Slashdot Mirror
Database Nation
Review 1: Matthias Wenger
Personally, privacy has been a big issue lately -- hearing about DoubleClick and Real Networks customer tracking made the issue a bit of a sore point for me. Then a friend of mine bought a shredder after her credit card fell victim to a Dumpster diver, and I started getting paranoid. Reading Database Nation hasn't helped, but it brings up some possible solutions and provides a good deal to think about as we march blindly on towards Big Brother, Inc.
Database Nation starts out strong, with a hypothetical day in the life of someone with no privacy -- cold-call telemarketing at 6:30 in the morning, surveillence cameras all around, veiled blackmail for a hospital in desperate need of cash and plenty of medical histories, still more cameras at work, etc. This story ends up being a rough outline for the book, which also covers electronic footprints (ATM and credit card records and the like), private databasing a la DoubleClick, identity vs. body, and surprisingly enough, AI and intelligence agents. Each of the major topics covered has at least a full chapter devoted to it -- explaining the specific issues at hand, what sort of data is at risk, who would be interested in such data, and how data can be protected.
The biggest flaw in the book is that it is too ambitious -- how can you cover the sanctity of medical records in 30 pages? It would be difficult to do a better job with such space limitations, certainly, but it does make for a more general view of privacy rather than dealing with specifics. The result is "Privacy in a Nutshell," to steal a turn of phrase from O'Reilly. Given the subject matter, the Nutshell approach might even be preferable, since the theory can be applied in any situation once the awareness is there. Still, each topic felt like it could be expanded much further.
The over-eager breadth of the subject matter is also wonderful. Enough particular concerns are illustrated in each topic that there is an outline of the larger picture of information management even though a good deal remains to be filled in. Covering so many topics makes it easier to see just how much information can be collected about an individual while they remain unawares, and just how much that information can be abused or misused. To illustrate this very point, Garfinkel relates the story of an Internet-based scavenger hunt where the end result was to find out as much as possible about a particular "target," working only with a name. The information collected in 1993 included his place of employment, parents' names, home address, degrees earned, doctoral dissertation, the operating system he used, what his fiance's name was, and more. I found out five minutes ago, with the help of google, that he's now married and that he and his wife hyphenated their last names together. That was just the first hit. And that was a very casual search -- if someone was really interested in finding information, what are the limits?
Database Nation is, in a way, the ultimate discussion of information security. Garfinkel covers an amazing range of topics in exploring privacy and personal information today and into the 21st century. This is both a blessing and a curse -- there are so many things to be aware of, so many topics and points of view to consider, yet each one is worthy of more attention. At the opening of the book, Garfinkel expresses hope that Database Nation will do for privacy what Silent Spring did for environmentalism -- if something doesn't do it soon, there wont be any privacy left to save.
Review 2: Kurt Gray
If Simson Garfinkel's name doesn't ring a bell, check the computer section of your local bookstore or library: Garfinkel co-authored the O'Reilly Practical UNIX Security book, the O'Reilly Stopping Spam book, and some six other books. Before I was a Slashdot addict I enjoyed reading Garfinkel's columns in Packet and the Boston Globe , where his talents for technology journalism and futurist projections make informative reading for geeks and lay persons alike.
Just as Upton Sinclair's The Jungle led to sweeping reforms in the meat-packing industry (and probably turned a lot of people to vegetarianism) Garfinkel's latest book, Database Nation, should draw some much-needed attention to the manner in which everyone's personal information is being captured, cataloged and sold as commodity, and how each aspect of this process detracts from our civil liberties. If you're an American, you certainly know what the IRS is, but have you ever heard of TRW? Equifax? Experian? Or the DMA? Or the MIB, the Medical Insurance Bureau? Each of these corporate entities keeps records on you that determine your eligibility for bank loans, lines of credit, and medical insurance. Are you allowed to see your own record? Well, it's their data, so it doesn't belong to you -- but maybe if you ask them nicely and have due cause, they'll make an exception. Suppose you discover an error in the records they keep on you; are you allowed to demand corrections? Now you're asking subversive questions so we're putting an CM31 flag on your file ... George Orwell warned that the march of technology could allow a monolithic, tyrannical Big Brother to emerge. Database Nation points out that it's the thousands of unsupervised "kid brothers" that have a far greater potential to disrupt your life, and in ways you never expected.
I find the best way to summarize this book is chapter-by-chapter, so here are my own brief reviews of each chapter:
Chapter 1: Privacy Under Attack: Garfinkel opens with his own futurist vision: a day in the life of a typical working American. This hapless near-future dweller is continuously surrounded by targeted advertising, monitored at home and even in his car, and works in an office where constant politeness is enforced by the company surveillance cameras that are programmed to recognize facial expressions and sound an alarm whenever an employee appears disgruntled. Garfinkel explains that this book is not about Big Brother, but rather how the widespread capture and exchange of our personal information has been eroding our civil liberties already and goes largely unnoticed. Garfinkel makes the positive point that no threat to our privacy that exists today is beyond our control, and that we can develop robust, built-in systems of privacy protection rather than allow them to be only loosely guaranteed by the legal equivalent of patchwork.
Chapter 2: Database Nation: Chapter 2 starts with a historical perspective, answering the question "How did we get here?" In short, via the national census, the Social Security Board (leading to the creation of the National Data Center) and the widespread adoption of the Social Security Number and its inherent flaws (limited data capacity and lack of a checksum digit to avoid clerical errors). Page 26 launches into the disturbing episode of Steve and Nancy Ross, whose lives were shattered when the IRS botched their tax returns in 1983 and put a lien on the Ross' house for $10,000. That lien was noted in their credit records at TRW and Equifax, which in turn sold this data to 187 other independent credit bureaus. Here Garfinkel makes an interesting observation: the Ross' bad credit data spread "like a computer virus that kept reinfecting TRW's computer with incorrect information," and it took over seven years for the bulk of their credit problems to subside. Chapter 2 then explains how simple identity theft can be, whether Dumpster diving for credit statements (hint: buy yourself a cross-cutting shredder), or using Equifax's quickie credit report service to find chumps with good lines of credit, then applying for new credit cards in the victims' names. Equifax provides such thieves with everything they need: mother's maiden name, previous addresses, SSN -- it's all there. The victim's credit rating is ruined for years while bill collectors harass them day and night, and the credit card company writes off the charges and flags the victim's file. Frequently, the credit thief gets a slap on the wrist if anything at all. Page 33 lists at least 30 government agencies that are hardwired to track you only by your SSN. Chapter 2 definitely had me sitting up and paying attention.
Chapter 3: Absolute Identification: Chapter 3 is about biometrics and unambiguous identification of every member in a society, a seductive idea that has tantalized policymakers for centuries. Garfinkel argues, however, that this idea is fundamentally flawed. Garfinkel again provides historical perspective, pointing out that using biometrics is an old idea that only appears new as the technology matures. Garfinkel reminds us that even DNA testing is flawled. When a person's name is linked to a given DNA profile, for example, how hard would it be to modify that database record and change the name attached to that profile? (And did you know that 99% of DNA from any two people is identical, so DNA tests actually compare only regions of the genome that are nonessential to cell life? Hmmm ...) Garfinkel then lists various other biometric technologies such as face, voice and iris recognition; even your signature can be used as a biometric identifier. Some of these systems are already in use: Have you signed for a UPS delivery lately, or signed for credit-card purchases on an electronic touch pad? Biometrics. So here's a near-future scenerio: suppose all children need to have a DNA test shortly after being born "for the baby's health." Then the FBI warehouses the DNA fingerprints of every citizen in the U.S., and sells the data to the insurance industry, which can then compare it to the human genome map to weed out the "at risk" people, then target healthy prospects for profitable health plan solicitations... big ol' cluestick being waved around here.
Chapter 4: What Did You Do Today?: Maybe you went shopping, got some cash from the ATM, racked up some more frequent flier miles? Even the most mundane events in your daily life are recorded and archived somewhere -- from how often you withdraw cash from an ATM, to your entire purchasing history at the neighborhood grocery store, even the movies you rent at the video store. Dramatic developments in data-storage technology make it easier for businesses to keep what Garfinkel calls "hot files" on every customer transaction from day one, and then describes how we are creating the Earth's "datasphere." Nearly every durable product you buy has a serial number. Often that serial number becomes attached to your name and personal information (ever filled out a warranty card?) which can then be sold on the open data market, Garfinkel argues that even seemingly mundane information needs to be treated with respect for privacy.
Chapter 5: The View From Above: Chapter 5 is about surveillence technology and the growing private market for satellite photos and Webcams. Does it bother me that right now someone can buy a grainy aerial photo of my neighborhood taken sometime in 1987? No, sorry, that doesn't bother me. City police departments are installing surveillance cameras in public places. I still don't care. Garfinkel then explains how he set up a QuickCam to time-lapse record his Realtor while allowing prospective buyers to browse through his home without supervision. At this point I can't tell if the chapter is supposed to a condemnation or an endorsement. I suppose Garfinkel is pointing out that it's technically possible that are being watched and recorded in places when you assume you're alone. At the very least, it should change your ideas about expectations of privacy.
Chapter 6: cite> To Know Your Future: So who is the MIB? Men in Black right? No, the MIB referred to here is the Medical Information Bureau, which happens to be the secretive data warehouse of the American medical insurance industry's "customer profiles." Think you have a God-given right to medical coverage? Well, if you like Kafka novels then you'll definitely enjoy the hijinks that erupt around page 139, where Garfinkel tells us of more than a few people who've been refused medical insurance because of clerical errors in their MIB records -- records which they never knew exisited. But wait, isn't it illegal in many cases to deny medical coverage to someone with preexisting conditions? Yeah, sure it is, so what's your point? Garfinkel points out that only 23 of the 50 states actually have laws that require citizens be allowed to view their own medical histories. My only complaint with this chapter is that it pursues flaws in existing policies rather than staying with the theme of technology marching faster than prudent policy.
Chapter 7: Buy Now!: The DMA is the Direct Marketing Association. They lobby lawmakers at the state and federal level to further what they consider a God-given right to own and sell any piece of information they can attach to you. One of the nation's largest direct marketing list resellers is Metromail, now owned by the credit bureau giant Experian. Ever apply for a shopping card or magazine subscription, or fill in a product bingo card? Ever fill out a change of address form at the post office? Direct marketers get an automatic notification of your new address from the U.S. Postal Service, which causes your name/address to be copied into a hot prospect list called "New Movers," one of many direct-mailing lists sold by Metromail at the rate of $60 per thousand names. Garfinkel lists some 50 products Experian sells to businesses, like AutoCredit for quickie loan approvals, Bankruptcy candidates, Business Owner Profiles, and Property Link which provides a details of a subject's property holdings. He then argues against the opt-out clause the DMA offers to whiners (arguing instead for a more consumer-oriented opt-in approach), and lists preventative steps you can take to keep your name on as few lists as possible. This chapter left me with a question: if you complain to a direct marketing firm about what they've been doing with your personal information and then they flag you as hostile, and that direct marketer happens to be owned by a major credit bureau, what would that to your credit rating? Food for thought.
Chapter 8: Who Owns Your Information?: Take the case of Ram Avarahmi, who tried to sue a magazine publisher for selling his name, which was in their list of subscribers, to other magazine publishers. Mr. Avarahmi argued that Virginia law states that his name and his image are his property which can not be used in advertising or trade without his consent, and guess what the courts told him? "Sorry Charlie, or Ram, whatever your name is." Information is basically owned by those who gather the information and personal information is a commodity. Medical information is also a commodity owned by medical insurance providers. But can all this medical information be abused? Or let me ask it like this: are we evolved enough to not attach genetic defects to say, a person's ethnicity? Garfinkel excerpts an ad he found in the New York Times: "Ashkenazi Jewish Families Are Needed to Help Scientists Understand the Biological Basis for Schizophrenia and Bipolar Disorder" -- a 1998 John Hopkins University study, right here in America in 1998. Certainly, some medical disorders are confined to certain populations; the question is, what if someone wants to abuse such links? So do you own the books you read or the software you use? No, thanks to copyright laws. Garfinkel makes the point that you can't use the concept of ownership to protect your privacy, because you don't own data about you, however I'm not convinced. Maybe I can't force you to take my name out of your address book, because you own your address book, but I think I do have the right to demand that you not send me mail or sell my address to other businesses without my consent.
Chapter 9: Kooks and Terrorists: This chapter argues that individual terrorists deploying low-tech explosive and biological contaminants have spooked us into accepting ever more surveillance of our everyday activities. True to his style, Garfinkel dismisses some well-known urban terrorist acts as amateur-night material, then describes two fairly effective methods of introducing anthrax into an unsuspecting office building. Further pages show how terrorists might gain access to nuclear and biochemical devices. Garfinkel's point here is that constant surveillance cannot save us from a determined kook. The chapter then moves into the Big Brother question: what constitutes thoughtcrime? Didn't our benevolent goverment inter over 100,000 Japanese-Americans at the start of World War II? Didn't J. Edgar Hoover's FBI spend much of 1950's investigating "Communists" and "homosexuals"? So could our government be trusted with "brain wiretapping" technology? Sounds far-fetched? We're already using polygraphs and experiments involving fast sucessive MRI scans. Garfinkel makes the point that if we are truly concerned about public safety, we should track dangerous materials rather than try to identify potentially dangerous people.
Chapter 10: Excuse Me, But Are You Human? Imagine you're on an electronic mailing list, and you strike up an e-mail dialog with another member of the list. He tells you some things bout himself and you share something about yourself in return. Turns out "he" was actually an AI conversationalist programmed by a marketing agency to gather personal information to be sold in the form of marketing lists. Garfinkel then describes various intelligent agents that can parse natural language. But how is this useful for marketing? It is technically feasible for a marketer to scan the entire datasphere for everything that can be found about you in order to create a predictive model of your behavior: When will you buying a new car? When you will be on vacation? Valuable stuff for direct marketers to know. Might it be possible in 50 years to create a complete AI behavorial copy of you, and test various marketing schemes against it? Garfinkel actually argues that avatars should be afforded the same privacy rights as humans.
Chapter 11: Privacy Now!: Is technology neutral in the war on privacy? Garfinkel's answer is no, technology permits the greater cataloging and measuring of the world around us, and therefore technology is inherently intrusive. He argues that for the cost of around $5 million added to the annual budget, a Federal oversight agency could be created to monitor and regulate the flow of personal information throughgovernment and business data channels. Further, he proposes a list of reasonable amendments to the Fair Credit Reporting Act of 1970, such as giving consumers the ability to sue for damages resulting from the addition of erroneous information to their credit reports. Garfinkel argues that better laws and policies will be more effective than cryptography in protecting one's privacy, and warns that when some have their privacy violated, you can expect retaliation such as deliberate pollution -- and disruption to -- the datasphere. Overall, Garfinkel concludes that we need laws and policies that repect our personal information, not just a technological picket fence.
Before reading Database Nation, I had the typical "nothing-to-hide" attitude regarding my own privacy. I didn't care if some government agency or large corporation was able to read my academic records, my medical records, my magazine subscriptions, my credit-card purchases, my phone bill. "Let them read it all for all I care," I thought, "I'm sure it would bore them to tears." After reading this book, I realize it's not so much about Big Brother, it's about how the spread of your personal information can bite you in the ass someday.
My assessment: Garfinkel jam-packed this book with information every American ought to be aware of -- enough to think about to make your head spin. Thankfully his tone is not hopeless gloom-and-doom; he does remind you that 30 years ago the Cuyahoga River was an environmental disaster, but today it's safe to eat fish caught there. Overall, it's a great book. Yet another reason for me to give a favorable review to anything Simson Garfinkel writes.
Purchase this book at ThinkGeek.
Excellent post, except for one thing:
When you turned your backs on anonymity, you asked for it.
Not everyone asked for it.
Please don't speak for all of us.
Thank you.
What *do* you do to spammers?
I'm posting anonymously because I do work in one of these evil empires. In fact, my job is specifically to see what can be done for my company with data that can be mined out of these mega-databases.
(I have met the enemy, and he is me.)
Points 1 through 4 are all good. Surprisingly, government critters also think that they're good. All four points are, at least to a certain extent, incorporated into the Fair Credit Reporting Act in the U.S., which the big credit bureaus (Choicepoint, Trans-Union, and Experian-formerly-TRW) are supposed to treat as gospel.
Organisations of this type have the time, motivation and money to track down and prosecute system intruders and would be whistle blowers.
In comparison, private citizens/non-profit organisations/small companies can't afford to do this. If an intrussion occurs, they can only patch the problem as best as they can and hope that it doesn't happen again.
Brin's whole hypothesis is fundementally flawed in this manner. It's nothing more than a rationalisation for script kiddies to make pests of themselves, which is why the whole stupid idea is so popular.
Worse than this, we are already seeing the emergence of a technologically savy criminal class. This is one of the reasons why some groups ( such as l0pht heavy industries ) come in for so much critisism.
While the tools that they produce do have many valid and legitimate uses, they have also had the effect of making industrial espionage a lot easier. In this arena, it's the little guys who have the most to loose.
In these regards, Brins concept of transparency is unlikely to work. It's well intended, but it fails to take into account basic human greed and stupidity.
Allways remember the golden rule - those who have the gold make the rules.
However,
Although your post has some merit, you flagrant attitude and flamebait ridden post subtracts from your point. I for one am insulted that you generalized all /. readers, including me as fools who don't know the difference. I for one do.
Your post should have been marked flamebait or troll and sent to the bottom, you arrogant SOB.
"informative" "spam"
you got points for spamming me
how wrong can that be?
mods!
We should go back to cash transactions instead of using credit cards. It will not make the overall problem of privacy invasion go away but at least it will reduce small parts of it. Yeah, it is going to affect e-commerce and make life less easy but somethings gotta give.
"Database technology will never be secure
How can he say this? Has he ever USED encrypted databases????
I was opening my mail as I was reading this and found a plain envelope with no return address. One of the documents had some small print explaining that I could opt out of some uses of my information, as well as a form to send in. But, no where did they include an address to send it to or an envelope. Not even a phone number. I called customer service, and as expected no one at the call center had ever heard of the mailing...
1). I don't use credit cards.
2). I don't have a drivers license.
3). I use strictly cash, not credit.
4). My social security number only goes on documents where they are required by law. Since I don't need a drivers license, that's basically zero documents so far.
Without these key elements of data, this basically means that anyone who tries to profile me is going to have a hard time.
In this respect, I have to agree with Kaa. It's not simply information that's the problem, but rather certain key elements of your personel information that are used to cross-index everything else. If people don't have those, they really can't do very much ( at least, not at the moment ).
As for computer annonynimity, try dropping into a cyber-cafe some time. As for the argument that people present on this point of "you can only do what you would otherwise do in public", no.
More and more cyber-cafe's are catching onto the idea that some patrons require "private viewing areas", so this argument is rapidly loosing it's importance.
Finally, as to someone tracking your IP, most of the companies involved ( doubleclick and co ) don't bother to go to this extent. Most of them just rely on a few well known tricks ( like grabbing your email address as your annonymouse ftp password ) whenever you start downloading graphics images of their page.
Do you know how much spam I receive? Zip. Zilch. I haven't been spammed in nearly four years since I worked out how the spammers grab peoples email addresses. How much spam do you have cluttering up your email account? I'll leave you to think about that one.
Your privacy is only dead if you let it die. Most people don't do anything about because they take the attitude of "I'm not doing anything illegal, so I have nothing to hide. Besides, I would rather save a few dollars".
They change their minds very quickly when they find out that their credit rating has been effectively flushed down the toilet as a result of a mix-up with someone else. It happened to a friend of mine about seven years ago, and hence my own pre-occupation with information privacy.
Still, you can allways trust to luck. You might never be put through a wringer the way my friend was. The question is - do you really want to take that chance?
*Anyone* can wiev *Anything* thats on public record withtout giving *any* reason.
Including grades, tax details, official mail, scientology texts at court etc. Medical information and such excluded off course. And there are strict regulations for compiling any database about people (actually you should probably ask permission even for your e-mail adress book)
Privacy nightmare? perhaps, but we're used to it.
Since most of the data the marketers want is on public record, there is not such a market for private databases, which makes it easier to check what is stored about you.
Think Geek was owned by Andover and I guess is now owned by VA Linux.
Acadia's computer science degree requires (or at least it did when I was there and probably still does) a "Computers and Society" course. Ostensibly it's about social issues of IT but it was actually more like How To Use Cruddy software To Write a Class-Collaborative Book on Pointless Stuff (eg Groupware, or ISO9000, or Dykstra on proving algorithms (something I thought Turing and Gödel had pretty much settled)... There was next to zero discussion of issues like privacy, and when it was there was a frightening tendency to resolve them as "I'll do whatever I get paid to do, as long as it's legal, since that's what professionals do." Yikes.
I quit the course. It was a travesty.
There should never be a need for companies to pass on information - if I am their customer they can ask me themselves, if I'm not their customer then they have no need for my info.
Though the streams are swollen,
Keep them dogies trollin', slashdot.
Through rain and wind and weather,
Hell bent for leather,
Wishin' my gal was by my side.
All the things I'm missin',
Good vittles, love and kissin',
Are waiting at the end of my ride.
Move 'em on, head 'em up,
Head 'em up, move 'em on,
Move 'em on, head 'em up, slashdot!
Head 'em out, ride 'em in,
Ride 'em in, let 'em out,
Cut 'em out, ride 'em in, slashdot!
SLASHDOT!!!
Trollin' way out west.
It means "Pointy Haired Boss" a reference from the Dilbert cartoon.
idleness is the lock. are you aware there is a presidental election coming up? ...who are you voting for?
Why is this intellectual property more deserving of protection than, say, Amazon's 1-click shopping patent?
Sorry to AC: don't keep the #!$% password @ work: tom@crispin.net
this is to those who posted comments to the effect of a global or other wise 'police state' is unattaintble and technogloically impossible. Wake up. its already happening. Do some reading into the Concil on Foreign (sp?) Relations. Do some reading on globalist groups such as the UN, do you find it weird the since korea we have been fighting wars that are really none of our business? Why are we policing kosovo and other countries? Why is it that we send in troops from around the world, under the banner of the United nations and no one sees this as global policing? now do not take me wrong i do not belive in erm 'ethnic cleansing' or anything of the matter so id care not to hear such a coment. Does it bother you that the Federal Reserve is a _privatly_ owned bank? we give them gold from fort knox, they print us paper..privatly owned? WTF? would you like to know who owns the federal reserve? really really big international banks.which also own big banks all over the world...look into how EXACTLY alot of the european governments ( russia, the swiss, france, and ESPECIALLY germany) got owned...the banking business.. Most of the people who own these banks lead up to a few families, with names you would reconize, Rockafeller (sp?) Rothstein etc. If you look into a few branches of there organiziations...youll see that the same people who own this, are working/ appointed people to be working in our education department? As they are also the same people who own media outlets around the globe? the same people on down the line you work for. We are owned, and we dont even realize it. wake up fellas and put down the book theorizing it, and pick up the ones with the facts in black and white concerning such issues. the revolution is _not_ being televised
People at my workplace were complaining about those supermarket data-tracking cards and one guy says he encourages people to trade them all the time -- good idea!
If all ethical programmers avoid working for companies that have the ability to harm society, we shouldn't act surprised by the decisions made by the people who do end up working there.
Like a database nation over troubled water
I will learn everything about you
Like a database nation over troubled water
You will be happy little consumers who will buy more stuff you don't need.
Hurry up technology people and do something about this soon. I'm afraid the clown will use databases to track my activities. This will give him the information he needs to eat me.
Please help, I'm a stupid little newby who sees this all the time and afraid it refers to me.
There are ways around this and I'll give you an example.
I don't have credit cards. I recently took a trip to New Mexico from where I live back east (none of your business which state). If I had been your every day yuppie, everywhere I went would have been stored in some database, but not me. I pay for everything in cash. Am I in danger carrying large amounts of cash? No, not in as much danger as some idiot who wants to take it from me who will end up with a Glock 9 mm in their mouth.
