Slashdot Mirror

← Back to Stories (view on slashdot.org)

U.S. Lags Behind Europe In Online Privacy

Posted by ryuzaki0 on from the shut-up-and-buy dept.

blaine writes: "There is an interesting article at CNN regarding the differing policies towards privacy that the United States and most of Europe have. It details some of the disputes between the United States and Europe with respects to the United States not being as strict in enforcing online privacy."

4 of 165 comments (clear)

  1. It's not a problem for we who know better...yet... by Sir_Winston · · Score: 4

    Seriously, for all the (understandable) bluster about privacy, we have not yet gotten to the point that online privacy isn't easy to have. Just like I don't want anyone to hack or flood my box, therefore I run a firewall (Black Ice), I don't want applications uploading info about me so I run an "internal firewall" called Zone Alarm which allows me to forbid any but permitted apps from sending packets. I don't want advertisers to track me with cookies, so I set cookie permissions through Junkbuster Proxy and have the added benefit of blocking ads altogether, plus quashing the "refer" and "user-agent" headers. I protect my "real" e-mail from spammers by having throw-away addresses for USENET and other public posts. If any website I visit demands a home address, and actually checks the validity of the address I enter, I pick a random name and address from an online directory (underhanded but it works)--otherwise I just write "fuck you" on every line of the form.

    At first look that seems like it might be a lot of work, but it isn't. All of those applications are set up with a few clicks (even Junkbuster, text-based, has pre-made blockfiles available), and no detailed info is necessary--there is zero learning curve for the average Windows user. The trick is convincing the average windows user to install a few privacy-safeguarding firewall apps, to not accept or delete cookies from all but sites they want to give info to, and to submit false information to anyone who wants their address online. If people could be convinced to take similar safeguarding actions, then companies would cease to bother gathering such data in the first place. As I said, the trick is educating the public--the actual safeguarding of online privacy is quite easy, even for an average Win user.

    The threat comes when even such simple safeguards as installing some software and not giving a real address can no longer work. Right now it takes minimal efforts to protect privacy, but it's foreseeable that companies will create ways of locking us in. If there's ever infrastructure to connect data about the ISP used by a particular address, for example, to visitors' IPs, it would make it more difficult to simply give false information to websites which demand addresses. Likewise, if every site demanded cookies and malfunctioned without them, it would be a bit more difficult to keep private although you could still keep cookies persisten on a per-session basis.

    People are so pissed off about online companies trading information about consumers. But the real answer is educating consumers not to give up personal information in the first place, because then there's nothing for companies to trade. Doubleclick knows nothing about my online habits and never will.

    The real threat is offline privacy, not online. Credit companies are evil, with intimate details of your buying habits available to them through non-Internet sources. Few people understand that when they sign up for a "club card" at a grocery store, every item they buy with it is recorded for posterity, from food to drugs to hygeine products. Few people realize that if they ever fail to pay a bill on time, even a magazine subscription or something else small it can linger in the files of credit bureaus for all time and fuck with their credit ten years down the line. Few people realize that their banks are required to report all sorts of sensitive financial data to the government thanks to laws purportedly designed to make it easier to force payments from deadbeat dads, but which apply to everyone with a bank account. Few people realize that the FBI knows exactly how many guns you own and what type (unless you bought them in a private sale), not for the public's protection but so that whenever the type of gun you own is outlawed they can knock on your door to collect it.

    In short, worry more about privacy off-line than on-line. There are steps you can take online, but off-line you're fucked.

    --


    "The more corrupt the state, the more numerous the laws."--Tacitus, *The Annals*
  2. because the US is a single goverment....... by efuseekay · · Score: 4

    while EU is multiple governments.

    The problem with the US is that privacy laws are often dictated by big mega corporations (via their lobbies to your local congresspeople). Of course, the more the megacorps have info over your lives, the better!

    In EU, it's harder for megacorps to exert such control because they have multiple govs to "lobby" (if even possible). So the privacy laws (or any laws) are often formed by consensus between govs, which is usually more pro-consumer (democratic govs have little to gain from knowing what the public fav. channels are...) than pro-business.

    --
    Mode (3) smart-aleck mode. Press * to return to main menu.
  3. Online Sucks. The Real World Is Worse. by Seumas · · Score: 5
    I'm going to plug the book Database Nation again, because it is something I just picked up and have not been able to put down. It's fascinating how many ways we're being taped, catalogued, archived, indexed, cross-referenced...

    It isn't just online, either. Let me review the most recent events that have really irritated me in this regard:

    PG&E
    I've recently moved and PG&E wanted my social security number, to turn on the electricity. I debated it and they very nearly refused to work with me, only giving in at the very end when I threatened to contact the utilities commission.

    PacBell
    Pacific Bell required my social security number to initiate phone service. I refused and, only after speaking with a manager, was allowed to decline. In addition, they required a fee for not publishing my name in the phonebook. And, to add further insult, asked if I would be willing to sign up for junkmail from them and their co-operative companies which "might be of interest". In other words, they want to sell my name and address and phone number to every dick trying to make a quick buck.

    California DMV
    The DMV was the worst experience. I wasn't even getting a license, but only a State ID. First, they required my social security number. It was my understanding that this could not be required of me. In fact, there are only very few agencies (all of them government agencies, other than your employer) who can require this. In fact, most government agencies are supposedly not allowed to require or request this information of you.

    Not only did the DMV require it (the manager and supervisors told me I could leave if I refused to provide it and said that there was absolutely no possibility of ever getting an ID or license without this information -- which I'm not sure serves any honorable purpose other than just gathering data).

    Second, they required that I sign my name with a stylus on a digital pad. I usually sign my name with a flared hash mark across the entire last name. The person manning this stylus told me the computer would not accept such overlapping signatures and that it would not be valid; do it again.

    "Not valid?!" I asked, shocked, "How can it not be valid? That's how I sign my name!"

    "Well, it won't accept it. Sorry," was the reply.

    "Then the signature on my StateID will be invalid, because it isn't the signature I use everywhere else. Doesn't that invalidate the whole thing?"

    Besides, since most people verify your signature by comparing it to the one on your ID card or license, this means that your real signature is no longer valid, thanks to the DMV!

    Further, the digitized signature that was sent on my ID card six weeks later (another gripe, considering in Oregon, I can go in and have my card or license in my hand when I walk out fifteene minutes later), was nothing like my real signature, even without consideration of the flared hash that it should have had across it. It looked like some etch-a-sketch hack by a two year-old Pablo Picasso.

    The final straw was just before I went to have my picture taken at the other end of the DMV office. They thumb-printed me. With a little digital scanner. I couldn't believe this was legal! What happens next year, they require a pinky print? Then an index finger? How in the hell is it that the police department isn't allowed to just require everyone in the world to provide prints, but the DMV can? And to say "well, don't get a license or an ID card" is rediculous. You can't cash a check, work anyone, or rent a video without ID.

    And, last of all -- after providing a print, the guy behind the counter took a small one inch square cotton-like swab, wrapped cleaned off the scanner, and took the swab into the back of the office with my paper work.

    Okay, I'm not a conspiracy theorist and I'm not the avid ArtBell listener or anything, but this struck me as at least a bit odd. In one visit, you are basically giving them your address, work information, birth certificate, social security number, mother's maiden name, photograph, signature (that invalidates your real one?!), a thumb-print and DNA?

    I'm probably crazy. My mind must have been overly imaginative that day. I mean, would my own government be hording all this information, including prints and DNA off in a massive archive somewhere? Surely, not.... *cough*
    ---
    icq:2057699
    seumas.com

  4. Encrypt casually and frequently by goingware · · Score: 4
    Please read my page Why You Should Use Encryption. This explains why ordinary people, even your mother and your kids, ought to be using secure encryption.

    Also read my note Secure Email Download with SSH on the Be Tip Server. While the tip is BeOS specific, the basic ideas work fine on other operating systems.

    Of course, to download your mail via SSH, you'll need a hosting service that provides it at their end, which is why I recommend Seagull Networks. Note that if you upload content to your website with FTP, you're exposing your password to network sniffers. Seagull Networks allows you to use secure copy (scp) for this so your password remains secure.

    Finally, I use the Linux Encrypting Kernel under Linux and PGPDisk under Windows to keep important personal info like my Quicken checkbook, and confidential business information like the source code I'm writing for my clients encrypted on my laptop so the theives won't have them if my computer is stolen.

    With either one you can create a big file that when mounted with a passphrase is accessible like any ordinary filesystem. I have even found that I can run MPEG movies off a PGPDisks with no loss in playback quality on my laptop which has a 450 MHz Pentium III.

    Finally read the Forum on Risks to the Public in Computers and Related Systems for significant discussions on privacy issues. It is available as comp.risks on the Usenet News and on the web at http://catless.ncl.ac.uk/Risks/.

    Do you think Microsoft takes care to protect your privacy when designing its products? Guess again.

    The scary MSWord residue feature

    I recently received a legal document as part of a personal negotiation that I am doing. The document was e-mailed to me in MSWord format. As I was showing it to my lawyer (who happens to be my wife), we decided to put our thoughts inline using the track changes feature of word. After selecting Tools, and Track Changes, we clicked on "Highlight changes in document" and voila, suddenly a whole bunch of red appeared on the screen. We looked at it closely and realized that everything in red represented changes in the document that my counterpart's lawyer had written. We got a good look at the previous version of the contract, as well as a bunch of comments and justifications that the lawyer wrote to his client. It was an eye opening experience.

    It appears that instead of selecting "Accept all changes" before sending it to me, the other party to the contract simply turned off the highlighting to the track changes feature.

    This is obviously a case of an unsophisticated person misusing a feature. However, it is very dangerous. Lawyers send word documents around all the time, and many of them do not really understand all the features that they use, nor should they have to. I imagine that I was not the first person to see some behind the scenes conversation in an important word document, that I was never intended to see.

    --
    -- Could you use my software consulting serv