| Abstract |
Many ICT-security problems are closely related to the to the notion of privacy. This, in turn, is closely related to our notion of identity. Very often researchers try to solve privacy problems without having a (solid) concept of identity. In this talk I will try to fill this gap. In the social sciences there is a lot of work done around the concept of identity. A very powerful approach is that of 'cultural identity'. This approach says somebodies identity is not a property of somebody but a process of positioning inside a relation with somebody. So an identity is dynamic and always bound to a relation. Privacy can then be understood as the ability to influence your identity by controlling the information the other has about you. How you play this game largely depends on the expectations you have from the other and thus is different from relation to relation. Violating somebodies privacy is done by creating false expectations, for example false expectations of respect for a certain identity or a false expectation of secrecy. To understand the privacy challenges the digitalization of our society poses, there are three types of relationships especially interesting. First there are relations like the ones of an ISP or an search-engine with their customers. Their customers expect them to be as invisible as possible, expect them to be just an enabler of communication with others. At the same time technology enables them more and more to take an active role, while commercial and legal demands might force them to do so. This double position makes them very vulnerable to public outrage and asks for careful operation. The second type of special relationships are the forced relations, for example because the partner is an legal authority or has an monopoly. From such organizations we expect care in the relation with us because we can't get a rid of the relation. This translates to demands like not using the information provided for other purposes and keeping secrecy. These organizations always had a lot of trust to loose, but the digitalization of society provides these organizations with an increasing amount of information they might violate. The last type of special relationship, is the panopticon-relation. Here an organization puts people under surveillance and incorporates a system of rewards and punishments in order to 'teach' them certain behaviour. We accept to a certain level panopticons: think for example about schools and the enforcing of traffic traffic regulations. Before the digitalization of our society, the surveillance was the most expensive part of an panopticon. This is changing recently: the surveillance comes almost for free. Whether this results in a panopticon depends only on the presence of rewards and punishment. So it becomes more and more attractive for organizations to protect their interests by creating panopticons.
|
top
