Sermon - TLIS - 10.5.1 - Privacy
Theological Lessons from Information Security - Privacy
This may be a different type of sermon for you. This is systematic theology. You are probably more used to Biblical theology, where you take a given passage of scripture, and extract all the life lessons you can from it. In systematic theology, you take a given topic, from life, and find out what the Bible says about it. So this is part of a series of Theological Lessons from Information Security, and, in this case, Privacy.
I am a security maven. Therefore, I understand about, and work with, privacy. I have to.
Interestingly, for a specialist in this field, I'm not somebody who is too terrifically concerned about my own personal privacy. Gloria *was* concerned about her privacy (and she wasn't alone in that), and our privacy. So, I had to pay attention to how I protected our family's privacy. But, as I say, I was, and am, an expert in the field, and so I knew how to do this. I think, in a way, that the fact that I *don't* care about my own privacy has been a help in my professional work. I am not one of those people who is terrifically, and emotionally, concerned about my own privacy. I can address it objectively, and realistically.
It is highly likely that you are very concerned about your own privacy. You may think that you are concerned about privacy, in general, but that is *unlikely*. For one thing, you don't understand what privacy is. Don't feel embarrassed about this: it's quite common. Most people don't understand what privacy is.
Of course, it's easy enough for me to say that, and for you to say that you do understand privacy, and which of us is right? Well, here's a little test. How would you define privacy? I mean, in general. If I ask you to define privacy you might start to talk about not wanting people to know your credit card number, or bank account number, or medical history, or see you while you're in the bathroom, or things like that. (Or, you might be one of those people who say you have nothing to hide, and therefore don't have to worry about privacy. I tend not to accept that argument from people who are actually wearing clothes while they say it.) Certainly these things have to do with privacy, to a certain extent. But they are not privacy. They are examples of things that you want to be private, but they aren't privacy, itself.
It's actually very hard to define privacy. It may interest you to know that experts in the field have tried, and mostly failed. I know, because I've reviewed most of the literature on the subject. I think the person who came closest was somebody who said that privacy is the ability to control information about yourself. That is, as I say, very close to defining what privacy is, and it's useful in terms of trying to figure out whether something has to do with privacy or not. But it does have a few loose ends to it.
For example, how much control? Do you have total control over information about yourself? Well, if you do, you are not part of the human race. You can only interact with other people if you allow them to know something about you. And when you do release information about yourself to one person, you have no control about whether that person will relay that information, about you, to somebody else. And remember, I'm just talking about talking, here: we haven't even gotten into the Internet. Once we start talking about the internet, well, you might as well assume that anything that you put on the Internet, anywhere on the Internet, regardless of how much you think you've protected it, is about as private as publishing it on the front page of the New York Times.
So, why am I preaching a sermon about privacy? If I'm talking about privacy, and if privacy is a specialized field, then why am I not just teaching a lesson about privacy, for a workshop, or a seminar to my professional colleagues? Well, it's because privacy is one of those concepts that has both a technical and professional meaning, and another, which is not necessarily the same, held by the general public. As I mentioned, most people think they know what privacy is. And, most people are very concerned about their own personal privacy. And often they dress up their concern about their own personal privacy, by saying that they are concerned with privacy in general. So most people have an opinion about privacy, and most people are pretty much wrong about privacy, because they don't actually know what it is.
But let's go back to that definition I gave you a bit earlier, where privacy is your ability to control information about yourself. We like control. We like to be in control. We like to have the ability to control something, particularly if that's something has to do with us. But, of course, we don't have control. We do not control what is going to happen tomorrow, or even in the next few minutes. The Lord may come back before I finish this sentence. Well, if He does come back in the next few minutes, it'll look pretty silly for me to have written this entire sermon, right? But, in any case, Jesus pointed this out to us. We cannot make ourselves any taller, by worrying about it. We do not control that. We cannot make ourselves live longer, by worrying about it. We do not control that. We are not in control. At least not of the really important things.
Nor should we be. We walk by faith. We have faith in God. We have faith that God is in control. We have faith that God controls the entire universe, while exercising that control with the love that God has for us. Whatever happens, that is out of our control, God intended for it to happen. Or, because we are supposed to have faith, and trust God, and not try to exercise control over the universe, when we do try to exercise control over the universe, and disregard God's plans and direction, we are in fact sinning. In that case, what happens is the result of our sin. God may have never have intended for it to happen. At least, not if we did what he told us to. In that case, we still trust, and have faith, that God is not only able, but willing and even eager, to change something that happens that we feel is bad for us, into something good for us. God loves us. And God is in control. This is our faith, and this is our hope.
