[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ross's TCPA paper

cc: cryptography@wasabisystems.com, cypherpunks@lne.com,
Date: Tue, 25 Jun 2002 16:56:31 +0100
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>
Message-ID: <E17MsgB-0006to-00@wisbech.cl.cam.ac.uk>

I don't believe that the choice is both privacy and TCPA, or neither.

Essentially all privacy violations are abuses of authorised access by
insiders. Your employer's medical insurance scheme insists on a
waiver allowing them access to your records, which they then use for
promotion decisions. The fizx is fundamentally legislative: that sort
of behaviour is generally illegal in Europe, but tolerated in the USA.

There may be symmetry when we consider the problem as theoretical
computer scientists might, as an issue for abstract machines. This
symmetry breaks rapidly when the applications are seen in context. As
well as the legal aspects, there are also the economic aspects: most
security systems promote the interests of the people who pay for them
(surprise, surprise).

So I do not agree with the argument that we must allow DRM in order to
get privacy. Following that line brings us to a world in which we have
DRM, but where the privacy abuses persist just as before. There is
simply no realistic prospect of American health insurers or HMOs 
settling for one-time read-only access to your medical records, no
matter how well that gets implemented in Palladium

Ross


-- 
To unsubscribe, e-mail: debate-unsubscribe@lists.fitug.de
For additional commands, e-mail: debate-help@lists.fitug.de