Privacy, Part Two: Unwanted Gaze

Can pseudonymous downloading, "snoop-proof" e-mail, digital pseuds called "nyms," PDA-like machines, allegedly untraceable digi-cash and other changes in software and the architecture of cyberspace, restore some privacy and restore the idea of the "Inviolate Personality?" Part Two in a series based on Jeffrey Rosen's new book, "The Unwanted Gaze: The Destruction of Privacy in America." (Part Two; Part One here.)

In The Unwanted Gaze: The Destruction of Privacy In America, law professor and columnist Jeffrey Rosen first blames expanding sexual harassment and gender discrimination law for wanton destruction of individual privacy. Cyberspace is second on his list.

A growing number of lawyers and scholars, including Rosen, say they now believe that fundamental changes in Net architecture are necessary to protect constitutional values and restore the notion of the "inviolate personality" to the private lives of Americans. These would include copyright management systems to protect the right to read anonymously, permitting individuals to pay with untraceable digital cash; prohibiting the collection and disclosure of identifying information without the reader's knowledge, or using digital certificates to create psudonymous downloading.

To Rosen, author of Gaze, cyberspace is posing a greater menace to privacy by the day. He details the l998 forced resignation of Harvard Divinity School dean Ronald F. Thiemann, who downloaded pornography onto his university-owned home computer. A Harvard technician installing a computer with more memory at the dean's residence was transferring files from the old computer to the new one and noticed thousands of pornographic pictures. Although none of the pictures appeared to involve minors, the technician told his supervisor. University administrators asked the dean to step down.

Harvard justified its decision by claiming that Divinity School rules prohibited personal use of university computers in any way that clashed with its educational mission. But the dean was using his computer at home, not work. And no student or colleague suggested he had improperly behaved in any way as head of the Divinity School. His work was never questioned. It's ludicrous to suggest that the school would have fired him if he'd been downloading sports scores or bidding for furniture on eBay. But although he'd committed no crime and performed well in his job, he was forced out in disgrace, while his intimate communications were discussed in public. Even in a supposedly freedom-loving and prestigious university, what Justice Louis Brandeis dubbed the right of every citizen to an "inviolate personality" -- the part of our private thoughts, communications and explorations once thought beyond the reach of exposure and dissemination -- that is private could be invaded and voided.

The Harvard case also underscores the blurring of boundaries between home and work caused by technology. Millions of employees and workers criss-cross between their employer's equipment and their own for work and personal communications.

The one serious omission in The Unwanted Gaze, perhaps because Rosen is a member of the Washington journalistic elite, is his unaccountable failure to consider the media's role in growing assaults on the idea of privacy. Journalism has become a prime instigator of the destruction of privacy.

Until recently, politicians were permitted the right private lives, along with other citizens, as long as their private behavior didn't compromise their work. But journalism has been breaching that tradition for years, considering even the most private details of public people, now considering even themost private d etails of public officials' lives to be its business, justifying intrusions like the Lewinsky story in the name of investigating character and protecting the public. The contemporary press, which should be defending the right of individual's to historic privacy protections, is demolishing the idea of the inviolate personality, particularly for public figures. This has driven countless people from public service and discouraged many more from entering.

Because the Net is the planet's largest and fastest Xerox machine, as well as the world's greatest new marketing opportunity, it constitutes a particular menace to privacy and is escalating its erosion. Personal information can be - is -- gathered and transmitted more rapidly and comprehensively than has ever been possible.

Corporations busy stealing their customer's private information are now eager to appear concerned about it. In June, more than 30 major technology companies -- AT&T, American Online, Microsoft, Hewlitt-Packard among them -- went to the White House to announce a Net protocol designed to serve as an automatic privacy-protection agent -- the so-called P3P-compliance. But a number of privacy addvocay organizations, including the Electronic Privacy Information Center, Computer Professionals for Social Responsibility and Junkbusters derided P3P's claim to being any kind of real privacy-protection.

Many of these critics referred to what's known as the "VCR syndrome," which holds that in a country where most people can't figure out how to program their VCR's, overly technical solutions to privacy concerns are doomed. Despite the White House-generated hype, this leaves the idea of privacy in trouble.

The idea of the "inviolate personality" is one of the greatest and newest freedoms in history. In our time it's not only being nibbled to death but obliterated, and almost all of us are willing, even enthusiastic participants.

Rosen believes that changes in Net architecture and new encryption technologies ("snoop-proof" e-mail) could in a few years restore Justice Brandeis' ideal: the right of every individual to determine "to what extent his thoughts, sentiments, and emotions shall be communicated by others." Others agree. A professor in the United Kingdom sent me this e-mail in response to Part One of this series: "... one of my students has just completed a thesis that describes a system that allows you to send messages across the system that are guaranteed anonymous. The system assumes the use of PDA like machines but can definitely be made to work. Privacy of content can of course be obtained by encrypting the messages. (Up to a point etc ...) My student's system is a simple analogue of the public phone system. So it can work since the phone system allows anonymity."

Despite the clear and logical reasoning of his book, Rosen isn't persuasive on the idea that new software will protect our thoughts and secrets. The threshold of privacy referred to by Brandeis and outlined by the Constitution's framers has been nearly wiped out by the media, by gender-discrimination and harassment rulings, and by rabidly invasive and corporately-funded information-gathering software.

Rosen makes a great case that the idea of the inviolate personality has nearly been killed off. He fares a bit more poorly with the idea that it will magically be restored in a matter of a few years with digital cash and a handful of encryption programs.

"Already," writes Rosen, "user-friendly Web sites are spring up that give you the benefits of encryption without the hassles of having to understand the difference between public and private keys. A site like ZipLip.com, for example, allows you to send encrypted e-mails for free without leaving any records that can be subpoenaed or searched."

Rosen writes about the technology of anonymity and pseudonymity being developed bycompanies such as Zero-Knowledge.com, which is based in Montreal. For a modest fee, says Rosen, you can buy a software package called Freedom, which allows you to create five digital pseudonyms, or "nyms," that you can assign to different activities, from discussing politics to surfing the Web.

Should free citizens in a democratic society have to spend money for "nyms" to preserve the privacy they ought to be -- and once were -- accorded in law? How many millions of computer users will even know of this new technology, or have the money to use it?

Rosen's implication is that even if software caused the problem, then software will clean up. His assurances seem a bit "gee-whiz." But to ignore them cynically on that basis, or to trust them completely, ignores the history of technology. What people can create, others can and will undo. Technology that can be used will be used. In an otherwise powerful book, he also glosses over powerful incentives for eliminating privacy in cyberspace. First, the megacorporations dominating media, business and government will continue to aggressively explore ways of tracking potential customers as Net use grows. Secondly, law enforcement agencies like the FBI have been fighting for decades for the right to deploy tracking programs like "Carnivore" (see part one) and are hardly likely to back off. And finally, powerful institutions -- the entertainment and movie industry, professions like law and medicine, and entities like the U.S. Congress itself -- will inevitably seek to regain the primacy they had -- until the rise of the Net -- over copyright and culture, as well as the setting of social and political agendas. It seems naive to think that "user-friendly" Web sites are going to save the inviolate personality people once had, and are entitled to have again.

This is not a flame.

I don't mean to alarm you, but your website hasn't been updated since June 10. So, until you publish somethiing new, please remove the URL from your sig - it's embarassing.

At least link to the /. threads that are relevant. If you feel strongly enough about an issue to post a comment, you should reference it on your site.

There are privacy issue brought up on /. every day. Your stale material doesn't convey the immediacy of the problem.

Thank you.

Wanking - the Chineese home of the GPL

Since you so desperately need it, Mr "Bash RMS because it's cool to"

Since 1984, RMS has been working on writing software for, and promoting the GNU project. A project to provide software which is not only royalty free (free like beer), but that allows the user to modify, pass on and generally screw up said software (free like speech).

The GNU project has always had the aim of replacing UNIX with a workalike system (it could be argued that this is the aim of emacs alone). By the early 1990s GNU was providing a complete set of development and user tools to run on top of many commercial operating system. The only part missing was the kernel.

GNU have been working on their own UNIX like kernel. Built on top of the Mach Microkernel, HURD aims to compete with the most advanced and modern operating system kernels to date. However, development (which of course had to be done using entirely GNU tools) has been slow and even now HURD is not ready for any sort of production system.

In the early 1990s Linus Torvalds, appeared from nowhere with a working rewrite of the Minix kernel written under the GPL, Linux. The Linux kernel is heavily based on tried and tested designs, old technology. However, it works, is fast and incredibly reliable. This was the spark on the arms dump that was GNU. Suddenly there was available a completely free operating system with all source code and a range of user and development tools.

In media terms it appeared overnight. One minute there is a bunch of obscure hackers writing compilers for UNIX, an OS that had not even been heard of by most computer users. The next, there are a few distributions of "Linux", providing the kernel alongside sets of GNU tools.

Linux took off, picked up by many students wanting to get their hands dirty with something that they could work on and learn about it was propelled into teaching institutions, ISPs and the hands of even more hackers. By 1998, Linux was being touted as "the last best hope" against Microsoft just as the Apple Macintosh had been before they went into their long dark period of flaming Powerbooks and buggy Finders.

Linus Torvalds will not be remembered in history as an innovator, he will be remembered as in implementor. As his discussions on Minix with Andy Tanenbaum show, Linus wasn't concerned with new technology, taking advantage of powerful hardware or dealing with the problems of tomorrow. He seized the opportunity to apply textbook principles and build an OS kernel using 60s concepts. Linus should not be hailed as a great hero, who boldy coded where no man had done before. The reason that Linux is now

Next came the ugly bits. Industry wasn't interested in an operating system written by "hackers" thrown together from whatever was available. They refused to provide device drivers for Linux, mainly because they were concerned that they might give away trade secrets by providing free source code under the GPL. Throughout the 2.0, 2.1 and 2.2 kernels, Linux changed constantly. Providing binary only drivers for it became impossible (was this on purpose). Companies had no choice but to provide code t

Source code was released under a variety of licenses. There was GPL code, BSD code, XFree86 code, Apache code, Artisticly licensed code and all sort of other weird things. The only common factor was that each provided source code and allowed users to at least distribute untampered versions of source code and binaries.

So, in an effort to tidy up the situation, the "Open Source Movement" began. Fronted by ESR and Bruce Perens it brought together all code fitting a common denominator of source code availability and freedom of copying under the banner, "Open Source". Initially, opensource.org claimed to, and did, act as a marketing campaign for the GNU project. It generated amazing amounts of publicity.

However, when opensource.org started to class software such as QT under the same banner as GCC and other GNU software, RMS took issue. He denounced open source as not being purely free software and distanced himself from the movement.

Open source is the power hungry brat child of GNU. Concerned with short term publicity and gain, they abandoned the principles that have given GNU such a strong foundation. After RMS split from opensource, there were various other internal squabblings, most visibly over the use of the trademark "Open Source". Next came the talks at Microsoft from ESR and the killing he made by being on the board of VA Linux. In the space of a few months he managed to suddenly move from the editor of the Hacker's

In a sense, ESR not only distanced himself from the hacker ideal. But showed software developers and marketeerers just what potential for cash-in existed in open source software. Since then, it seems, open source has been the latest and greatest buzzword. Everyone (even Microsoft) has either released open source software or talked about it. Suddenly, there is a vast amount of code available to normal users.

RMS argues that it is wrong to call the "Linux distributions" "Linux". Instead he favours GNU/Linux, to show that the system is comprised of both GNU tools and the Linux kernel. This will probably never happen as the term "Linux" is so well established in the media now (when HURD comes along, things may be very different though). A much better name for most of today's Linux distributions would be opensource/Linux. For example, Mandrake comprises binary only versions of software such as netscape w

Recently there was a Slashdot interview with RMS where questions were submitted by users. The story carried a health warning. RMS is accused by many of being a zealot who wants to see all programmers starve. He is not.

RMS provides a much needed figurehead for the FSF. A group devoted to providing and fighting for free software. Much like Marx, Machiavelli or Neitsche everything he says should be taken with a pinch of salt for life in the real world. But without these people, without the purist ideals they promote we would be stuck in a realistic world of pragmatists ready to sell out at the first opportunity, hardly role models.

Re:The salvation of society in non-anonymity

It was David Brin. He says that since there will be no such thing as privacy anyway, we'd better make sure that we can watch the watchers. This is a very good point. One thing we're seeing now is the government cracking down on people who sell bugging equipment--very bad trend from Brin's perspective.

However, I would argue that we should deploy what anonymizing technologies that we can. "Anonymity allows members of a society to undermine the laws they agree(d) to uphold" is not quite right--it allows them to undermine the laws that the majority agreed to uphold. Tyranny by majority can be nasty--anonymity, if achievable, can prevent all tyranny, at the cost of some anarchy.Good trade, IMHO.

Another SF writer on the subject is Vernor Vinge. In A Fire Upon the Deep and other books, he argues that "ubiquitous law enforcement" by surveillance technology is the death knell of any society.

