Privacy Economics

Privacy is good. Perfect privacy is really hard, probably unachievable. It’s not a binary thing, but a big dial we can turn up or down. So obviously, we should be turning it up.

The economics · It’s like this. If there’s data flowing over the Net that the intelligence community can scoop up for free, they will, and they’ll store it forever. Criminals and stalkers will scoop too, looking for credit-card numbers and home addresses and so on.

But the Internet volume is so high that if it processing a conversation takes any non-zero investment of effort or money, then spooks and crooks won’t bother (unless you’re a real target); nobody can afford X times billions/day, no matter how small X is.

Thus every time you turn the privacy dial up, even just a little, you make certain classes of surveillance and of crime uneconomic. This is a good thing.

The perfect and the good · There are people out there who want more: They’re not sure HTTPS is good enough (it is), they think your private key should be locked away in specialized hardware (it shouldn’t), and they think Tor and Tails are appropriate for everyday Net use (they’re not).

The problem is twofold: First, the level of privacy the purists want is really complicated, irritating and inconvenient. But we don’t want to give people the impression that basic privacy is hard, because then they just won’t bother.

The other half is that what purists propose won’t work. If democratic-government employees seriously think you’re planning to blow up infrastructure, or are smuggling Uzis to narcos, they’re gonna bypass all the encryption and just put a microphone in a camera in the places where you work. If the Chinese government thinks you might be about to expose official theft, or remind people of June 1989, they’ll take similarly extreme measures. I dunno, maybe Jason Bourne and George Smiley know tricks to hide in plain sight, but you and I are going to have to settle for ordinary strong privacy or maybe even common privacy.

Tor makes all sorts of sense if you occasionally need to purchase something illegal, or you’re a journalist in Thailand working on an exposé concerning the royal family; and you can imagine other scenarios. But if you want to stop the vast majority of daily-life surveillance, just do something so it’s not free any more.

Mechanics · It’s worth checking out Opportunistic Security: some protection most of the time, a draft being kicked around in the IETF, which I predict will gain consensus and become policy.

The idea is simple: Sometimes when you make a Net connection that begins with “http:”, the infrastructure could go ahead and encrypt it for you anyhow. Of course, a real “https:” connection not only does the encryption but tries to prove who you’re talking to, thus making it really hard for someone to read (and maybe change) the messages between you and your bank.

But really, who cares? Given basic modern cryptography, man-in-the-middle attacks require active subversion of the infrastructure, possible but tricky and time-consuming. Which means: It Just. Won’t. Happen. At scale anyhow, against ordinary people doing ordinary things using reasonably modern technology.

The purists are predictably against this, saying it’ll discourage the use of “real” privacy tech, give a false sense of security, and so on. And yeah, real “https:” is better and you should be doing it anyhow.

But opportunistic privacy is better than none. A strong password is better than a weak one. A password manager is better than your memory. A second factor is better than just a password. An encrypted disk is better than a wide-open one. None of these things buy you anything absolute. But every time the dial turns, certain bad things stop happening, and the world becomes a better place.

---

---

Contributions