Privacy vs Secrecy, The Differences and The Importance of Access Control
Privacy vs Secrecy, The Differences and The Importance of Access Control
Introduction
Privacy and secrecy are not the same thing. Privacy is primarily about access control. In order for Steemit to be private the owner of an account must always be able to control who and what can access their sensitive information. When information is private it is not the intention that no one can ever access it, but more the intention is to apply a kind of deontic logic scheme which lays out the logic rule based permissions which determine who can access what, the circumstances, how they can access it, whether it's read only, whether it's shareable, etc.
What is secrecy?
Secrecy is an extreme form of privacy, in fact the most extreme form. While privacy can include secrets, the truth of the matter is that human beings for the most part are not good at keeping secrets. It requires an effort for a human being to keep a secret which could be calculated as the cost or burden of secrecy. The more important the secret is, the higher the psychological cost there is which goes into keeping it long term. The longer the secret has to be kept, the greater the burden on the secret keeper.
Classified information such as nuclear codes are kept secret but the cost of keeping the secret is often factored in. In many cases if something is secret, it's secret only for a specific amount of time, to protect the lives of individuals. For example law enforcement and people working for law enforcement are required to keep the identities of confidential informants a secret because if they don't do this the confidential informants could lose their lives. Journalists are required to keep their sources secret for the same reasons, because if their sources were to be leaked then their sources could be pursecuted, eliminated with prejudice, and so it is for ethical reasons that journalists take on the psychological burden of keeping these secrets.
Outside of the world of law enforcement and journalism, there are few reasons why anyone would want the burden of keeping secrets for long periods of time. Most people keep their bank account information a secret under the condition that they can always meet with their bank if they forget their pin number or lose their ATM card. The bank utilizes the same method as is common in any information security in that your confidentiality is based on something you are, something you have, and something you know.
The limitation of security in cryptospace is that there isn't a very strong identity component. If someone gets hacked they cannot prove themselves to the blockchain and reverse the theft even if the whole community knows they got hacked. In other instances, if the person simply lost access to their own private keys they cannot reset it by using their personal identity combined with some other mechanisms like they can with the bank. This puts an unreasonable burden on the individual to keep private keys a secret, and the cost of doing this quickly could outweigh the amount of money they actually have in their digital wallets. It should be no surprise that most people want to outsource this function but perhaps we can have greater convenience with enhanced security?
What is privacy?
Privacy is distinct from secrecy. Private information is sensitive based on context and based on the relationship you have with the other co-owner of the information. For example, sexual relations can be considered privacy because there are multiple parties involved and they may not want the details to be known to the public. This is private based on proximity and access control. Information which is kept secret may not be secret for any ethical reasons, or to protect anyone, but merely to give an advantage to an individual. So in essence, privacy and secrecy are both forms of access control but privacy is considered justifiable and ethical while secrecy might be for sake of a political plot. Privacy is required for security, secrecy is not.
The problems associated with total anonymity
Total anonymity without disaster recovery is a big problem. It's a problem because in the case of a theft you would have no way to prove you ever owned what was stolen. It's a problem because the owner would be whomever owns the private key that day and this is not very secure. Pseudo-anonymity is better than total anonymity because in this case reputation comes in and a person who has a good reputation in the community would have a non-transferrable currency of a short which could give more weight to their words when they say they got hacked or lost their private keys. In this case if the ledger is not immutable then the ownership could simply be transferred from one account to another account as long as the community can be certain that it's the same human being behind both accounts.
When you have total secrecy you lose the ability to recover, you lose the ability to have reputation when you have total anonymity, and when there is secrecy there can be conspiracies, plots, etc.
What is the ideal form of privacy on Steemit?
This is an open question. We know what secrecy is, and why it is important in a certain context. Certain people in certain professions require secrecy to protect life and liberty. At the same time secrecy can be abused to violate property rights from the original owners as a pseudo-loophole for supporting theft. So the question is what is the ideal form of privacy?
Steemit can benefit from privacy in the form of hidden amounts per reward payout, in the form of stealth balances in wallets, in the form of pseudo-anonymity where reputation can be passed from one account to another. But at the same time disaster recovery must not be sacrificed for increased secrecy. If a person loses access to their account and if through technical means we can restore access then we should if we can use KYC like procedures to confirm their unique human identity. If confidentiality is something you know, something you have, and something you are, then in my opinion Steemit should use all of these methods, including more advanced methods such as people who know you and who you know (web of trust), and hidden metrics about who you are which aren't known in public but which can be used by a selected recovery party in the case of a disaster. Finally, it might be a good idea to have some kind of insurance mechanism built into Steemit which people simply buy into with Steem Dollars.
Steemit account recovery insurance?
In the case where a private key is lost by the original owner and or the password is lost, the owner should be able to pay into a recovery fund so that in the situation where they lose control of their account, the fee is paid to recover the loss if the community defined arbitration mechanism concludes they did lose it. For example to prevent abuse it might be necessary to limit account recovery insurance to being a one time deal where you get one time per individual to rely on it.
