A year ago, in some jest, I announced a new law (as in “of physics”) on the TechLiberationFront blog. “Harper’s Law” states, “The security and privacy risks increase proportionally to the square of the number of users of the data.” This rule generalizes to all information in digital form, and the suspected release of nuclear plans to the A.Q. Khan nuclear smuggling ring illustrates this well.
It is very difficult to control digital information - on any subject and in any context. It’s like a volatile gas: once it escapes whatever container or capsule you may have enclosed it in, you’re not getting it back. (Well, you’ll still have it but you won’t be able to deprive others from having it.) Nuclear plans, bomb-making plans, and the like will be very hard to contain, and relying on control of this kind of information for national or homeland security will be an unreliable protection.
Likewise, a poor way to protect privacy is to rely on rules about how information is used after it has been collected. If you really want privacy, you must never reveal the information you want to keep private. I’ve written a couple of times where various public officials have sought to redefine privacy so that it is consistent with their having access to personal information. Can’t be done.
In close relation are the large, personal-information-intensive programs that the federal government has been trying to develop. For example, our national ID law, the REAL ID Act, would put sensitive personal information and scanned identity documents into nationally accessible databases. Yet identity security requires keeping much of this information from being public. You can’t have both.
E-Verify would use names paired with Social Security Numbers as identifiers in a national immigration background check system, yet it would rely on the inaccessibility of this information to the public for security against fraud. Can’t happen. (DHS is seeking access to Americans’ driver’s license and passport pictures, hoping to shore up this weakness, but watch for all the new problems that emerge when digital copies of the photographs on our identity documents escape into the wild.)
Harper’s Law extends to other issue areas as well, like copyright. It is very hard for copyrights in popular content to be enforced, and it will get harder. Artists and the entertainment industry are in a real bind trying to control access to information that they must also widely distribute. See Cato Unbound’s “Future of Copyright” discussion, going on now, for more interesting thinking in this area.
There you have it: advanced nuclear plans, databases of personal information, and copyright law are all peas in a pod to me.