of this note :)
Our "real world" life can be just as trackable but there are certain civil liberties in place which prevent and/or regulate this. In cyberspace, we don't have this in any shape or form yet. I understand the nature of the internet won't allow us an easy solution because of the boundry-less nature of it but that's not a excuse to give up or deny that a solution can be found.
We tend to define cyberspace with the "real world" we move and breathe in every day. It can't be defined in that way. Otherwise I can make analogies to fiber optic cables to roadways and ISP servers to toll booths etc. We are being tracked from surveillence cameras at intersections and toll booths to our passports and travel tickets. We constantly leave a "paper" trail for someone to track - you point out the only difference is it's not happening in real time for everything we do. Does that really make it different? I mean, some things ARE being tracked in real time...some things aren't...that doesn't mean I have "privacy".
>But again, in the case of the Melissa virus writer, what if AOL had >not cooperated with authorities, or never logged the information >necessary to trace the call, what would have happened? Authorities >would not have been able to find the virus writer. And who is then >liable? Could AOL have been sued as the "community" responsible for >the virus? Can government "force" all ISPs to log information to be >able to "track" people? If so, then people will resort to using >complex proxies and relays to try and hide these communications in >secure channels (it's now happening!) so do we now make this >illegal? If so we are agreeing that there is no privacy in the >Internet. If not, then bad things can happen. Classic dilemma of >freedom.
OK, I see that you are not familiar with AOL's Terms of Service so I'll briefly go over them. In essence, they are not laws but rather community rules that apply to AOL. Each country that AOL has a localized service (AOL UK, AOL FRANCE, AOL Australia, AOL Japan, etc) each have their own localized Terms of Service which abide by the laws of that country.
To become a member and retain your membership you agree to follow those rules. There are 3 parts to this "agreement", the MEMBER AGREEMENT, COMMUNITY GUIDELINES and lastly a PRIVACY POLICY.
From the PRIVACY POLICY:
AOL does not read or disclose private communications except to comply with valid legal process such as a search warrant, subpoena or court order, to protect the company's rights and property, or during emergencies when we believe physical safety is at risk.
So basically this is the same type of deal you get with the telephone company, your credit card company, your accountant, your dentist et al. There are some areas the law can not pierce (your lawyer's records, your shrink's records) but going online is not one of those protected areas. What this privacy discussion should really be doing is forcing you to realize that privacy is a matter of perception and that it really extends beyond cyberspace. When we do that, we can take lessons learned there an see if they apply in some shape or form to our needs in cyberspace.
So in reality, the law has already "forced" people (organizations) to maintain detailed records of many aspects of our lives. Better yet, is not that they HAVE to keep detailed records but if and when they do, those records can be accessed under certain circumstances. Is their intent evil? I mean we can use your dentist's records to identify you in case of a tragic death or as evidence in a rape trial...does that violate privacy?
OK, the dentist keeps those records in the course of doing business. It's necessary for him to have a "patient history" right? AOL needs to track users to map how these users access AOL content which they then use to correct problems in their service (need more servers, load balancing, etc). The fact that some agency can subpeona these statistics and use them works in the same fashion as the dentist analogy. AOL doesn't keep track of their users for "evil" intentions of Big Brotherism. If you read it that way, you are bringing your fears and untrusting nature into your decision which is a whole different beast :)
>... just imagine what they will discover when they sell >completely "discrete" or "private" proxy services. The only recourse >will be "connectivity sanctions" ... but then that opens the door >for blackmarket "connectivity". ;-)
If you look closely enough you will find examples of this in the world today - I point to the "lax" banking rules of countries like Switzerland, Cayman Islands, Luxemburg. If you want to keep your banking secret and out of the prying eyes of the government, your wife's divorce attorney or your partners, you can. It's just not as easy as heading over to the local branch office :)
>The problem is that if you track everything because something bad >might be in there, you are still tracking everything. ;-(
You see the evil as the tracking part. I can respect that because there are times when I too worry about the tracking. Such as will my insurance company drop my coverage if I check cancer websites? That's a big thing but I shouldn't need masking technology to protect me from that.
I can also see that tracking is a necessary "evil" that will afford me (and my family) a form of protection in that it will create accountability that will deter others from doing "bad" things.
I live in a world that has shown me that we can balance my privacy with the community's needs and safety as long as we use common sense. What we need to do is extend our current laws (Bill of Rights, case law, civil liberties) to our internet experience and find a way to make that work in a boundry-less way. We already have extensive laws that many countries agree to follow so I have faith that in time we will find a solution.
Now getting back to the masking part from above...
If you think signing up with one of these sites and hiding behind some technology that will mask who you are will solve the privacy problem it's shortminded. There will be people who will use this type of anonymity for unwanted purposes which will only target that domain for sanctions (as we do the Kosovo conflict you mentioned). Once that happens what will stop countries from severing the ties (or access) to and from that domain? We already have an email blacklist for companies and ISPs who don't take spam seriously (http://maps.vix.com/)
What if e-commerce sites deny access to people who use masking technology for fear of fraud or criminal behavior?
The internet flows over wires or spectrum bands (wireless or satelites) that are governed by laws of many nations - not only that but they are owned by a handful of companies (MCI & Sprint physically own over 50% of the data trunks in the world). Even an enterprising company looking to tap into that "lucritive" blackmarket would have a tough time maintaining these ties if there's any sort of backlash to anonymity sites.
What I'm getting to is this: walk into Wal-Mart and tell me there aren't surveillence cameras creating a record of your visit or a cashier who sees (and remembers) your face or that the credit card you use doesn't track your purchase. OK, so you use cash, you still feel there's anonymity? Sure the camera doesn't know who you are but you are being "tracked".
So, my ISP knows when my account logs on and where it goes but is it me at my PC or my brother who borrowed my account to check his stocks and then in a good mood shoots over to www.playboy.com? It's just my account not at all like a fingerprint. At best, it can be used to collaborate other evidence such as in the case of the Melissa virus writer. He was not caught solely by the tracking of his activities on AOL. It was a tool used to prove a trail of a document which was created on his PC. Ultimately it was MSFT's ID embedded in the document he created and his PC's Operating system "fingerprint" that will prove it maybe him. Other evidence will be necessary to actually convict him of any wrong-doing.
This argument will never end nor do I think it should lest we miss the opportunity to find better solutions.
Thank you for your time :)
Peter J Strifas |