The salvation of society in non-anonymity

I love this kind of discussion, it's exactly the kind of thing where everyone and their uncle will wail at the top of their lungs that the world is going to hell and (in my humble opinion) be wrong.
Everywhere and anywhere one chooses to look, North American society is degrading at an ever accelrating rate.
Men, Women and children are being beaten, stolen from, harrassed and abused in more ways than any of us can begin to imagine.
Frustrations run higher and higher everyday, and the common view of one's place in society seems to be "I've got mine, and I don't care if you've got yours"
People that take this view, and with it, undermine the rights and freedoms of others do so often with perfect impunity.
Thus, the cop can beat the Afro-American on the street for no good reason, Husbands can beat their wives, Mothers can molest their children, and children can beat each other into hospitals on the school yard.
Why does this impunity exist? Simple:
Because they are ANONYMOUS.
In his book "The transparent society", Larry Niven (I think... I read it a while ago, so don't blast me for getting the name wrong, the title is what matters) argues this very point in an extremely creative way.
At first, he examines the words "anonymity" and "privacy", and defines them.
As the work continues, he draws parallels between the words, examining how they are similar and different, and in what context.
The idea that he arrives at is that "Privacy", "Freedom" and "Anonymity" are infact not the same at all, though most of modern society would belive it so.
One of the final conclusions that Niven arrives at is this: Anonymity allows members of a society to undermine the laws they agree(d) to uphold.
Because chances are no one will know they've committed a crime under the law, they continue to commit crimes.
Because these people can undermine the law and thus the safety and property of their fellow members, they infact infringe upon what "Freedom" and "Liberty" truely are.
Niven concludes with the idea that in order to protect Freedom, Anonymity might not be allowed.
So abolish anonymity: Place video cameras in the streets, on the freeways, in stores and bars and... everywhere.
And make sure that authorized people are watching them...
But:
Make sure that everyone know's WHO IS WATCHING THE CAMERAS.
Think of it like this:
If Bill Clinton had known that he was being watch by Security Guard John Doe the night of his escapade with Monica, and everyone in the country knew that Guard John Doe was watching Bill Clinton that evening, then the courts would have known
a) which video tape to watch,
b)which Guard to question to corroborate,
c) whether or not Bill did it on the desk or the couch.
Further, Rodney King's attackers might have had an incentive to treat him fairly, instead of abusing their positions as law enforcemnt agents, because they would have known that Officer Jane Doe of Internal Affairs was watching, and that the whole state knew that Jane Doe was watching.
In the end, North Americans will continue to insist that their anonymity keeps them free.
I would argue the opposite. That North Americans are not free because some one IS WATCHING all of this happen, we just don't know who.

Privacy and personal sovereignity

A lot of people confuse privacy with personal sovereignity, the power to decide what you will do with your own life, control over your body and that sort of thing. The courts in fact may have ruled the woman's right to abortion based upon the right of privacy, but actually what they were ruling on was her right of personal sovereignty, to control herself. As proof of that, in many states it's not entirely private the fact that you had an abortion, but you have a blanket right to one.

The important thing about privacy is to recognize that there's always a tradeoff between it and accountability. Account demands light, privacy demands shadow. And whenever people get a choice between privacy and accountability, they always seem to choose privacy for themselves and accountability for everyone else. Especially those they don't trust.

Re:But most consumer-abusive Internet Edge.

[Ranger+Rick]

Going by the name, I would expect that someone fed all of JohnKatz's stuff to MegaHAL or somesuch.

:wq!

Re:But most consumer-abusive Internet Edge.

[Ranger+Rick]

Neat! You have it published somewhere? Or are we allowed to look? :)

:wq!

Re:Long reply

[phil+reed]

Basing something on a book is technically copyright violation. You did ask for permission, didn't you?

Grow up. Fair use is still legal.


...phil

Untracable cash

[phil+reed]

One of the perceived problems with untracable cash is that the government fears the establishment of an underground, untaxable economy. That was one of the unspoken reasons for the reluctance of the government to approve high-level encryption.


...phil

Re:Untracable cash

[phil+reed]

With cash, you have physical objects to track. You can follow somebody around, watching them lug bags of currency. With encryption, all you've got is data, and if you're careful (data floods to confound traffic analysis, that sort of thing), it can be much harder to trace. All you might be able to figure out is that money magically appeared someplace, which is pretty much the same as with physical cash, but you've got less chance to follow it around.


...phil

Re:Untracable cash

[hodeleri]

the government fears the establishment of an underground, untaxable economy

What is the difficulty of people doing this with cash? I'm certain that we've all heard (or known) people who got paid for working "under the table" and the government isn't able to tax that transfer or even see it if enough people keep there mouths shut. It will be far easier to carry around big bags of $20s than it will be attempt to hide your transactions online. If you really want high-level encryption you can just download it from some other country that doesn't have export restrictions. When there is a traceable record of communications and money transfers it is far easier for someone to step in and say "you people are doing wrong" than for under the table back-alley transactions that leave no records.

--
Eric is chisled like a Greek Godess

Re:Untracable cash

[hodeleri]

There is a flaw in your logic. How do you know what is in the bag? How do you know it isn't somebody's gym bag full of dirty laundry? There is no way you can tell unless you invade somebody's privacy, and there is no reason to invade privacy unless suspicious things start happening.

Being online just gives new methods of doing the same thing poeple have been doing for Millenia. It has been demonstrated that some things are always going to be able to slip around the backs of whoever the authority is.

--
Eric is chisled like a Greek Godess

Re:Untracable cash

[RFC959]

What is the difficulty of people doing this with cash?

Using cash requires a physical transfer of the cash. That kind of puts a damper on paying some guy in Irkutsk from my desk in Manhattan. Yes, an invisible economy does exist to some degree with cash...and this is precisely why the government doesn't like cash either! They've stopped printing bills larger than $100, partly because most people don't carry larger amounts, and partly because large bills make it too easy to transfer large amounts anonymously. The government has required large deposits (and withdrawals, too? not sure) to be reported to the IRS, to track/discourage large cash-based transactions.

It will be far easier to carry around big bags of $20s than it will be attempt to hide your transactions online.

Even aside from the 'Irkutsk factor' I mentioned earlier, a bag of $20s might work if you want to transfer a few thousand dollars. A few million? More like a truck full of $20s. As for hiding transactions online, all that's needed is a bank/clearing house which I can instruct (through encrypted communications, of course) to release money from my account to someone else's; they do so and keep no permanent record of the transaction. Not that this is flawless - they'd probably need some records, and sometimes you do want accountability - but there's no technical reason it couldn't work today. The real thing stopping it is that the governments of the world would probably lean on the bank real hard...

Re:Untracable cash

[Malk-a-mite]

"What is the difficulty of people doing this with cash?"

It's not very hard at all, but much like making a copy of a friends CD - it's not a problem until millions of people have easy access to it.
Much like the recent problems the MP3 community is running into, everyone has been aware of the market for such things. But with the avent of the PC and the WWW it has made it much easier for the average user to be able to do it.

It's no longer finding some guy that your brother's ex-girlfriends once knew who had a closet full of - it's now just of matter of typing it what your looking for in any search engine.
That is where I believe these fears are coming from.

Malk-a-mite
-----
.sig file missing, what's a .sig?
-----

Re:Untracable cash

[SquadBoy]

You mean like in The Diamond Age

Re:Untracable electronic money

[phil+reed]

Applied Cryptography has a good overview of the protocols required to handle digital money.


...phil

Re:Offline privacy

[Nick+Mitchell]

But wait, if a boycott won't help due to insufficient numbers (always another shopper to fill your slot), then won't your strategy fail for the same reason (your fluctuations get lost in the noise)? Granted, though, it's more fun to be devious than obnoxious!

Re:PGP

[SoupIsGood+Food]

Hello. The quote was mine, and taken far out of context.

<em>This would be news to professional cryptographers.</em>

My info comes from the spook side rather than the big-brain side of the equation. I'm no cypherpunk, but it sounded like it was not brute forced, but required a lot of time on the big iron regardless.

It's not easy -or- cheap, and despite what Katz wrote, I was using it as an example as to why personal encryption was secure. Yes, they -can- break it, but it's too damn expensive to be used in routine law enforcement, and since everyone still remembers J. Edgar, it's doubtfull the FBI will get the funding to crack crypto.

SoupIsGood Food

I was quoted out of context. Here's the original.

[SoupIsGood+Food]

The quote is mine. I'm not a cypherpunk, or even a programmer. I'm simply an industry analayst (And a multi-platform sysadmin).

It was taken out of context. Here is the relevant part of the original mail in all it's unedited glory:

It's all about money. Ask any government engineer or defense contractor: computational time is measured in money. Right now, it's widely known that the NSA can crack PGP, and do so in perhaps as little as one day (probably a lot, lot longer, but we're talking worse case scenarios.) However, the cost of maintaining the computational rescources to crack that code aren't cheap. I'd suspect that unless someone is plotting to set off a nuke in Times Square or planning to invade Canada, the NSA won't touch it. The FBI simply does not have the money, and the spector of J. Hoover means that congress won't be too keen on allocating them money to buy fancy new machines to ferret out the secrets of private citizens. If Monica had encrypted her email and sent it via anonymizer.com, the feds would never have been able to get their grubby mitts on it. (And if the feds can get a hold of it, then disgruntled boyfriends, corporate spooks, or stalkers can, too.)

The problem is that the tools that enable privacy are way too difficult to employ.

SoupIsGood Food

Re:I was quoted out of context. Here's the origina

[SoupIsGood+Food]

OK, just to verify your credibility, what happens to your security clearance if you get caught using PGP to secure data in a govt. defense lab? Please explain why the sigint hardcases don't seem to mind theoretically weaker crypto that isn't PGP? Discuss!

You'd learn more about the practical aspects of cryptography if you paid more attention to the spooks than the big-brains.

SoupIsGood Food

Re:What the hell are you talking about?

[SoupIsGood+Food]

Speaking as a communications security hardcase

Anyone with a little bit of math background and a voracious crypto reading habit can be a communications security hard-ass. Get back to me when you're a sigint hardass with a GS rating or a military rank, m'kay?

and also as someone who has worked in a DoD-funded research lab, and also as someone who secured data in that lab using PGP...Nothing happened to me for using PGP to secure a couple of files. In fact, I don't think anyone even noticed. Security in those places isn't as tight as you're making it out to be.

A DoD lab != a DoD funded lab. Take this simple test: did your lab have a Commanding Officer as well as a civilian administrator? If the answer is no, you weren't working at a government lab. Security is -tighter- than I made it out to be. I know of one division head who's not allowed to see what his managers are working on because of a -minor- clearance issue. Unless you were handed a big, fat manual with DoD crypto guidelines spelled out in long words, you simply aren't qualified to say what the guidelines are or aren't. Hell, I know -when-, -where- and -how- PGP got on the official taboo list. The "why" isn't hard to figure out on your own.

Do the power analysis--it would take an optimal computer about one year at a constant 250 megawatts of power to break a 128-bit cipher.

If brute forced, sure. Big if. C'mon...I'm not into crypto and I can suss this one out.

If the NSA is so advanced that it has perfect computers running at a cryogenically-cool 3.2 Kelvins and hooked up to its own nuclear power plant just to flip the bits, I'd really like to know about it.

You aren't alone...bet the Chinese and a few Middle Eastern nations want to know the same thing. I just wonder what you -do- know about declassified NSA info (like its budget. Or recruiting objectives.). It's clear you don't know squat about what goes on -under- the kimono...

I'm not being facetious here. If you have any hard facts to back up your assertion, I'd like to hear them.

Actually, you -are- being facetious. You're a PGP partisan, not an cointel/sigint analyst, so snide bluster is -all- you got.

Getting back to the point, PGP is secure for day to day use, as the Fat Boys Institute does not have the money, the manpower or the mandate to do what the Nasty Snitch Association does.

Stop jerking your knee for a minute and think. The largest threat to national security these days are terrorist organizations who are likely to use inexpensive (free) cryptography. This means PGP was the largest cryptographic threat to national security. Do some math of your own.

SoupIsGood Food

Harvard Divinity School dean firing

[martin]

OK so what have happened if decorators's clearing out a room had found hundreds of porn mags?? Or even lots of books promoting devil workship.

10c says he'd have got fired...

same sort of material, different medium.

Re:Harvard Divinity School dean firing

[hodeleri]

No. He would not have. Part of almost any computer policy any work you work (probably the place where you work too) says that company resources may not be used for personal use. Lets see:

1. He had a university computer
2. He was using it for personal use (and quite a bit no less, thousands of pictures!)

End of story. It does not matter if it was a laptop he was hauling around with him or if he was in his office. He was using company property for personal use. Violation of policy and grounds for termination.

--
Eric is chisled like a Greek Godess

Totally transparent

[Zigurd]

Oh c'mon, folks... "Remus Shepherd?" And to think Slashdotards can be fooled by a troll in shepherd's clothing.

Re:Totally transparent

[Remus+Shepherd]

Heh. Do a search on Slashdot, Zigurd -- I've been active in conversations for over a year using this name. Do a web or usenet search and you'll see that I've kept the same name (and email address!) for six years. Yes, the name's corny. But it has always identified me.

I am no troll. Although I use a psuedonym, I have always taken responsibility for the words that I write. A pseudonym is a nice middleground; it allows me to act freely on the internet without fear, yet I remain accountable for my opinions.

How do you MAKE people care?

[Uruk]

I don't know that you can.

People have given a lot of lip service in the past year to the idea that consumers on the internet really value their privacy, and are willing to take a stand against companies that abuse it. But I don't see it. I am one of those people, and I'm sure that a lot of people on slashdot are too, but I don't see that in the general IE using, priceline.com and ebay.com surfing general public. I don't think they're capable of caring, because for the most part, the technology used to track them isn't very well known. Of all websurfers, what percentage would you say even know about doubleclick, much less know what it is that doubleclick does?

I figure that while 98% of the population continues to be oblivious to the problem, market droids will never stop exploiting customer information on the net. You can't make people care about issues, particularly when they're not informed about them.

These Katz articles in that regard make me feel like he's preaching to the choir on this and other topics.

Re:How do you MAKE people care?

[SimonK]

But a lot of [anti-privacy sentiment] comes from people who seem to genuinely believe that basic human rights are a threat to their security or to corporate profits

Well, speaking as someone who has occasionally expressed anti-privacy sentiment, my interest is not in my security or in corporate profits, but in whether or not privacy is a basic human right as you affirm.

There a strong feeling here on /. and elsewhere in the online community that privacy somehow is a fundamental right. This feeling is somewhat libertarian in nature, but interesting there's no libertarian philosophical literature that I can find that takes this position. Indeed, the politicians closest to holding this view are the sopping wet liberal bureaucrats of the European Commission.

The effects of increased and decreased privacy are quite complex, and since this is essentially a proposed addition (or corollary, or whatever) of the historically fundamental human rights, its worthy of more consideration than the knee-jerk reaction it generally gets.

Most of the concern appears to be around privacy from the state apparatus, on the implicit assumption that this provides protection from the enforcement of unjust laws. Its a remarkably weak and at the same time indiscriminate form of protection however.

