Digital Information Rights Need Tech-Savvy Courts

 
 
By Bruce Schneier  |  Posted 2005-02-14 Email Print this article Print
 
 
 
 
 
 
 

Opinion: The courts need to recognize that in the information age, virtual privacy and physical privacy don't have the same boundaries.

For at least seven months last year, a hacker had access to T-Mobiles customer network. He is known to have accessed information belonging to 400 customers—names, Social Security numbers, voice mail messages, SMS messages, photos—and probably had the ability to access data belonging to any of T-Mobiles 16.3 million U.S. customers. But in its fervor to report on the security of cell phones, and T-Mobile in particular, the media missed the most important point of the story: The security of much of our data is not under our control.

This is new. A dozen years ago, if someone wanted to look through your mail, they would have had to break into your house. Now they can just break into your ISP. Ten years ago, your voice mail was on an answering machine in your house; now its on a computer owned by a telephone company. Your financial data is on Web sites protected only by passwords. The list of books you browse, and the books you buy, is stored in the computers of some online bookseller. Your affinity card allows your supermarket to know what food you like. Data that used to be under your direct control is now controlled by others.

We have no choice but to trust these companies with our privacy, even though the companies have little incentive to protect that privacy. T-Mobile suffered some bad press for its lousy security, nothing more. Itll spend some money improving its security, but itll be security designed to protect its reputation from bad PR, not security designed to protect the privacy of its customers.

This loss of control over our data has other effects, too. Our protections against police abuse have severely eroded. The courts have ruled that the police can search your data without a warrant, as long as that data is held by others. The police need a warrant to read the e-mail on your computer, but they dont need one to read it off the backup tapes at your ISP. The courts have affirmed many times that theres no reasonable expectation of privacy with regard to data held by third parties.

This isnt a technology problem; its a legal problem. The courts need to recognize that in the information age, virtual privacy and physical privacy dont have the same boundaries. We should be able to control our own data, regardless of where it is stored. We should be able to make decisions about the security and privacy of that data and have legal recourse should companies fail to honor those decisions. And just as the Supreme Court eventually ruled that tapping a telephone was a Fourth Amendment search, requiring a warrant—even though it occurred at the phone company switching office—the Supreme Court must recognize that reading e-mail at an ISP is no different.

Bruce Schneier is chief technology officer of Counterpane Internet Security Inc. Free Spectrum is a forum for the IT community and welcomes contributions. Send submissions to free_spectrum@ziffdavis.com.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
 
 
 
 

Internationally-renowned security technologist and author Bruce Schneier is both a Founder and the Chief Technical Officer of Counterpane Internet Security, Inc. He established the Company with Tom Rowley to address the critical need for strong, cost-effective, and resilient network security. Counterpane Internet Security, Inc. provides Managed Security Monitoring services to organizations world-wide. Outsourced security monitoring provides a level of security unattainable through conventional security products.

Schneier is responsible for maintaining the Company's technical lead in world-class information security technology and its practical and effective implementation. Schneier's security experience makes him uniquely qualified to shape the direction of the company's research endeavors, as well as to act as a spokesperson to the business community on e-commerce issues and solutions.

While president of Counterpane Systems, Schneier designed and analyzed hardware and software cryptographic systems, advised sophisticated clients on products and markets, and taught technical as well as business courses related to the field of cryptography. Concerns as diverse as Microsoft, Citibank, and the National Security Agency, have all relied upon Schneier's unique expertise. Schneier designed the popular Blowfish encryption algorithm. And Schneier's Twofish was a finalist for the new Federal Advanced Encryption Standard (AES).

Schneier is the author of six books, including Secrets &, Lies: Digital Security in a Networked World. Published in October 2000, ",Secrets &, Lies", has already sold 70,000 copies. One of his earlier books, Applied Cryptography, now in its second edition, is the seminal work in its field and has sold over 130,000 copies worldwide. He currently writes the free email newsletter ",Crypto-Gram,", which has over 60,000 readers. He has presented papers at many international conferences, and he is a frequent writer, contributing editor, and lecturer on the topics of cryptography, computer security, and privacy. Schneier served on the board of directors of the International Association for Cryptologic Research, and is an Advisory Board member for the Electronic Privacy Information Center.

Schneier holds an MS degree in computer science from American University and a BS degree in physics from the University of Rochester.

 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel