TOC In search of privacy: how to search in privacy Your Turn

Today I feel like this "English yachtsman who slightly miscalculated his course and discovered England under the impression that it was a new island in the South Seas" (1). Last week I described what I called value markets as a new world to which Internet brings abundant crops. Jacques Cremer was kind enough to point to me that my value markets looked suspiciously like what economists have mapped in the past under the name of matching markets (2). It appears indeed I had landed not far from home.

Such discussions however pale in the light of recent developments. Wednesday Michael Barbaro and Tom Zeller Jr. reported about the public release of 20 million web searches by AOL and the not so secret identity of user No 4417749 (*)(**). Thursday air travel was disrupted worldwide in view of a terrorist plot based in London and hopefully foiled.

When governments fight for your safety, insisting on your own privacy, especially eprivacy, is bound to appear as selfish and short-sighted. Yet society must resist the temptation to fall in step with its foes and take any means to the end. Defeating elusive social networks bent on evil deeds is going to be a long and arduous task. Meanwhile governments may ask us to surrender liberty in the name of security. Next advertisers will further entrench their asymmetric information markets (see 5/30 fillip), dispatching equality between economic agents in the name of prosperity. Similarly lawyers will continue to turn any archived email raising a potential issue into a proof of its receiver's reckless dereliction of duty, killing fraternity in the name of justice. Big Brother is a fiction of 1984. I am more afraid of how real life Bigger Brothers flock together, resulting in the Airport Syndrome.

Before continuing in defense of everyone's data rights, let me give one piece of unsolicited advice to governments worldwide.
We have been there before. Read about Prince Kropotkin. His apology of anarchism, the "propaganda of the Deed", his privileged start in life, up to and including his flowing beard, may remind you of another present prophet of Doom. Unprecedented level of economic prosperity and globalization were indeed achieved by the Western powers at the end of the XIXth century, only to engender an international web of loosely connected bomb throwers and deadly assassins (3).
Please try not to repeat the solution adopted when Emperor Franz Joseph allowed the loss of his nephew and heir to a Serbian patriot / terrorist to spark World War the First, followed on the rebound by the Second, plus the Cold War to cap the XXth century.
The solution worked. Today who remembers Prince Kropotkin? But isn't there a better way?

Better ways though are not necessarily all that cheap and easy as AOL's misstep illustrates.
Searching on available Internet pages for the answer to some random question calls for prior optimization, a class of problems well suited for central processing. But central processing implies that a Big Brother collects all those searches which over time paint an impressionistic, yet very lifelike, identifiable portrait.
Take another example. Unless bland to the point of uselessness, anonymous Internet resumes are telling, especially to one's boss, colleagues and other knowledgeable people in the field such as professional recruiters. Anonymity without full profile protection is a lure. While it may protect against unmotivated strangers, it does nothing against nosy or determined parties. Searches render such an anonymous, yet identifiable profile.

Palliative measures can be taken. For example some recommend the use of proxy servers to hide one's IP, the ID of the Internet (4). Such proxy services do indeed prevent a search engine from linking searches back to a common origin. But don't I smell a whiff of recursivity? It seems to me that one is merely substituting one Big Brother to another as the proxy service now possess the same revealing information. Undermining such limited steps, Bigger Brotherly pressure ensures Internet usage is subtly but firmly biased against eprivacy:

  • Internet sites spy on users via cookies unless the user objects, another lucrative exploitation of sloth
  • many Internet sites refuse to work without cookies and quite a few do not even bother telling the user about it, lest ignorant masses become too wise for the good of the advertisers and start asking questions
  • Internet access companies did not rest until they terminated all static IP's, which were attributed to ordinary users in earlier days but prevented dial up services to contain their costs. Now they could not care less about the danger of keeping the same dynamic IP in force for months at a time on users' broadband connections
Only a truly decentralized and confidential solution will prove curative.

Bringing true privacy to searching requires three measures, each a significant change in the way we use the Internet:

  • the first measure is to replace central processing with local processing.
    Suppose you want to travel. You may search online for the appropriate means according to your schedule, thus revealing a lot about yourself. Or you can get the whole schedule book and look it up in private for yourself (5).
    From a technological perspective, this is readily feasible today with all the efficiency of electronic computing:
    • ePrio's solution allows a domain maker to deliver such a decentralized service without your own travel agenda becoming known to anyone, including ePrio and the domain maker
    • the two physical resources needed, local processing power and broadband communication, happened to be more and more plentiful
      .
  • the second measure is to encompass all online information within appropriate domains of interest.
    This is necessary to compensate for the lack of central optimization. If knowledge was not broken up into domains, each individual would have to replicate the central service on his or her own resources, an absurdity.
    Here is a worthy goal for those who gave us Wikipedia and other large scale collaborative investements (6).
    .
  • the third measure is to effect a clean break between identity and online activity.
    While local processing will hide the details of your search, the matching service providers, i.e. the domain makers and supporting them ePrio, will still retain the fact that you requested and used such and such domain. While each brush stroke is coarser now, there still remains an impressionistic portrait.
    The best solution requires coordinated efforts from all the actors involved:
    • the update of dynamic IP's by Internet access providers upon user's request
    • the hands off relationship of matching service providers with their users, mediated through activity ID's
    • the existence of identity support services, independent from all above providers,
    • the possibility for users to generate an activity ID for each search domain
    In this scheme
    • access providers have no knowledge of users' search activities, hidden by encryption of point to point communications
    • matching service providers have no knowledge of the user identity, nor can they link user actions hidden by:
      • unrelated activity ID's or IP's between domains
      • local processing within domains
    • identity support providers have no knowledge of users' search activities, but can deal with real users and:
      • emit anonymous payment instruments to enable them to pay for services
      • certify user identification whenever the parties to a match request it
      • support system wide interdiction of users found in default by the relevant administrative, civil or criminal authority
ePrio can be an enabler, I can be an advocate. One now appreciate that a true solution to search privacy can exist but requires new intermediaries to provide the necessary framework, users to shake their own inertia and information providers to register in the appropriate domains. A true revolution.

In the current context Bigger Brothers have all the cards. Are you ready to defend your data rights or will you continue with the present situation, wisely avoiding to click here and search online for liquid explosives?

Philippe Coueignoux

  • (*)..Surrendering Internet Privacy, Query by query, by Michael Barbaro and Tom Zeller Jr. (New York Times) - August 9, 2006
  • (**).Your Life as an Open Book, Privacy vs. Viewing the Internet User as a Commodity, by Tom Zeller Jr. (New York Times) - August 12, 2006
    • (1) G K Chesterton, in Orthodoxy
    • (2) see this introduction by Al Roth, Harvard University
    • (3) see The Proud Tower by Barbara Tuchman
    • (4) How to Digitally Hide (Somewhat) in Plain Sight, by J.D. Biersdorfer (New York Times) - August, 2006
    • (5) A sad case of 'All change, please', by Andrew Martin (Financial Times) - August, 2006
    • (6) see The Wealth of Networks, by Yochai Benkler
August 2006
Copyright © 2006 ePrio Inc. All rights reserved.