Privacy is the expectation that personal information and communications will not be inappropriately gathered, attributed, or shared.

In the era of the Internet privacy issues have become both more urgent and more complex. More urgent, because technologies such as the Internet and Digital Rights Management provide endless opportunities for both appropriate and inappropriate collection and use of personal data. More complex, because there are many vocal stake holders and evolving technology is usually several steps ahead of the evolving law.

Managing privacy involves both policy and technology. On the policy side, in any given country or state, there is existing and up coming legislation which dictates how personal information must be handled in certain domains. In Canada, for instance, there is federal legislation called PIPEDA in effect since January 2004. As for technology, existing systems may have to be modified to become compliant and/or specific "Privacy Enhancing Technologies" (PETs) may have to be acquired. Your scribe published an Article on PIPEDA in early 2004.

In the USA, where business rules all, there is piecemeal sector-specific privacy legislation, such as for health care, but no general-purpose privacy legislation controlling the handling of digital information about citizens.

The use of personal data is not always a bad thing. Many of us, for example, trust amazon.com with personal information like our names, addresses, credit card numbers and (if only implicitly) our taste in books. We've willingly given them the information because it saves us time and money and we have the feeling that Amazon will not misuse it.

But what if, say, your Personal Computer had a unique serial number, and called home regularly over the Internet to sites you didn't know about, exchanging data you didn't understand ? What if your Internet Service Provider was forced to divulge your identity because the RIAA "thought" you were distributing pirated content ? What if, when you installed a free "download manager" it called home and told someone about every file you downloaded ? In fact, for many of us, these have already happened. If there are not widespread protests, it is only due to ignorance, or the trust that major entities such Microsoft or the RIAA will not misuse the information. (In fact, there is at least as large a risk from corporate sloppiness as from corporate bad intent, as demonstrated by incidents like thefts of hard-drives containing thousands of credit card numbers.)

DRM technologies- like many others - have the potential to invade people's privacy if the people who deploy the technologies choose to do so. This doesn't mean that DRM is bad, or that DRM which "calls home" over the Internet is bad. But the consumer should easily be able to find out- without reading a 10 page license agreement- how, when, why, and to who it calls home, and what the relevant privacy policy is. Then she can make a rational decision whether to use that content or not !

Emerging security technologies, such as the Next Generation Secure Computing Base (NGSCB) are often promoted to the public in terms of the privacy protection they will provide. A skeptical public is a good thing, and has probably played a part in slowing the rollout of NGSCB. Security is not the same as privacy, and there has been very little evidence offered that mass-market initiatives such as NGSCB will really increase anyone's privacy. In an enterprise environment, where desktop PCs are controlled by IT departments, they will probably find willing customers. But this isn't increasing privacy; if anything, it is reducing it.

For consumers however, privacy and freedom are non-negotiable. There is a danger of a creeping crippling of your PC, from a general-purpose device into a remotely controlled appliance, where the remote isn't in your hands. The only obvious motive for such technology is the protection of third-party content e.g. DRM support for Hollywood. Personally, I'd rather keep my PC uncrippled and deal with Hollywood content in the living room.

Having a crippled PC that spies on you is a cure that's worse than the disease, and is only one of the possible ways in which personal privacy is at risk.
If you'd like to help preserve privacy, here are a few suggestions:

• Become familiar with privacy legislation where you live. As a consumer, call people to account to use it. If you're in business, make sure your own practices are compliant.
• Read license agreements, complain about unreasonable ones, and, when possible, switch to another product !
• Make informed choices about the equipment you buy. Avoid, say, PCs with ill-described "security chips" - they add cost and, for a consumer at least, make a LESS capable machine !
• Learn about some of the advocacy groups that are organizing around these issues. There is a starting list on our DRM Policy page.

  The point is not that large corporations like Microsoft et al are evil invaders of privacy. They are just a bunch of clever people trying to expand their markets. If we, the public, are not comfortable with what they are doing, we owe it to ourselves to say so - both to them and to our legislators !

  ---