My wife died. I don't like that. It's not fun, being a grieving widower. It is not good for man to be alone. God said that. In addition, after my wife died, I also went into a very strong, and excessively long, depression. My life is not fun. Now, I do not blame God for killing my wife. I presume that he had a reason for it. For one thing, Gloria always had medical issues, and God, in taking her home to heaven to be with Him, can give her her resurrection body, which she always wanted, "Right now!", and God loves her, and cares for her, better than I ever did, or could. So I have no problems with Gloria's death, as far as she is concerned. I remember the passage that says that the righteous are taken away to be spared from times of trouble. I am sure, I am *absolutely* sure, that that is the case for Gloria.
But, for myself, I'm not happy about it. I am not having any fun. Any fun at all. Any fun that I can dig up is very strongly changed with very deep sadness, because of the depression. And the depression, by taking away my energy, and my concentration, has taken away, in large measure, my ability to try to have fun. Which I mostly have by working. Right now, I feel that nothing that I do has any purpose or meaning. Therefore, it is extremely hard, quite separate from the lack of energy from the depression anyway, to work up any interest in doing much of anything, since it is all vanity, and chasing after wind, anyway. I regularly ask God to kill me, because there doesn't seem to be any particular point in my being here.
But that isn't up to me. God may have a purpose for me. God probably does have a purpose for me. If so, he hasn't let me know what the purpose is, yet, but, I hope that he has got a purpose for me, and that my remaining alive on this fallen Earth, is part of a purpose that will eventually become apparent. Or, even if I die without being used for any particular purpose, possibly the fact that I am suffering, right now, is doing something for me. For God. That God is turning me into an instrument, which he may need later, after I die. I don't know. I don't *have* to know. I'm not in control. God is in control. I am supposed to trust, and have faith, and hope, in that.
Let me tell you something else about privacy. It's rather technical. It's called differential privacy. It's not actually about privacy, as most people think about it, although it is a very interesting tool that will, in fact, allow us to measure privacy, at least in certain ways.
Differential privacy is about databases, more than actual privacy, in the way most people think about it. This can be a database about anything: about your shopping and purchases, about your fitness or medical history, even possibly about your money. It's certainly quite possible that it's about social media. Social media is, after all, just a number of great big databases, with different means to query the database. Differential privacy is, as I say, pretty technical. It's also a bit odd to try and get your head around. But basically, the differential part means that we should design a database, any database, and the questions you can ask of it, so that there is as little difference as possible between a copy of the database with your information in it, and without your information in it. The closer we can get to there being no difference between a database with you in it, and one without, the more privacy we can guarantee that you will have. And there are certain things we can do with the database. Certain limits and restrictions we can put on the database, and the queries, in order to keep it as close as possible to their being no difference.
For one thing, the more records that there are about you, in the database, the less privacy you have. Therefore, limiting the database to fewer records about you, enhances your privacy. The more records that there are about *other* people, other than yourself, in the database, the more privacy you have. So, in making the database bigger, and in putting more people into it, and in putting more of their records into it, the more we enhance your privacy.
And there's another, very interesting, and rather weird, aspect to differential privacy. Technically, this is called noise. What this actually means is that when we ask the database for information about you, or for about any group that includes you, or, indeed, about anybody else, the report that we give back to the person who made the query is a lie. Well, a little bit of a lie, anyway. How *much* of a lie depends upon the other factors, like how many records we have allowed people to put in about you, and how many records we have in total about other people, and how small a sample we allow somebody to query, when that sample includes you. But, when we lie, even a little bit, we can protect your privacy.
For example, say that we have a database of all the people in Port Alberni. We have a database which, for some reason, contains their salary. Now, we have built protections in saying that you cannot ask for the salary of one individual. So, for example, you cannot ask what Rob's salary is. But you can ask what the *average* salary is for the whole town. That's useful information, and it doesn't really compromise anybody's privacy. But if you can then ask for what the average salary is for the whole town, *minus* Rob, then, having gotten those two answers, it's fairly simple mathematics to do a calculation and find out exactly what my salary is.
So we add noise. We lie, even just a little bit. By giving an average salary that is close to, but not quite, accurate, and giving an average salary minus Rob, that is close to, but not quite accurate, when we perform that calculation, we are going to get an answer that is wildly divergent from the truth. Therefore, we hide the truth, behind a little bit of noise.