On the one hand, privacy protections as a defence against law enforcement will inevitably result in an arms race where the state uses improved technology and enhanced legal powers to enforce its laws, and those trying to escape them try to invent more are more powerful protections to their privacy.

On the other hand privacy protections that protect those trying to form political parties, run cooperative enterprises, or trade MP3s will innevitably also protect those who really are international terrorists, theives and child pornographers.

The government will always be able to use the argument that it needs new powers to combat the evil of the day. Joe Bloggs and John Doe will believe them, and to some limited extent, they'll be right. Unfortunately, of course, the state can also use its powers to enforce laws that are not just.

This isn't a battle I want to fight, because I don't think we can win, and the reasons for fighting are weak at best. I think privacy's fundamentally not the issue. Restricting the state to its proper bounds is the issue, and privacy is a poor second best, surrounded by unintended consequences.

Re:How do you MAKE people care?

[Angst+Badger]

These Katz articles in that regard make me feel like he's preaching to the choir on this and other topics.

I don't know that that's the case here. I've seen a surprising level of quite passionate anti-privacy sentiment expressed on Slashdot. Some of that comes from the crowd that feels privacy is a lost cause or that future abuses are a continuation of (and somehow justified by) past abuses. These people are, IMHO, apathetic idiots whose right to vote would scare me if I thought any of them ever used it. But a lot of it comes from people who seem to genuinely believe that basic human rights are a threat to their security or to corporate profits.

The most absurd variation on that theme these days is David Brin's dumb idea of a surveillance state in which citizens get access to surveillance data. Ignoring for the moment the blackmailer's paradise that would be, the argument is still fundamentally flawed. Government surveillance is dangerous because the government has police forces, one of the world's largest militaries, the entire judicial system, and prisons capable of holding (at present) about two-and-a-half million people. Unless giving Joe and Mary Sixpack access to surveillance cameras also gives them the powers of the government, it hardly results in balancing power between the people and the government. Instead, it creates a situation like the one proposed in Fahrenheit 451 in which the general public vicariously participates in the oppression of their neighbors. Bradbury at least had the brains to see that this was a bad idea; Brin apparently believes that human suffering is ameliorated by being available for download.

Re:How do you MAKE people care?

[Angst+Badger]

Privacy is not considered a basic human right by any but privacy nuts and their sympathisers.

Try busting into a counseling session between a therapist and an underage rape victim and spew that nonsense. When the lack of privacy, at least under some conditions, is injurious to people, then it is a right, insofar as not being injured without due process of law is a right.

Re:How do you MAKE people care?

[legoboy]

(I think it was) Asimov (who) wrote a short story on the topic involving televiewers, or some word to that effect. Something-goggles? A technology which allowed users to see what was going on anywhere in the world at a given time. The story essentially centerred upon a woman confronting her husband about the time spent at some blonde's apartment while he was "working late", ending with her kicking him out, telling him to get a (word for item). It also included an additional scene in which two different groups of burglers stumble across each other while attempting to rob a vault they had just scoped out using (technology).

Anyway, in a truly transparent society - what most people refer to when mentioning the term -, blackmail is infeasible. Everything about everyone is common knowledge, easily accessible to all. The establishment of such a situation is another, much more difficult, matter altogether.

Privacy is not considered a basic human right by any but privacy nuts and their sympathisers. Your views on this matter lead you to believing that any future but Bradbury's is impossible. Everybody, bar none, has some manner of deviency.

------

Re:How do you MAKE people care?

[legoboy]

I find your nod to "What about the children?" quite amusing. Does the fact that the rape victim is underage strengthen the argument in any way?

And if statistics are to be believed, this rape victim might benefit from knowing that yes, there are thousands of others who are in the same situation, listening in on their counselling, etc.

------

Re:How do you MAKE people care?

[jaed]

Of all websurfers, what percentage would you say even know about doubleclick, much less know what it is that doubleclick does?

My mom, unprompted, told me the other day that she'd been reading about DoubleClick and cookies and she'd found an article that told her how to turn on "ask for cookie confirmation" in her browser.

I didn't bring up this topic with her; she initiated it. Now, my mom is an interested web user but she doesn't know the technical fine points, nor are her politics particularly attentive to such things. If she knows about privacy problems attendant on cookies, it's a fair bet at least half of web users have some awareness of the issue.

Re:How do you MAKE people care?

[CrazyJoel]

"I figure that while 98% of the population continues to be oblivious to the problem, market droids will never stop exploiting customer information on the net. You can't make people care about issues, particularly when they're not informed about them."

Until perhaps some sort of privacy catastrophe were to happen. I don't know what that would be. Something where somebody were to maliciously abuse the personal info of thousands of people. Nobody is going to do a thing until something bad happens. That's the way our society works.

joel

Re:How do you MAKE people care?

[Golias]

Don't mistake weariness for apathy.

Just because somebody questions the need for another heroin PSA running every 10 minutes on late-night TV does not mean that he is unconcerned about heroin abuse.

Some of the people posting here remind me a little of the Seinfeld episode where the crowd from an AIDS walk beat the crap out of Kramer because he chose not to wear a red ribbon while marching with them. If we are not as big of a zealot as them, we are Part Of The Problem as far as they are concerned.

Re:Long reply

[davecb]

It's an essay that makes me want the book, which (as an author myself), makes my pleased with it.

--dave

Correction

[JonKatz]

Strange correction..In one of the posts below, the one which states that the NSA could read any encrypted e-mail program in a day, I identified an e-mailer as a programmer..He isn't. I got more than a score of e-mailers from people identifing themselves as cryptographers and government employers, but he wasn't one of them. Those that did e-mail me were very strong in saying no "snoop-proof" e-mail system most people could use was really snoop proof.

Re:Long reply

[SimonK]

Nope. Its only a copyright violation if you copy text verbatim and try to pass it off as your own, or sell it. Summaries, reviews, reports, even properly attributed quotes, are all OK.

Its no wonder, really, that the public is so easily confused about copyright "theft" when even /. readers can't get it straight.

Remember the good old days?

[PD]

In the good old days, people with a lot of money were usually able to stay out of trouble with the law.

Nowadays it seems that to stay out of trouble you need to know how to upgrade your own computer!

The more things change, the more they stay the same.

Re:A strong media is good for us

[Pig+Hogger]

Having journalists who are unafraid to dig into the private lives of politicians means that there is a far greater chance of scandal and corruption being uncovered and exposed, something which can only benefit society in the long run - who wants corrupt leaders?

" La liberté de presse ne s'use que lorsqu'on ne s'en sert pas "

Freedom of press only wears-out when you don't use it.

That's the slogan of "Le Canard Enchaîné", that french icon of journalism that uncovered more than one scandal and caused many public figures to resign...

Interestingly enough, that weekly has no advertising whatsoever; it solely survives through what people pay to read it, so it is a truly free newspaper.

--
Here's my mirror

No new taxes, please

[SurfsUp]

Hong Kong was essentially an untaxed economy, or at least then total level of taxation was very, very low. In spite of this, Hong Kong was still able to ship boatloads of surplus funds home to mother England and build up a such a huge surplus that they had great difficultly in making it evaporate before mainland China got hold of it. (To get rid of it they built a grandiose new airport.)

If Hong Kong could do it then so can every other government. It's time to stop thinking about how to *increase* taxation by technological means, and start thinking about how to *reduce the cost of governing* instead.

As far as we citizens go, I know of very few who support the concept of increased taxation, or the implementation of new taxes, or even the maintainance of taxation at its current levels.
--

Re:Transparent Society

[Delphis]

You're right.. that is a very fascinating read and it does good to hear a reasoned argument instead of the paranoia-mongering that Katz seems to have in his articles.

That article was written over 3 years ago.. not a lot has happened though since then to actually get this idea to become a reality.


--

Greetings from the 5th column!!

[Nickbot]

Nice to hear folx bragging about how you'd tell your supervisor about some titty pics the poor dean had on his machine! May we now have a look at your hard drive? Oh, but that was a _work_ computer, right? Well I daresay that reading slashdot probably isn't work related, is it? And I'd be willing to bet most of you are at work right now. As hodeleri puts it:

>1.He had a university computer
>2.He was using it for personal use (and quite a bit no less, thousands of pictures!)
>End of story. It does not matter if it was a laptop he was hauling around with him or if he was in his office. He was using company property for personal use. Violation of policy and grounds for termination.

Enjoy your pink slip, hodeleri!

I've often been put in the position of being ordered to rifle through a former employee's _work_ computer to look for incriminating emails/resumes/etc., by an asshole PHB. And you know what? Every time the hard drive of said machine was _mysteriously_ wiped clean! "Don't know what happened, boss, the froonium must have overloaded" aah, ignorance is a quality I love in a PHB..

A Way to do Anonymous Banking

[sterno]

It ocurred to me that one of the fundamental problems with financial anonymity is that in order for it to work properly you must have a way to actually get money into some sort of bank or what have you. Of course banking laws require banks to gather all sorts of information about you before you can open up an account. Well, I have an idea for a way around this.

Set up a company that would sell smart cards in varying increments that would be usable for any on-line transaction (basically they can just do an electronic fund transfer or send a check to the destination). The smart cards would be sold like calling cards are today and would be readable through a reader that could be picked up for a modest sum. Once you had the card there would be no way to attach the purchases you made to your identity as long as your identity couldn't be attached to the card. That is to say, if you went to a store and paid cash, there is no connection to you and thus you can spend knowing full well you won't be tracked.

---

Re:A Way to do Anonymous Banking

[TurboJustin]

7-11 sells these. They're called internet shopping cards or something like that, and work as a credit card (Amex I think)..

Re:A Way to do Anonymous Banking

[Big_Breaker]

A company is already doing exactly that. I forget the name though.

Re:Untracable electronic money

[Kaa]

That I wanted to know was if anyone could think of a good anonymous algorithm for exchanging money online

Search on the net for "David Chaum". Also, Applied Cryptography has some useful algorithms.

David Chaum tried to set up an anonymous electronic money system. His company was called Digicash (AFAIK). He failed. I think the main reasons were:

(1) There is no burning need for anonymous electronic money among the general public.

(2) Governments dislike this idea very much for obvious reasons.

(3) Chaum kept the technology very close to his vest and was unwilling to seed/share it widely so that it jumpstarts.


Kaa

Re:A strong media is good for us

[Kaa]

I have to disagree that the increasing intrusion of the media into the lives of politicians and public figures is a bad thing, at least for the rest of us. These people accept that they are to have their lives scrutinised to a far greater extent than normal people - it's part and parcel of being in the public eye.

What you say is true, but there is also the price to be paid. A lot of people who would have made excellent leaders and public figures avoid stepping into limelight for precisely that reason: they do not want their private life ripped to shreds by nasty people looking for any dirt they could find.

As usual, it's a matter of balance: allow people in power to hide their business and corruption will flourish. Strip them of any privacy and no decent person will want to become one. Hard separation between public and personal might help, but it's somewhat unnatural and not likely to work well. I don't think there is a good solution.

Kaa

Re:Long reply

[Kaa]

Basing something on a book is technically copyright violation.

No, it's not. Even leaving aside fair use, ideas are not copyrightable. So don't pretend to be a hard-ass lawyer.

Who controlls the digital certificates?

So-called "certification authorities" (CAs). Who they would be is a subject of much debate.

Bah humbug. They own the computer, they dictate how it's used. Simple as that.

Not as simple as that. The poster correctly points out that finding, say, baseball statistics on the same computer would not have caused any problems at all. This is actually not a privacy story (other that the obvious moral: don't put personal stuff on other people's machines). This is a story about puritanical attitudes to sex and maintaining a facade of respectability.

But inappropriate use of company resources has always been a reason for firing somebody.

Don't be anal-retentive. Receiving a personal email on a company machine is, technically, inappropriate use of company resoures. Ditto reading Slashdot and a bunch of other stuff. I can assure you that a company that will fire people for sending/receiving personal non-offensive emails at work will soon find itself with a severe personnel problem. Send/receive a sexually explicit message, though, and things can get ugly very quickly. So, again, it's mostly not about privacy but about attitudes to sex.

However, people lost there individuality to the collective many moons ago

Speak for yourself.

The price of popular culture is losing yourself.

Is it really? Sometimes I eat at McDonalds, occasionally I listen to bubblegum pop music (so, shoot me), and I have been known to watch popular movies. So how does it make me lose myself?

Kaa

Behold the Individual

[Alex+Pennace]

Find a human, any human. Inside that human's noggin are his most private thoughts. Other reasonable persons understand that it is not good to coerce these thoughts out of someone if he isn't willing to share, even if they suspect those thoughts aren't kosher. Be it the details on how to make an atomic bomb, rob a bank, or an image of a naked 12 year old, those thoughts are basically safe in the head.

Humans are toolmakers. We construct implements to increase our abilities. And now we have evolved from stone tools to computers. Data quietly sitting on a hard drive is just like data in your head: it is harmless by itself. Thinking about robbing a bank is not the same as actually doing it.

As any real crime must involve other physical evidence, society has no legitimate need to seize this very personal data. But as history shows us, society will happily trample on individual rights whenever it sees fit.

You have the right to private thoughts. Don't let the mobs violate you, protect your private information with strong cryptography.

Freedom of Information Means Loss of Privacy

[scruffy]

I thought one of our mantras was that "Information wants to be free". There is no fundamental difference between information about you and information about any other subject. Once it has been made available, there is very little you can do.

Clearly, we can make some headway toward reducing availability, e.g., European privacy laws. However, it will be all but impossible to keep personal information private. If someone wants to find the dirt on you, they will find it. We need to have the laws (and the culture) in place so that when the information escapes, that it won't be used inappropriately, e.g., anti-discrimation laws.

Re:Factual error: PGP is *not* insecure.

[jbf]

RSA equivalent to factoring (*) If I recall correctly, I took a crypto class where they proved that if you could get nontrivial advantage on the high log_2 n bits of an arbitrary message encrypted using an n-bit RSA key in polytime, you could factor in polytime. (that is, finding the high 10 bits of a message encrypted with RSA is roughly equivalent to factoring the key... so you can use 10 bits per 1024 bit block, and be pretty secure.)

Re:Dean's Firing.

[Claudius]

I couldn't agree with you more regarding use of University facilities for pr0n downloads. A suggestion to the Harvard Divinity School (and to any organization who distributes computers for people's home uses) would be to do as the U.S. Department of Energy does, and that is, put a sticker on every machine that explicitly states the usage policy. This makes issues of perceived privacy easily resolvable by most anyone capable of logging in. Quoting from their policy:

"Notice to Users. This is a Federal computer system and is the property of the United States Government. it is for authorized use only. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy."

No ambiguity here.

Using the company (or university) resources to surf pr0n is, in my mind, akin to using a company car to drive to the pr0n shop to pick up a few vids. If someone sees you and reports you to your organization, I don't see how privacy can keep you from getting fired if your organization so chooses.

Re:Dean's Firing.

[Claudius]

If my company gave me a computer for my home and then told me how I could use it, the motherfuckers better pay my ass $24/hr when I use the damn thing. My employer should have absolutely no say whatsoever about what I do when I am off the clock.

While I admire your strong sense of principle, I disagree with you regarding the fairness of the arrangement. I hate to argue over semantics, but in most cases, such as the organization I described in my earlier post, the machines are not intended as being "given" but rather as being "provided." They are the property of the employer, and as such they are intended to be used only in a manner that is approved by the employer. I see this as being no different from an employer providing me with other equipment to take home, be it a cell phone, company car, or ball point pen. If I don't like the rules on how I can use the equipment, then I can always just buy my own car, phone, pen, computer, PDA, etc. I just don't see how I am entitled, for example, to drive the company car on my vacation or to use their computer and fast net connection to surf pr0n if they don't permit it.

In my position I receive a fixed salary regardless of how long it takes me to do my job. If I want to leave early two days a week to play tennis, then I can do that and nobody will care. If I want to log in from home in the evening to check the status of a job that I launched earlier that day, then I rather like their having provided me with a machine and a fast connection to the lab with which to do this.

In my mind, as long as policies are straightforward, unambiguous, and reasonable, then I have no problems with abiding by them. If I do find them to be objectionable, then I can always find a new employer. I guess I missed your point--how exactly is this unjust and unfair?

Re:Nothing transparent about this

[Remus+Shepherd]

If everyone's lives were out in the open, who would attack you for being a zoophile? Only people whose personal lives were deemed to be much "cleaner" than yours.

And to avoid being attacked, people would be driven into living "cleaner" lives; thus a homogenized society is created via peer pressure.

Now obviously, this is a rather idealized notion that involves people being nicer to each other than they are now. However, the vindictiveness of people stems not from an innate property, but from society, a society that encourages people to hide any deviant behavior away and pretend that everyone is perfectly normal. Having a less private society is the first step away from this kind of nonsense.

No. Human vindictiveness stems from a very basic fear of the unknown. Things that are different or outside of one's experience are frightening, and there is a strong tendency to avoid and condemn them. In a less private society, people are forced to avoid deviancy, or face condemnation -- which has real and painful consequences. Those that cannot avoid being deviant (drug use is addictive; sexual deviancies can be both addictive and incurable) will become second-class citizens, able to be ostracized at the whim of any 'normal' person. There is no defense against being truly ostracized from society. It's no comfort that you are able to commiserate with others of similar deviancy, when you are all sleeping in the street and unable to get any employment because of your abnormalities.

Remember, there are people out there who have *no* deviancies. They may even be a majority -- the moralists today certainly *act* like they are a majority, with a very prominent attitude that the rest of society should be just like they are. These people don't live in glass houses, and they love throwing stones. A Transparent Society would be a tool for this type of busybody majority to prey upon and ostracize any minority they wish.

Re:Nothing transparent about this

[Remus+Shepherd]

Anonymous coward wrote (albeit in unexpurgated form):
"I f*** farm animals"

Interesting that you should write that in a discussion on privacy. Personally, I do f*** farm animals. I am a zoophile, an ex-FAQ-keeper of alt.sex.bestiality, and it's not much of a secret to anyone who knows me. (Why did you think I was using a psuedonym?)

And my situation is a good example of why David Brin's Transparent Society will never work. My personal life harms no one, and in my state of residence it's perfectly legal. But I guarantee you that if my personal life were revealed to everyone, I would have problems with my employer, not to mention my coworkers and possibly with over-zealous law enforcement who aren't familiar with the (lack of) sodomy laws in this state.

It's happened to me already, you see. A usenet.kook hired a private detective to ferret out information on me, then wrote to my previous employer. Although I broke no law, my career was nearly destroyed because of a private behaviour outside the mainstream, found by someone who was able to snoop on me too easily. I'm a little harder to find, now...although I have no illusions that I'm completely unfindable.

The premise behind Brin's Transparent Society is that we can catch corporations and governments doing illegal things also. But how many people have money to pay for investigation of every corporation or government agency they suspect of wrongdoing? Are corporations held responsible for legal-but-frowned-upon behaviour, or do they just ignore outcries until they affect their profits? And of course, any corporation has the funds to research the individuals opposing them, and destroy their lives if they can.

The Transparent Society will shift power away from individuals and towards those who have the resources to mine and act upon information. It will create a homogenized society, and threaten everyone whose lives differ from the mainstream by any minor behaviour or percieved difference from 'normal'. It's a dangerous concept, and I believe a very evil future for Brin (who I otherwise respect) to be promoting.

Clarification needed. . .

[SMN]

"Harvard justified its decision by claiming that Divinity School rules prohibited personal use of university computers in any way that clashed with its educational mission. But the dean was using his computer at home, not work. And no student or colleague suggested he had improperly behaved in any way as head of the Divinity School. His work was never questioned. It's ludicrous to suggest that the school would have fired him if he'd been downloading sports scores or bidding for furniture on eBay. But although he'd committed no crime and performed well in his job, he was forced out in disgrace..."

I think a little clarification may be needed hear - it appears to me that this man was not "fired" - he was "asked to step down."

Now, while I know those are more or less equivalent, it's important to note that he complied with the university's request, which leads me to believe he did not contest it. Were he to feel as strongly about this issue as Jon does, he would wait until he was formally fired and then take the University to court. This implies that he consented, and it appears that Jon is (as usual) creating an issue where there is none.

Furthermore, I object to the use of the statement "But the dean was using his computer at home, not work." Jon said that there was an understood agreement that "rules prohibited personal use of university computers in any way that clashed with its educational mission," - regardless of whether or not that rule was intended for these circustances, it _was_ a rule, and he _did_ break it. I'll reference some real (read: non-geek) culture here - these seems somewhat analogous to Les Miserables, in which the protagonist stole a loaf of bread to save his sister's (?) life, and was imprisoned for it. While the rules may not always be intended for such circumstances, they still do.

And I probably gave Jon a little too much blame/credit for repeating Rosen's ideas here, but that's out of habit.

Summary

[SMN]

Correct me if I'm wrong, but I just read through that whole embellished rant (it wasn't easy, believe me) to find that it just expressed one simple idea:

New encryption in the not-too-distant future will allow us to break rules and look at pr0n on Harvard computers without getting caught. Oh yeah, and we can do legal stuff in private, too, but that's not important.

Geez, Katz, if you wanted to appeal to us geeks, you could have saved a lot of time. I suggest that your next article be composed of just a few, simple words:

Proactivily utilizing encryption means pr0n at work!

I have issues with Jeffrey Rosen

[/]

I've met Rosen briefly, and I've gotten him to sign my copy of Unwanted Gaze, and this is only my own opinion, but there is something a bit phoney about the man. I kept getting the impression that he was someone who, while he was genuinely interested in the topic he was writing about, he came off as someone who really wanted to write a book and therefore did precisely the amount of research necessary to appear to know what he was talking about without actually getting a clear grasp on even some of the important details. I watched an interview with him the other day, and he was completely confused about whether it was Intel who was responsible for putting serial numbers into PIII chips and whether Microsoft was responsbile for their unique ids inserted into MSOffice documents, claiming it was Intel who was responsible for the latter. And this doesn't even begin to address the logical errors encountered within the first few chapters of his book.

Actually, I could express the exact same opinion of a certain other columnist on slashdot, but that would be rude.

Re:How do you MAKE people care? - you don't!

[e-gold]

If a corporation has your Visa number, than several persons do as well.
...

Ain't it the truth. Of course, anyone on the planet can know that my e-gold account number is 101574 (well, among others, but that's the main one) and all they can do is spend to it without my passphrase. I guess what I'm saying (ok, while plugging my company's currency) is that 1950s technology stapled onto the world wide web does not make "ecommerce" once you've tried a better system.
JMR
(And, once again, /. readers are encouraged to try e-gold, tell me an account number and I'll click you half a gram or so.)

Re:Sex

[Tower]

Note that France has the second highest rate of alcoholism as a culture/country. Granted, they don't binge drink, and don't have nearly as many alcohol related deaths (far fewer cars/people than the U.S.A. also).

The U.S. tends to be overly reactive to just about everything, due to one or more vocal minorities that manage to convince a lot of people that things are very very wrong... it's a tough place sometimes. You feel strange hugging a good friend who happens to be another guy, just because of what some people might think, or take a walk with my cousin (a pretty blond 13 years old), since someone might think I'm some sort of perv or child molester... pretty scary what people have made us worry about...

Re:You are completely misguided

[jakob_grimm]

Actually, that might not be a bad idea. Someone wiser than I (maybe it was Heinlein) once said that anyone who actually wants to run for public office should be automatically excluded. Make leadership like jury duty here in the US or military/national service in many European countries, and it just might work. (Of course, I think we ought to have mandatory military/national service in the US, but that's another story...)

What the hell are you talking about?

[rjh]

Speaking as a communications security hardcase, and also as someone who has worked in a DoD-funded research lab, and also as someone who secured data in that lab using PGP...

... what the hell are you talking about?

Really?

Nothing happened to me for using PGP to secure a couple of files. In fact, I don't think anyone even noticed. Security in those places isn't as tight as you're making it out to be.

Answer the question, please. Do the power analysis--it would take an optimal computer about one year at a constant 250 megawatts of power to break a 128-bit cipher.

If the NSA is so advanced that it has perfect computers running at a cryogenically-cool 3.2 Kelvins and hooked up to its own nuclear power plant just to flip the bits, I'd really like to know about it.

I'm not being facetious here. If you have any hard facts to back up your assertion, I'd like to hear them.

Re:What the hell are you talking about?

[jovlinger]

Do the power analysis--it would take an optimal computer about one year at a constant 250 megawatts of power to break a 128-bit cipher.

That's interesting. How did you arrive at this conclusion? I've never seen that sort of comparison done -- I supose it uses information==entropy?

How would this be affected by reversible computing?

Until you have something to back this up...

[rjh]

... you're an idiot.

Worse, you're the sort of idiot who, instead of having any facts to back up outrageous allegations, says "if you only knew what I know, then you'd agree with me".

That's intellectual fraud.

Factual error: PGP is *not* insecure.

[rjh]

Disclaimer: I am not, in any way, speaking for my company. More than that, I don't have my reference books handy, so I'm going purely from memory--I may be off on a detail or two.

PGP (more accurately, programs which implement the OpenPGP specification) is not insecure when properly used. By "properly used" I mean choosing a reasonable size for asymmetric keys, choosing a reasonably good passphrase, and practicing good email discipline--unrevealing subject headers, not sending anything cleartext which could compromise your key, etc.

Is it trivial to use PGP/GPG properly? No, and that's the biggest problem with PGP/GPG. Still, that's not what Jon Katz's source said; the strong implication was that government agencies could, either by brute force or cryptanalysis, break a PGP-encrypted email in a day. So let's address that now.

In order to break a PGP/GPG encrypted email, either the asymmetric or symmetric components of its cryptography need to be broken. Breaking the asymmetric component requires either an efficient way to factor large numbers[*] (for RSA) or an efficient way to solve the discrete logarithm problem[**] (for El Gamal).

After more than twenty years of study, such efficient algorithms remain Holy Grails of cryptographic research.

Breaking the symmetric component requires some efficient way to break the cipher. By "efficient" I mean better than brute force, better by several orders of magnitude. Being ragingly paranoid here, I'd expect government agencies (DGSE, NSA, etc.) to be able to break 80 bit ciphers by brute force. The weakest [+] cipher in the OpenPGP spec is Triple DES at 112 bits. That still exceeds governmental capabilities by a factor of four billion or so.

Basically, the claim that "the NSA can break PGP-encrypted email in a day" is so much hogwash.

That being said, there are undoubtedly attacks which government agencies can perform against ciphers. Cryptanalysis is just very rarely one of them. It's far cheaper for the government to Van Eck your monitor, or break into your apartment and plant eavesdropping devices, or crack your box to grab your private key and plant a keypress sniffer to take your passphrase. And if you're sending stuff which is so tempting to the government that they'd go to this effort, then you probably want to invest in something more than PGP/GPG.

There are many attacks which exist against PGP/GPG. It's just that, to the best of my knowledge, there are no good cryptanalytic attacks against PGP/GPG.

[*] Strictly speaking, this isn't true--we don't know for a fact that you have to come up with an efficient factoring algorithm to break RSA. It seems to be strongly implied, but there has never been a formal proof of this requirement.

[**] This isn't true, either--see the above footnote. Interestingly, coming up with an efficient factoring algorithm doesn't help you solve discrete logarithms, but an efficient solution to the DLP will give you an efficient factoring algorithm.

[+] 3DES is "weakest" in the sense that it has only a 112-bit keyspace, as opposed to the 128-bit keyspaces of the other ciphers used by PGP/GPG. There are some extremely esoteric attacks against 3DES which bring down its complexity somewhat, but it's still solid as a rock. 3DES has survived a quarter-century of cryptanalysis and nobody's been able to hit a home run against it yet; this means that 3DES, while "weakest" in the sense of keyspace, is probably the strongest cipher in common use today.

Re:Factual error: PGP is *not* insecure.

[Signail11]

I want to address the issues in [*], [**], and [+] in a bit of greater detail. The issue of whether RSA is computationally equivalent to the IFP is considerably more up in the air than you imply. The exponents on low exponent RSA and the recent results on the distinguishibility of non-quadratic residues under certain conditions of smoothness for the numbers offset by a small integer from factors of the modulus give me pause on whether the above equivalence is true. It may well be true for the vast majority of RSA moduli. An efficient solution to the DLP *in the case where one operates modulo a composite n*, NOT in GF(p), implies that one can factor composites of the form n. 3DES is the algorithm that I would *trust* the most, but I do not believe that it is the strongest or best designed cipher in common use today; there have been many advances in cryptoanalytic techniques since DES as exemplified by an algorithm like CAST-128.

Re:Privacy

[Reziac]

And I'll follow you in my unmarked car and record your every word with my high-sentitivity directional microphone with the noise supression filter... just like we did it in the olden days, before email.

Re:but i hate pennies...

[georgeha]

Could you at least make them electronic Quarters? Pennies are rapidly being phased out by inflation. I doubt even quarters would be usefull or long lasting at this point.

But then how are you going to get the Freshman women drunk, if you don't have real quarters?

George

When is a troll not a troll?

[georgeha]

Maybe when the troll makes a higher point, engages in a Socratic discussion, provides a koan-like illumination, or even acts as a devil's advocate.

So many of the slashbots think anyone who espouses anything remotely controversial is a troll. Boy, I'd love to see a Slashbot debate team.

On one side, Linux is good.

Taking the other side, Linux is great.

Shame, shame, shame on Jon Erickson, some of his posts make us think about our assumptions, and make us clarify our thoughts to defend our opinions.

Go away Jon Erickson, let us rot in the stink of our own reflections, Linux is doubleplusgood, Open Source is doubleplusgood, free MP3s are doubleplusgood, Microsoft is bad, war is peace.

As Ben Franklin said, I may not agree with what Jon Erickson says, but I will defend to his death the right for him to say it.

George

Re:** A REPLY TO GEORGEHA **

[georgeha]

So there is absolutely no chance that Jon Erikson is using the Socratic Method to start a dialog? Or perhaps he's playing the Devil's Advocate to start a dialog?

Believe what you want, I honestly believe he's trying to start a constructive dialog.

Or perhaps he'll learn to increase the inflammatory nature of his posts, check fewer references, and buck for Katz's job.

Ooh, there's a good slogan, Replace Katz with Erikon.

George

Combine DMCA, Copyright, and Get Private

[Pedersen]

My new .sig, below, doesn't do enough. Not yet anyway. However, maybe we should start copyrighting the details of our personal life, encrypting them, and then using the DMCA as a means to prevent companies from getting them, by their own logic.

After all, if we have taken due precautions in protecting such details, and they still get them, they must have reverse-engineered the details from the available details. Since we've copyrighted those details, they've broken the la.

While I do wish that such a situation would work, and provide results, I don't believe t could. But maybe it could be the starting point for such a work?

Dean's Firing

[jyuter]

Harvard justified its decision by claiming that Divinity School rules prohibited personal use of university computers in any way that clashed with its educational mission. But the dean was using his computer at home, not work.

It's irrelevant if the Dean was at work or not. It was the universities computer, and I far I can tell, most religions would consider pornography to "clash" with an educational mission. Reading sports scores might not be one of the principles of the Catholic faith, but it certainly isn't a cardinal sin.

On this one, I have to agree with the university for sticking to its policies. The Dean should have known about them and clearly violated the rules. If it would have been on his own computer in his house, then you'd have a legitamate complaint.





Being with you, it's just one epiphany after another

Re:Dean's Firing

[daigu]

Unfortunately, you miss the point. The question is not whether or not the Dean should have been doing it. The question is whether or not the Dean should have what he was doing communicated to others and then called into account for it.

Following your logic, you could also say that the Dean's reading habits based on material he has checked out from the library could be similarly examined. Suppose a computer technician notices that the Dean of Divinity seems to check out way more Marquis de Sade than a Dean of a Divinity School should. It is the University's books. He is using the University's ID card to check them out, right? Wrong.

It seems pretty clear that, in a University setting and in a supposedly "free" society, a person should be entitled to check out books and read topics of interest without having to worry about the possibility that their reading choices will be publically debated and bear possible consequences. If you do not believe this, then you are essentially advocating an environment that fosters the worst kind of self-censorship and undermines the meaning of what it means to be "free".

The analogy to the Internet seems pretty straight-forward. It may be the University's house. It may be the University's computer. Still, it does not give the University the right to monitor or debate how you use these resources anymore than they have the right to track individual use of the library.

Re:Dean's Firing

[Prof_Dagoski]

More to the point, people in public leadership positions like this have scrupulously separate their private life from their public life. If he'd been downloading to his own computer and hired a technician to do this upgrade, it'd have been no problem; it'd have been private. Because he's downloading porn onto a computer supplied by his university, he's making his activities public because any technican servicing the computer is answerable to the same organization that the dean answers to. The moral of this story is if the company gives you a computer watch what you put on that thing because the company owns it, and has every right to inspect it at any time. It would be a serious breach in privacy for a company to inspect the computer bought and paid for by its employees with their own money. Now, this is exactly what Nortwest airlines did when their employees attempted to organize a sick out. The Northwest Airlines incident represents one of the most serious erosions of the distinction between a private and public life.

Re:Sex

[Hard_Code]

The problem is that anything just slightly risque to the American puritanical facade is candidate for stern and immediate censorship instead of rational analysis. For instance, many other countries like France and Spain have alcohol as part of the culture. Children grow up around it and don't go into insane drinking binges when they turn 21. Some with sex, sort of. Almost every other western nation is more free about sex. Yet in America it's some strange dangerous thing. If a guy so much as pats a man or crosses his legs the wrong way, he is immediately a homosexual. Parents can hardly hug their children without somebody crying sexual harassment. It's just really insane.

What gets me is the irony that the religious south, known for its piety is also know for its brothels and liquor. There is some disconnect there.

Re:Long reply

[Hard_Code]

I'd have to agree. I don't think this guy was under any illusion that downloading porn was not in conflict with his job duties (which probably required maintain some sort of moral stature). Of course that should have been made clear for those who expect to be hired to a religious institution and then break their moral laws.

Now if this was a secular institution with no pretense of moral job requirements then it might be another issue.

Re:A strong media is good for us

[Hard_Code]

And consequently natural selection has selected for a breed of politician which is exceptionally lacking the integrity of personal honer and exceptionally good at hiding dirt.

Don't you love evolution.

Re:Long reply

[Hard_Code]

I guess it all depends on getting on better with your associate employee contemporaries and frequently checking credit at moral bank. ;)

Re:Wow, privacy in the UK sucks

[DaveHowe]

I think the truely worrying thing is that all this is being put through because of a ruling in the European Court of human rights;
Basically, the ECRH said that, unless the uk had an EXPICIT law that allowed interceptions, bugging and so forth, then evidence of that type (and any further evidence that would not have been gathered if they hadn't seen the first lot of evidence) is inadmissible in court. The UKGOV position is that they are only formalising things they have *already* been doing due to the lack of a law telling them not to.

Certainly I find that a frightening thought....
--

Re:A view from Europe

[DaveHowe]

Oh, and just for those americans that are feeling smug that their constitution protects them from THEIR politicians doing the same to them:

US "RIP" Bill
--

A view from Europe

[DaveHowe]

Hmm. here in .uk, we have learned to our cost that, once the government gets used to having access to personal data on its citizens, it is very reluctant indeed to give it up. in particular, the .uk government are in the final stages of passing a bill with the following characteristics:

1. Any government official (including local government, police inspectors and Tax/Customs) can self-issue a notice requiring your ISP to give up emails and/or HTTP traffic logs to them.
2. Notices don't expire
3. Notices can come with an attached "gagging order" that makes it an arrestable offence (5 yrs emprisonment) to tell anyone a notice has been served on you
4. Gagging orders do not expire
5. Notices can require you turn over a secret encryption key; if you are a company employee with access to the key (for example, a .uk technician with access to the .us based ordering system for a major multinational can be ordered to download the key from that system on the .uk government's behalf)
6. If you have the authority to order the production of the key (for example, a UK resident CEO of a US company) they can serve a notice on you to do so
7. If you fail to produce the key (and forgetting / losing the key is no defence unless you can prove it in court) there is a 2 yr jail sentence in your future.
8. Once they have the key, no-one is liable for its safety or for any losses you suffer as a result of its disclosure
9. What few safeguards exist are in a Code of Practice that can be re-written by the government at any time; in addition, there are no penalties for failing to follow the Code of Practice.
10. The target (and/or recipient) of the notice is not required to be suspected of a crime; it is enough that the official is investigating a potential crime
11. the "economic well-being" of the UK is a valid justification for notices - so trade unions, human rights organisations and foreign multinationals competing against government-lobbying firms are all valid targets with no further justification required

It shouldn't be too surprising to hear that three ISPs have already announced they are planning to move their servers overseas; the largest .uk worker's union and indeed most of the Trade Union Council are planning on following suit.
--

Weird Story Time or WTF Is In Those Big DB's?

[iamriley]

I always assume that sites are collecting information about me. Consequently, I rarely put real information into anything. I was not always so hardened to the dangers of the net, though...

Flash back to January 1996:
Fresh into college, the young me pays $10 to my small college's computer center for one semester of POP3 email.

Fast forward to July 1996: The slightly older me signs up for a yahoo mail account. I put my college email as an alternate email.

Fast forward to December 1996:
The tired-of-paying-for-email me let's my account go unpaid and fade into oblivion. The account had gone unused for months.

Fast forward to yesterday:
I have a job programming for a small company. I have worked at this job for a year and a half now. We often make online purchases using my boss's CC. I have made between 5 and 10 of these, and I never put my own name as a contact for these purchases, instead I always put my boss's name. There have been a couple of times that I have called into one of these places to check on an order--in these cases I have identified myself.

A strange thing happened today:
I purchased another product online. The secure server was taken care of through Yahoo's store, though the company not Yahoo. On the first screen that asked for information, I entered my boss's name and the shipping address for the company. I clicked next. On the next screen, there were several boxes, one of which asked for an email address. In that box appeared something that I never expected to see again: my old college email address.

I feel violated. Ugh.

Nice try...

[ODiV]

but you didn't even use the word 'geek' once.

Re:PGP and the NSA

[jovlinger]

I don't see how your points about symmetric and asymetric encrypytion support your conclusion about the infeasability of the NSA breaking PGP (either possibly flawed implementation or ideal design).

All they does is rule out brute force and publically know attacks. It is totally possible (though I would hope not the case) that the NSA has the knowhow and resources to significantly comprimise PGP.

An unfortunate aspect of PGP is that it features both symmetric and asymmetric technologies. If either one is compromised, the system is broken. Thus we have multiple points of possible attack.

However, I do agree with your conclusion that even should they have the capability, the NSA are constrained by larger issues not to divulge this act for anything less that earth-shaking consequences.

So it is academic whether they can or not, cause they wouldn't be able to tell anyone about what they found.

Even more prosaically; DES is effectively cracked, what with the $100K brute force machine, but AFAIK, no law enforcement agency has built one. If they aren't willing to spend a measly 2 man-years in salary for something generally applicable, you have to wonder as to the level of effort they could get the NSA to put in for them.

Re:I was quoted out of context. Here's the origina

[jovlinger]

Ok, just to verify your credibility, would you detail the computational resources that sort of crack would need? Please give ball-park estimates of how many bits would be needed to be bruteforced for a 1024 RSA /128 3DES PGP key?

If you could provide (once again, ballpark) numbers on aggregate MIPS availible and the time needed to perform the crack, that too would help substantiate the claim.

'cause I have to be frank here; I'm more than a little sceptical.

Sex

[The+Queen]

You are absolutely right.
Why is Internet filtering so popular? Not because parents don't want their kids visiting the National Democratic Party homepage (which sometimes gets blocked - I love that) but because they don't want them finding pr0n. People have sex. People think about sex. Anybody who pretends otherwise is full of it.

The Divine Creatrix in a Mortal Shell that stays Crunchy in Milk

Re:OFFTOPIC MOD DOWN!

[Enoch+Root]

how many more weeks before you run out of kharma?

*sigh* Unless I hit that magical bitchslapping spot of Rob's, this bloody kharma will last me all summer, and probably part of the fall...

Re:The tried and true

[Enoch+Root]

Hmm... What makes you say the original Enoch Root hasn't done that already, and somebody else isn't taking this account around for a joyride? Say, somebody who has a lot of karma, and contemplates burning it, but doesn't want to destroy his own 'reputation' on Slashdot?

Re:Mod Enoch_Root up

[Enoch+Root]

Hush. I know you're replying to a post marked -1, but a zealous moderator might overhear you!

Unwanted Gaze.

[goodlogin]

Im an unwanted hetro, what about me ?

Question is not degree of investigation, but subje

[Hnice]

Hi,

"I have to disagree that the increasing intrusion of the media into the lives of politicians and public figures is a bad thing, at least for the rest of us. These people accept that they are to have their lives scrutinised to a far greater extent than normal people - it's part and parcel of being in the public eye. "

This sounds a bit circular to me -- justification of the scrutiny by pointing out that politicians know they're going to have thier lives put under a microscope doesn't address whether this is a neccessary state or an admirable pursuit in all cases.

generally, i agree -- eternal vigilance and all of that. the question is whether there's only one big-P Privacy, that, once sacrificed on any subject, is no longer present for any other facet of one's life. That is, does a public figure's neccessary revelations of, say, fundraising activities logically extend to their sexual orientation? can they be private about one and not the other?

And that's two issues:

1. should they be able to maintain certain privacies? should the press be expected to be something other than a dumb rock-turning algorithm, or should it be expected to consider the usefulness and relevance of its stories, or the dignity and rights of its subjects?

2. as a couple of people have pointed out, large organized analytical systems (of which the media is one), once out of the bag for a particular purpose (investigations of important, legal, socially-relevant purposes) may naturally attack all notions of privacy at once. that is, an algorithm that breaks PGP isn't to blame if it's as useful in reading my email as that of a suspected drug-dealerr's -- can we say the same about the media, inasmuch as it's a privacy-breaking algorithm?

Re:A strong media is good for us

[Hnice]

yeah --

but it's an age-old problem with leadership, and not just cause of privacy. plato said that anybody who was fit to lead wouldn't want to, and anybody who wanted to wasn't fit, for all sorts of reasons.

there was a book about 10 years ago, called "What it takes", about the 1988 presidential election, on this topic -- it showed, over 800 pages, that you have to be some kind of insane ambitious egomaniacal media whore to make it in national politics these days.

and while i'm not sure what the answer is, as you say, this is not going to necessarily attract the most talented people to the discipline.

For starters...

[SvnLyrBrto]

You might try googleing for the company that it *claims* to work for: "NPO Technologies".

Just like st-st-st-steve w-w-w-woston's so-called employer "jjjjulius games", there's no such entity, not in .uk where it claims to be, nor anywhere else.

john
Resistance is NOT futile!!!

Haiku:
I am not a drone.
Remove the collective if

Re:but i hate pennies...

[daveman_1]

Hopefully you are not serious. There are many people out there, myself included, who never actually spend a dime of the change they receive. However, I do not simply throw this money away. It makes its way to a change jar that sets atop the dresser at home. Now a penny here or there isn't worth much... If you happen to save up those pennies over a period of say six months though, you will know their true value. Cumulatively, I do not believe I would just be willing to tell someone that they could just keep sixty or seventy of my hard earned dollars. If we can't respect the value of the smallest portion of currency, that being the penny, then don't be surprised when that $.65 drink at the soda machine now cost $1.00 or perhaps $2.00, since we don't use small increments anymore. Or the $1.50 fee at the ATM suddenly becomes $2.00. You can bet that Sam Walton knew the value of a penny. It all adds up. Look at your expenses by the month or year, not by the moment. It will help you to appreciate those pennies. But again, I hope you were just kidding.

Re:KAATTZZ Wassup?!

[daveman_1]

I wish I understood even some of what you just wrote.

Encryption does not ensure privacy

[ReconRich]

Many people, especially journalists, seem to have this idea that public-key/private-key encryption somehow provides privacy. The ONLY thing that this form of encryption provides is a (sort of) secure channel between endpoints; it tells you Nothing about the endpoints. There are many digital signature schemes, but they all rely on the fact that the public key you see in netspace, is in fact, the public key of the person or institution with whom you wish to communicate. Ask Nike's webmaster; netspace can be manipulated. Furthermore, reversing ANY public-key/private-key encryption system can be no harder that problems in NP, for which it can not be shown that there is not a tractable solution. Quantum computers are theorized to solve all NP problems in tractable time. Claims made about the NSA over the last few years imply that they have at least good heuristic solutions to NP problems, if not a theoretical / quantum solution. What does this mean ? It means that privacy probably can't be enforced between endpoints unknown to each other (i.e. they do not share a secret unknown to others which can be) by technological means (or any other... If you don't know who you're talking to ...) The only mechanism for persons who do "know" each other, would be encryption based on a shared secret (Private-Key encryption). These systems do NOT avoid the VCR Syndrome (at least yet), and, because they require SOME extra effort, probably wouldn't be used even by people who could. Never mind that most private-key solutions probably have the same NP characteristics that Public-key/Private-key systems have (although it is NOT demostrable for the entire class, as Public/Private systems are), heuristic, theoretical, or quantum means are effective.

All In All there are no secrets. and those interested in acquiring them will acquire them.

-- Rich

Re:Encryption does not ensure privacy

[SIGFPE]

and even quantum computers will take a LONG time to be able to handle modern key sizes.

Actually I think you'll find that if quantum computers ever come to be (which I personally doubt) you'll find that the algorithms take a time proportional to the key size - ie. they won't take a long time.

Specifically, there is no quantum algorithm for solving even one of the NP-complete problems

Nobody knows whether such algorithms exist. Someone might find one tomorrow. I think you needed to say 'yet'.
--

Re:Encryption does not ensure privacy

[Big+Torque]

Public key Private key encryption is easy to do that is why it is done not that it is the "BEST for security". Really strong encryption NP HARD is much harder to do and may tack much longer to set up. So not a real option at this time for Credit card purchases. The risk is having something that is trusted (like how some people trust RSA) and then have it cracked with out you knowing. That is the real danger and I am not talking your Pr0n collection but stuff like GOV to Embassy communications corporate info. Stuff that can cost big money, jobs and Lives. For things that important it is stupid to use non-NP HARD solution if possible. I personally think the US GOV can and does crack most PUBLIC/Private Key encryptions in real time. The size and scope of the effort to crack encryption is huge even by Government standards and the US has had a constant Program in place for at lest 50 years. And what I read of history is true they seem pretty good at it too.

Re:Encryption does not ensure privacy

[nestler]

ReconRich writes: Quantum computers are theorized to solve all NP problems in tractable time

Quantum computers are not some panacea to solve all of the worlds hard problems. They are good for a select few problems (search, factoring, discrete log, basically). They are not faster on all problems. Specifically, there is no quantum algorithm for solving even one of the NP-complete problems, nor is there a quantum algorithm for doing quick brute-force keyspace searches.

Also, arguing that public key crypto is somehow weak because it is tied to the problem of P vs. NP is not particulary scary to most theoreticians. I think quantum computers will be viable before P is found equal to NP, and even quantum computers will take a LONG time to be able to handle modern key sizes.

userfriendly . . .

[abiessu]

But userfriendly sites already exist!

Re:I have issues with the Harvard Dean...

[themassiah]

*SNIP* I've worked as a lowly PC tech and have been in a similar position, finding stuff on a work computer that should not have been there. It is **NOT** an "invasion of privacy" when there's a bunch of adult oriented .jpgs sitting in a C:\windows\temporaryinternetfiles folder. *SNIP*

So do you consider it your ethical/moral duty to do a hard drive check of every computer you administer when it comes through? Honestly, I think it's the same as keeping bank statements or something on your computer. Granted it's the property of the University, but if we put you in the same situation (replacing memory, IIRC), why would you go perusing through the hard drive? I guess my quandry is this . . . does your rights as an OWNER of the files (in the case that you created them) or your rights as a licensee to use them (in the case of downloading them) override the campuses property rights?
Here's an interesting paradigm...

The university owns a shelf in your office.

Now you put a vase on the shelf.

Does the university own the vase? Of course not, you paid for it, it's your property.

Now let's say that you put a CD on the shelf. You've licensed the right to listen to the music by paying for it. Does the universities right to "control" the shelf supercede your right to excersize your rights? If a University official comes in, they have no right to inspect the CD. It's not theirs.

Re:I have issues with the Harvard Dean...

[themassiah]

When you say that there is always the argument that the technician was just doing his job, I kinda think of a police officer doing his. Say they (being the police) have a search warrant for a gun you are supposed to have at your house. They search your house, garage, whatever and en start searching your computer. Even if they find kiddy porn, they can't prosecute you because that was not what the search warrant was for. i think this example is applicable because he was not there to do anything with the hard drive (or so the sory says), instead, he was there to upgrade the ram or something else that is pretty much unrelated to hard drive perusal. The point: browsing the hard drive casually is unethical. Don't go looking for stuff to incriminate people without *due cause*.

Also, do you think that he agreed that anything on the hard drive was property of the university? I don't think so, as that would commit a hundred bajillion copyright infringments by just browsing a couple webpages.

Overall point: I think the tech was out of line looking through his stuff, both legally and ethically.

-Sean

people that care already practice

[kootch]

The people that give a crap about their privacy already practice encryption when needed, and know what their privacy rights entail. Using your office computer to surf for porn or conduct illegal activities is not included in those rights.

People that care about their privacy turn off cookies, encrypt their email, and don't leave private information at places that don't guarantee their privacy.

For the people that don't wisen up and safeguard their privacy, they deserve to have their credit card info stolen and their identities profiled.

Putting laws in place will be just as bad as giving agencies the right to spy on us. One might take away our freedom and privacy, but the other takes away our responsibility to ourselves.

If you don't want your info spread around the internet, safeguard yourself. Don't rely on the government to safeguard you. You have the right to bare arms, as well as to arm bears. If you believe in your own personal rights, take personal responsibility for your own protection. If not, stop whining to the government to protect you.

Re:Offline privacy

[Pfhreakaz0id]

I have a pretty simple solution for this: a few times, I've swapped cards with someone! I just approach them as we exit the store if they are in line in front of me and I notice them use the card. I just explain "hey, do you know they use this to track buying habits? I'm kind of a privacy freak and don't like it, let's swap cards to confuse 'em. This isn't even my card, I have no idea whose it is!" The first time, I did it with a guy I knew. Since then, I've swapped it three more times. I also have two people I swap doubleclick cookies and the like with occasionally.

I think the best way to protest this crap is not to stop shopping there. If you complain to the manager and say "I won't shop here anymore, they just look at you like you are nuts and say "fine" and since the VAST majority of folks don't care, your boycott has no effect. Instead, do things like this to undermine the effectiveness of the data, so the fabulous things these companies are selling don't really come to pass.
---

Transparent Society

[hodeleri]

Here's a rather fascinating interview with David Brin (probably picked up from slashdot earlier) that I found a fascinating read. Its about having the light shine both ways.

Link is here

--
Eric is chisled like a Greek Godess

Keysniffers?.

[rakslice]

s/sneak into my place, put keyboard sniffers/park a tempest-equipped listening van nearby/

Re:PGP misinformation

[Ranger+Bob]

I'd say a *much* bigger key.

Re:Privacy == Suspicion

[Ranger+Bob]

So what you're sayin is, [law enforcement believes] law-abiding citizens should have nothing to hide and therefore only criminals use encryption. I agree that law enforcement believes this, I'm just restating...

Privacy == Suspicion

[pongo000]

Unfortunately, until the use of encryption become the norm, rather than the current exception, law enforcement agencies will continue to devote special attention to individuals who insist on using encryption to protect their privacy. It's a well-known fact in law enforcement circles that only people who have something to hide use encryption.

New Slashdot Filter Needed

[Municipa]

Any Jon Katz story /Part\s[2-9]+/.

Re:New Slashdot Filter Needed

[Municipa]

Hey, I don't hate the guy, and I even like some of his articles, but I don't think I've seen any that warrant a Part Two or more. I'd have no problem checking off a 'Jon Katz' rant checkbox if it helped you sort through the stories!

Re:New Slashdot Filter Needed

[yibyab]

I'd prefer a filter for any post that rants simply on the basis of Jon Katz's authorship.

Re:New Slashdot Filter Needed

[yibyab]

Ok.
Wasn't ragging on you specifically. I just get tired of the Katz bashing, however warranted it might be. Wish I could set those posts below my threshold somehow.

Re:Long reply

[Harri]

A Christian orginization has every right to fire one if its employees for partaking in strongly objectionable material with company resources

Do they? If they have expressly permitted the use of resources for personal purposes, do they have the right to fire when the particular personal purposes don't suit them?

If he was doing something illegal, I could understand. If he was doing things in public, like

soliciting sex in the company car

and thereby tarnishing their image, I could see the point. But just because the people in a Christian organisation have a clearer common morality than an IT organisation, do they have the right to foist all aspects of that morality on what their employees do in private, and more importantly, do they have the right to spy on those employees without telling them, in order to make sure their morals are up to scratch?

Re:Long reply

[Harri]

...my employer has every right to watch what I'm doing at work (like this post), whether by a physical boss with eyes or with an electronic monitoring system

When you say "right" I assume you mean "legal right", which is all too different from "moral right"... I can't comment on the legal side of it, but there are certainly moral issues.

1. Is it reasonable to give me a computer for my home, tell me that I can use it for personal things as long they don't "clash with its educational mission", and then snoop on that personal use without informing me that they are doing so? Are they entitled, for example, to read my private correspondence with my doctor, or my diary, or anything at all just in order to check that it doesn't Clash with the Mission?

2. I'd interpret "clashing with its educational mission" to mean actively interfering with the department's activities or doing something which would affect the man's ability to do his job. Not "clashing with the morals of the employer". Surely if you can be sacked for your morals, you should be told before you sign the contract. Perhaps he was. I wouldn't want a job like that!

Re:A strong media is good for us

[sredding]

Having journalists who are unafraid to dig into the private lives of politicians means that there is a far greater chance of scandal and corruption being uncovered and exposed, something which can only benefit society in the long run - who wants corrupt leaders?

One day, we may find a perfect leader, a man (or woman) that has never erred in judgement and never made a mistake or acted inappropriately, an enviable example of what is best in human beings and what is attainable in a civilized society.

I hope I'm there when they nail his wrists to the cross and crucify him.

Gimme a break. It's one thing to worry about abuses of power that injure children or violate the rights of others. It's an entirely different issue if the president has consensual sex with an adult female outside of his marriage. Somewhere, there is a balance. Until we find a system that will accept human frailties and weaknesses, we will be left with politicians that are forced to do whatever it takes to maintain the illusion of sainthood.

Re:A strong media is good for us

[archduke]

The problem here is that the emphasis is only on public figures, which are theoretically already accountable to the public. The 'strong media', because it is media-owned, does not scrutinize the lives of its coroporate leaders, people who manipulate speech, ideas, markets, and our daily lives to a much greater extent and far less restraint than politicians and have no accountability towards the people. Maybe what you meant was: a strong, idependant media...

Re:Dean's Firing.

[Rand+Race]

If my company gave me a computer for my home and then told me how I could use it, the motherfuckers better pay my ass $24/hr when I use the damn thing. My employer should have absolutely no say whatsoever about what I do when I am off the clock (Which is why I walk out of job interviews when the words 'drug test' are mentioned.). If my employer gave me a box with a sticker that read "Users (authorized or unauthorized) have no explicit or implicit expectation of privacy." I'd put the thing on the side of the street with my trash that also does not have any expectation of privacy. I guess the only thing to do would be to not accept computers from work because I will not have such a thing in my home.

On a different note, how many techs here would turn someone in for this? I get all the logs here at work and have full access to every machine in the building as well as some home-loaners. I have found some pretty whacked shit from time to time. Unless it affects network performance I don't say a god damned thing, and even then I don't take it to the boss unless the user is unrepentant (about the bandwidth, not their porn or whatever). They usually get fired for not doing their job long before I take notice of their activities.

Re:but i hate pennies...

[B'Trey]

Actually, it might be better to use fractions of a cent.

In the story concerning Deja.com linking to advertisements, there was discussion of the fact that banner advertisements don't seem to be effective and of alternative ways for web sites to stay afloat. What if each search on Deja were to cost say, 1/10th of a cent? Would you still use it? Assuming that the payment was transparent, or nearly so, I certainly would. Same thing for Slashdot and most of my other regular sites.

Pennies are a pain because they're large and bulky and fill your pockets. Digital cash takes up no room, so there's no incentive to use larger units.

Re:Always will be another way

[B'Trey]

The object isn't necessarily to come up with a fool proof system. A company could follow you around day and night (in the real world) to see where you went, what you purchased, etc. Nobody does. Why? It isn't worth the time and effort involved. Right now, it's ridiculously easy for Doubleclick, etc., to e-tail you. Make it difficult enough for them, and they'll go away.

(e-tail? Did I actualy say that? Bad dog! No karma!)

Re:Long reply

[B'Trey]

Basing something on a book is technically copyright violation. You did ask for permission, didn't you?

BS. People base stuff on books all the time. It's called "research" and you should have learned how to do it in junior high or earlier.

Bah humbug. They own the computer, they dictate how it's used. Simple as that. This isn't about privacy or lack of it - my employer has every right to watch what I'm doing at work (like this post), whether by a physical boss with eyes or with an electronic monitoring system. I can be fired at any time for any reason relating to inappropriate use, even if it's excessive eBay watching.

So you wouldn't object to your company putting bugs in the workers lounge and making tapes of your conversations with your co-workers? You wouldn't object to them recording all of your telephone calls?

There are a few different issues here. One is the issue of how you spend your time. If your employer is paying you to do a job and you spend your time doing something else (whether it's browsing eBay, browsing pr0n, reading romance novels or building ships in bottles), your employer has a right to take action, including firing you. Another issue is the use of company consumables. If you're sending private letters using company-stamped envelopes or making long distance calls on company phones, you're spending company money. That's theft. If you're making personal trips in the company car, you're putting wear and tear on the vehicle, reducing its value. You also may be using company purchased gas or claiming personal mileage as business related travel. Again, this is a form of theft. You're taking value away from the company. But if I send a personal email using the company system on my break, I am taking nothing from the company. Company resource or not, if I'm not harming the company or taking value from them, then it's none of their business.

PGP is insecure? I question the validity of this.

[ruebarb]

I question this statement by Jon Katz. I doubt the NSA has the technology to break the keys generated by PGP in a reasonable amount of time.

I would be much more likely to believe the NSA has resources to sneak into my place, put keyboard sniffers and steal keys from my computer before I think they'd decrypt a message from , oh, say PGP 6.53 with one of the larger key sizes.

This also doesn't forget the fact that the NSA can probably tell WHO is sending encrypted messages, so there is a privacy issue there, but I don't think it's that big. I want an encryption I can use on a floppy disc and send from my Library without having to deal with getting PGP from home.

RB

What privacy were we accorded, and when?

[jonesvery]

Should free citizens in a democratic society have to spend money for "nyms" to preserve the privacy they ought to be -- and once were -- accorded in law?

Hmmm...let's take a little stroll down a listing of (partial) files released by the FBI under the Freedom of Information act...

Black Panther Party-Winston Salem, NC
Brecht, Bertolt
Chavez, Cesar and United Farm Workers
Clergy and Laity Concerned about Vietnam DuBois, W. E. B.
Einstein, Albert
Gay Activists Alliance

I have the sneaking suspicion that most of the privacy that we, as "free citizens in a democratic society," may once have been accorded was due to the relative difficulty of violating that privacy...

As technological developments eliminate that difficulty, we find that privacy dissolving. Now do we think that the issue is the technology or our commitment to the rights of the individual?

Hmmm...

PGP and the NSA

[Signail11]

The algorithms that PGP uses with reasonable length keys are almost certainly not breakable by the NSA in trivial lengths of time (I am not discussing the actual implementation used by any specific version of PGP). The "programmer"'s quote establishes that he or she is obviously incompetent and probably does not work for any defense-related contractor. Jon Katz's use of the quote reveals that he is clueless, but we all suspected that already.

Hash function: PGP in its latest incarnations uses SHA-1, RIPEMD-160, and MD5 in that order of preference. SHA-1 was designed by the NSA and is almost unanamously regarded as the best public hash function today. The expansion function makes it very difficult to control and restrict bit changes within the hash function itself. Even if the NSA were able to create arbitrary collisions on SHA-1, this would not affect the security of the encryption algorithms, only the signature component of PGP. RIPEMD-160 seems reasonably designed; MD5 has serious weaknesses in its compression function. Luckily, almost nobody uses these two hash functions anymore.

Symmetric algorithms: A brute force attack on any encryption algorithm with prudently chosen keylengths (>128 bits) is impossible today and for the forseable future, even with customized hardware. The NSA has cryptanalytic techniques, even decades old, that the academic cryptographic community has not yet discovered. To give some trivial examples, let's look at double transposition, codes, and rotor machines. Even today, the analytic techniques used for the solution of double transposition (without multiple anagramming or known plaintext) were redacted from Friedman's Military Cryptanalytics. The state of linguistic and textual analysis is far more developed in military cryptanalysis circles; centuries of code reconstruction have seen to that. Moreover, the details of attacking advanced rotor machines (essentially anything more sophistocated than the Enigma/Hagelin machines) are still classified. The NSA has shown an ability to design algorithms so fragile that they apparently have precisely the strength they were designed for (visit Skipjack). Nonetheless, if the NSA can break academic algorithms (such as CAST, 3DES, and IDEA), they would be wise to avoid disclosing this fact on something as insignificant as a non-national security related criminal investigation.

Public key algorithms: Without QC, it's impossible that a 1024-bit RSA key will be factored using current algorithms. Even if an extension to GNFS that reduces the hueristic complexity to that of SNFS, 1024-bit RSA keys would require a large enough matrix reduction step that there is probably not enough memory in existence in the world today to do it (even with Balanced Block Lanzcos). It would even be more difficult for the DL problem; the matrix step would require entries to be mod p, rather than mod 2.

Off Topic: but on the issue of harassment....

[xianzombie]

Just a lil somethin' FYI.

IIRC, in the millitary, sexual harassment can be defined (by some individuals, but it varies according to who you ask), that even looking at a person for more than 5 seconds can be defined as sexual harassment.

Oi, they days when the millitary was trained killers, now looking at a person for too long can get you demoted, jailed, fined, dischared, etc. Not that its really likely that those would happen for just looking, but there are some real pricks who could and would take it that far

Re:How do you MAKE people care? - you don't!

[Grab]

I'm not sure why it's such a big deal that someone can find out that you sent an email. Can someone explain it to me? Doesn't sound like much of an invasion of privacy to me. A bigger deal is to prevent someone pretending to be you and getting access to your personal details, in which case we positively WANT IDs on email to protect our privacy!

On the keeping your email safe, everyone knows PGP is vulnerable to brute-force cracks by the government and anyone else - its main purpose now is to stop casual scanners/sniffers from being able to read your stuff easily. So if you're that bothered about the CIA reading your mail, there's 1K and 2K encryption available - use that and they'll never get you. They'll know you sent it, and who you sent it to, but that's all, and there's no way to get around that.

And I'm sorry Jon, but the prof got what he deserved. If I downloaded porn at work, I'd get reprimanded or fired, regardless of whether I was doing a stonkingly good job. Stuff allowed you by your employer is a PRIVILEGE, not some inalienable right! If you only use it for small stuff like eBay, then no worries. But if you go in for multi-megabyte downloads, porn, Napster and endless MP3s on your work machine, then expect to get roasted. And maybe the machine was at his house, but it's still his work's machine. Maybe it just goes to prove the adage, "he who sups with the Devil should use a long spoon" - if you want to mess with that sort of stuff, better be careful. :-) Just shows the prof was crap at computers and didn't know about clearing the cache; or worse yet, he kept them all in a convenient folder marked "Hot Babes" or something... The 11th Commandment - don't get caught!

Grab.

Re:You are completely misguided

[Grab]

Nice idea! :-) Of course, there's the "Harrison Bergeron" version too (the film, not the short story). They've picked some fat-ass guy at random to be the President, and his answer to a bit of sabre-rattling and pointed diplomatic notes from China (IIRC) is to tell his staff to nuke the other guys. Getting put up against the wall in this case might be the lesser of two evils compared to trying to survive mutually assured destruction...

And how do you make sure that everyone's keeping in touch? I went on a walking holiday a few years ago, came back, and found the Soviet Union had had a revolution in the 2 weeks while I was away. If they'd drafted me then, I'd have been SOL! And there's so much going on in the world, you can only track so much. The best you can do is try to get as good a person as you can, and hope they'll be OK, and that's the purpose of voting! If you Americans all fall for the flashy media tricks, then you entirely deserve the unprincipled scum you get as leaders. I ask you - who in their right mind would change their vote based on TV ads? But you Americans do. Is it just me, or does this indicate a certain shallowness to a good section of the society?

Britain isn't perfect, I know that. We've got a slick media guy in at the moment. But everyone's found out pretty quickly that he's got no substance, so I'm betting he'll be out next time around.

You want a better approach for leadership? Hold "continuation votes" every 6 months. Get it wrong there (say, less than 40% vote for you, to give it some margin for error) and you're out and there's another election. No hanging around for 4 years that way!

Grab.

Re:A strong media is good for us

[luckykaa]

it showed, over 800 pages, that you have to be some kind of insane ambitious egomaniacal media whore to make it in national politics these days.

Okay, I see how this applies to Maggie Thatcher, Nixon, and Tony Blair. But Bill Clinton? John Major!?

Privacy

[Kondoor]

I have come to the realization that anything I do online isnt really private. Your ISP can intercept your email. People can sniff packets if your on a LAN. I use PGP if I really feel the need but, thats maybe once a month. Phone calls are still fairly safe but who knows if your tapped. If people are really all the worried get in your car and meet someone in a park or somewere private and have a conversation.

Katz' pieces are nothing but.....Karma from Heaven

[efuseekay]

It's almost certain that a post have to be anti-Katz to gather Karma for those Mods who are anti-Katz!

Let the Karma-fest begins!

---

Re:Nothing transparent about this

[ruin]

And my situation is a good example of why David Brin's Transparent Society will never work. My personal life harms no one, and in my state of residence it's perfectly legal. But I guarantee you that if my personal life were revealed to everyone, I would have problems with my employer, not to mention my coworkers and possibly with over-zealous law enforcement who aren't familiar with the (lack of) sodomy laws in this state.

I disagree. While the "Transparent Society" would require a massive, massive change in the way our society views people and does its business, I don't think the reason you state is the one why it wouldn't work.

Let's say we had a very open society, and everyone knew of your "deviant" sexual practices. To be fair of course, you would know about everyone else's sexual practices as well. And so what?

Yes, in today's society, the revelation of your private practices did you great harm. But I don't think it would be the case that an open society would encourage conformity, quite the opposite. You see, of all the people who persecuted you for your actions, at least some of them had secrets about themselves, perhaps sexual, that they'd rather not share. It's the ability of these people to keep themselves hidden that allows them to attack you for your foibles.

If everyone's lives were out in the open, who would attack you for being a zoophile? Only people whose personal lives were deemed to be much "cleaner" than yours. If everyone were open to scrutiny, I think people would be *less* inclined to criticize, not more -- sort of like if *everyone* lived in a glass house there'd be a lot less stone-throwing.

Let's take to a concrete example -- drug use. In today's society a person usually, for good reason, covers up their drug use and doesn't let other people know. Suppose they had to let everyone know they were doing drugs. This would create three possibilities. A: the person would stop doing drugs, because they don't want to be seen doing them. (unlikely for most drugs.) B: The person would do drugs, and be comfortable doing drugs, and if anyone tried to ostracize them for it, they'd just shrug their shoulders and go on with their life. Or C: The person would do drugs, but desire not to do them, at which point people would know that that person had a problem, and perhaps the person would be able to get some help.

Now obviously, this is a rather idealized notion that involves people being nicer to each other than they are now. However, the vindictiveness of people stems not from an innate property, but from society, a society that encourages people to hide any deviant behavior away and pretend that everyone is perfectly normal. Having a less private society is the first step away from this kind of nonsense.

Carl Jung once obverved, and I forget the exact wording or circumstance, so don't quote me, that as society grows larger in population, the amount of "deviant" behavior increases. This is because the more people there are, the greater chance a deviant can find others her to support her. This would seem to indicate that eventually scenario B that I described above could come to pass -- if people don't like you for some reason, then fine, just find people who do like you.

--

social security is not security

[argoff]

look whoever you are, don't give me some sob story that you cant figure out how to take care of own room and board after having 60 years to do so. the only bull going on arround here is the thought that old people will be starving in the streets unless the government rams a bullshit retirement plan down peoples throat. if you're whiz enough to believe it, then fine go for it, but sheesh don't force me into it too. (ps I've spent thousands helping the older people in my family, even kept their house from getting repossesed once. - it would sure be easier if I didn't have this outrageous SS tax ramed down my throat - that is actually doubble than what they say it is because your employer has to match - I don't believe for a second that that doesn't come off my nickel). anyone who's been arround 60 or more years otta know better than to trust the government with your money.

one more thing, if i had an investment scheme and forced people to participate in it - that would be called running a racket and I would be thrown in jail faster than you could count to three. If I had an investment portfolio where I had new entrants pay off the interest of original investors that would be called running a ponzi scheme, and would also get me thrown in jail. But now, if I vote someone in to do it for me, and I force everyone into the plan, then oh my god it becomes a noble right that saves us all from the natural consequences of our actions. sheesh, what the hell.

my privacy wishlist

[argoff]

1st) get rid of that damn SS number. I hate that thing, and the idea of the fed paying for my retirement makes me sick to my stomach. Even if you must insist that we need it for tax reporting (which is just as bad, but that's another story) I certainly don't need it for my movie card. for christ sake, I know they can't require it - technically speaking - by law (yeah right). but it should be illegal for them to even ask for it.

