From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Mon, 29 Jan 1996 08:59:23 +0800
To: cypherpunks@toad.com
Subject: Opinion piece in NYT; responses needed
Message-ID: <ad31794b06021004bf8a@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain


>   The New York Times, January 2, 1996, Business, p. 14
>
>
>   Viewpoint: J. Walker Smith
>
>   Standoff in Cyberspace Gulch
>
>
>   In the new frontier that is cyberspace, a showdown is
>   shaping up as the law moves into town. On one side is a
>   band of cybercitizens bent on protecting their privacy as
>   they explore this unmapped territory. On the other are the
>   lawmakers charged with safeguarding all cybercitizens from
>   crime, even if it means forcing them to give up some of
>   their privacy by, say, signing in as they enter town.
>
>   This is how the public debate over cyberspace security has
>   been framed. And on-line users are, indeed, worried about
>   security. Yankelovich Partners surveyed 400 randomly
>   selected on-line users, aged 16 and older, by telephone in
>   mid-October and found that 90 percent agree that better
>   Internet security is needed to insure that personal and
>   financial information is not accessible to unauthorized
>   people. Nearly 80 percent believe it is too easy for one's
>   credit card number to be stolen if used on the Internet.
>   And almost 70 percent agree that pornography on the
>   Internet has gone far beyond reasonable bounds.

This op-ed starts out by portraying the two 'sides' as 'lawmakers
safeguarding from crime", and "citizens bent on protecting privacy"--which
I'd say is fairly accurate.  The next paragraph, however, discusses the
fact that almost everyone agrees that 'better internet security ' is
neccesary is support for the lawmakers side of things. It goes on to say:

[...]
>   A cyberspace that offered privacy, security and decency
>   would clearly be preferred. But recognizing that this
>   simply may not be technologically achievable, most on-line
>   users put security and decency ahead of absolute privacy.
>   Fifty-three percent of cybercitizens agree that
>   guaranteeing Internet security is more important than
>   worrying about the privacy of each user.

The rest of the opinion piece only gets worse--the author thinks that,
while privacy is a good goal,  "in no way should [privacy] distract
regulators from maintaining order and decency on this new frontier, nor
should it be allowed to defeat the progress of commercial ventures. "

Now, first of all, the cypherpunks are clearly an entity that values _both_
privacy and security, and doesn't see them as at all contradictory.
They're two sides of the crypto coin.  The very same encryption that can
make it possible to set up secure credit card transactions also makes it
possible to use anonymous remailers--and the security isn't harmed by
people with anonymous shell accounts or access to the net.  Chaum's
digicash could theoretically provide security _and_ anonymity, without any
contradiction.

Now, Walter Smith probably wouldn't be satisified with cypherpunkian
solutions--he doesn't want anonymous communications _regardless_ of whether
we also get secure credit card transactions, and would be perfeclty happy
with crypto available to everyone, and a law against anonymous
communications on the net.  But, regardless of his own opinion of
privacy/anonymity and security individually, in this piece he portrays them
as linked, and in fact mutually damaging.  There is a danger of this view
becomming commonplace--whenever we encounter it, we should take pains to
argue that privacy/anonymity and security _aren't_ mutually exclusive, are
sometimes mutually _enhancing_  (ITAR restrictions make anon remailers and
secure financial transactions a pain in the ass to set up legally).  And we
should make it clear that there are a lot of people out there who value
both extremely highly, and don't see any need to sacrifice one for the
other.  [I'm not sure of the proper email address to send a response to
this viewpoint, but you might try "viewpts@nytimes.com", which is the
proper place to submit "viewpoints", ie op-ed pieces in Business section of
the NYT].

Very interesting also, is that Smith explicitly says that privacy concerns
shouldn't be allowed to "defeat the progress of commercial ventures".
It's unclear exactly what the 'progress' that Smith is talking about is,
that would be defeated by putting too much emphasis on privacy.  But the
previous paragraph mentions "users will find it in their self-interest to
reveal more and more about themselves so the interactive system can cater
easily to their needs and preferences.... 71 percent of respondents found
it highly desirable to be able to receive customized information, while
only 35 percent felt the same about a guarantee of anonymity."  Smith
appears to be saying that the interests of commercial ventures in ammassing
data about what consumers visited what web sites, and what consumers are
likely targets of customized marketting (customized information?), should
take precedence over the interests of citizens in keeping their information
private!

Many on cypherpunks are used to thinking of business interests as if they
match cypherpunks interests, I think--certainly they seem to where ITAR is
concerned, at the moment.  But it's good to remember that
'business interests', at least as interpreted by some businesses, are going
to contradict cypherpunks interets.  Unfortunately, business interests
often seem to have the advantage in the U.S. legislative process--with this
in mind, lobbying action from 'public interest' groups like the EFF, and us
as individuals, is more important when it doesn't line up with business
interests (protecting anonymity) then when it does (getting rid of ITAR).
Large corporations are lobbying for loosening ITAR, and we can help them,
but when lobbying for allowing anonmity, if it comes down to that, we'll
have fewer/less powerful allies.

Also, clearly in this survey, they asked two independent questions "Do you
find it desirable to be able to receieve customized information" (71% said
yes), "do you find it desirable to be able to guarantee anonymity" (35%
yes, which is actually enhearteningly higher then I would have thought).
In the context of his opinion piece, though, he clearly sets them up
against each other--what if the surveyed had been asked "When guaranteeing
anonymity comes into conflict with allowing commercial ventures to send you
customized adverts, which is more important"?  Obviously, that question is
biased also, but my point is that it's important to make this connection in
people's minds.      Here, there might _be_ a tradeoff--and consumers
frequently get up in arms about how anyone can get their credit report, or
their driving record, or whatever.  It's important that we create a
connection between anonmity on the net, and empowerment to keep personal
information personal--we need to link the "customized information" which
Smith's surveyees were so enamored of, to the privacy invasions posed by
credit reports and such, that consumers already know about and know they
don't like.

[I'm going to try to make myself write a letter to the NYT in response to
that viewpoint, making some of these points I'm saying it's important to
make, but you should too. :)  ]