Anyway, all the places I filled up gas, I paid in cash. All the places I ate, I paid in cash. All the places I stayed, I paid in cash (some hotels want your ID, so go to cheap motels instead). No one knew where I was at any time except my girlfriend. One more thing, use a fake name everywhere, including the motel you stay at. By phone cards from 7-11 for any call you have to make back home. And don't EVER use any type of plastic card that has your name, address, ssn number, dick size, sexual orientation, musical preference, favorite author, favorite movie, etc on it.
One last thing, when you see Scott McNealy, give him a good kick in the ass. Those who give up deserve what they get.
Hemos, some of the more grounded in reality reads don't have a problem with the ThinkGeek ad.
So Hemos, do you get paid every time ThinkGeek sells some book you've been shilling?
Haveing thought on the privacy topic - with particular interest in the UK's new laws - I have been looking into steganographic filesystems. A steganographic is one where the data is sort of wedged here and there in amongst a more "normal" encrypted filesystem. The goal? You can plausibly deny the data is there at all. And I began to think about living that way... and that I sort of already do. I'm a rather vague person in a rather cluttered life. I take endless delight in tainting statistics. I usually refuse "club" cards. I consistantly give bad data on forms and in interviews. I give close variations of my name. I bend, fold and mutilate data all the time. It's not from paranoia but just a childing delight in knowing I'm tainting the data more and more. Slowly diluting it.
There's nothing more irritating that working with an ex-rocket-scientist...
Try this when you get a cell phone: The only reason they ask for your SSN is so they can figure out if you're credit-worthy. So give them a fake SSN, but be sure to choose one that is high up enough in the chain so that it's not likely to be assigned yet. Now, they will not find any credit history on you, but at least no BAD credit history. They will probably make you pre-pay your bills ahead of time, which is no big deal. Just use the phone with the cheapo plan for a few months, pay the bills, then call customer service and ask to be upgraded to the service level you want. They are always more than happy to do this for you, since you've established yourself as a good paying customer (and you've established good credit with a fake SSN and name!) This technique works equally well for a lot of other non-expensive products which bill you monthly. Just pick a new high-numbered SSN, a new name, and establish a new credit history. Oh, and get one of those private mailboxes for your address. You can also lie about the drivers license numbers; they don't have a technique to check those as well. (Another data polluter)
That is why we all have to immediately go out and buy semi-auto rifles for every member of our household and prepare for the holy war we all know is comming. At least if we can not live free we can die free
O'Reilly put this out? Nice, publish stuff like the scare-tactic crap for the general public AND the tech books for us to build this "scary" infrastructure.
I thought Simon and Garfinkel went their seperate ways. Paul Simon sent on to make many guest spots on S&N, even in a chicken suit, and I did not know what happened to Garfinkel. It is good to know that they are back together and are still writing about important issues, but not read this book and instead wait for the song!!!
Firearms registration and licensing is a major privacy intrusion--equivalent to asking all of you to disclose how many computers you own, what speed they are, what programs are on them (nothing subversive, I hope), and if you are qualified to use them. But is it something you've found yourself quietly agreeing with? Just because your "image" of gunowners makes you a little frightened? Where did such fright come from--medial portrayals of tragedy or real life?
The thing is, if you're really concerned about GOVERNMENT not getting ahold of your data, information like the whereabouts of firearms will be infinitely more valuable than your spending or browsing habits. The NRA's been fighting this fight for some time now...
& you won't have to worry about isreali
intelligence to crack your butt; how about
the Free Masons (who wrote the encryption)
or the rent a cops guarding the servers.
NEVER PUT IT IN WRITTING.
yOU CAN BE CONTROLED BY STIMULATING YOUR
VARIOUS ORGANS WITH A MICROWAVE LASER!
Don't use your credit card unless absolutely necessary (e.g. car rental). Pay for everything with cash. Yes, it's less convenient, but you leave no paper trail. The choice is for you to make.
Don't get you cash from ATM's either, the newer ones have the capacity to track the serial numbers on the bills dispensed and write this info an account transaction log. Banks are all too eager to voluntarily share such data with certain government organizations too. Cash your checks at a human teller or a cash-a-check place and ask for large bills. Then take the large bills to a big supermarket or Walmart and buy something small priced with them so you get back most of your money in small denomination bills that have been well-circulated. Use those smaller bills to but your guns/sex toys/whatever with.
Just because you're paranoid doesn't mean that they aren't out to get you!
You forgot to mention that the link to buy the book at ThinkGeek, Slashdot's sister site. Talk about nepotism. Or incest.
hrm
guns kill people like spoons make Rosie O'Donnell fat.
is busting loose at the seams. The best thing about all these databases...spam-dating!
--
+&x
Yes, morality is a heuristic. It's not a hard rule you can apply all the time every time, it's fuzzy.
And it always involves the balancing of how much comfort you're willing to sacrifice against how much you believe in what you're doing (or not doing as the case may be)
With the "in the current job market" thing, I don't know where you live, but here in the UK for someone with less than 18 months commercial experience after Uni, it's pretty tough getting a job. If I were to walk out of my job due to issues now, I would have some trouble getting another for two reasons. The first of which is my lack of a significant chuck of commercial experience with a single employer, which is very important, no matter how technically proficient you are. The second is that when asked why you left your previous position, and you answer that you disagreed with the direction the software you were being asked to write was taken in, you have to thing that maybe your prospective employer is probably going to look for someone who's less likely to 'be a nuisance'.
Depending on who you are, what you job is, and how much experience you have, some decisions now could have serious repurcussions on your entire career which I for one like to think about.
As for the 'how far do your standards go' issue, again you have to look at what you're being asked to do.
I'm currently writing some very 'corporate' software for my employer. We have implemented some rather 'nasty' (IMO) things in the product we're writing, such as requiring an e-mail based registration for the product, and then sending back a unique registration-unlock key that we embed in any files saved by our product that allows us to track who created what.
The company also sends spam to email lists that it has purchased.
I disagree a reasonable amount with both of these things, and have registered by dissatisfaction with these practices to my employers. I might point out that I have not been asked to actively participate in either of these ventures. The coded-unlocking-registration was given to someone else (before I knew of its existence) and the spam was sent by our marketing dept.
So, what do I do? Do I quit (or threaten to) in protest? Do I just register my dissatisfaction? Do I sit quiet and say nothing? Something in between?
Personally, in those case, I decided to make my dissatisfaction known to my employers but took no direct action. That is what I felt was the best I could do in my current position in my life, given how strongly I feel about the issues.
But there was a time when I was not sure about what to do. I was not sure how strong my convictions were. Or about how ready I was to start looking for another job so soon into this one.
Sometimes it's good to ask people what they think of your predicament to get a new angle on each side of the issues.
But there are no immovable rules when it comes to this sort of decision. It's all a matter of balance.
In 1983 the German government prepared a census. The census was challenged by human rights activists before the german Supreme Court. In a landmark decision the Bundesverfassungsgericht (Federal Constitution Court) decided, that a paragraph from the Basic Law (our constitution) protects the right on privacy. As a direct result from this decision, the Federal Law on Data Privacy (Datenschutzgesetz) was inacted. It prohibits the distribution of personal data outside the scope they were originally collected. This means that if you apply for a credit card than the bank is not allowed to use the information you provide for any other activity than to decide whether to issue the card or not. It must not share this information with anybody not involved in this decision, not even other departments inside the same company. This strict regulation of personal data is at the heart of the current clash between the European Union and the United States over privacy. Even the Americans among you should pray, that the EU wins in this battle. Since Europe is a larger market than the US (and likely to grow faster, with all the East European countries applying for membership), there is a good chance that large companies will comply with the EU directive.
1) Really long;
What would you prefer? "This book good. Thag like. You buy?" The book reviews on /. are certainly no longer than those in most decent newspapers. Besides which, your next point,
2) Usually just [really long] chapter-by-chapter summaries of the book, rather than analytical reviews that tell you why you should read the book;
...suggests that what really bugs you is that the reviews don't do much with the space, something I'd agree with. It would be nice to see more analysis of the book, rather than information anyone flipping through a copy in a bookstore can glean. For example, how well does the technique of mixing fictional scenarios with factual information work? Does it enhance this book, or do the what-if scenarios undermine the credibility of the factual information? Do the premises seem sound?
Hm. That sounds almost like an episode fo the old series "Max Headroom", where the protagonist was investigating a rather Big Brother-ish company that ran all security and credit systems for possible insider trading, and he got marked as a criminal in their database (which was run by a giant AI that controlled *everything*). I'm kinda hoping things don't get *that* bad.
-lee
Garfinkel is
pointing out that it's technically possible that (you) are being watched
and recorded in places when you assume you're alone
I bet they catch a lot of people picking their nose
For the whole of the three years that I lived in the US, people constantly gave my warnings and a hard time about not carrying ID: apparently I ran the risk of being treated like a vagrant by the police. Personally, I think that a free person in a free country has the right to walk the streets in anonymity. Having to carry ID at all times makes me think of authoratarian police states (fascist or communist).
Back when he was president, I used to sign credit card receipts George Herbert Walker Bush. My name is Eric Anderson. Nobody ever complained....
Brin unfortunately relies on everyone giving up their privacy. However, I find that the idea of having your cake and eating it too is nigh-universally attractive.
A big company will insist on preserving secrets not only to keep ahead of the competition, but also because if they do something shameful they're going to want to cover that up. As long as people who want to keep all of their own options open (while eliminating all of yours) can exert the kind of power that they do today, we're rather screwed.
This is not to say that i disagree with his idea that you can't put the privacy genie back in the bottle.
However, different methods - preferably a whole set of many different methods incorporating ideas from all comers - will end up being needed to come to a generally satisfactory conclusion.
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
puts a whole new spin on "Hey lamppost, whatcha knowin'" doesn't it....
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
It's not the one big eye in the sky. It's the clerical minions that just push the paper onward, executing policy, cataloging the data, pushing the clipboard'd forms under your nose. Most of my management would either not care or think that monitoring everyone all the time for everything is good if it allows them to follow a procedure w/o lifting a finger.
BTW if you think this is not really a big deal. A fellow in the US recently lost a slip+fall case against a grocery chain because of the past record of his having purchased alchohol that was logged on his discount card.
"..hey we're developing rat poison. If they use it on people it's not our problem."
Yes you do have the option of not working on something that is unethical, immoral, illegal or destructive. You do not have the right to cop out or to ignore the ramifications of what you do, no matter how glittery the prize. No one is asking you to take a moral stand for the rest of us, but it is incumbent upon all of us to understand that being a cog in a machine does is not an excuse.
Ok I'll stop now.
Seems awfully ironic while selling a book about all that...
I don't know if I would say The Transparent Society is more upbeat, per se. David Brin essentially agrees with Scott McNealy, or will soon: you have no privacy, so get over it.
The $64,000 question for Brin, though, is whether it is only going to be the government and major corporations that have access to all sorts of personal data about you, or whether that information is going to be available to the general public as well.
His thesis (which is a good one, IMHO) is that losing privacy is inevitable (due to the march of technology), but that if it is a symmetric loss of privacy, if large corporations and governments can't get away with doing anything because they have no privacy either.... then a loss of privacy may not be a bad thing.
This ties in to some other posts made in this thread about passing laws enabling the public to know where telemarketers get your information, to be informed everytime your personal data is used, and to be aware of what databases exist on you, where, and for what purpose.
A world without privacy, but also without corruption, where you are aware of who is gathering or using information about you, even if you can't stop it -- it's not nirvana, but IMHO, it doesn't sound that bad. (Note that I, and Brin, are not saying we should trade privacy for security or anything like that - which would be stupid, IMHO. But if privacy is going to be technically impossible to achieve, let's try to make the best of it...)
France passed similar legislation as the one you describe in 1978 (Loi n 78-17 du 6 janvier 1978 relative à l'informatique, aux fichiers et aux libertés, available from this government site).
At the time the law was mainly seen as a precaution against big brother behavior by the state. With hindsight, it seems that today the most serious intruders on privacy are rather businesses that establish databases on clients and pass them to each other.
