Tuesday, October 09, 2007

Ontario's privacy commissioner to geeks: design for privacy!



Here's a one-hour video of a magnificent lecture from Canada's Ontario's Information and Privacy Commissioner, Dr Ann Cavoukian, to the University of Waterloo's Computer Science Club. The talk is called "Privacy by Design," and it charges technologists to build tools that minimize the collection and retention of personally identifying information, and to consider a complete, end-to-end, comprehensive framework for protecting user privacy. As Mitch Kapor said when he founded EFF, "architecture is politics" -- when you design tools that have wiretappable elements, you invite wiretapping. When you design tools that retain user data, you invite identity thieves and overreaching subpoenas.

Cavoukian argues that privacy and security are not zero-sum, that privacy is just as important in the "post-9/11 world" as it was before, and that you don't need to give up one to get the other. She addresses specific privacy-protection computer science techniques, and cites Kim Cameron's wonderful Seven Laws of Identity (I wish Kim would approach trusted computing with the same skepticism that he brought to identity issues, but that doesn't take away from his excellent work there).

There's something incredibly refreshing about hearing a high-ranking government official say things like, "Privacy is integral to freedom. You cannot have a free and democratic society without privacy. When a state morphs from a democracy into a totalitarian regime, the first thread to unravel is privacy." Link (via /.)