The White House has endorsed a draconian “cybersecurity” plan now making its way through Congress.
It would essentially say all your clicks belong to us. Police would have carte blanche to seize domains, decrypt files, and run roughshod over citizens in the name of catching bad guys who are hiding behind proxy servers in the Ukraine or some other such place.
All this would be unnecessary if so-called Internet advocates had accepted a very basic truth that our Meat Space ancestors knew well.
Privacy and security are the same thing. Both depend on identity.
A sound identifier would not be memorized. It would be too long. And it would be tied to biometric proof that takes great effort to clone – retinal scans and fingerprints today, DNA tests tomorrow (because they're getting just that quick-and-easy but aren't quite there yet).
The identifier would act as an index term on public and private web sites. Social Security numbers are used for that today, but they're not supposed to be and (as noted before) they're very bad at it. If you wanted to use Amazon's EC2 system, for instance, you'd have to pass along the identifier, and then pass some biometric test (finger scanners and retinal scanners are available as computer peripherals already) to gain access. And faking that identity would be a felony.
Here's how crazy it has gotten. I never worried about getting on the TSA “no-fly” list because I'm the only Dana Blankenhorn there is in the world. The name, Dana Blankenhorn, does the job of an index term in any database. If someone put my name onto the “no-fly” list it would be because they really thought I, Dana Blankenhorn, were a terrorist. But what if your name were, say, Russell Shaw? There are thousands of Russell Shaws out there (one fewer since 2008). Russell Shaw could easily get onto the list, because once one Russell Shaw is on the list then all Russell Shaws may be subject to search.
A unique index term, a secure identifier, would give you the same freedom and security I take as a matter of course.
Along with a secure identifier, of course, you want to tighten up on the data publicly available about you. This random exchange of criminal record information, designed to heighten security, violates privacy to a much greater degree than secure identity ever could. Right now I can get a dossier on anyone that tells me everything I want to know about them, but that kind of thing should only be available to someone who has their secure identifier, and violations of the use of such identity should, again, be a felony. That's how you get privacy.
Privacy and security are the same thing. Both depend on identity. Give us a secure identifier, tell those “mark of the beast” morons to shove it up their collective asses, and let's move on.
Or we can do what we're now doing, create a cyber-police state in order to get around the problem. Your choice.