A few features:Article 2 says that no justice decision implying an appreciation on human behavior can be based on automated data processing giving a personality profile of the person.
Article 25 and 26 say that people on which information is gathered can
Furthermore, the law prohibits gathering information on political, philosophical or religious opinions, as well as on race (with obvious exceptions for churches or political parties and the like, who, by definition, must collect respectively religious and political information).
Actually, I got mixed up. It's not articles 25 and 26 but 35 and 36. Disclosing information filed on an individual may be subject to a fee, but the amount of this fee is regulated (I do not know the details). On the other hand, the information holder must update the information and give a copy of the updated information to the individual at no fee.
When filling out FROMAL data, be truthful, otherwise you'll get bit. But, when the invasion of privacy is 'voluntary' but required...
:)
My father almost always pays cash. If he's asked to fill out registration info, his name is that on the highest denomination... Andrew Jackson for example.
You've got to be reasonable. radio Shack, for example, uses phone numbers as database keys for customer tracking. You could try asking them to use a made up one, but you'll need to remember yet another PIN that way.
-- What you do today will cost you a day of your life.
The UNIX-HATERS Handbook!
:)
I mean, Simson Garfinkel is a notorious UNIX hater.
Check out:
http://www.catalog.com/hopki ns/unix-haters/preface.html
Although I consider myself a Linux/Unix enthusiast, I'll admit some of the things on this page made me laugh.
Sorry for the marginally offtopic post.
Who said Slashdot was biased?
And the fact that I do not masturbate furiously in front of a camera.. Although, that sounds like a good idea right about now..
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
These are good, but I'd prefer a simpler solution:
Non-citizens (businesses, institutions) may not provide to a third party information specific to a private citizen without the express written consent of the private citizen.
Enforced by the Justice and/or Commerce departments, which would investigate following tips provided by whistleblowers.
Slashdot: Liberal News for Nerds. Liberal Stuff that Matters.
If it is, he thought of it as a teenager, and convinced M.I.T. to use it on his official records... Simson was a classmate of mine, and a fine writer for The Tech as far back as the early 80's.
Bravery, Kindness, Clarity, Honesty, Compassion, Generosity
...Nothing interesting here. Just move along...
Naturally. Actually, I ended up with three and onyl swiped for one, at the Compaq booth, and also lied terribly. They did get my real name and email, unfortunately.
But I learned this time. Next time, it'll be under some nym.
Returned Peace Corps IT Volunteer
He then held up a bouncy-ball with LEDs that flashed when it hit something (THE toy to have from the expo) And asked how many of us had one of these (most of the audience raised their hands). He pointed out that our privacy was worth less to us than these flashing balls, because we'd all of course swiped our ID cards to get 'em.
:-(
The bouncy-ball with LEDs inside is a VERY cool toy -- I know, I got one. However, the example is not a very good one. What makes you think that the name on my swiped tag was a real one (hint: the last name on the tag was "Foozle")? And yes, of course I am the CEO of a corporation that employs more than 10,000 people, and yes, I personally expect to buy more than a 1000 computers in the near future.
P.S. When the awards were given out at the Slashdot party, I kicked myself hard for not coming up with the "Anonymous Coward" name for my tag...
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
A pill for PMS'ing women.
I see. You must be well acquainted with it, dearie.
Balderdash - debit cards can be tracked as easily as credit cards. Added to which, asking to be lent money is one thing - tracking where I spend it is another. I don't know why you feel inclined to have your creditors be given have this ability to track you.
You are confusing a credit report which companies like Experian will give to anybody for a small amount of money, and a credit card (or a debit card) transaction history, which is possible for the third party to get, but it's much much harder than getting a credit report. A credit report does not contain information on your spending: it records what you were lent money for, when, how much, and how you are paying it back. A credit card statement, on the other hand, does contain all your purchases. But I don't see why the simple idea of using cash has such a hard time of getting into your head.
You're missing the entire notion of why privacy is important
I guess we'll have to disagree about this. You don't seem to understand what I am telling you.
Your MAC address is hardwired. Even if the products you discuss cover this up, they can't cover up the bit trail you leave on email servers and routers in your wake.
Sigh. Why don't you get a clue as to what IP-based networks (such as Internet) are and what are differences between layers in a networking stack?
First, on many NIC cards the MAC address is changeable. Second, I tend to communicate with routers and mail servers using IP protocol. My IP address which the routers, etc. see provides no information about my MAC address and is easily spoofable anyway. I am even ignoring the fact that on a dial-up connection there in no such thing as a MAC address...
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
Cash-equivalent transactions will surely be added to the same reports people like Experian manage, once they see the obvious marketing opportunity available in giving away not just your credit history but your purchase history.
I am sure Experian would just *love* to have all my purchasing history in a database. Unfortunately for them, I don't see this happening any time soon. Cash is anonymous and changing that fact is very hard. It can be (and is) done for large transactions and for certain specific purchases (e.g. airline tickets), but in general changing the anonymity of cash is not feasible.
unforgeable headers IPv6 will certainly implement to render all of your aforementioned defenses obsolete
Another sigh. You don't really know what you are talking about. No good privacy tools rely on IP spoofing. Why don't you start by going off and reading about, say, anonymous remailers. Properly used they provide a huge degree of email privacy and IPv6 is not going to affect them at all.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
Take a pamprin honey
... [snip] ... Any long-term debt is recorded.
What's a pamprin, dearie?
Now go back and read the post again and tell me what "tools" you have for realistically obscuring your credit record
Don't get your panties in a bunch, dearie. Re-read the post again, specifically the part about the trade-off between privacy and convenience. If you don't want information about you appear in the credit report, don't buy things on credit. Yes, I know that this will make your life difficult, but that's exactly the nature of the trade-off.
And remember that the credit report has a reason: you are asking people to lend you money. Don't like the consequences -- don't ask.
The value of privacy is independent of whether you have anything to hide or not
Of course. But the danger to your privacy from the release of a certain piece of info does depend on what's in that piece of info. The value of privacy stands by itself, but *threats* to it can be different. The fact that a driver's licence includes hair color is not very privacy-threatening, the fact that it includes the SSN is.
Your IP address and MAC information can be obtained without you knowing it
Yes, that's exactly why you have to understand what's happening and what your computer may be doing behind your back. But to repeat myself there are tools (e.g. ZeroKnowledge's Freedom.net) which will prevent this if used properly.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
I'm sorry, folks, but...
Why are all the "reviews" on Slashdot:
1) Really long;
2) Usually just [really long] chapter-by-chapter summaries of the book, rather than analytical reviews that tell you why you should read the book;
3) Biased...no one on Slashdot reviews a book he or she didn't like in the first place.
To add insult to injury, when two people review the same piece, the editors print both, rather than making an attempt to decide between them (or concatenate them).
Feh!
tags), but now I look like a bigger dufus than usual. Am I the only experiencing this? Because I don't see many bare tags in other posts, and this bug has been here for weeks. Perhaps it is related to user options?
(I'm using lightweight mode, sorted by score, posts expanded).
I can relate. Today is the next to the next to the last day I'm working for my current employer. One of many reasons I'm quitting has to do with how ethical I feel their corporate behavior is. See, they are a free-ISP, and I'm the database architect. I've spent the last 3 months building them a system to allow targeted advertisement delivery...I don't much care for advertising in general, but all the targeting is based upong user-supplied information, and that's it.
But now, we've got a new project coming down the pike, one that is intended to log every URL visited, and every keyword typed, and to use that information for targeting. Here I had to draw the line...no matter how wonderful the perks are (and they are wonderful, I work from home 90% of my time), I have to live with myself at the end of the day, and no paycheck is nice enough to make up for how icky I feel being associated with such invasive behavior.
Think about it this way, if I make an extra $500 a year at a job I feel icky about, and so I end up drinking an extra $750 a year to drown my concious, did I really make out all that well?
Anyone who thinks that stress doesn't cost them isn't paying attention to their own medical bills....
Communist East Germany took less time and lasted longer. Both of those examples were tied to a particular political system and a particular politcal clique maintaining control. It gets easier and easier for an organization to do what the Gestapo and their ilk did or do. I mean, has it never occured to you that that is the ultimate use of nano? The perfect spy camera, you just dump millions of them into the chemical tubs at a dandruff shampoo factory, and what do you know, it's just a bit of dandruff, right? Only it's watching everything you do and reporting it back to the oppresive organization that could never happen... The point is that it can happen, anything can happen, but whether things will happen depends on people. So don't let people think it's okay to screw with you and people will be less likely to screw with you.
itachi
Well, IIRC, there was something that suggested that it was a dumpster diver, maybe the location where the purchases were made, or when she had used it last vs. when the fraud occured. But you're right, it is an assumption, and I should have pointed that out. It wasn't online shopping gone bad or shoulder surfing, though...
itachi, who sees dumpster diving as a privacy issue too
Are you going to Scarborough Fair?
We're going down, in a spiral to the ground
What the fuck is up with his name? Does anyone else see a striking similarity to "Simon & Garfunkle" -- is it a pen name?? Because if it is, someone should tell him that they broke up.
-----------
"You can't shake the Devil's hand and say you're only kidding."
well that was blunt and to the point...
i guess that either i have ethics and do something about them, or I just say I have them and use excuses... hmmm...
maybe there needs to be a "computer ethics" standardization... kindof like the medical ethics that defines what is ethical/unethcical and when programmers cross outside of the line, they get uncertified...
oh well...
... hi bingo
At least, in the UK.
Re: Everyone is entitled to monitor any record about themselves.
The Data Protection Act means that any firm must tell you what data they hold about you (I think a small fee may be charged). Isn't it the same in the US? You can also make them change the data if it's inaccurate and sue them if they're holding inappropriate data about you.
Unfortunately this only applies to computer records, so some companies circumvent the law. For example, to get into university you must apply through UCAS and your school gives them a reference about you. But apparently you can't get that info, because they print it out and don't store it on computer. Bastards.
I like the idea about companies being forced to reveal the source of their data though.
I think that in this day and age, "I just work here" has ceased to be an adequate excuse.
The ACM has a code of ethics and professional conduct. You can take a look here
C'mon people, a code of ethics is a great idea! That would be at least a starting point for a way to enforce the fact that you own information about you. Code a project that takes inadequate steps to protect privacy? Tweeet, you've been sentenced to work for the EFF for a week. We could start it with "First, reveal no one's personal data."
I think that in this day and age, "I just work here" has ceased to be an adequate excuse.
Walt
>Non-citizens (businesses, institutions) may not provide to a third party information specific to a private citizen without the express written consent of the private citizen.
The good thing about this one is that it simply removes the profit motive (or at least drives it into the criminal underground). The two problems I see: First, identity theives are not restricted in what they can do. However, I think this is mostly solved by the fact that there are no institutions that have access to the info theives need. So with regard to individual theives, the situation is not a whole lot better.
Second problem: it drives the collection of personal data underground. I can forsee the time when, "If personal data is outlawed, only outlaws will have personal data." Underground TRW? Maybe, although I admit that it would be a lot harder for them to get data.
Overall a good idea. In fact, maybe if we could get this passed in California, we could start forcing all businesses in CA to abide by it. Until then, keep polluting those databases. "Why yes, I'm a PhD Inuit with 8 children and an annual income of US$200,000."
Walt
Here's the URL http://www.databasenation.com/
It has a complete version of Chapter 6 online as well.
Lib.BENCH the only site you'll ever need!
Good point.
:)
I'll start microwaveing my shapoo bottles right now !
1% APY, No fees, Online Bank https://captl1.co/2uIErYq Don't let your $$$ sit in a no-interest acct.
