sam lessin's presentation on privacy at Ignite NYC in September 2008

1. a very brief history of privacy
in our data deluged world,
Sam Lessin @ drop.io

2. Voice Over (1/2):
1. hi, my name is sam lessin, and I am going to be speaking a bit about digital privacy - something i spend most of my days working
on in one way or another
2. for starters, what is privacy. people pre-pend the word in phrases like private thoughts, a private journal, private bedroom
exploits, or private plans to take over the world - but there are precious few good definitions of what the term actually means
3. The best way to describe privacy is as the limited transmission of information over time and/or between people. It is about moving
information from a trusted point A to a trusted point B without exposure.
4. why do we care about privacy? isn't it dead? -- we care because in all sorts of scenarios the value of information is inversely
related to how public it is. from corporate secrets, to gambling and the stock market, to even personal intimacy
5. fundamentally you are only as private as your weakest communicative link. the model for a private exchange is a one to one
discussion in the middle of nowhere. Output directly to Input. But the reality is that as we have made communication more efficient
we tend to rely on more intermediaries to communicate.
6. as with many things, one of the most interesting testing grounds for privacy is WAR. during war private information is extremely
valuable to all sides.... and you frequently have to use untrustworthy links in the communicative chain. The solution that evolved
quickly was 'security'
7. all security is breakable - it functions by changing the cost structure of information. You pay a cost to secure
your information(which is less expensive than the info transmitted is valuable)... the key is to make it expensive enough for the
enemy to break your security that it isn't worth it.
8. the reality is that outside of war, until very very recently most information was harmless/ mostly valueless on a mass scale- so
people were not very concerned about privacy. There simply was little to 'steal' from you information wise, so you didn't have to incur
much cost to protect your information.
9. three little familiar concepts, however, changed all that. the cost of and therefore volume of communication, information storage,
and compute power have changed the equation by making useless data useful and by making privacy measures much more expensive
on a relative basis.
10. these cost changes have drastically changed the amount of communication, the amount of communication that is saved, and the
ability to access that information. this is a HUGE deal

3. Voice Over (2/2):
11. people have been freaking out about this for a long time. Max Weber wrote about all these concepts and their impact
with regards to 'bureaucracy' and people have been updating the concepts all the way through Foucault's Power-Knowledge
in quot;Discipline and Punishquot;
12. interestingly, all this information and organization did allow for a new mechanism of non-secure 'privacy'. Simply trust
your privacy to them and the law. it is a felony to open mail
13. this worked relatively well, because even up through very recent history, little information was valuable and few people
were in a position to break trust.
14. Internet changes all that - all of a sudden lots of information was valuable at scale, and lots of people could touch it
15. institutions break down - laws don't work if you can't enforce them -- and with data flowing beyond boards and no
transparency into who has what = no enforcement
16. go military style? doesn't work - because security only works on cost differentials. Security isn't getting cheaper
faster than breaking security, information is getting more valuable for the bad guys and the good guys.
17. in fact, we are worse off than military information - value of which is very perishable - our data lasts forever - so if you
can't break today break tomorrow
18. this really really sucks for your kids - because 'public key' security is going to crumble with quantum computing - so
traditional security will melt.
19. so what should we do - future of privacy is about unwinding - decentralize, de-tag, destroy... you are also going to end
up with less 'privacy' - which is good, because you can sell your privacy for great stuff online
20. recap -

4. WTF is privacy?

5. the limited transmission of info…
between people
over time

6. So What?

7. Only as private as your least
trusted link…
IO
I(OI)O
I(OI)(OI)(OI)(OI)O
I(OI)(OI)(OI)(OI)(OI)(OI)(OI)(OI)O
I(OI)(OI)(OI)(OI) (OI)(OI)(OI)(OI)(OI)(OI)(OI)(OI)O

8. OH CRAP, better use a code

9. Vi(1) – Cs(1) Vi(2) – Cs(2)
>
Security is based on
Relative Values and Relative Costs

10. Ye’ old info = “mostly harmless”

11. Communication
Storage
Compute

12. All of Human History
volume
Network
Internet Cuil
Computer
Telephone Googlie
Morse code
Dog Pile
Modern Bureaucracy
LOC
type writer
Widner
Calculus
Printing Press Dewey Decimal
Counting Writing Vatican
Language
Crazy Monks
Alexandria
~years

13. Freaking out, moderate old school

14. OH CRAP (new school peacetime)

15. OH CRAP (1980s peacetime)

16. …then the intertubes
value of your crap
all your crap is
valuable*!
~years

17. Institutions can’t save you
I(OI)(OI)(OI)(OI)(OI)(OI)(OI)(OI)O
?

18. go military style? = fail
Vi(1) – Cs(1) Vi(2) – Cs(2)
>

19. Suckers

20. really sucks for your kids…

21. Future History: Back to Black
1. decentralize
2. de-tag
3. destroy
4. (give up)

22. DON’T PANIC, just be conscious
1. Privacy = limited transmission of info
2. Security = method for maintaining
privacy across un-trusted IO
3. Digital makes worthless crap valuable
4. Chill out, tread lightly
http: //drop.io/swl
twitter @lessin