[personal profile] koanhead
The title is a lame pun on a book called Godel, Escher, Bach: An Eternal Golden Braid.
That book is  good enough that if you haven't read it, then you should quit reading this and go read it instead.

This article is about the interactions of Security, Privacy and Freedom, which is more of a tangle than a braid.
The title is also an allusion to in-group social pressure, one of the trust-enforcing mechanisms outlined in Bruce Schneier's Liars and Outliers, another book which is more worth your time than this blog is.

This article deals with abstract entities which can be people or groups thereof. Therefore I'm using the pronoun "it" to refer to these entities. In the event of the involvement of actual people, I will use more suitable pronouns. 

Security, Privacy and Freedom are all hot issues today, and they all kind of evaluate to the same issue: that of agency.

Security seeks to keep the Bad Guys (that is, other agents who you, the securing agent, want to prevent) from taking away your Good Stuff. Privacy seeks to keep certain information away from all but a certain set of eyes. Freedom means your Good Stuff is actually yours to do with as you like (within the limits of living in a society, i.e. your Freedom to swing your Stuff ends where my nose begins, et cetera.)

An infringement of any of these also robs you of agency in that choices which should be yours to make are instead made for you by others. These others may or may not have your best interests at heart. It doesn't matter if they do or don't: either you are an adult citizen entitled and required to make your own decisions, or you are a ward of such a citizen. Either way if anyone other than you or your designated guardian is making decisions about who gets to touch your stuff or your information, that entity is usurping your agency.

Freedom in the Software sense is defined by the Free Software Foundation https://www.gnu.org/philosophy/free-sw.html as software that ensures its users have the freedoms to use, modify, and distribute the software and modifications thereto. Software is data; the only thing that separates software from data the fact that a computer can execute it. Any data at all can be executed by some computer, as long as you don't care about the result: any data can be represented by a number, and all numbers are computable as long as you don't care whether they terminate or what the result is. In this sense, all data is software, and to the extent that the *user* cares whether computations involving that data terminate or what the result is, both that data and the computations must be Free. Otherwise the user's agency is compromised.

This assumes that the user of the data is the same as the owner of the data. Ownership of data (in the legal sense rather than the RBAC sense) is very tricky, so much so that I expect that it will eventually have to be abandoned as a concept that society honors. Society will have to find some other way of rewarding "creators" of patterns than enforcing their sole control of the patterns in question. Anything which can be represented by a number can be copied at a cost approaching zero as the number of copies increases, and that number can be arbitrarily large. In order to exploit such patterns at all, copies need to be made. If the user and the owner of the data are not the same entity, then there's conflict over who bears responsibility for securing all these copies. The entity bearing this responsibility must also possess sufficient agency. This means that, if the owner is responsible for securing the copies, it must compromise the Freedom of the user, because it must have the ability to effect changes in the user's software which are uncalled-for by the user. Even if the user wishes to comply with the wishes of the owner, the fact that the necessary changes are initiated by a party other than the user constitutes a compromise of the user's agency and therefore of its Freedom.

This is fundamentally a Security issue, since it's all about who gets to access this data. In some cases it will also be a Privacy issue. Every Privacy issue is also a Security issue. Privacy issues occur only when the "owner" and the user are distinct. The owner of the data wishes not to show the data to any but a whitelisted class of users. 

Expand Cut Tags

No cut tags



October 2016


Most Popular Tags

Style Credit

Page generated Oct. 20th, 2017 03:50 pm
Powered by Dreamwidth Studios