Pool owned accounts and other features?
There may be additional features yet to be thought of but why not have the discussion now? How can we optimize for privacy without sacrificing disaster recovery / property ownership?
References
Grubman, J. (n.d.). Privacy and Secrecy. Secrets and Democracy. doi:10.1057/9781137313010.0007
Grubman, J. (n.d.). Privacy vs Secrecy. Retrieved August 03, 2016, from http://www.jamesgrubman.com/sites/default/files/Privacy-v-Secrecy.pdf
Privacy in my terms of personal information rather than sensitive information. Public information should not be private or secret. It is hard to define the word privacy when somethings are sort of considered private, yet they can be made public.
I am looking at this subject from a legal perspective. Of course, your definition of privacy is relevant to the crypto world. Sensitive information does not necessary include private stuff. Sometimes your hobbies may be considered private. I believe this post is in relation to passwords.
#girlpower
What counts as public information and how does it become owned by the public? Are you talking about information which no one is claiming or able to claim as being somehow able to effect their life? My definition is more about the ethics of it, if the information could negatively effect someone's life and they don't want the public to know then it's private. It's private and important to remain private because it effects someone personally and to release that information would violate them personally.
From a corporate point of view, it's bad for the reputation of a company to violate the trust of the customer. So when you consider the amount of damage certain information could cause if released to the public then it is fairly easy to see the value of privacy. In some situations it could be political views, because we know in certain parts of the world people who have the wrong views can be killed or harmed. When information is intentionally released to harm people personally, or to terrorize or influence behaviors, this could be considered information warfare. While information warfare does take place, it's a sign of insecurity.
Any information that is made public, whether it is published in the public forum (internet, public space, published in news paper for general consumer...etc.) is considered public information. I am not sure if the "public" owns it, since information in say a legal proceeding is public at one moment could be under seal and all that information was accessible is now not public. I am not sure if anyone owns the public.
I am saying that information that is considered private, say like my favorite vice (which may or may not be morally or ethically wrong). For sake of example, my let's say my vice is eating ice-cream. I would not want anyone to know this even if it doesn't have any effect on my life.
I totally understand your perspective. Information that is private does not necessarily have to affect one's life from a negative or ethically way. I am saying that there is information that does not affect anything and is still considered private and should be for reason of privacy.
The reason I make this distinction is important, because whether it should affect us negatively or not is irrelevant to the protections of privacy. As the Courts in the United States have said, what one does in the privacy of his/her home is in of itself their business and no one else (I'm paraphrasing, sort of ). If private information is only considered private for sake of protecting one from negative effects, then that would be a pretty strong argument for the government to infringe on that privacy.
I don't know if hiding author rewards is possible, or even desirable (?). Perhaps the money should be moved to something like non-author accounts with secret balances, so if one wants to remain anonymous as an author, he can write, get paid, his rewards will be public, but then the trail of money will be lost after he transfers his money to the non-author account that has secret-balance properties...
I don't know enough about the back-end system used right now, I'm just throwing ideas that could circumvent the problem (which in our case is that it is desirable by the platform programmers for the rewards to be transparent - and by extension for the authors to be paid transparently)
It's possible. But it's complicated to explain and implement.
I think a very important step for privacy is also security. I made a blog post earlier calling for Two Factor Authentication which would add a much needed layer of security to user accounts. If people's account can't get hacked, securing one's privacy becomes much easier. Great post by the way!
2FA has been a life saver for me more than once...
Yes, I'd say a 2-factor authentication would be a way more important step to work on.
I like this idea, the cost should also not be an incredibly high amount to recover your account. You say
I would maybe suggest a time line rather such as once a year, as these things can happen more than once. Or a loyalty system, you start at a 100 and when you recover it it takes you down to 0, and you then need to work your way back up by being active, posting, curating (the usual) before you would be able to do it again to stop abuse.
:)
@dana-edwards If your idea is reached t for it goes
I have nothing to hide so... let's walk naked on the street, let's put a glass door in my bathroom and let's shout "I love Justin Bieber!!"
Now you... you have nothing to hide.. right?
Hide from who? Almost everyone has something to hide from someone, few people have something to hide from everyone.
Hi Dana! Very interesting article, I totally support!
I'm used to, that everyone is responsible for their ownership in the cryptoworld.
The best way to achieve your goals and be successful is to keep them secret. Telling others about a goal makes you less likely to accomplish it.
How'd you ensure the key/password is really lost?
Wouldn't be the first time "reputation" isn't a very valid argument when it comes to big amounts of money.
And where should the funds come from, other than the sum of minor fees paid? It'd only take one "whale" losing his key/pw and the insurance pool would be basically stripped naked...
There's a Bitcoin-startup that is trying something similar, though. Might be worth watching and how they plan to deal with such issues.
https://bitcoinmagazine.com/articles/teambrella-wants-to-revolutionize-insurance-coverage-with-peer-to-peer-bitcoin-payments-1459521851
Thanks for the post and the work put in so far!