Privacy, the NSA, and cranky customers

<![CDATA[There’s a discussion the VRM project mailing list (home page here), hosted by Doc Searls and Harvard University that suggests that the erosion of personal privacy may have been planned by our government or, at least, the National Security Agency. Of course it was planned. Here’s my response to the list:
Agreed, the fingerprint reader doesn’t require nightmare scenarios involving severed fingers to justify outrage. The simple fact is that a thief could walk up to you on the street and point a gun at you, demanding that you unlock your phone. That’s a variation on the kidnapping-for-ATM-access scheme that is used in some U.S. cities and many cities in the developing world as the most convenient way to kidnap someone. The fingerprint reader simply makes that easier to do. It’s not a new threat to privacy as much as evidence of the continuing consolidation of the destruction of privacy we’ve allowed to happen.
Point of information, since I broke the original Clipper Chip story (learn more) for MacWEEK (a day before the Times): The NSA had several concurrent efforts to intrude on public crypto standards in the early 90s. They had established an advisory role with NIST (National Institute of Standards and Technology) in the late 80s with the plan of driving backdoors into all potential public crypto standards. It wasn’t a fallback strategy after Clipper was outed for its NSA backdoor, but part of a campaign on many fronts that was largely ignored by public policy people and despite complaints from privacy advocates, who do not all wear tin hats.
At the same time as Clipper, NSA was imposing its advice on NIST for the MD-5 message-digest hash algorithm that is used to generate 128-bit keys, which opened the door to what we are living with today. The NYT’s John Markoff and I both reported that, too, though our publications’ archives don’t seem to be accessible for free access. National cryptography policy has resided in the armed forces for far too long, to the point where it is negatively impacting U.S. technical competitiveness. This does not happen by accident; it was planned and abetted by both political parties.
I think it is well past time to refer to privacy advocates as shouting cranks. It trivializes legitimate citizen concern and, because of the intrusion into public communication, marginalizes consumer complaints. Customers have been waving companies like Apple and Microsoft off supporting Fort Meade for years. But these companies, both of which resisted NSA suggestions that they compromise their security in the 1990s, have continually heard their privacy-concerned customers described as cranks and edge-cases. We eroded our own privacy and sacrificed the economic power in personal information willingly.
We got here by not being activist enough, not by being too crazy to make the case that our security in the knowledge that we speak in private in our homes and papers is a 21st Century human necessity, and certainly a U.S. necessity.]]>