2020-02-06

When privacy and agency are in conflict

In the privacy-related communities I hang out, we often use the phrase “privacy and agency” as a label for the totality of what we want.

But what if those two cannot be had at the same time? What if more privacy, in practice, means I need third parties to take a larger role, thereby reducing my agency? Or what if I have more agency and can do more things in more ways that I solely determine, but only at the cost of less privacy?

Unbelievable?

If so, then look no further than the recent public discussion (dispute?) between the founders of the Signal and Matrix messaging systems, Moxie Marlinspike and Matthew Hodgson. The essence of their arguments, and I paraphrase:

  • Moxie: you can’t build a private messaging system that’s competitive as a consumer app unless a single party, such as the Signal project, takes responsibility and ownership of the whole thing. Lots of privacy, but for the user it’s take it or leave it. Link to full post.
  • Matthew: decentralization, on all levels including code forks and potentially insecure (non-private!) deployments, is an essential requirement to avoid single points of failure: critical people or components turning bad. Link to full post.

This is a high-quality conversation and we can all be very happy that it is conducted openly, and in a spirit of finding the truth. Go read both pieces, and ponder the arguments, it’s very much worth your while.

Who is right?

IMHO, both are. I don’t know whether all the the tradeoffs described are as unavoidable and unmitigatable as they are made out to be on those posts; maybe more innovation in technology and in particular governance could alleviate some of them.

However, the basic idea of a tradeoff between them, is valid. The Signal and Matrix projects make different choices on that spectrum, both for valid reasons.

If they need to do that, chances are, everybody else who cares about providing products and services with privacy and agency for the user, faces similar tradeoffs. It would serve us well to acknowledge that in every discussion on those points, and respect others who have the same goals as we do, but make different tradeoffs.

The most important point, however, is this: it shows how important it is to have both projects, or a plurality of projects addressing similar requirements but making different tradeoffs. Because that gives us, the users, you and me, the agency to make our own choices based on our own preferences. Including the choice to forego some agency in some aspects in favor of more privacy.

Which is the most important aspect of agency of them all.