- Category: August 2013 - Data Protection & Security
Discussions on privacy or surveillance on the Internet are hotly debated these days, often thumping the right to remain anonymous. Just look at the recent disclosures by Edward Snowden that triggered the whole NSA dilemma and confronted people with the new reality of surveillance by states quite plainly.
Today, the term anonymity is used interchangeably with the term privacy a lot, which correct in many ways regarding the Internet. But only anonymity provides protection in cyberspace from the profile-building data recording that gets processed and can be associated with an identity - without knowing who is collecting, or being able to influence who has access to such collected data.
Unfortunately, any online activity leaves a data track, which can be attributed to an identity, unless measures are taken to conceal this identity. With the ability not only to process these traces, but to save them without limitation, extensive action profiles can be created at various points. The consequence is the total loss of privacy when every action is perceived and stored. Thus, for the advocates of anonymity, making identification impossible is the only way to preserve privacy, making anonymity synonymous with privacy.
The data collecting mania of some companies or state institutions, which is due to slack data protection laws and which is even legitimate in many countries, seems to confirm the advocates’ call for right to anonymity. The opponents of anonymous use of the Internet, however, consistently preach that such a radical policy that allows full anonymity would actually only act as culprit protection: Those who have nothing to hide have nothing to fear.
In any case, monitoring of network activities is always useful to detect criminal offenses, disregarding that the breach of privacy an acceptable evil is for the most part.
Anonymity is a concern for the integrity of the Internet, probably making a ban for anonymizing technologies necessary earlier or later. Appropriate software allows the user to remain truly anonymous in the digital space, so that crimes never get revealed. If there was unauthorized access to a server or service, there is no chance to find the culprit.
The permanent monitoring of all activity on the Internet, as it is for instance arranged for the EU data retention directive, complies with a total surveillance, complete loss of privacy, and is therefore incompatible with constitutional fundamentals. If such surveillance combines the vision of ubiquitous computing and includes all telecommunications services, it creates a total surveillance state.
Apart from the possibility to establish permanent monitoring, there is a good reason for pervasive data storage: Computer systems are not foolproof. Cases of data theft emerge on a regular basis, such as credit card numbers or social security numbers. In a nutshell, the more data is recorded, the more potential targets there are. Or in other words: when no data is stored, it cannot fall into the wrong hands.
However, the use of information and communications technology (ICT) should not equal a total surveillance. Instead, the users of these technologies have to be confident that their right to privacy is maintained. But at the same time it must be ensured that this is not synonymous with absolute anonymity, which is used as a cover for crime.
The integration of social plug-ins into a site, for instance, is legally still a gray area. If users log-in via the buttons of social networks to register or to share content, an opaque authentication process is set in motion. For the user, it is not clear for what purpose which data is exchanged between the network and the website. But fortunately, this privacy issue will slowly come to an end, too.
Privacy-compliant social media integration
If a user is logging-in at an online store, for example, with his/her Facebook, Twitter or LinkedIn profile, to register or to share content, the site usually gets a large packet of data with the authentication process. Besides information such as name, email and friends list, all the information that the user has provided to the network "public domain" are usually transmitted, too. The user can neither see nor influence what information gets transferred accurately. This "all-or-nothing" principle is repealed by the data protection concept of "Privacy by Default".
The authentication process via social media profiles is extended to the user with two additional steps: When a user clicks on a social button, a window appears with privacy policies, stating for what reason the data is used from the integrated plug-ins on the site. After logging in, the user will be shown a selection mask for file sharing. Here, he/she can determine whether individual profile information such as birthday, interests or activities should be transferred from the network to the site itself, preserving that way the right to informational self-determination. The user, however, can make use of his right of withdrawal at any time.
At least another step towards a culture of security seems to be made!
By Daniela La Marca