![Page 1: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/1.jpg)
Paying for Privacy:Consumers &
Infrastructures
Adam Shostack
Presented at 2nd Workshop on Security and Economics
Maryland, May 2003
![Page 2: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/2.jpg)
Privacy: Two Intertwined Views Consumers and Privacy
What consumers want Identity Infrastructures
What governments want What we all get
![Page 3: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/3.jpg)
Does Privacy Matter to People? Polls say that it does Media reports pay it huge attention People seem to care quite deeply
![Page 4: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/4.jpg)
They don’t act that way Tell strangers all sorts of things Don’t object to intrusive searches Trade DNA for a Big Mac Don’t buy privacy products in great bulk Author worked for Zero-Knowledge for
three years Still in business, not ruling the world.
“People won’t pay for privacy”
![Page 5: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/5.jpg)
People Won’t Pay for Privacy Wrong Conclusion People won’t pay for things they don’t
understand: The problem a product solves The way it solves it
Freedom Network had both those issues People were amazingly excited by the idea
![Page 6: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/6.jpg)
Quick Review Freedom Net Zero Knowledge’s Anonymous IP net
Real time Email, web, chat No single trust point Very expensive to operate (ZKS paid)
No longer in operation
![Page 7: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/7.jpg)
What is Privacy?
Confusing!
![Page 8: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/8.jpg)
Privacy means too much The word has too many meanings People use it sloppily The result is confusion over what
people want and will pay for Privacy from the perspective of buyers
Important to answering the question “Will people pay?”
![Page 9: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/9.jpg)
Privacy is Many Things Spam, telemarketers ID theft, CC theft Cookies Total Information Awareness CAPPS II Do Not Call lists Abortion
Unobservability Untracability Cryptography Blinding
Gut feelings Curtains & Venetian Blinds Unlisted Phone #s Swiss bank accounts
Right to be left alone Fair Information Practices
and Data Protection Laws Informational self-
determination “Lie and get away with it”
![Page 10: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/10.jpg)
Broad Set of “Privacy Tools” That Sell
Cash and banks Athenian banks and taxation (See Edward Cohen, Athenian Economy and Society, A
Banking Perspective, Princeton University Press, 1992)
Remailers Novelty ID/2nd Passports Curtains Anti-spyware
![Page 11: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/11.jpg)
Tools Don’t Address All Problems
Maybe the law can help? Almost all built on Fair Information
Practices Tradeoff between
“You must give us this data” “We’ll treat it fairly” Mandatory tradeoff (one size fits all)
![Page 12: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/12.jpg)
Is Pollution a Good Analogy? Balancing Diverse Interests
Production, health, transaction costs Different levels of tolerance for, utility from
production and health Clean air markets exist now
Consumers marginally involved
![Page 13: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/13.jpg)
Externalities A situation in which someone’s well-
being is affected by another’s action, and they have no control of, or involvement in that action
Pollution is a classic example
![Page 14: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/14.jpg)
Looking at the Externality Storage of data creates privacy hazard (Computer security stinks) Users can’t insure privacy
Hard to measure value Hard to measure risk Risk is a likelihood of a hazard leading to damage ID Theft insurance available
May lead to tort claims
![Page 15: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/15.jpg)
Risk & Externality Business are not motivated to protect
data as well as the individual who will be hurt by its release
e.g., AIDS patient lists Many people not comfortable with this
tradeoff “Privacy Extremists”
![Page 16: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/16.jpg)
Both Sides Are Rational Business needs certain data to function Customer doesn’t trust the business Lets not even talk about secondary
uses or default states
![Page 17: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/17.jpg)
Both Sides Are Emotional People are tired of privacy invasions
Ask the travel business about CAPPS II Businesses are tired of privacy
complaints Ask your HR person for privacy problem
stories…but only over beer.
![Page 18: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/18.jpg)
Zero-Knowledge Analysis It didn’t do well in the market What can we learn from this? NOT: “People won’t pay for privacy” Service didn’t meet a meaningful threat
that the users cared about
![Page 19: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/19.jpg)
Overview
Consumers and Privacy Identity and Infrastructure, or
We’re from the government and we’re here to help someone pretend to be you.
![Page 20: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/20.jpg)
Identity What’s in a name? A rose by any other
name would smell as sweet… But try getting a new ID for Ms. Capulet Common law
Use any name you want as long as your intent is not to deceive or defraud
![Page 21: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/21.jpg)
Modern State Welfare systems Immigration problems Require an identity infrastructure
Unique identifiers Some biometrics
![Page 22: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/22.jpg)
Identity Infrastructures Hard to build without coercion
Diffuse benefits to me of an ID card See Public Key Infrastructure (PKI) “industry”
Businesses can use At least in USA US SSN, no restrictions Dutch passports, illegal to copy German ID cards, # changes every 5 years
![Page 23: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/23.jpg)
Risk Assignment Easy to demand ID
Everyone has one Hard not to demand ID
If problem, need to justify Hard to check ID carefully
Expensive Excludes customers whose money you want
![Page 24: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/24.jpg)
Fake IDs Market driven by ease of demand,
problems with checking Drinking laws Employment/Immigration laws
![Page 25: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/25.jpg)
Banks and ID Risk Banks check ID to issue mortgage
Rather than meet in the property Reasonable cost/risk tradeoff (for the bank)
Banks don’t check ID to issue credit cards Consumer credit is useful Reasonable cost/risk tradeoff (for the bank)
Rising costs of ID theft
![Page 26: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/26.jpg)
High security ID cards Reduce forgery Increase value of issuance fraud Ignore privacy problems
![Page 27: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/27.jpg)
Forbid non-gov use Aggressive solution Requires explicit cost/benefit analysis Bars hire police to check IDs?
“Society pays” for benefits of stopping underage drinking (or)
Tax bars so drinkers pay
![Page 28: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/28.jpg)
Air Travel Security TSA could check ID Other measures more effective?
Cockpit doors/tunnels Air Marshals?
Focus on threat, not ID checking ID checking seems free Imposes societal privacy cost as ID
becomes mandatory
![Page 29: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/29.jpg)
Hard to Forbid ID use US Legal traditions
Free speech Free association Free to demand ID
Classify ID cards? Exemption for card holder Requires government agencies to treat data
carefully Prevents others from using it
![Page 30: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/30.jpg)
Hard to Forbid ID use (2) Liability for storing information
insecurely Hard for consumer to find where problem
happened Liability for government decision
makers? Tax on ID requirement to discourage?
![Page 31: Paying for Privacy: Consumers & Infrastructures Adam Shostack adam@informedsecurity.com Presented at 2nd Workshop on Security and Economics Maryland, May](https://reader036.vdocuments.net/reader036/viewer/2022070306/55167d9a550346a25b8b4763/html5/thumbnails/31.jpg)
Conclusions ID theft as risk distribution Free riding Inappropriate distribution of risk Possible solutions More work could be interesting