I'm at a large college in the midwest majoring in computer engineering and privacy is a joke. First off, they've up and sold all of our personal information to anybody who will pay for it. It's long accepted that they sold our phone numbers, but now they're selling our e-mail addresses. Just the other day I and every other student got spammed by some company with an e-mail about their great weekend dinner deals. What? Did I ask for that e-mail? Heck no. But they don't care. I pay my 7 bucks a month for ethernet / telephone service and they still feel the need to sell my e-mail address? What a gyp. Why in the WORLD does this need to be an opt out situation? Did I ask for any of this to happen? No. They throw a hissy fit if anybody moves off campus and tries to get away without giving the university their new address. Those stupid telemarketers call every day with a new credit card, and now e-mail daily telling me about restaurants and how I can get my MCSE certification? I see it fundamentally wrong that I have to pay to have my information not made public and I find it even more appauling that the university, after screwing me left and right and charging for everything feel the need to sell my information to silly spammers and their opt-out policies. I'm pretty sure our ethernet ports are monitored--last year after I 'accidentally' had an anonymous FTP server running (whoopsie) and the big bad RIAA sent them a letter, they called me in, talked to me and told me that they'd been monitoring this and that...Ok, so maybe they had a search warrant (d'oh) but still, I changed all my passwords and now I'm running an OS that might be a lil more secure than OpenWindows95. Anyways, my point (I have one?) is that privacy is a joke, even when you're paying thousands a year to attend a large public university. So get over it, encrypt everything, and if television has taught us anything, trust no one.
*pulls the curtains shut, plays scary music and burns his documents* err...
my $0.02....
LDAA #$80 BITA 0x40 BNE END
The reviewers say that 30 government agencies keep track of you using social security (SS)numbers. Well, I had to fork over my SS number and a credit card number to my ISP to activate a $9 per month internet connection. I was also asked to fork over my SS number, a credit card number and my drivers license number to activate a $18 per month wireless phone plan. Curiously, I was able to buy the $180 wireless phone and an $800 PC with only a credit card number. Why is there an inverse relationship between cost of product and amount of personal information required to make the purchase?
The other day I went to the dentist and had to fill out one of those interminable insurance forms. Amongst other things, they wanted to know if I'm single/married/divorced/separated etc. Why the HELL do they need to know that? When are they going to start enquiring about my sexual orientation, as well as my preferred sexual positions?
Actually, there is a reason for any MD to ask you those questions: epidemiology. A big thing these days is "evidence-based medicine" --- the idea that maybe doctors should base clinical judgements on good statistics rather than their own faulty memories and biases. (What? Medicine should be based on rational scientific technique? What a new idea!)
Married people have different habits than single. If some weird oral condition shows up, it'll be useful to see what variables are associated with it. This kind of weird clustering is how we discovered that fluoride prevents tooth decay --- dentists were seeing kids with mottled teeth in some towns, and also seeing way fewer cavities in those kids. Do some studies, find fluoride as the key factor, and suddenly most of the population still has a full set of teeth.
Is it intrusive? Yes. Should insurance companies (or doctors) be allowed to do whatever the hell they want with that? Fuck no. However, it can be useful. (I do agree that there should be a disclosure with each question saying why it's being asked. Perhaps hypertext will make this a reality once people grow some brains.)
Alik
Person at door: This is Jim from the CIA, we've got a search warrant to come and find all that illegal stuff you've been doing over the last few years.
You: Please disclose the source of your information.
Jim: You see that house across the street over there? We've got someone watching you from there. See that light shade, it's got a bug in it. See that harmless looking telephone interchange there, it's got wiretaps in it. You know that...
Dude, if DoubleClick changes their privacy policy without giving anyone notification as they promised, what more chance is there they are going to disclose this information to you?
"This banner advert collected your IP address and links your browsing habits to profile #293-2995488-22312"
So many of Slasdotter's so frequently espouse the virtues of socialisim, elitism, and liberlism, that, I'm suprised that many of you are not lauding this new all important globalism. You can't have it both ways, people. So line-up, recieve your biometric I.D.'s, trade in your Tee's and jeans for your Chairman Mao blues, and get on with life. He..he..and they laughed at me for refusing to fill out a Census.
Does a jock itch?
My old alma mater (a state school) flat out refused to use anything other an SS# for ID, on the basis that Financial Aid needed the number for student loan purposes. Initialy, it was a barcode on the ID card, then they printed it (with numbers), so anyone could read it. I have no problem giving my SS# to Financial Aid or to Career Services (they handle student employment), but why do Housing or Food Service need to know it?
Last semester at UMass Boston, a student got the SS# of the student he was stalking. He changed her address in the school's records, got credit cards in her name, dropped all of her classes, etc. The school didn't know how it happened. They use SS# and a 4-number PIN for ID. He got them from her ID card at the library. The numbers also appear on every piece of mail students receive.
Last year, Arizona passed a law banning schools there from using SS#s as student ID numbers. If that would spread to other states, it would be a step in the right direction.
Put my clarinet beneath your bed 'till I get back in town.
Brin as always is very optimistic, and makes a good argument that privacy, such as it is, is a relatively recent phenomenon: that historically everyone knew everyone else's business anyway.
Recommended if you would like a more positive view of the effects of the electronic age on privacy, and some interesting insights into the downsides of trying to preserve privacy in the face of technology.
-kls
--
LibBT: BitTorrent for C - small - fast - clean (Now Versio
Here's a thought. Assume that all this information is being collected. Massive, massive amounts of data, a huge mountain of data that even the fastest machine and the most sophisticated software takes time to go through. It's fairly accurate, most of the time, and people come to rely on it for various things just as they came to rely on computers today.
What about those who have the intelligence and skill to defeat these monitoring systems? The Stainless Steel Rat, or rather the Silicon Rat, of the future? This would be a person who figures out a way into the system that isn't checked or monitored -- and with a system that large, you know the chinks are going to be everywhere. Once in the system, they learn how defeat the various monitors -- feeding in false video signals, altering heat-sensor records, and intercepting the audio stream and co-opting it for their own use. These people will be essentially invisible, able to take on any identity of any person on a moments notice, to assume the thermal pattern of a 12-year-old child (at least in the eyes of the computer), and mask their activity in either a quiet ripple of data modification or a burgeoning wake of destruction.
I like a comment from the book "Hammer's Slammers" by David Drake. Paraphrasing, "Seeing the satellite image of something happening is one thing -- interpreting it as hostile activity is something else." People are endlessly adaptable, much more so than corporations or governments. These cameras that have been installed are effective now (read the Brin chapter)-- but what happens when the criminals figure out how to beat them? Having cameras in a bank doesn't stop people from robbing it -- they just adopt defenses like masks. Anyone who thinks that this spread of technology won't foster an increasingly technological brand of criminal is deluding him/herself.
What does this mean? It means the only people that these cameras are going to be spying on is normal, law-abiding people, since most criminals will figure out ways around them. Ask any real-world physical security expert. You cannot design a system that can't be defeated -- and the larger the system, the easier it is to defeat it. The root and main component of security will always be alert people, not computers. THIS MEANS YOU! Protect your data!
Unfortunately, S.G. seemed to flounder in how to approach this subject. He had plenty of examples of abuses of data collection and dissemination through TRW and credit bureaus, drivers license info, automatic toll collection systems, and numerous other examples; but he never applied this to a systematic concept of how to design software or systems with privacy as a feature requirement.
Many of the participants, including myself, kept on prodding him for ideas on how they could incorporate personal data protection when designing software; but each time he fell back on examples of poor implementation, rather than methods of good implementation. I ended up leaving when it became clear that he had not thought his message through beyond simply shouting "You are losing your privacy!"
I completely agree that protections need to be incorporated into what data we allow to be collected about ourselves and how it will be used. This is at both a legal level and in how we design the databases and systems of the future. Myself, I always ask why certain pieces of information about myself is being collected by whatever agency/organzation, and if I am not satisfied with the answer, I don't provide it. But unless we can get more information than simply "X is bad", I think many legislators and product designers will not take this issue seriously, and we will continue down this path of trying to cram the Pandora's box of our personal information back in after it's been released by a malicious or accidental data collection service.
Somedays it's just not worth chewing through the restraints...
Now we know what happened after he broke up with Paul Simon.
ICQ: 49636524
snowphoton@mindspring.com
Got Rhinos?
I know that there are ways to encrypt phone calls, but are such devices expensive and where can one get them? We have programs like PGP and GPG to encrypt files and emails. This of course doesn't solve the problems with credit card and medical records. We could just start using cash, but I suspect we would see what happend to John Arbuckel in a Garfield cartoon I saw once. When he tried to pay for everything with cash, he was taken into custody because they thought his behavior was suspicious. Also most people would never be able to get a home if they had to save up their money to buy it out right.
Molog
So Linus, what are we doing tonight?
So Linus, what are we going to do tonight?
The same thing we do every night Tux. Try to take over the world!
It took Germany about 20 years from November 1918 to November 1938.
Did they last long? Exactly
That's beyond the point. The change did take place and the German people did not get rid of it themselves.
The level of technology was high (just think of Zuse), but you don't need that for control. Some camps and later the eastern front did nicely, thank you.
Censorship on Slashdot
I think that 1984 is the only book everyone should read, and I see a certain kind of novel becoming history books since The Sheep look up, so I'm certainly not one to disagree with the general idea of Database Nation.
But from what I take from the reviews (the book is ordered), the book puts slightly to much blame on the government. Most people forget that the government is not independent from its citizens. So if no laws exists that prevent data abuse, there are not enough people who cares.
For another look at the matter I recommend David Brin's Transparent Society.
Censorship on Slashdot
Also, that sort of thing takes /time/, so if it were to happen, it would take roughly three generations
Guess again. It took Germany about 20 years from November 1918 to November 1938.
Censorship on Slashdot
You cannot design a system that can't be defeated -- and the larger the system, the easier it is to defeat it.
And silicon is getting smaller and smaller.
Censorship on Slashdot
As I recal, a law was recently (passed? upheld?) which forbid DMVs from releasing personal info except in narrow cases. One of the big pushers behind the law were abortion rights activists. Seems pro-lifers in some areas with lax DMVs would write down liscense plate numbers for women entering clinics then get their home addresses and harrass them.
-Kahuna Burger
...will work for Chick tracts...
Excellent suggestion, I'll have to start injecting dummy data into the system right away.
Falsifying registration forms is pretty easy, but how should one act when confronted with someone directly who is seeking personal information about you in a formal way. Example, Radio Shack employees will enter all sorts of information about you into their system when purchasing for the first time from their store (address, phone number, etc.).
Should we falsify as much data as we can get away with (clearly they know my sex), tell them to bug off, or give it to them straight. This seems more like a Miss Manners question, but a legitimate one.
Try PGPfone. PGPfone is free (MIT Licence, not GPL; source dosn't seem to be available) and allows you to make secure, strongly-encrypted phone calls via either a direct phone line or over the 'net. A definate must-have piece of software. Sadly, no one seems to be maintaining it (the current version dates back to '96). Be sure to pick up a copy of PGP Freeware 6.5.2 while you're at it.
To digress slightly, I find it annoying that PGP 6.5.x (unlike earlier versions) dosn't include PGPdisk, which I find to be indispensable; and does include PGPnet, which is of marginal utility (to me, at least).
"The axiom 'An honest man has nothing to fear from the police'
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
I wonder what is going to happen to the list that contains all of us who read this review? ;>
Are we going to be flagged as possible threats to these Agencies
Did they last long? Exactly.
____________________________________________
___
I'm an exhibit on the mounted animal nature trail.
Privacy, the one thing valued most yet attained the least. Don't bother reading 1984, it's inaccurate. All we need to do is get some control on how data is transfered, and encrypt more. As for personal privacy, just pay attention and watch your own ass. *shrugs*_ ____
_______________________________________
___
I'm an exhibit on the mounted animal nature trail.
Somehow the chapter 10 reminds me of books by Philip K. Dick, and that is no good, no sir. Even when I do like Dick's books, I'd rather left those issues only to be fiction.
Same comment but know with account Forget privacy. There isn't any privacy on the net. The only question is do I recognize the recording or not. I'm sure millions of Netcracks won't agree with me.But I don't care. hähä
When I fill out items like warrantee cards or magazine subscriptions, I always write on them that the information contained on the card is proprietary and cannot be used for commercial purposes. I then add either an incorrect middle initial or I add a fake mailstop or apartment number (I own a house). I have a little dBase of what was assigned to each outgoing mail item. If I get junk mail that has postage-paid reply envelopes, I send them back everything with the identifying information deleted (and I usually add things like rocks and cardboard, just to add to the USPS's profit and keep the cost of stamps down). If I get a reply postcard, I tape it to a box of rocks or dirt and send it back.
