BBC News : Congestion charges face legal challenge

Ian Jackson ijackson at chiark.greenend.org.uk
Mon, 15 Jul 2002 14:50:33 +0100 (BST) 

David Hansen writes ("Re: BBC News : Congestion charges face legal challenge"):
> [Computer] systems tend to be designed for the opposite of privacy
> [...]. Whether this is incompetence by the designers or part of a
> deliberate move is open to debate.

I think ignorance is a much easier explanation than malice in many
situations.[1] Most software engineers and system administrators have
much experience of not having enough data to diagnose (or refute!)
problem reports.  Anyone who has worked a lot with computers
processing their own routine data will have got into the habit of
copying and keeping things.  The data packrat mentality comes
naturally if the only perceived downside is the simple cost of
storage.

Part of this is the general truth that it's very rarely in your _own_
natural best interests to delete data that _you_ store and control.
If it turns out to be too bulky you can delete it later, and most
individuals have only small amounts of data (if any) that is
incriminating about themselves.  (Corporations are a different matter,
of course: they frequently have much self-incriminating data.  Hence
document destruction policies.)

It's difficult to see how the situation can be improved systematically
without a radically enhanced participation by data subjects in
software design and implementation, so that the engineers are more
effectively exposed to the privacy requirements.  Legal strictures can
help, but will be perceived as `getting in the way' and followed only
to the letter, as far as is necessary to get away with things.  The
real answer has to be to allow and encourage the designers and
implementors to internalise the appropriate privacy goals.

The association of the hacker movement with privacy has helped
somewhat here, I think, but only a small proportion of those building
modern large computer systems are `hacker types' - and the worst,
biggest, most centralised, systems, with the most potential for
privacy problems, are the ones which will probably have the smallest
number of hackers involved.

But perhaps I'm getting off topic.

Ian.

[1] I'm not discounting malice in the specification and design of
database and surveillance systems, spyware, and the like.  However,
flat-out evil systems are a minority; what I read David as talking
about are the majority of `ordinary' software and installations which
tend to keep much more data for much longer - and more accessibly -
than really ideal.