Girl With a One Track Mind, the blog by Zoe Margolis, may seem like an unlikely entry for an IT Security blog.

The Guardian lists her blog as one of the "The world's 50 most powerful blogs" and recently published an article of her writing, titled "Keep it confidential". (The Guardian, March 24, 2008, page 32 - the original article doesn't seem to be online but there is a related post by Zoe Margolis covering the same subject (warning, not work safe).

Zoe says herself that her perspective is influenced by her forced outing in 2006 as the author of her blog, which contains details of her private life of the most intimate nature. She says that "it makes (her) angry when the concept of online confidentiality is idly cast aside, as if just opening a web browser somehow eliminates (her) right to maintain privacy."

Her article, of course, is about Phorm, a tool installed at major British ISPs, it was disclosed, to analyze users' web surfing habits in order to target them with adverts.

The company itself has recently conducted a Privacy Impact Assessment by no lesser person than Simon Davies, privacy advocate of the first hour. In it, Davies concludes that the company's privacy safeguards are, in a nutshell, sufficient. So, assuming he's right, what is this about, and why might Zoe Margolis and others still be unhappy?

Three points here:

  • What may appear like a limited, and perhaps justifiable, invasion of privacy today, may be a step in its wide-spread erosion. We have seen this happen with online surveillance - things that are being introduced for one reason can (and will) be used for other purposes. Not collecting information is the only real protection against it being used in the wrong way.
  • The right to "informational self-determination" begins when data is being collected. The principle that data processing requires an individual's consent is already anchored in the 1980 OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. Does the requirement for consent end when the target of an analysis are groups rather than individuals? And would a user's consent be considered legitimate if the market denied him or her of the choice of chosing an ISP where Phorm and similar technologies were not used? Not to mention that it's not quite clear who was even asked to begin with.
  • It's not just the advertisers. As part of a disturbing political trend, and their unproven effectiveness in this area nonwithstanding, technologies to intercept Internet traffic are being eyed by legislators and law enforcement as the one-size-fits-all solution to online and offline crime. It appears as if we're forgetting that privacy is a necessity of human life and that humans will change their behaviour when they feel controlled - leading to less liberty, less creativity and less of the stuff we call "life".

Am I right on the last point? Or will the day come when we will just shrug it off, and live on like we did before, right under Big Brother's watchful eye?

No votes yet