Vera Verba

The German magazine “Die Zeit” did an interview with me about online privacy concerns. As with the many previous times I have been interviewed, reading it later, I never remember saying exactly what appears in print, but in this case it was especially weird, as I was apparently speaking fluent German - a language I can only barely read. :-)

Here is the link to the interview at Die Zeit Online:

http://www.zeit.de/2008/20/II-Gesellschaft_-InterviewHastings?page=1

And here is a an English translation:

PRIVATE WAS YESTERDAY

DIE ZEIT, 08.05.2008 No. 20

Photo (c): Sarah Shatz, Die Zeit, Delta E

The American computer security expert Sean Hastings lives in the USA and advises organizations and companies. His recent book is titled “God Wants You Dead”

Sean Hastings advises you to keep only really important secrets

DIE ZEIT: Rather radical - your data security idea from the year 2000: To set up your computers on an air defense station off the English coast, where no government had access…

Sean Hastings: It was about the right to disseminate what you want on the Internet, unmolested by governments. There may still be a market for that.

Zeit: Today there seems to be a different pressing data protection problem - governments and enterprises spy more than ever on the net.

Hastings: Yes, mostly secretly and electronically, by using viruses, Trojan horses, with hacker methods. For these issues it does not help to to set up your computer at a far place.

Zeit: How does one protect oneself against the Schnuefflern?

Hastings: There have been many companies, which made highly effective systems for anonymous surfing and communicating available on the Internet. But rarely have they found enough customers to make this very profitable. These things will be successful in the long term only free of charge, built into all browsers and E-Mail programs. Like so many today use built in cryptography for things such as home banking.

Zeit: Because people are unwilling to pay for privacy?

Hastings: There is still another better reason. What drives the cost of using encrypted e-mail and similar matters higher, is that they can draw attention. If you use an encryption program for your e-mail use, people can immediately see that a message has been encrypted. So whoever is interested in people who have something to hide, can systematically search for such e-mails.

Zeit: There must be a way to solve that problem.

Hastings: This requires still more effort. There is a technology called Steganography, with which secret messages are hidden in apparently everyday files, such as in photos and videos. Of these millions are dispatched per hour around the world. This is not noticeable to anybody.

Zeit: Do you have recommendations for such programs?

PART 2

Hastings: there are many of them on the internet that are even free of charge. My recommendation is to use only those that make their code publicly available on the Internet. Then a whole world of experts can try to break the coding methods. This increases your chance of security enormously.

Zeit: What would you recommend to people, who really want to keep their secrets to themselves?

Hastings: First of all steganography. Second, great care to make sure that no traces of unencrypted messages can be found on their computer. At a minimum they should encrypt everything on their hard drives. Even safer, however, is a computer that has no hard drive, but boots each time from a DVD-ROM containing their encryption program.

Zeit: The other privacy problem on the internet is that whether you surf or downloading a music file or do anything at all, you are observed at every turn.

Hastings: Use someone else’s Internet connection for that! Then you can’t be blamed.

Zeit: Now seriously.

Hastings: I mean that seriously! Nearly everywhere in the civilized world there are free hotspots for the Internet - unencrypted connections, which some neighbor has left open. Nobody can know that it was you who went online. Although every computer sends a so-called MAC address to the wireless network, so that in principle it can be identified, this can be easily forged: You install a program, and then its effortless.

Zeit: That is not a solution for surfing from home..

Hastings: If you are using a wireless connection at home, then you leave it open, without encryption or entrance barriers! You can always say, “How, did someone hack the computers of the Minister of the Interior from my Internet address? They must have used my wireless network. For weeks I have planned to set up a password, but I just never got around to it…”

Zeit: Many people voluntarily send everything about themselves to sites such as MySpace,  on the Internet - including address, consumer habits, private photos…

Hastings: Of course, and the scammers can use this. But I am not sure whether this is all negative. It lets other people know what you want them to know.

PART 3

Zeit: The half naked photos of yourself as a young person partying? The future boss could be the prudish type…

Hastings: (laughs) We should eventually expect everyone to have such pictures of themselves on the Internet. Then nobody can afford more to be so prudish.

Zeit: That cannot be true! One expert for data security and secrecy we interviewed says: Should everything you do be on the Internet?

Hastings: Okay, seriously now: There is no privacy anyway. No one should expect it anymore. Not only you are getting all kinds of other people putting all sorts of information about you on the net. Our whereabouts are constantly monitored. Cameras are getting smaller.

Zeit: If its like that, should one not bother to try to surf and send messages secretly?

Hastings: No, but you should make it clear: It requires special effort to keep a secret, not just in the realm of electronics but also in choosing whom to trust. Otherwise, you must assume that everything is public, whatever you are doing.

Zeit: What sort of secrets do you have that are worth this kind of effort?

Hastings: I have no reason to answer that question.