:)
After junk mail arrives, I write to whatever company sold the information. I cancel subscriptions or vent hate and discontent, and then I tell them that I will begin an internet-based boycott of their products. This works rather well, especially with the uninformed drones.
You should see what I do to spammers
"First things first, but not necessarily in that order."
- Doctor Who
I can write with either hand (not well, but I can) as an expiriment I signed all my credit cards with my right hand, and then all the sales slips with my left hand. Onle ONE clerk has noticed that my signature didn't match the one on the card and demanded further identification. (Once noting my drivers license had the same name, and signature and my picture on it he accepted the sale)
Somehow the above tidbit fits into this topic, and it forms some arguement in here. I don't know what though.
I've done a little defense work, and tried to consider the ramifacations each time. In the end, I'll never work for a defense-related org again, but to be honest that's because they're mostly liars and cheats, ask you to defraud the govt, etc.
As an intern I did some work for SAIC on rocket exhaust. Some of the work went to the shuttle effort (good) others went to the MX missile (probably bad). One good thing about that experience is when people make a comment like "well, it isn't rocket science" I can say "yeah, I know, I've done that."
I answered an ad for some async comm and database work in '91, turned out to be a BBS for the Navy. All logistics, no targeting, and a lot of it was just getting messages back and forth between sailors and their families. I thought that was OK. Having completely avoided real military service myself I felt I could make a contribution w/o blowing anyone up. That project was later taken over by a company that really just defrauded the Navy to the tune of millions.
When I was consulting at MITRE one of the guys was talking about smart minefields; I wasn't too comfortable with that. I wouldn't do any real missile work, especially targeting. (After all, rockets have peaceful uses too.)
If you really feel that your work is going to be used for evil purposes the ethical thing is to get out as soon as possible. Let's face it, your not going to quit if you can't pay rent, but there are no shortage of normal business gigs out there these days. One cool thing about being a programmer is we can do cool stuff without a big-bucks backer, as the development of Linux surely illustrates.
The revolution will NOT be televised.
C.
I sometimes write stuff
As Garfinkel says in the book, it's the hundreds of cooperating Little Brothers (and Sisters).
...
... the truth is out there, but can you connect it up?
... but do they have the inclination?
The book's sub-title, "The death of privacy in the 21st century" sums is up pretty well. Being able to tell if a woman's pregnant from a retinal scan, the local council using a satellite photo to check your planning regulations.
He asks us to consider what might happen if you were to be able to link computer-held information about yourself. Scared?
Everything from your electoral information, your tax records, your credit card bill, your mobile telephone calls, your university's course records, your web browser's history file, your supermarket loyalty card, your car's satnav.
Now factor in face recognition from CCTV, cookies left behind from web sites, the boxes you tick when you sign an application form
Now draw it together. Now automate it so that a computer, not a person, makes decision on your life based on these related clues.
Scared now? I was.
Boy does he cover some ground - from medical records, web logs, satelite imagery, encryption products, mail redirection - we get the full gamut. His central tenet is clear - just what does personal information mean? What rights to you have over information about yourself? Your name, your date of birth, your income, your shoe size, your magazine subscriptions, your web life. All disparate facts, but when combined, a powerful profile and useful to many people. From an insurer worrying about you as a policy, to a prospective employer who's interested in seeing what you've said on the net, to the local council who noticed you've built a new outhouse on your land
The body is yours, but what's right do you have to your identity? You can fight back - pay in cash, wear dark glasses, don't get ill, don't travel outside your country's borders, browser through an anonymiser, opt out of DoubleClick - but the tide needs to be stemmed and only, apparently, the governments can do it
A truly scary read and a wake-up call that information is, now more than ever, power. And if you've either it got it or you ain't, just how to you decide who gets information about you?
--
"I do not speak for my employers, though they are controlled from my Teddy's huge pulsating brain."
I agree about the requirement to carry ID on your person. However, that's a different issue from the right to privacy. The obligation to be able to identify yourself does not imply the obligation to divulge any other personal information. That's where the police state begins.
Ironically--and that's a point many people don't seem to get--having a national ID system SUPPORTS strong privacy rather than undermines it. If you have a single, simple system of identification, no further information is required. On the other hand, if you don't, you must piece together all kinds of info to make you unique. It's like databases: you either have a unique key that can identify a record unambiguously, or you have composite keys consisting of several keys that together create a unique key. The latter case by its very definition leads to less privacy.
Uwe Wolfgang Radu
I've tried to post a history weeks before, about
part of this scenario becoming a reality here in Brazil.
It hasn't been accepted here at slashdot, but it's live and
well at www.kuro5hin.org, under the title Brazil, a new "Database Nation"?. It has a description of a system developed in Brazil that cross-check data from 3000+ data sources, returning both your entire credit and consumer report (including address, telephone and monthly income) and a credit ranking which will tell how and how much credit you'll be able to take. All of this just with your name. The article has some links (in portuguese) that you may want to translate using your favorite translation tool.
P.
--------
Fighting the herd since 1985.
And no, I never saw him sing Scarborough Fair.
Bravery, Kindness, Clarity, Honesty, Compassion, Generosity
...Nothing interesting here. Just move along...
I've just bought this from my local bookshop. And now I return to my desk, and there's an article about it in front of me. You were waiting until I bought it, weren't you? I must get one of those aluminum beanies...
I've gotten into a few arguments and usually opted for alternate forms of ID (equally as dangerous, but still).
e .html#private m l#IsItIllegalToAsk
The fact of the matter is, gov't agencies, if they ask for your SSN, have to give you a Privacy Act Disclosure Notice. Private companies can ask for it. You can refuse but, as you found out, possibly at the cost of not receiving the service you were requesting.
Great links are:
http://www.cpsr.org/cpsr/privacy/ssn/SSN-Privat
and
http://www.cpsr.org/cpsr/privacy/ssn/ssn.faq.ht
as well as http://www.ssa.gov/pubs/10002.html
Returned Peace Corps IT Volunteer
when he said "you already have no privacy, deal with it".
What Scott McNealy meant was: "I have no privacy and have to deal with it, so I don't see any reason why any of you should have any privacy either".
Your entire credit history can be inspected by strangers.
Yes, and so? You yourself are observed by strangers every day as you walk/drive on the streets. This is dangerous only if the credit history reveals much about you: see next.
Credit car purchases can be easily tracked, measured, and mined to form a frighteningly fitting profile of you.
Yes. There is a trade-off (as with most things in life): you trade privacy for convenience. You want more privacy? Fine. Don't use your credit card unless absolutely necessary (e.g. car rental). Pay for everything with cash. Yes, it's less convenient, but you leave no paper trail. The choice is for you to make.
Your emails can be read by your employer.
Duh! So, I am to understand, the idea of having non-work email account never crossed your mind? This is like complaining that you had a fight with your girlfriend on the front steps of your house and all the neighbors were watching.
Your phone may already be "observed" by outside agencies.
WTF do you mean? Wiretapping? That's very old news, plus the number of wiretaps in the US is very reasonable.
Most of your network transactions can be traced, given time and effort.
It all depends. If you give your real name/address/email to all who ask, never look into your cookie file, etc. don't be surprised that some companies (DoubleClick comes to mind) know exactly which porn you like to jerk off to. However, again, if you are willing to trade away some convenience to get privacy, there are tools available. Freedom.net, for example, comes to mind.
To summarize: don't whine. If you *care* about your privacy, there are tools out there to help you. If you don't want to spend any effort, thought -- don't be surprised at the results.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
The problem with written consent is that it may not be voluntary in any practical sense. This is a big problem with medical insurance and medical treatment in general. For most people, declining employer subsidized health insurance is not an option. It isn't realistic to expect people with serious illnesses to shop around or argue about the hospital's privacy policies. When you are really sick, you will sign any paper they give you if it results in access to a doctor and medical care.
When you post, "Extrans" is now plain text and "Plain Old Text" produces the results formerly known as "Extrans".
I've sent mail to Rob about this a week or two ago - hopefully they'll fix it soon.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
When I have anything with a number I don't want otehr people to find (credit card applications, SSN, stupid credit card checks, old checks) what I do is tear the item into a few pieces such that the number in question is at least divided in two, then I make sure the two halves of the number go in seperate trash cans/bags.
It also helps if you have something noxious (like leftover Ramen) to distribute over some of the paper - I think you'll get most dumpster divers to steer clear if it's harder to get to your stuff than some other bag with whole statements or numbers!
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Anonymity is great when you're being hounded by criminals or an oppressive governments. But it is a temporary refuge, because generally those oppressive powers that want to know who you are have resources available to find out who you are. If you want long term freedom, anonymity is a crutch that will eventually fail you. You'd do much better to stand up and demand your rights.
There is a reason the phrase is "Anonymous Coward", because the anonymous have no credibility. When you can't tell a leader from a crank or the honest from the criminal, what good does it do you? All criminals want anonymity, while only a portion of the honest desire it. Therefore it is safer to distrust all anonymous people.
Would you give your credit card number to anonymous individual to buy something? Anonymity and security have opposite agendas. Authentication and non-repudiation, hear those words before? Ever used PGP, SSL, certificates or digitally signed something? It is all about trusting the party you are talking to, and holding those people to their word. You can't do that anonymously. Sure, you can have a proxy identifier, like my "0xdeadbeef" handle, but it is still an identity on slashdot, and there more I use it, the more tracable it is to my "RL" identity.
Anonymity is not privacy. Privacy is about protecting your sensitive information when information can be collected, bought and sold more easily than air. The anonymous have no need for privacy, because they have no information. They might generate it, but it is not linked to them. The anonymous have no "state" in the world, so they can't do anything that requires trust.
I didn't see this mentioned anywhere, so I'll throw it out there. Simson Garfinkle writes weekly column for the Boston Globe called Plugged In. If you like his writings, you should probably check it out.
Cthulhu for President!
(darren)
You don't have to be Anonymous Coward to be anonymous. Ya, I show my email address but that isn't required.
-----
On an unrelated matter: I met the author briefly at a Barnes & Noble. Very interesting person to talk to. He mentioned a couple things like potential names for the book which he rejected ("The Fishbowl", "Data Rape"), and chapters that were taken out (such as one about GPS).
"Getting you closer Experian is an information solutions company. We help organisations to use information to reach new customers and to develop successful and long lasting customer relationships.
We have built our business on the simple premise that commercial success is about getting close to customers. The more an organisation understands them, the more able it is to respond to their very individual needs and circumstances.
This is the approach that we adopt in our own client relationships. It is also the underlying motivation behind everything we do as a company."
Strike me pink if THAT's not a warm and snuggly statement of porpoise!!
And their clients are happy as clams, too. Over a million Frenchpeople are serviced via the tracking on TF1, which I gather is Tee Vee France One.
Also English Banks, and variousBanks, like that they fight fraud!! See, they fight fraud by having a file on everybody, isn't that great?!
Unauthorized use is way, way down! And don't worry your little heads about AUTHORIZED use. It's AUTHORIZED!
DWW --/Disclaimer/-- Read twice for the saracsm-impaired.Never call a man a fool. Borrow from him. * -** *-** --- *-- - **** * *-*
In Sweden this law means that no one, save artists, journalists and govermental agencies, may use personal information without the persons written consent. This has resulted in some problems - but the intention is quite right: it is MY information.
When first passed, this law was the topic of a quite heated debate "you can not even name a third party in a mail", but the law has not been used to this effect.
Since a long time you have had a legal right to read all stored information about yourself free of charge (of course the goverment has some exceptions to this). Most information is public though.
This doesn't mean that this is unproblematic - it is very problematic in some ways. Anyone can walk in from the street and request information from my taxation records, my school grades (this is ok), my adress, what cars I own etc... While this has advantages the end result is that it is easy to get information about just about any Swede; this doesn't to my knowledge apply to the rest of the EU.
