Privacy Economics

Privacy is good. Perfect privacy is really hard, probably unachievable. Its not a binary thing, but a big dial we can turn up or down. So obviously, we should be turning it up.

The economics

Its like this. If theres data flowing over the Net that the intelligence community can scoop up for free, they will, and theyll store it forever. Criminals and stalkers will scoop too, looking for credit-card numbers and home addresses and so on.

But the Internet volume is so high that if it processing a conversation takes any non-zero investment of effort or money, then spooks and crooks wont bother (unless youre a real target); nobody can afford X multiplied by billions/day, no matter how small X is.

Thus every time you turn the privacy dial up, even just a little, you make certain classes of surveillance and of crime uneconomic. This is a good thing.

The perfect and the good

There are people out there who want more: Theyre not sure HTTPS is good enough (it is), they think your private key should be locked away in specialized hardware (it shouldnt), and they think Tor and Tails are appropriate for everyday Net use (theyre not).

The problem is twofold: First, the level of privacy the purists want is really complicated, irritating and inconvenient. But we dont want to give people the impression that basic privacy is hard, because then they just wont bother.

The other half is that what purists propose wont work. If democratic-government employees seriously think youre planning to blow up infrastructure, or are smuggling Uzis to narcos, theyre gonna bypass all the encryption and just put a microphone in a camera in the places where you work. If the Chinese government thinks you might be about to expose official theft, or remind people of June 1989, theyll take similarly extreme measures. I dunno, maybe Jason Bourne and George Smiley know tricks to hide in plain sight, but you and I are going to have to settle for ordinary strong privacy or maybe even common privacy.

Tor makes all sorts of sense if you occasionally need to purchase something illegal, or youre a journalist in Thailand working on an exposé concerning the royal family; and you can imagine other scenarios. But if you want to stop the vast majority of daily-life surveillance, just do something so its not free any more.

Mechanics

Its worth checking out Opportunistic Security: some protection most of the time, a draft being kicked around in the IETF, which I predict will gain consensus and become policy.

The idea is simple: Sometimes when you make a Net connection that begins with http:, the infrastructure could go ahead and encrypt it for you anyhow. Of course, a real https: connection not only does the encryption but tries to prove who youre talking to, thus making it really hard for someone to read (and maybe change) the messages between you and your bank.

But really, who cares? Given basic modern cryptography, man-in-the-middle attacks require active subversion of the infrastructure, possible but tricky and time-consuming. Which means: It Just. Wont. Happen. At scale anyhow, against ordinary people doing ordinary things using reasonably modern technology.

The purists are predictably against this, saying itll discourage the use of real privacy tech, give a false sense of security, and so on. And yeah, real https: is better and you should be doing it anyhow.

But opportunistic privacy is better than none. A strong password is better than a weak one. A password manager is better than your memory. A second factor is better than just a password. An encrypted disk is better than than a wide-open one. None of these things buy you anything absolute. But every time the dial turns, certain bad things stop happening, and the world becomes a better place.