Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
Dan Geer is a renowned security expert who says that the EU ruling on the Right to be Forgotten does not provide people with sufficient privacy protections. He explained why at this year’s Black Hat conference. He agrees that people have the right to ask for old and irrelevant information to be removed from Google SERPs. But he says that the ruling alone does not make for good privacy protection.
Privacy Protection is Digital Rights Management
Geer agrees that people have the right t be forgotten despite strong opposition. There are many privacy advocates who also advocate press freedoms. They say that having search results removed is a violation of that right to free speech. But Geer says that the ruling on the Right to be Forgotten is actually not strong enough in his view. As is, it cannot afford people proper privacy protection.
As the chief information security officer at the venture capital arm of the CIA, Geer knows a lot about privacy protection. And he says that having the right to have articles that contain incorrect or outdated information equates to very weak privacy protection. His point is that once we lose the chance to be forgotten, we lose the right to change. People can remake themselves when they decide that they need to change. This is one of the best things about being human. But if we have all this information filed away about us, this is no longer possible.
It’s a question of digital rights management. And Geer says we should not give up the ability to remake ourselves because of a dated public image. We should not give up the right to change because the Internet wants to never forget. A complete history of our mistakes, even the ones we’ve since corrected, can thwart even the most earnest attempts to be better. Furthermore, this digital identity is an incorrect one because it is a patchwork quilt that shows patterns that have long since shifted. And Geer points out that if he wanted to show himself in a different light, this should also be possible. It is a right and it should not be taken away because some people want to make the Internet their own personal surveillance tool.
EU Ruling Not Good Enough for Privacy Protection
Geer applauds the Right to be Forgotten as a good step towards better online privacy protection. But he says that it is a baby step. Governments and companies have long exercised the right to be forgotten. Geer gave the example of witness protection to the audience at Black Hat. He also talked about companies that hide links to inner pages of websites, governments that filter other online content by blocking page indexing by search engines. It is essentially the same thing as asking Google to remove a link. There is no reason why companies and governments should claim the right exclusively for themselves. For now, the EU has their ruling, and they are working on getting the idea of privacy protection through the right to be forgotten firmly rooted in the minds of regulators. They believe in the right as much as Geer does, and in the need for the right to be integral to data protection and privacy protection.