Remember social media? Well social media is basically noise. And, in fact, it's being used against us. It could have been *designed* by our Adversary, the Father of Lies, and remember I did a sermon about lies. (Sermon 17 - False News Proves God Exists https://fibrecookery.blogspot.com/2023/10/sermon-17-false-news-proves-god-exists.html ). As well, social media is not intended to tell us the truth. It is intended to tell us what we would like to hear. When social media tells us what we want to hear, we tend to spend more time on it. And when we spend more time on social media, the social media companies make more money. Remember that if you don't pay for the product, you *are* the product. Unfortunately, when social media tells us what we want to hear, what we want to hear tends to be what we already believe, whether it's true or not. If we believe something that's not true, even if it's just a little bit wrong, social media feeds us stories, mostly made up stories, or, to tell the truth, lies, that support the mistake that we believe. Therefore, social media tends to reinforce the lies that we already believe, and gives us more proof, and more reason, to believe them, on a stronger and stronger basis. Built on lies.
Our Adversary, of course, is delighted by this. He even has a special demon, Fomo, who, in ancient times, made people believe lies. He is still around today, even though you won't find many mentions of him in either ancient, or modern, occult literature.
That's because he's a lie. I made him up. Well, not exactly. But I did lie about him being an ancient demon. FOMO is, in fact, the acronym for "fear of missing out." We are afraid that if we don't follow social media, all the time, we will miss it when some important new information comes along. The fact that the information is, generally speaking, simply another lie, doesn't factor into our fear. We are just afraid of missing out. So we spend a lot of time on social media.
Rather than, for example, researching the actual news of the day. We should be looking for what really happened in any situation, regardless of what our friends say happened.
Or, for example, reading your Bible. Or praying. Or otherwise getting good, solid, healthy, worthwhile things. Whatever is pure, think on these things. Unless, of course, those things aren't, actually, pure, but horror stories about the heresies committed by other churches, that aren't yours. I'm pretty sure that I'm on safe ground, when I say that those stories are lies. How do I know? Because I've heard the stories. But I have also actually been to all of those other churches. And they don't do that. It's just a lie. (Sermon 5 - Heretics https://fibrecookery.blogspot.com/2023/02/sermon-5-heretics.html )
There is something else about privacy. I know this, because I, in the seminars, also have to teach about law. And, particularly when teaching in the United States, the interesting fact is that while many countries around the world have privacy laws, the United States does not.
Well, yes, okay, that is a bit of an overstatement. They have a law about how you have to treat health information, and it says that you have to keep patient records confidential. They also have a lot that states that there are limits on what the government can do about the information that the government collects about you. There is also a law that says that any website that primarily is aimed at underage children, needs to take special precautions to keep their information private. But there isn't very much in the way of general privacy laws, although some states are starting, very tentatively, to start putting some privacy laws in place.
What the United States does have, are disclosure laws. The United States doesn't have any laws that say that you specifically have to protect the privacy of your customers, or clients, or other people that you collect information on. But it does say that if you collect such information, and then somebody breaks into your database and steals that information, you have to let the people, who you hold information about in your database, that a breach has occurred. You have to *disclose* the fact that a breach has occurred. This is a bit different than legislating the fact that you need to protect that information in the first place.
Now, this leads to some interesting theological conjecture. God does not care if we try and keep our information private. God knows all about it anyway. That's what being omniscient is all about. God knows everything. God sometimes asks us to disclose information about ourselves, but, even if we lie, God already knows the answer. So all that lying to God does is to prove that you are a liar. It doesn't maintain your privacy in any way.
So, why is it that God asks us to disclose these things? For example, why are you supposed to pray? Why are we supposed to ask God for things? God knows what we need, and he also knows what we want. He knows if we are asking for something that we simply want, or that we really need. He knows when we are confused about the difference between our needs and wants, and when we ask for something that we want, thinking that we really need it, when we don't.
God asks us to disclose things, to give us a chance to be truthful with him. To give us a chance to communicate with him. When God asks us to disclose something, it's not because God needs the information: God already *has* the information. God already knows. God asks us to disclose things to him, because it is to our benefit to communicate with God, and to be honest with God. Tell God about it. Oh, what peace we often forfeit, oh, what needless pain we bear, all because we do not carry *everything* to God in prayer.
So, isn't it interesting what you can learn about God, by thinking about privacy? Aren't you glad that I put this sermon together? Was it worth it?
If you *don't* think it was worth it, you can keep that private :-)
Sermons: https://fibrecookery.blogspot.com/2023/09/sermons.html