IANAL :-)
dk_a_stacken_kth_se@foo.com Remove "@foo.com" from email, interpret the rest.
so, i work at a major direct-marketing company, doing modeling and segmentation for the purposes of maximizing the impacts of direct mail campaigns. i don't love what i do, but the math is fun and i get to program (btw, im iso work, math, perl, sas, nyc? :).
anyway, having been in this position for a while, i've becme acutely aware of not only how much information is available on your average Joe Consumer, but also how many varied hands this info passes through before magically being transmogrified into a piece of junk mail. a couple of months ago i got tired of the constant reminder in my own mailbox of how shady this all is, and i drew up letters to the dma, equifax, experian, and others to terminate their rights to traffic in my data.
fine. ok, so i'm a hypocrite, but worse than that, i mentioned to a peer, in confidence, that i was 'opting out'. next thing i know, i'm called into a superior's office, and without putting my personally paranoid spin on things, i'll simply describe the proceedings as an inquisition into my loyalty.
now, don't get me wrong -- i guess i shouldn't have mentioned it, and i should probably go into a line of work less troublesome for me, ethically. but the thing that wierds me out is the reaction that i should have no problem sacrificing my privacy, and that if i'm offended, i'm going to wind up getting in bad with management.
not the worst, though: the more of my non-tech friends i tell about how dirty my involvement in this process occasionally makes me feel, the more i hear that they don't mind, or don't think it's as bad as i say. they call me paranoid, and refuse or fail to draw the link between, in this case, junk mail and an invasion of their privacy.
now, don't post calling me a self-loathing scumbag -- i've got to make a living, and doing math tricks in washington square park doesn't pay as well as you might think. the point of my story is to provide a look at exactly how negatively any attitude other than complete surrender of one's information privacy can make one look, *has* made me look.
on the liner of radiohead's most recent single, they've written that the innocent have nothing to fear from the rapidly-expanding data industry. what follows from this attitude is that an individual who chooses to avoid this process of information buying, selling, and processing, is already in a position of issuing a tacit, unspoken admission of some sort of guilt.
god is just pretend.
If the general public is more aware of the issues in privacy, better (more informed) decisions can hopefully be made. Privacy is getting to the point now where it affects enough people to get attention from advocacy groups, the media, and even (to a small extent) politicians.
I'm hoping this awareness will stop privacy invasions before they get to the "horror-story" levels we keep hearing about.
If the data is attractive enough, people may use it. The idea is that the license will apply certain terms to other data that they hold. Does anyone think it could work?
The net will not be what we demand, but what we make it. Build it well.
The _technology_ might be secure (for some period of time until Moore's law overcomes the security).. But the databases themselves will most certainly not be.
Not without reason - and currently there's not a reason.
The people maintaining/with access to these databases are paid minimum/barely above minimum wage... Turnover is rampant. The question isn't is the *database* secure, but who's "allowed" access to it.
The 2 biggest problems are going to be the a result of the institutional stupidity of big Corps, first, the utter reliance on "the system" - without the checks/balances and authority to fix problems, and the the enforced ignorance of their low level workers.
This is well illustrated with the error quoted with the error in credit rating - and then the continual re-error as databases were synced up.
And the utter disdain of anyone for any responsiblity in these matters is what makes them so bad - not that they happen - but that the corps just don't care to build the system right, and with the ability to fix these problems.
Addison
Won't do I'm afraid. To begin with it would make the phone book illegal. The same for e-mail lookup services. It would simply be to hard to get personal data for valid reasons.
OTOH it would be quite easy to go around such a law. So we can't sell our info to marketing companies? Well, then we will sell the marketing service itself. So we cant buy that information? Lets buy the company that has the information. (or if they are too big to be bought, let them split out a database branch, that can be sold).
I have no big problem with *correct* info about me used in the *intended* way. What I want is for it to be very dangerous for a company to use or sell incorrect data, or to use it against the terms I once agreed to. Thereby restricting database marketing to really profitable areas, not the "throw out a million hooks and something will catch" schemes.
All opinions are my own - until criticized
Databases as a threat to privacy is one thing, "ID spoofing" is another.
It does not matter if someone ruins my life by calling someone, saying "Hi I'm guran, shut down my account please" or "Hi I'm 123-456-789-0, shut down my account please"
Since when are usernames, or SS# alone an acceptable form of identification?
All opinions are my own - until criticized
There seems to be a double standard here on /.
Everyone is 100% for their own privacy. At the same time it is claimed "If the information is accessible, it is OK to use it", "Information wants to be free" etc
The net (or the electronic society to use a Katz-ism) is making more and more information accessible and searchable. That includes info about YOU as well as about software specs.
The information is out there. And if we can lobby for laws to restrict it's use (in the name of privacy) so can the corporations (in the name of protection of property)
You might argue that personal info is different from other info and deserves special protection. I agree. However, as shown in the DeCSS case and others: If protection can be circumvented, it will.
If you are anonymous, you have no rights (since rights are given to people, not computer sessions) If you are logged in you will leave a trail.
On a more direct reply:
What the heck does a bouncing ball has to do with privacy? If someone knows that I went to an exibition, that tells them... That I went to the exibition. Nothing more. Is your idea of privacy the same as absolute non-interaction? Cause that is the alternative.
All opinions are my own - until criticized
"Don't give out information like your SSN (by law, no one can force you to use your SSN as an identifier!!), DL number, birthdate, phone number, etc. "
Ever try to argue this with the local cable company? I did. They said it is legal. And that there was a state law here in Florida that allowed them to use SSN's in their database anyway.
I said Federal Law supersedes state law and that the SSN number is issued and controlled by a federal agency. I got into a major pissing contest with the final result a denial of cable service. I have been without cable TV for 2 years now. Any clarification on this issue would be appreciated.
Good reviews, and the book will have good impact for security/privacy awareness. My next click is going to be over to Think Geek to buy the book. This seems to me a s a "must buy" for the PHB audience. Having line level folks get this book in front of the policy makers could have a positive effect on the culture shift to thinking about how your customers view both privacy and security up front. I beleive having a policy maker read this will contribute to making the "Double Click" practices a thing of the past. Scary stuff because it doesn't seem all that far away.
More race stuff in one place,
than any one place on the net.
I'm not confusing the two. Cash-equivalent transactions will surely be added to the same reports people like Experian manage, once they see the obvious marketing opportunity available in giving away not just your credit history but your purchase history. Don't assume your banks will continue to horde the valuable commodity known as your audit trail.
Sigh. Why don't you get a clue as to what IP-based networks (such as Internet) are and what are differences between layers in a networking stack?
If you're so well informed regarding IP than you surely know about the unforgeable headers IPv6 will certainly implement to render all of your aforementioned defenses obsolete. Enjoy.
A pill for PMS'ing women.
And remember that the credit report has a reason: you are asking people to lend you money. Don't like the consequences -- don't ask.And remember that the credit report has a reason: you are asking people to lend you money. Don't like the consequences -- don't ask.
Balderdash - debit cards can be tracked as easily as credit cards.
Added to which, asking to be lent money is one thing - tracking where I spend it is another. I don't know why you feel inclined to have your creditors be given have this ability to track you.
the danger to your privacy from the release of a certain piece of info does depend on what's in that piece of info.the danger to your privacy from the release of a certain piece of info does depend on what's in that piece of info.
You're missing the entire notion of why privacy is important, at the base level. Once again, privacy isn't just for people who have "something to hide". If you can't get that and admit to it, don't reply.
But to repeat myself there are tools (e.g. ZeroKnowledge's Freedom.net) which will prevent this if used properly.
Your MAC address is hardwired. Even if the products you discuss cover this up, they can't cover up the bit trail you leave on email servers and routers in your wake.
While I agree (after a lengthy debate on this topic the other day) that anonymity is a component of privacy, folks had better cherish these last days of anonymity on the web. Spamford Wallace taught us all a lovely lesson when he showed us the amusing things one can do when one cannot be traced. Right then and there mainstream society decided anonymity was on the chopping block.
... so they can tell you what other books you should buy.
- My password is slashdot
We're the "technology people," the geeks.
Whether professional or amateur (a proud term, originally meaning someone who does something for the love of it), we're the people who are making this possible.
So, what are we going to do about it?
There is no 'i' in team, but there is in fiasco...
a friend of mine bought a shredder after her credit card fell victim to a Dumpster diver
<p>
How does she know it wasn't a clerk at a store she used the card, or a relative or coworker snooping in her purse, or an employee of the credit card company, or someone stealing her mail, etc..
<p>
It bugs me when people come up with grand conspiracy theories or elaborite scenarios for how simple thefts take place. All it does is serve the interests of the people selling security solutions, or the credit card companies who know full well how insecure credit cards are.
<p>
People hype about how "insecure" online transactions are, when they are many times as secure as physical transactions, because there are less people involved.* It's the same with blaming a dumpster diver for stealing a number. Yes, you should probably shred things with your number on it. But no, it's not the most likely scenario. The poor security of credit cards is a fundamental flaw in using an identifer as a secret key. Don't go blaming our eroding privacy for credit card theft.
<p>
* One cavet about that. Foolish companies that store credit card numbers on their web server are asking for trouble. In that case, it probably is easier to steal numbers from online merchants.
*
What needs to be done is [...] intentional pollution of the gathered data. Once the gathering of unreliable data becomes more costly than profitable, it will stop. If it costs more to filter and refilter dirty data than to simply ask for voluntary opt-in, then the data farmers will do the 'economical' thing.
I whole heartedly agree with this strategy. It is extremely difficult to get laws for protection of privacy passed when most politicians are in the pockets of corporate interests. The best way to fight corporations is in the area that is most sacred to their cold little hearts: profits.
There are many opportunities to contribute to database pollution. When a website insists you fill out a form before allowing you to download their "free" offering, use made up data. I read recently that it is estimated that about 50% of such data currently collected is false. Some companies, such a Realplayer are particularly odious, demanding all sorts of personal info before letting you install the software. In their database, my name is "Off, F*ck" (without the *).
In the physical world, avoid stores that require customer cards for sale prices when possible. If that is not practical then make up a phony identity on your application. I shopped at Safeway for years and took advantage of their weekly specials. Then one day I walked in and they told me I had to divulge all my personal info before they would let me buy anything at a sale price. I eventually got a card, but they think my name is J. Mxyptlk. (It's amusing to watch the cashier try to read my name off the receipt so she can "thank" me.)
A friend who used to work in the credit card centre for a large bank once advised that you should apply frequently for credit cards. Use your real name but all the other data such as income, marital status, occupation, etc. should be different on each one. After a while, there will be so much contradictory information in your file, data miners won't know what to believe about you.
Ideology is for ideots.
one of the hard things here is personal morality in projects. I'm currently involved in a project that could very well be used to track students throughout their primary educational careers. Nationally.
Problem is, its a fun, challenging exciting project, but the ethical questions are still plaguing me.
The problem comes down to economics... if i want to eat, i have to code... but certain projects may go against personal standards...
anyone else figured out where to draw the line?
... hi bingo
Take a pamprin honey. Now go back and read the post again and tell me what "tools" you have for realistically obscuring your credit record - news flash, there's more than credit card purchases on that puppy. Any long-term debt is recorded.
This is dangerous only if the credit history reveals much about you: see next.
The value of privacy is independent of whether you have anything to hide or not. If you can't wrap your head around this concept, you're pretty much a write-off.
It all depends. If you give your real name/address/email to all who ask, never look into your cookie file
Your IP address and MAC information can be obtained without you knowing it, and for most of us the IP part is hardwired, even at home.
Consider:
Folks - the only thing that separates you and Jennicam is the cam.
I think a big part of the problem is the ease of using our technology, and the tiny amount of attention we pay to it, ourselves! Here's an example:
About a year ago, I couldn't find my credit card when I tried to pay for a meal; after digging around in my wallet, I found it "filed" in the wrong slot. Because I was searching for a specific card (I have a few of 'em), I actually looked at the damned thing for the first time in weeks. It was someone else's card.