The interview was conducted by Thomas Fischermann

The American computer security expert Sean Hastings decided in 2000 that America was no t a safe place for his computers. So he took them to Sealand, to an inhospitable former air defense station in the English Channel, which had been occupied into the 1960s by an eccentric Brit and been declared an independent principality. From there Hastings sold server collocation to a geheimniskrämerische clientele, afraid of public access. Today he lives again in the U.S. and advises organizations and companies. His recent book is titled “God Wants You Dead“

A lot of the people that I tend to socialize with are libertarian types with strong feelings about freedom and privacy. I have always been very pro-freedom, but am skeptical about the need for privacy.

Although please note that I am talking about only physical privacy here - that is, privacy concerning ones actual physical actions - as distinguished from communications. In the book God Wants You Dead, that Paul and I wrote, we discussed the fact that privacy can be broken up into physical and communications spheres, and that physical privacy is disappearing as cameras become smaller and cheaper. However, we also noted that because communications devices are likewise becoming smaller and cheaper, that communications privacy might be able to survive the death of physical privacy, and that there are some very good reasons to try to keep communications privacy alive.

Anyway, what got me onto this particular rant today was my wife mentioning that a friend of ours did not believe in having her children vaccinated. This seems to becoming a more and more common attitude for new parents to have, with claims of links between vaccination and autism or other problems. It may also be tied in with the strengthening of environmentalist ideology or other religious belief - certain medical practices being thought of as unnatural or unholy by some true believers - which is another topic we discuss in GWYD.

Now I have no particular knowledge concerning the risks of vaccination, but I believe that even doctors who do not believe any of the stronger health risk claims will still admit that vaccination poses some risk to a child. At the very least you are poking them with a needle, and any breach of the skin can become infected - there is always the risk that a vaccines could be contaminated in some way - and in some cases, there exists a risk that the vaccination can actually give a child the disease it was intended to protect against.

As someone who believes strongly in individual freedom, I must respect each persons individual wishes on the subject of vaccination. It is up to each person to asses the risks of the world around them and act accordingly.

So what then, you ask, is the problem?

The problem is that vaccinations are a useful tool for providing us a better world to live in. Before inoculation was common, many horrible diseases ravaged the human population - children and adults alike. The practice of vaccinating children against many diseases has given us all much better health.

There is little doubt that, on the whole, the practice of vaccination has been a net positive - no matter how risky you believe it to be for each child.

However, any individual evaluating the risk of vaccinating their own child may well decide that it is safer not to get the vaccination. The reason for this is that if a large portion of the population is vaccinated, those few that choose not to receive inoculations are protected by the risk taken by others. With very few susceptible hosts, epidemics do not occur, and those who choose not to inoculate are given a free ride by those who do.

And it is not like a parent making this decision has ever seen an outbreak of the horrible childhood diseases that killed so many just a couple of generations ago - these things would seem to be artifacts of the past. Much the same way that those who complain about the unnatural chlorine and fluoride in there drinking water have never seen a cholera epidemic, those who fear the risks of vaccination have no first hand experience of a world without them. So it is quite understandable that many parents do not want to expose their own children to ANY risk that vaccination might hold - however slight.

This is a classic economic/game theory problem such as the tragedy of the commons or the prisoners dilemma. In problems of this nature, the rational course of best self interest, when taken by all (or some large portion) of the existing population, produces a worse overall average result than when people choose a personally sub optimal course of action that increases overall good.

Many such situations exist where some small sacrifice by all (or most) produces a greater gain for all. So then the question becomes - how do we make people do the right thing for the common good when it is not necessarily in their immediate best interest to do so?

If you believe in personal liberty, then you can not advocate the most common solution of having the government force people to do the right thing (and you are probably also skeptical that a government given the power to force people to do the right thing will magically always know what the right thing to do is, or that it will confine itself to just using such power for collective benefit.)

So what is the other option?

Well, it turns out that if everyone has perfect information, the market takes care of such problems all by itself. If everyone knows who has received vaccination and who has not, they are free to exact economic penalties against those they perceive as free riders. If your children are not vaccinated, some parents may not want their children to play with or go to school with your kids. They are free to (without using any physical force) react in any number of ways that will cost you and your children certain opportunities to profitably exchange value with them.

Shunning people who do not exhibit what you believe to be proper behavior is a powerful market tool for producing good solutions to such problems without the need for any use of force.

In a world with perfect information, you are free to defect from courses of behavior that produce greater overall benefit, but you will pay a fair market price for doing so - you will never be getting a free ride at the expense of others. If you believe that vaccinations are riskier than the average person believes them to be, then you may be willing to pay the additional price for not vaccinating your children - otherwise you will go ahead and take the small risk.

A properly informed market will do the best job of finding the right level of cooperation or defection concerning any rules of behavior that people would like to impose upon each other. But all of this only works at the expense of privacy. Unless everyone can know the truth of each other’s actions, they can not impose the proper penalties and bonuses for the specific actions they believe to be worthy of punishment or reward.

So it’s either freedom or privacy. If you want an efficient solution to these types of problems, you are forced to either diminish freedom by using force or to sacrifice privacy for greater shared information.

Because the solutions produced by a free market with the best possible information are likely to be better than those imposed by any central authority, I feel morally compelled to choose freedom over privacy.