Privacy: the new global warming?

Privacy is an interesting meme. Like the weather, it’s something that everyone likes to talk about but few actually do anything about it. Maybe, like the weather, that’s slowly changing.

A few things have hit my radar recently:

  • In today’s NYT, an article about promoting a privacy “switch” in the war for search engine queries.
  • When Facebook announced its advertising program, the headline of the most influential French newspaper Le Monde went something like “Facebook sells customer data” (I’d link to it, but the archives are behind a pay wall, and I can’t find the specific story I’m remembering).
  • Lauren Weinstein talks about how http is losing value over https as ISPs start to modify the content of responses, violating the spec I’m sure.

I’ve been thinking more than usual about privacy since taking on the Mozilla job, in part because even though Mozilla is clearly very “pro-web”, it’s also “pro-privacy”. While webmail provides amazing flexibility to users, it’s not without issues. The privacy issues, in particular, are likely to be ignored by most users until it’s too late. Note that I don’t expect users to care, and I think it’s unreasonable to do so. I do expect organizations, companies, governments, and the odd activists to care. The question, then, becomes whether we can change global behaviors faster than we were able to in the environmental arena.

There are interesting analogies. The largest users of email (large ISPs) are also those with the most to gain from things like contextual advertising, and would have the largest costs if things like encrypted emails became standard.

Some government agencies are leaders in the space of consumer data protection (I hear about scandinavian countries in particular, but I suspect it’s broader than that), while others are fighting against cryptography because terrorists might use it. Like green technologies, coming up with a communications infrastructure which is vibrant, extensible, and secure, is a huge technical challenge.

I can imagine online privacy equivalents of carpooling lanes, smokestacks, big lobbies, and Kyoto. Maybe Thunderbird should be the hybrid car?


  1. Turning email into a secure medium is a challenge. Unfortunately, too much of email was done before it was thought of.

    Historically, the two main efforts have failed: OpenPGP and S/MIME. The easiest way to explain the former failure is that Thunderbird doesn’t ship with OpenPGP in it 🙂 Explaining the latter failure is harder, but it is basically to do with the mistaken presumption that identity had something to do with privacy and/or cryptography, leading to improbability in getting it working for the masses.

    The alternate to both of the above is what we call “opportunistic cryptography.” It means that the software arranges things to do as much as it can, without bothering the user. There is only one mode, and it is secure. SSH and Skype are notable champions of this approach.

    To turn email to opportunistic cryptography requires a bit of dancing because of the requirement to maintain compatibility with infrastructure and non-crypto email. But it can be done, or we can get a whole lot further:

    1. opportunistically create a self-signed key pair on account setup. Allow replacement with an other-party-signed key.
    2. advertise the public key in headers or attachment.
    3. cache the keys you receive.
    4. start opportunistically encrypting…

    Obviously, lots of details to work out. It would make for a fun project for a final year student?

    Disclosure: I audit a CA .. conflict of interest is left as exercise for the reader 🙂


  2. I can’t think anything better than this:

    On first start, after filling account details, Thunderbird downloads automatically certificate for account name and e-mail address.

    Next step is that it should be set to sign every sent message. Doesn’t hurt and may be useful.

    Then it should collect signature key from each message that it has received.

    Finally, it should auto-encrypt every sent message whenever possible (whenever he received key from the sender).

    If practiced like this, Thunderbird users would communicate privately among themselves and with the rest of they would stay at least compatible, and with some people from the rest of the world even in encrypted communication.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s