To make a long story short, I used the information on the card itself to turn it off (after I turned mine off, first!), then identify and find its owner. As it turned out, we'd used each other's cards for a week, since they were switched in another restaurant; each ran up several hundred dollars in purchases, without anyone checking the name or signature, and without once looking at the card ourselves.
It's so easy to use this technology, we simply don't think about it. The only ones who really pay attention to our behavior are the data collectors.
My point isn't to tell a somewhat-funny, somewhat-scary story; it's to encourage people to take back control of the technology. That necessarily includes the use of the technology for purposes other than their own. And so an important part of the story is this epilogue:
Both I and the other guy tried to fix the mixed-up expenditures by working with the two credit card companies. This proved almost impossible: we'd have had to cancel payment on all the cross-use purchases, then go back and repair the newly-inflicted damage ourselves. And there was no guarantee that doing this wouldn't cause bad posts to our credit ratings -- the companies were emphatic about this! So in the end, we did the simple thing: we tracked down all the purchases, and simply wrote each other checks to cover the balance.
We were both lucky that we were honest, but that's not the real point. The point is that the machine exists for the ultimate use of someone other than ourselves: we're just the grist the mill grinds. And if we don't watch out for ourselves, there's no one who will.
---
---
Politics is about making compromises. Religion isn't. --Michael Horton
Firstly, your mistake was in using your credit card to buy an add-on for a product you do not own. Microsoft took to tracking those things once UCITA let them, and their self-help systems were typically Microsoftian in their vengeance against software piracy. They shut themselves down until you can satisfy MS that you're no pirate. (There is no due process as this is not government, but business). Once you call the nice antipiracy people and explain, they will undo the shutting-down of your systems. The reason for their doing so was suspected fraud. This reason was openly listed as the latest user-vendor transaction in your account with MS' payment processing people, who share information with many other businesses.
Said other businesses, such as your vendors, enjoy a much more rapid defense against deadbeat clients than they used to. They have an automatic response to the suspicion of fraud or bankruptcy. They are comparatively enlightened, as they are only killing 10 net 30 terms on the warning, and will still sell to you for cash up front. Your cashflow is considered _your_ problem. After only 3 more transactions you can get 10 net 30 financing back again, but for now every vendor you have is reading the same 'suspected fraud' report and being prudent.
Meanwhile, the credit card company has a process going itself. If more than 50% of the businesses you maintain ongoing relationships with downgrade your account level over a period of 48 hours, the credit card company will freeze your card until you call them from your work phone and reassure them that there's a good reason for this downgrading. This is for their protection in the event of a customer running amok and committing massive fraud and disappearing.
Assuming you remember all this from the fine print where it was hidden, your task is clear: leave the car where it's stranded, and walk across town to your store, where you must break in to use the phone to get your credit card turned back on to start dealing with these other issues.
On the bright side, your security system has shut itself off on suspicion you're a software pirate, so when you get to your store, the windows are already broken! Here's hoping the looters didn't take the phone. ;P ;)
I used to work for Experian (not through choice: the startup I worked for got bought, then the buyer got bought by Experian). I was developing database marketing software (yuk).
Experian had records on at least 95% of American households. It's amazing how much imformation they have on people, and where they get the information from. Experian also has amazing power over people's lives. When I came to America, it was companies like Experian that made my life miserable. I couldn't get credit cards (even though I had had them for four years back home), I even had a hard time getting an apartment. They're an international company with 22% of their business in the UK - they wouldn't even pull my credit file from the UK to help me out (even when I worked for them). Just wait until they start integrating their databases from all over the world: they will have the ability to track people better than amny governments.
One of our client's marketing data warehouses (non-US bank) had one table that stored all of their customers transactions for the last 48 months (we tried to avoid that table due to its size!). Plus hundreds of other columns of demographic information. The goal of these huge data warehouses and all their information: to increase the yields on marketing campaigns (ie the response rate to junk mail). eg Let's target all of the people 21-25 who like Pizza Hut within a five mile radius of zip code 80231 who use certain ATM machines who like.... and it goes on.
Everybody in America has a social security number. The way it get's into every aspect of life, it's almost equivalent to every child being tatooed with a bar code and serial number at birth (but of course, that would probably be deemed a violation of basic rights and freedoms - anybody remember that Sepultura song/video, Slave New World??)
How do we maintain our privacy? It's a bitch. Some of it is impossible. But you can help.
/much/ did we value our privacy, we gave varying answers, "a lot!" , etc. (Zero-Knowledge's Ian Goldberg was in the audience, as a side note). He then held up a bouncy-ball with LEDs that flashed when it hit something (THE toy to have from the expo) And asked how many of us had one of these (most of the audience raised their hands). He pointed out that our privacy was worth less to us than these flashing balls, because we'd all of course swiped our ID cards to get 'em.
First, be cognizant of what information is available how. In Texas, anyone with your driver's license number and city can find out if you have warrants out for your arrest, your full legal name including middle initial or name, and your true birthdate. True story--call up the local muni court and go through the phone system.
Anyone with a bit of money can get the full scoop on you via credit reports. Many academic institutions have access to LExis-Nexis, which has a huge wealth of data on tax and property records, all digitized and searchable.
Oh, but it gets more fun. Ever ordered pizza? Hell, what was the first thing you did when you moved into your new apartment? Did they ask you for your phone number? Guess what, that's recorded not only in their database, but a nationwide database used for direct mail marketing and keeping a updated record on where you live (better than your local white pages, I might point out)
So, what do you do?
As much as you can, fight against these. Don't give out information like your SSN (by law, no one can force you to use your SSN as an identifier!!), DL number, birthdate, phone number, etc.
Online, set up social firewalls between the real you and the rest of the world. Use pseudonyms. Use fully developed alternate personae to packet-drop spam (what else is hotmail good for??) Explore sites as one of your throwaway personae, check their privacy policies, check (not that it means anything anymore) on their Truste stamp if they have one. Check with the BBB online. After you're OK with them, then go in and use a real persona.
At RSA, there was a great speech by Stewart Baker, a lawyer at Steptoe & Johnson. He asked the crowd if they valued their privacy, of course, we repsonded, yes!. He asked how
Be aware--that's your best bet. Know what pieces of data are important and key to finding out more, and be miserly with them.
Returned Peace Corps IT Volunteer
The other day I went to the dentist and had to fill out one of those interminable insurance forms. Amongst other things, they wanted to know if I'm single/married/divorced/separated etc. Why the HELL do they need to know that? When are they going to start enquiring about my sexual orientation, as well as my preferred sexual positions?
This is one of my pet peeves, but Americans have no clue about personal privacy. They keep ranting against a national ID card or a national healthcare card because it would violate their privacy. Yet they think nothing of divulging their most private data to someone as inconsequential as their dentist, not to speak of using credit cards and personal checks in a system which openly laughs into their face regarding any sense of financial privacy.
Americans may rant against Europeans in any which way they like--some certainly deservedly--but regarding personal privacy they have nothing on them. While Europe is far from perfect even in the privacy issue (especially the UK), at least they try to maintain a semblance of personal privacy through the laws they pass and the way they approach the issue in general. In Germany for example, which I'm most familiar with, I can sue my dentist for breach of privacy if I feel that he is keeping data about me which he isn't entitled to. With the new digital healthcare cards I understand that I can limit the extent to which I divulge medical information even to my doctor.
Compare that to the Tennessee Department of Transportation which has included an onscure little checkbox on the driver's license renewal form, which instructs the department NOT to sell your personal information--INCLUDING YOUR MUGSHOT--to third parties. In other words, if you miss that little checkbox, which most people do, you are "authorizing" the TDOT to sell your info. If that doesn't raise your holy indignation, nothing will.
My point in all this is that we don't have to be pragmatic about privacy. There ARE things we can do to maintain and improve personal privacy, even--or rather especially--in a digital world. We have technologies that can accomplish the most amazing things: route a packet through a maze of computers from one end of the globe to another; transmit information reliably and accurately through light hours of space; write our names on the head of a pin with individual atoms; encrypt data in such a way that it would take eons to decrypt it. Yet we profess that there's nothing that can be done about the loss of privacy. It's a matter of will, not technology. We have to take the fate of our privacy out of the hands of corporations that profit from a lack of privacy, and put it into more reliable ones. Most importantly, we have to stop pretending that there's nothing we can do about it--there is, we just have to do it.
Uwe Wolfgang Radu
That is the only thing to be done.
Frederic Douglass used "Agitate! Agitate! Agitate!" as the call to eventual freedom of the Black American.
Active resistance would have met with active retribution - and now would result in credit sanctions, bad histories, and denied loans.
Passive resistance would have led to further exploitation, and will do so in this case. Passively waiting for corporations and the government to spontaneously grow a conscience isn't going to work, as long as data-mining is profitable. Remember, in the end, the accountants make the policies.
Agitation, the non-violent and justifiable causing of frustration in the system that oppresses is the solution to the problem.
What needs to be done is, as Garfinkel (or maybe the reviewer) suggests, intentional pollution of the gathered data. Once the gathering of unreliable data becomes more costly than profitable, it will stop. If it costs more to filter and refilter dirty data than to simply ask for voluntary opt-in, then the data farmers will do the 'economical' thing.
Yes, it's going to be hard at first. Prices will rise (as they surely must anyway) and part of that increase will be due to the increased cost of fishing for good data, in a pool with an increasingly poor signal to noise ratio. We'll all get a lot more junk mail. Some of us will get very well paying jobs designing smart systems to side-step the subversion.
But eventually, through misinformation of the machine, they will just stop bothering us. It might even happen in this lifetime.
Whenever I fill out a 'registration' form (rare, and only for warranty reasons), I always jot down a household income that is hugely greater than the actual. I've gotten pre-approved credit cards for really large amounts. On some registration cards, I'm single, on others I'm married. There's about a three week delay between my infusing tracer data into 'their' system, and some peice of junk mail targeted as a response. When I last changed back to single status, a few weeks later I got mail for a local divorcee/widower support group. Hmmm.
A friend of mine, in high-school, used to order free smaples of stuff, using false names. He's gotten all sorts of interesting mailings to these names, slanted to reflect the information he provided. One alias, Santo Runningbear, got him a pre-approved Native American Scholarship. He's Irish.
The point is, a company won't change it's tactics as long as they are profitable. It's in our best interest to make farming of our identities and habits expensive.
-- What you do today will cost you a day of your life.
As much as it jarrs me to say it, you all asked for it folks.
/. was a sort of refuge from that mentality. Just the other day Clinton's "Internet Security" team was expounding complete traceability on the net. But if slashdotters, who every day are bombarded with privacy propaganda from CmdrTaco & Co, if we still fail to cherish our anonymity and reject the thin blanket of "privacy", then there isn't much hope left.
Of late i've posted less and less to slashdot because I've become disenchanted with the quality of person I meet here. People who, as a result of their mild annoyance at F1R$7 P0$7ers and other trolls, endorse eliminating Anonymous Cowards. People who make ponderous distinctions between "privacy" and "anonymity", stating that while they cherish the first the second should be put down like a rabid dog.
Folks, privacy without anonymity cannot exist without a strongly legal barrier and vigilant law enforcement. But, as any sensible citizen shoudl have puzzled out by now, the people who influence or even fabricate those laws and the people who want to abuse your private profiles are generally about two shakes of a fleas leg apart from one another. Anonymity is crucial, because only you yourself can truly be trusted to protect your private information to a degree commensurate with its worth to you. Without anonymity, and only with legally enforced "privacy", the laxity of others in guarding their personal information can also affect the security of my own information. That is clearly a losing scenario for those who care whether their every quirk is ground down mathematically in a relational grid.
Of course sentiments like that aren't confined to slashdot, in fact I once had thought
So don't come bitching about losses of privacy. When you turned your backs on anonymity, you asked for it.
-konstant
Yes! We are all individuals! I'm not!
-konstant
Yes! We are all individuals! I'm not!
Everyone is entitled to monitor any record about themselves
Then continue with principles like:
Every person or company who uses database records to contact you or in any other way influence your life is required to disclose (at their expence) the source of their information.
And
Every company or person that is providing data about a third paty on a comersial basis is responsible for the accuracy of that data
All opinions are my own - until criticized