Tuesday, September 11, 2007

PETs so last century

From the ever thoughtful blogging on the identity trail comes an interesting essay on privacy enhancing technologies (PETs) from a privacy advocate.

"In May the European Commission endorsed the development and deployment of PETs(1), in order to help “ensure that certain breaches of data protection rules, resulting in invasions of fundamental rights including privacy, could be avoided because they would become technologically more difficult to carry out.” The UK Information Commissioner issued similar guidance on PETs in November 2006(2)...

Are PETs the answer to information privacy concerns? A closer look at the European and UK communiqués suggests otherwise - for all their timeliness and prominence, they reflect thinking about PETs that is becoming outdated. The reports cite, as examples of PETs, technologies such personal encryption tools for files and communications, cookie cutters, anonymous proxies and P3P (a privacy negotiation protocol). Not a single new privacy-enhancing technology category here in seven years...

Unfortunately, few of the privacy-enhancing tools cited by advocates have enjoyed widespread public adoption or viability (unless installed and activated by default on users’ computers, e.g. SSL and Windows firewalls). The reasons are several and varied: PETs are too complicated, too unreliable, untrusted, expensive or simply not feasible to use. The threat model they respond to, and benefits they offer, are not always clear or measurable to users. PETs may interfere with normal operation of computer applications and communications, for example, they can render web pages non-functional...

Perhaps the underlying difficulty may be a conceptualization of PETs as a technology, tool or application exclusively for use by individuals, complete in itself, expressed perhaps in its purest form by David Chaum’s digital cash Stefan Brands' private credentials. As brilliant as those ideas are, they have had limited deployment and viability to date. It seems that, to be viable, PETs must be also meet specific, recognizable needs of organizations...

A more comprehensive approach to defining and using PETs is required - one that clearly accommodates the interests and rights of individuals in a substantial way, yet which can be adopted or at least accommodated by organizations with whom individuals must inevitably deal. This requires a more systemic, process-oriented, life-cycle, and architectural approach to engineering privacy into information technologies and systems.

PETs as we know them are effectively dead, reduced to a niche market for paranoids and criminals, claimed by some security products (e.g., two-factor authentication dongles) or else deployed by organizations as a public relations exercise to assuage specific customer fears and to build brand confidence (e.g. banks' anti-phishing tools, web seals)."

No comments: