Slashdot Mirror
U.S. Lags Behind Europe In Online Privacy
blaine writes: "There is an interesting article at CNN regarding the differing policies towards privacy that the United States and most of Europe have. It details some of the disputes between the United States and Europe with respects to the United States not being as strict in enforcing online privacy."
Just to pick up a few points, working from the UK implementation of the EU directive, the Data Protection Act 1998:
Essentially, the standards may be set higher over this side of the Atlantic, but the actual performance means that the practical difference for the time being is nil.
Anyone in the UK with an expertise in basic computer security has a prime opportunity to make some money selling advice to just about every commercial concern on mainland Britain. And, no doubt, the same goes for the rest of the EU.
AndrewD
Slight disclaimer: don't rely on the above as legal advice for your particular circumstances. I'm only qualified to advise in the UK on English law, and what appears here is only a broad outline statement of that law. In short, relying on comment postings on /. to take business decisions that might cost you money is your own affair and don't come crying to me if it all goes horribly wrong.
-- AndrewD
A Maze of Twisty Little Laws, All Different.
"I'll gladly give up my online privacy on Tuesday for a bitchin' credit card offer today."
"Oh Popeye! Save me! I keep getting spammed by United States pyramid marketing schemes!"
"Don't worry, Olive, I'll moves ya' to Europe where online privacy is more valued."
"I'm strong to's do Finnish, because they eat's their private spinach, 'cause I'm Popeye the sailor man."
They can't all be winners, folks.
-BGS006
LostBrain
Wait a second, this isn't Ain't-It-Cool-News
"US lags behind Europe in privacy"
"Corrupt politician found to be taking bribes"
"Insurrection fails, Castro still in power"
Or from the Onion: "Model decides to give acting 'a shot'".
(Though I have to admit to enjoying much of the stuff people post on these stories...)
Pax -- Ob
After all, *my brain* contains detailed personal information on people who have not explicitly given my permission to carry that information into another country.
Seriously, what is the difference between transporting information across borders on a palm pilot and transporting it inside someone's head, apart from the fact that people have much more memory than palm pilots?
Tarsnap: Online backups for the truly paranoid
It's not about the internet. It's about commerce and privacy.
Europe has laws that prevent your personal information (ie: what you bought with your visa and when, etc) from becoming a comoddity unto itself, bought and sold by companies.
In other words, Visa is allowed to know this, but only so they can bill you. They can't sell it. Same for any other vendor.
This is important in online transactions moreso than with meatspace transactions because, in meatspace, in a great many cases, nobody needs to know your name or where you live to sell you something, wheras with online purchases, they indeed to in order to collect payment and/or deliver goods.
At least to the casual user. How do you equip a part time internet user with the tools to protect themselves? You can't make people download and configure Junkbuster, PGP, high encryption patches for Windows and Netscape, etc... They don't have the time or the knowledge that these tools are even there. And even if they did, I'm sure most people don't appreciate just how much monitoring of our online use there is, and so see the need for them.
/. thought this story wasn't important enough to the online community to run, please let me know.
The UK is requiring every ISP allow the security agencies to monitor what websites are being viewed by everybody. International tools like Eshilon (sp?) monitoring our emails and who knows what other online chats...
My beloved Australian government just passed an ammendment bill that allows one of our security organisations (ASIO) to hack into our computers, copy, modify, delete any data they think is relivant to national security. I can only hope that the computers have to be in Australia. They're also allowed to disable any encryption or logon device that prevents further monitoring as well. And btw, if somebody could explain why
It's my opinion that the governments of the world will legistate the internet into becoming just another form of media. This is inevitable I think. The net isn't the last frontier anymore - it's been beaten down so that the powers that be can control it.
Which is sad, but had to happen. They monitor us by our use of credit cards and other financial records, and the internet will be made to work for them in the same manner.
Alas gallinaceas de urbe bovis volo
Personally, I could care less if someone knows my name, mailing address, email address, ICQ number, website, what I ate for lunch, who I'm fucking... In fact, if I choose to reveal those things, so be it. But those are concsious choices. Many people also believe in the right to carry a firearm, yet own none. Many people believe in the right to practice your prefered religion, yet have no religion of their own. Many people also have the means to remain in complete anonymity, yet choose not to.
Choice and autonomy is the fundamental element in freedom, privacy, anonymity and every other concern over a basic human right.
---
icq:2057699
seumas.com
He did spell it correctly, at least as far as non-US usage goes.
All spelling flames must include a blatant spelling error.
All grammar flames must include flagrantly bad grammar. Furthermore, at least half of all grammar flames have to spell it 'grammer.'
I'm really sick of all the US {hype, vaporware} about "land of the free and home of the brave", "of/by/for the people", etc, when it actually ranks behind so many other nations in so many important ways, and our elected officials are always doing their darndest to set us further behind.
Whatever happened to the spirit behind the Bill of Rights?
--
Sheesh, evil *and* a jerk. -- Jade
Seriously, for all the (understandable) bluster about privacy, we have not yet gotten to the point that online privacy isn't easy to have. Just like I don't want anyone to hack or flood my box, therefore I run a firewall (Black Ice), I don't want applications uploading info about me so I run an "internal firewall" called Zone Alarm which allows me to forbid any but permitted apps from sending packets. I don't want advertisers to track me with cookies, so I set cookie permissions through Junkbuster Proxy and have the added benefit of blocking ads altogether, plus quashing the "refer" and "user-agent" headers. I protect my "real" e-mail from spammers by having throw-away addresses for USENET and other public posts. If any website I visit demands a home address, and actually checks the validity of the address I enter, I pick a random name and address from an online directory (underhanded but it works)--otherwise I just write "fuck you" on every line of the form.
At first look that seems like it might be a lot of work, but it isn't. All of those applications are set up with a few clicks (even Junkbuster, text-based, has pre-made blockfiles available), and no detailed info is necessary--there is zero learning curve for the average Windows user. The trick is convincing the average windows user to install a few privacy-safeguarding firewall apps, to not accept or delete cookies from all but sites they want to give info to, and to submit false information to anyone who wants their address online. If people could be convinced to take similar safeguarding actions, then companies would cease to bother gathering such data in the first place. As I said, the trick is educating the public--the actual safeguarding of online privacy is quite easy, even for an average Win user.
The threat comes when even such simple safeguards as installing some software and not giving a real address can no longer work. Right now it takes minimal efforts to protect privacy, but it's foreseeable that companies will create ways of locking us in. If there's ever infrastructure to connect data about the ISP used by a particular address, for example, to visitors' IPs, it would make it more difficult to simply give false information to websites which demand addresses. Likewise, if every site demanded cookies and malfunctioned without them, it would be a bit more difficult to keep private although you could still keep cookies persisten on a per-session basis.
People are so pissed off about online companies trading information about consumers. But the real answer is educating consumers not to give up personal information in the first place, because then there's nothing for companies to trade. Doubleclick knows nothing about my online habits and never will.
The real threat is offline privacy, not online. Credit companies are evil, with intimate details of your buying habits available to them through non-Internet sources. Few people understand that when they sign up for a "club card" at a grocery store, every item they buy with it is recorded for posterity, from food to drugs to hygeine products. Few people realize that if they ever fail to pay a bill on time, even a magazine subscription or something else small it can linger in the files of credit bureaus for all time and fuck with their credit ten years down the line. Few people realize that their banks are required to report all sorts of sensitive financial data to the government thanks to laws purportedly designed to make it easier to force payments from deadbeat dads, but which apply to everyone with a bank account. Few people realize that the FBI knows exactly how many guns you own and what type (unless you bought them in a private sale), not for the public's protection but so that whenever the type of gun you own is outlawed they can knock on your door to collect it.
In short, worry more about privacy off-line than on-line. There are steps you can take online, but off-line you're fucked.
"The more corrupt the state, the more numerous the laws."--Tacitus, *The Annals*
while EU is multiple governments.
The problem with the US is that privacy laws are often dictated by big mega corporations (via their lobbies to your local congresspeople). Of course, the more the megacorps have info over your lives, the better!
In EU, it's harder for megacorps to exert such control because they have multiple govs to "lobby" (if even possible). So the privacy laws (or any laws) are often formed by consensus between govs, which is usually more pro-consumer (democratic govs have little to gain from knowing what the public fav. channels are...) than pro-business.
Mode (3) smart-aleck mode. Press * to return to main menu.
It isn't just online, either. Let me review the most recent events that have really irritated me in this regard:
PG&E
I've recently moved and PG&E wanted my social security number, to turn on the electricity. I debated it and they very nearly refused to work with me, only giving in at the very end when I threatened to contact the utilities commission.
PacBell
Pacific Bell required my social security number to initiate phone service. I refused and, only after speaking with a manager, was allowed to decline. In addition, they required a fee for not publishing my name in the phonebook. And, to add further insult, asked if I would be willing to sign up for junkmail from them and their co-operative companies which "might be of interest". In other words, they want to sell my name and address and phone number to every dick trying to make a quick buck.
California DMV
The DMV was the worst experience. I wasn't even getting a license, but only a State ID. First, they required my social security number. It was my understanding that this could not be required of me. In fact, there are only very few agencies (all of them government agencies, other than your employer) who can require this. In fact, most government agencies are supposedly not allowed to require or request this information of you.
Not only did the DMV require it (the manager and supervisors told me I could leave if I refused to provide it and said that there was absolutely no possibility of ever getting an ID or license without this information -- which I'm not sure serves any honorable purpose other than just gathering data).
Second, they required that I sign my name with a stylus on a digital pad. I usually sign my name with a flared hash mark across the entire last name. The person manning this stylus told me the computer would not accept such overlapping signatures and that it would not be valid; do it again.
"Not valid?!" I asked, shocked, "How can it not be valid? That's how I sign my name!"
"Well, it won't accept it. Sorry," was the reply.
"Then the signature on my StateID will be invalid, because it isn't the signature I use everywhere else. Doesn't that invalidate the whole thing?"
Besides, since most people verify your signature by comparing it to the one on your ID card or license, this means that your real signature is no longer valid, thanks to the DMV!
Further, the digitized signature that was sent on my ID card six weeks later (another gripe, considering in Oregon, I can go in and have my card or license in my hand when I walk out fifteene minutes later), was nothing like my real signature, even without consideration of the flared hash that it should have had across it. It looked like some etch-a-sketch hack by a two year-old Pablo Picasso.
The final straw was just before I went to have my picture taken at the other end of the DMV office. They thumb-printed me. With a little digital scanner. I couldn't believe this was legal! What happens next year, they require a pinky print? Then an index finger? How in the hell is it that the police department isn't allowed to just require everyone in the world to provide prints, but the DMV can? And to say "well, don't get a license or an ID card" is rediculous. You can't cash a check, work anyone, or rent a video without ID.
And, last of all -- after providing a print, the guy behind the counter took a small one inch square cotton-like swab, wrapped cleaned off the scanner, and took the swab into the back of the office with my paper work.
Okay, I'm not a conspiracy theorist and I'm not the avid ArtBell listener or anything, but this struck me as at least a bit odd. In one visit, you are basically giving them your address, work information, birth certificate, social security number, mother's maiden name, photograph, signature (that invalidates your real one?!), a thumb-print and DNA?
I'm probably crazy. My mind must have been overly imaginative that day. I mean, would my own government be hording all this information, including prints and DNA off in a massive archive somewhere? Surely, not.... *cough*
---
icq:2057699
seumas.com
Also read my note Secure Email Download with SSH on the Be Tip Server. While the tip is BeOS specific, the basic ideas work fine on other operating systems.
Of course, to download your mail via SSH, you'll need a hosting service that provides it at their end, which is why I recommend Seagull Networks. Note that if you upload content to your website with FTP, you're exposing your password to network sniffers. Seagull Networks allows you to use secure copy (scp) for this so your password remains secure.
Finally, I use the Linux Encrypting Kernel under Linux and PGPDisk under Windows to keep important personal info like my Quicken checkbook, and confidential business information like the source code I'm writing for my clients encrypted on my laptop so the theives won't have them if my computer is stolen.
With either one you can create a big file that when mounted with a passphrase is accessible like any ordinary filesystem. I have even found that I can run MPEG movies off a PGPDisks with no loss in playback quality on my laptop which has a 450 MHz Pentium III.
Finally read the Forum on Risks to the Public in Computers and Related Systems for significant discussions on privacy issues. It is available as comp.risks on the Usenet News and on the web at http://catless.ncl.ac.uk/Risks/.
Do you think Microsoft takes care to protect your privacy when designing its products? Guess again.
-- Could you use my software consulting serv