[FRIAM] anonymity/deniability/ambiguity

Thu May 21 11:21:38 EDT 2020

It's debatable which type of privacy is a minimal next layer out from obscurity. In the responses to the combinatorial "privacy by obscurity", we talked about targeting, classification of decoders, invertibility of the encoder, etc. My guess is most of us dorks would want to leap to cryptography. But I *think* [†] the most natural (understandable in layman's terms) 2nd order privacy would be a category that spans anonymity, deniability, and ambiguity.

My 1st example would be authors who felt they had to shroud their messages to avoid being killed by the church or state. And I'd also include futurists, mystics, and cultists who want to hedge their predictions. (Note that a scientist hedges their predictions for entirely different reasons than a cultist hedges theirs. But they're still hedging.) Poets and novelists purposefully broaden their target audience using encoding schemes that produce ambiguous expressions. Subcultures and underground revolutionaries use ambiguity and deniability to send messages to their in-group ("dog whistles"). If we buy into Lakoff's idea, Trump stumbles into this with his use of language. Etc.

The technique involves anonymizing the *encoder* so that given any particular expression, it's difficult to pin down which encoder was actually used to generate that expression. (This is nothing more than the inverse problem for gen-phen maps.)

So, the 1st order privacy (by obscurity) focuses on the combinatorial explosion, given an expression how many ways can it be decoded. (The map is 1 to many, one encoder, many possible decoders.) The 2nd order privacy (anonymizing) simply adds uncertainty to the classification of decoders. (The map is many to many, implying some kind of [quasi]independence between the paths from domain to range. [‡])

In order to pull this off, the collection of encoders (2 encoders is as high as I can work with myself) has to be chosen such that the generated expression can be *plausibly* decoded in only 1 way. So, e.g. I think Spinoza fails to meet the criterion because it's just too debatable whether or not he really meant God when he used the string "God". Should we throw him in the dungeon or not? But someone like HP Lovecraft can be plausibly read *either* as a member of the Freemasons *or* just a cool fantasy author. Or, Rachel Maddow can be read as a lefty conspiracy theorist *or* a diligent detail-pointer-outer. The disjunction has to carry through the encoders <-> decoders map to at least a plausible extent. This partially defeats targeting and forces the hacker to use more sophisticated decoding attacks.

[†] Extra emphasis for the word "think" this time. I'm still unclear on how to compose these types of privacy to make this "holographic" principle strongest. It should be clear how advocates of the principle (EricC and Nick) can defeat the 1st order (by obscurity). As SteveS points out, targeting comes to mind. Surveil the target, Frank, long enough (all the way back to 1st grade!) and completely enough and you will be able to reconstruct his memory of anyone he met in 6th grade.

[‡] I don't think 2nd order privacy is a many to 1 encoder to decoder map, which is the way we think of anonymous trolls on the internet. It's possible that 1st order privacy (1-many) has a many-1 map as some sort of dual ... maybe that's a way to think about epistemology (how the person understands the world where the world is the encoder and the person is the decoder).

-- 
☣ uǝlƃ