Jon Callas on privacy in the modern age
by Mirko Zorz - Tuesday, 2 July 2013.
In this interview, Jon Callas, co-founder of PGP and current CTO at Silent Circle, discusses the global erosion of privacy and the importance of confidentiality.

He tackles the challenges of retaining secrecy on the Internet, privacy legislation, as well as issues encountered while developing Silent Circle.

As the co-founder of PGP, you've been a vocal privacy advocate for a long time. What's your take on the global erosion of privacy taking place in the last decade? Where are we headed?

We’re moving into a strange place, with technology and social mores pushing us to less privacy by default. Interestingly, there seems to be a push-back against the larger trend. It will be interesting to see if people care about their privacy enough to do something about it. There are plenty of opportunities, but the major obstacle is people caring enough about their privacy to do something.

The good news is that they are starting to do so. It’s manifesting itself in people wanting control over their own personal data, people wanting their own space, people wondering what’s behind the offer that’s free. I’m more hopeful now than I have been in several years.

A popular opinion among politicians is: "If you have nothing to hide, you have nothing to worry about". Why is privacy still important, even if you have nothing to hide?

That’s just a canard. It’s a way to justify intrusions into privacy by tacitly calling the rest of us names. It’s a convenience for them to intrude on us, and they say that there’s something wrong with us for not liking it. There are plenty of defenses of the need for privacy, and if I just repeat them then we’re wasting this interview.

They only get away with that if we let them. We need to recognize the trick for what it is and not let them get away with saying that somehow we don’t deserve privacy. Everyone has the right to be left alone, and that’s all that it is.

Sadly, that means that this is going to be the last time you can ask a privacy advocate this question.

Security professionals tend to state that it is impossible to retain privacy if one uses the Internet. Is there any truth in that? Does it depend on what we share and how much we share? Is there anything users can do in order to prevent the leakage of sensitive data or is there no way around it?

Maybe. The most important thing someone can do is to realize that nothing is free and to ask yourself if you think you’re getting a good deal when you sell your information.

Sometimes it’s a good deal. Heck, we all like being shown non-stupid ads. We like good searches, and those don’t come for nothing. I like knowing what people I know are up to, as well. I wouldn’t pay for a social network because it’s just not worth that much to me, and most of us agree – that’s why there are a dearth of for-pay social networks.

The idea is to realize you’re paying for everything. Sometimes we pay with cash, sometimes privacy. The real thing to ask yourself is if you’re getting a good deal.

What kind of privacy legislation would you like to see in the near future?

I’d like to see data retention laws changed. There’s discussion in the EU now for a “right to be forgotten.” In many cases, this is being aimed at the likes of Google and Facebook, and the difficulty in keeping them from tracking you. Yet the EU has data retention laws that require service providers to keep lots of unnecessary information about everyone’s network activities, and this is far more intrusive than anything else. The idea is good, and I support it. We need more of it.


Implementing an effective risk management framework

How do we balance the benefit of the free flow of information with the risk of inappropriate access and/or disclosure? What are the consequences of not doing so?

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Mar 26th