RMS has an article in the Guardian that discusses the safety of your on-line data. With the recent exposure of Facebook surveillance practices and their consequences, reporters have been asking him if he thinks it could be a turning point in the battle to regain some of our privacy. He has an interesting proposal that he says would help accomplish that.
That proposal boils down to not collecting data unless it’s really needed for the application. The emphasis on “really” is to prevent the inevitable cheating that would otherwise occur to gather too much information. RMS gives the example of London’s oyster cards, which are used to pay for trips on London’s trains and buses. Those cards link the user with the trips that they take. But as RMS points out, there’s no real need to collect the user’s identity. The cards are simply a convenient proxy for cash that make using the transportation system a bit more seamless.
The authorities counter that by linking the information, they allow the user to review a list of past trips but that is not an essential part of the application—which is providing a convenient way of paying for transportation—and therefore the information should not be collected.
I like the idea but it’s hard to see how it could be effectively enforced. The data collectors will simply declare that, for example, providing a list of past trips is an essential part of the service so they need to collect the data. It’s possible that Europe will move in that direction but, sadly, I see little chance of that happening in the US. Maybe after a few more Facebook-like debacles.