2) drivers licenses should be for driving. if it isn't about the saftey of my driving - then it should be illegal to ask for that too. and why do they need my fingerprint to proove I'm a good driver. sheesh, thankfully our fore-fathers didn't think that id-ing criminals was so more important then individual liberty. I guess that's why we have those "inconviences" like innocent untill proven guilty, and trial by jury.

3) copyrights anyone? alot of people think that copyrights are about property rights, but their not - they're about controll over markets, and any type of controll requires tracking. Nobody would ever be inconsiderate enough to put code in apache that sends your ID to a centralized microsoft server, but it's amazing how these kind of things happen with closed software.

4)fed up with the Fed. it amazes me how many americans can see that monopolies are bad, and socialisim is worse, but when it comes to our very own money system - all of a sudden the free market gets thrown out the window. I can't help thinking that one of the best ways to get financial privacy is to get the government out of the finance busisness.

5)end the war on drugs. lets just face it, as bad as drugs are - they are not as bad as alchol probition which was a direct cause of the mob, and drug prohibition today which is a direct cause of druglord violence today. These laws have been used to screw citizens out of more privacy than anything that I can think of.

6)why in the hell do i need a prescription. Have you ever noticed that countries that don't require prescriptions and all that formal paperwork about your medicine habits, that people in these contries somehow seem to survive with out the glorious intervention of the FDA. Sheesh, why do mexicans pay 1/3 for perscription drugs that americans do, without the paper work - when they come from the same factory and everything else.

Re:Untracable electronic money

[DrWiggy]

The most viable anonymous digital cash system I've ever seen is Mondex which had a full real-world rather than Internet-based trial in place for 5 years in Swindon, UK and now appears to be targetting a lot of UK Universities as well as running pilots elsewhere in the world.

The last I heard about the Swindon trial though, somebody had managed to hack around it and give themselves as much money as they wanted. There isn't just the issue of anonymity, but one of general security as well. It looks as though Mondex might have a bit of a future though.

Shame it's still a load of trials though. I suppose the real problem is one of getting retailers to adopt as well as customers. There is also the problem that the whole Mondex system when used in an e-commerce setting would require for every PC and/or PDA to be installed with a Smartcard reader. OK for France then (where they are more common than magstripe readers), but what about the rest of the World. (sighs).

--

PGP misinformation

[josu]

"... Right now, it's widely known that the NSA can crack [the supposedly secure e-mail program] PGP, and do so in perhaps as little as one day ...,"

Use a bigger key.

Re:PGP misinformation

[egerlach]

Heck no!

Increase the keysize by one bit, and you've just doubled the key space. Say, go from 128-bit to 256-bit, and you've increased the keyspace by a factor of:

340,282,366,920,938,463,463,374,607,431,768,211,45 6 (Thank you Maple!)

That's a big keyspace increase.

Re:PGP misinformation

[egerlach]

Okay, true, but the point was the factor of increase in keyspace, not the size of the keyspace itself. Increasing the keyspace by only 128 bits gives you a lot more primes to work with, thus increasing the number of viable keys.

Re:PGP misinformation

[Kickasso]

Bzzzt! Wrong.

Public-key cryptography is different from "normal" (symmetric) cryptograpgy. What you say is applicable to symmetric crypto. PGP is public key. It uses symmetric algos on session level only.

One does not need to do an exhaustive search of all 256-bit numbers to break a 256-bit PGP key. That is why people routinely use 1024-bit or even 4096-bit public keys.
--

Re:I have issues with the Harvard Dean...

[clink]

I've also been in the situation where I've found questionable material on someone's hard drive. I kept my mouth shut. Heck, you don't know for sure that the person who uses the machine actually downloaded those files. It could be their kid (if it's a laptop or home machine) or their secretary or somebody trying to get them fired.

Hey sometimes you hit a link and wind up somewhere you shouldn't be but the when you try to close the browser, it pops a new window with new jpgs. That could be a perfectly reasonable explanation of how jpgs wound up in the temp folder.

I never felt like I was risking my job but not ratting the people out either. Nobody likes a rat. Even if you do tell someone and the guy winds up getting fired, that doesn't put you in a good light. First, whatever supervisor you told is probably thinking, "Great, now I have to do something about this because this PC tech can't keep his mouth shut." You put him and everyone else that gets dragged into it in a very uncomfortable position. Second, nobody who knows about this incident is going to want you working on their machine. Third, if the guy gets fired and goes off the deep end you could wind up in the hospital or worse.

My advice is

1. Unless it's REALLY bad (like a plan to bomb the building or something) then keep your mouth shut.
2. You'll never need rule 1 if you don't open a client's data files. (ie NO SNOOPING)

A society in transition...

[mcrbids]

Fascinating article... and a clear description of what really *HAS* been happening - I bookmarked it!

I can hardly think of *anybody* who thinks we aren't in the middle of massive social change.

Unfortunately, the price of social change is often steep, and the spread of its payment is often uneven.

If what you say is true, if you *have* been discriminated against thanks to the publication of private information unrelated to your public performance, then you are paying a price the rest of us will ultimately benefit from.

But how many people will lose their jobs to personal matters before it becomes understood that it really doesn't matter?

I can't say... but I can say that as time passes, this type of thing is certain to change.

So you wank to pictures of cows? So what? Is it strange? Yes! Is it bizarre? Yes! Is it a crime?

No.

Me thinks that over time, stuff like this (cows, etc) will be increasingly ignored, as the "shock value" it holds will attenuate.

I mean, who *doesn't* know about Bill, Monica, and Cuban cigars?

And, anymore, who cares?

My $0.02

Untracable electronic money

[grahamsz]

I had a brief discussion about this something like 8 levels deep in another dicussion but I thought it might raise some interesting points.

What I wanted to know was if anyone could think of a good anonymous algorithm for exchanging money online (or on smart cards as the previous discussion was).

My mind heads along the lines of having electronic pennies, each worth one cent each which are merely strings of text electronically signed by your bank.

That way any peice of software can verify that a penny is actually a real one, but without access to the banks secret key there is no way to make more.

Unfortunately i'm struggling to find a way to stop pennies being circulated at the same time... does anyone here have any thoughts or other schemes for anonymous online cash?

Re:Untracable electronic money

[grahamsz]

Having read up on this stuff I think it could be done quite well. Given that as every day goes by it becomes easier for transactions to be online I dont think thier are any big problems with multiple spending. The mechanisms to detect it whilst maintaining anonimity mean it would be practical to exchange small amounts offline (bus & taxi fares seem like a good example) but most stores and individuals could no doubt afford an IP connection to do the transactions properly and securely.

Our university used to have a system like this (mondex) which they are now getting rid of due to lack of interest. Unfortunately mondex was very closed source, had at least one known security flaw (if you broke a link in the chip it would turn off encryption! however i never did get to put my card under a tunnelling ion beam to do so, and since the service was only available to students no stores in the city took out the machines needed for transactions.

What would be a big step forward is if an open source solution would emerge. This could be coupled with cheap $25ish smart card readers and we'd soon be headed in the right direction.

Assuming users could quickly and easily get their cards online (Why not just have little slots next to cashlines that you just swipe your card through to do the necessary processing) we'd have the basis of a wonderful system.

My only grievance with this system is it is still very reliant on the existing financial network. In that respect closed source cards have something of an advantage although i'm not sure if it's the way to go.

Re:Untracable electronic money

[grahamsz]

I was part of the Edinburgh trial of Mondex and it was pretty much a total failure.

Very few people used it becuase it took about 6 to 8 seconds per transaction (hence not much use in a busy student union). Added to this very few shops external to the university adopted it and the Bank of Scotland (imho) didn't put enough effort into getting better use. I feel that if they had put mondex systems into edinburgh's buses then overnight they would have secured its sucess. Given that the buses dont give any change i would expect thousands of people would jump at the chance to pay exactly.

But at 6 seconds per transaction... it's useless again.

Edinburgh have already withdrawn from the trials.

A far more sucessful card is the swedish kashkortt since it is closed source, untraceable and anyone can buy a calculator sized device to shift cash between cards.

Re:Untracable electronic money

[Kickasso]

Struggle your way to your keyboard, and type "google.com" in the URL field of your browser. From there, search for "anonymous cash algorithm". If you for some mysterious reason can't do that, here is the link, prepared personally for you, by yours truly. Enjoy the math.
--

Re:How do you MAKE people care? - you don't!

[slycer]

Define privacy..
If your definition of privacy includes not having any company know about your purchases/income/address etc then yes, you are not going to get it other than going to the extremes mentioned above.

My concern is someone eavesdropping on my private conversations, a person getting my Visa number (and possibly using it). A corporation putting arbitrary charges on my credit cards etc. Real people (vs corporate entities) are more likely going to abuse any information they gather about me (like ussearch). This is what worries me.

I have issues with the Harvard Dean...

[yankeehack]

Jon, I don't agree with you on your point about the Harvard Dean being asked to step down for looking at porn at home on a university PC.

I've worked as a lowly PC tech and have been in a similar position, finding stuff on a work computer that should not have been there. It is **NOT** an "invasion of privacy" when there's a bunch of adult oriented .jpgs sitting in a C:\windows\temporaryinternetfiles folder.

If I were the tech in the same position, working on a university owned computer, I would have reported it to my superiors. No sense in losing one's job over someone's stupidity.

The incident you described just illustrates how much non-computer literate people don't understand about their machine's capabilities.

How is it different?

[InterStella]

Phone lines can be tapped without our knowledge, but its not really legal as far as I know. Mail can be intercepted and stolen. Both of these pass through entities which are not owned by the recipient or the sender. How is the stealing of digital data really any different except for its ease?

Re:You are completely misguided

[RickG485]

But you forget that the United States was originally started under the pemise that strong governments are bad (Read the Declaration of Independance lately). Americans aren't big strong government people.

True, a strong government is key to stopping any minority of citizens with special interests from dictating will over the rest of us. But if there is no monitoring of strong governments, they can very easily come to be controlled by a minority acting ONLY in its own best interests.

After all, a strong government can be corrupted just as easily as a weak government. According to enlightenment ideas, government should be a kind of social insurance, stepping in to act according to the interests of the citizens, assisting with problems that are bigger than any one citizen to handle. So we're supposed to be able to pick leaders who will properly represent us. Strong or not, if our leaders DON'T represent the citizenship, that government cannot effectively do it's job, can it?

I would just like to note that the present journalistic condition of the day is the legacy of Woodward and Bernstein. After the Post broke the Nixon scandal, every reporter has been trying to break a similar story to make themselves famous. And sometimes the stories don't exist, or are too hard to get to (any reporters who want to give the masses information about Echelon would be greatly appreciated). So invasions of a famous persons life can sometimes be the only chance a reporter has to make a name for themselves, to be morally correct in this success driven society.

You are right Mr. Richards, when the government can't rule effectively, it can easily be overrun and ignored. However sir, you made several intellectual leaps in your statements that social problems such as crime can directly be attributed to the American citizenships lack of faith in elective government. Perhaps you could be as kind as to explain HOW you made such a conclusion. The last time I checked, most people didn't commit crimes just to piss off elected government. Perhaps a fear of retaliation by the state WOULD help stem the crime rate in this country, but would people really want to live in a country where the state can punish you quickly, easily, and brutally for breaking the law. And doesn't the amount of enforcement neccessary for a such a system require the destruction of many of the privacy rights that were originally the subject of this article?

What country are YOU from, anyway?

Oh, and Mr. Katz, (not to start a discussion on politics, we all know how those go) you're saying the Republican party had NOTHING to do with the invasion of President Clinton's personal life, that it was ONLY the D***ed corporate republic's media?

Re:Dean's Firing.

[zfractal]

In my mind, as long as policies are straightforward, unambiguous, and reasonable, then I have no problems with abiding by them. If I do find them to be objectionable, then I can always find a new employer. I guess I missed your point--how exactly is this unjust and unfair?

Providing a computer to do university work at home carries an assumption privacy for many individuals. If the university does not believe in this assumption (correlation between home and privacy) then they should be crystal clear about its policy and certify that the user is aware of the policy.

Of course, the Dean is personally responsible as well for assuming this rule of privacy, as there is no clearly defined rule in this case. The best thing to assume when someone "gives" you something is that any other assumptions you have can be thrown out the window.

Re:Long reply

[Chiasmus_]

Now if this was a secular institution with no pretense of moral job requirements then it might be another issue.

Well, I work in a secular institution with no pretense of moral job requirements. We had a guy who was downloading a lot of porn a couple years ago. We went to the guy, talked to him, and asked him to put it on one of the servers in the NOC.

Harvard is almost like a foreign country to most of us - these people have so little in common with average Americans that they probably are more removed from us than, say, the average Brit or Australian. After all, the media has somewhat homogenized culture all throughout the western world, but huge chunks of inherited money seem to carry their own culture.

Similarly, hard-core Christianity is also a little confusing to me. I'm sure if this guy had been a professor at BYU, he would have been fired for drinking coffee. All I can say is that you should think long and hard about working for a Christian. Unless there's some advantage I'm overlooking in having religion tied into your job security, it's better to separate church and work.

But most consumer-abusive Internet Edge.

[Virtual+JonKatz]

In media, by acquiring and powerful entities that these voiceless in fact, a malevolent government confrontation with the bottom of press can't claim anything he acknowledge a bank robber commits a closet utopian, fixated on MS sites include chickclickers.com and corrupting, that marketers can be deployed. But the case. Personal privacy a free-coupon/quilting Web Site Privacy Survey, conducted by the movie chain wants to believe we surrender our privacy.

With government agents and whacked-out rebels -- gave it easy to access to the NASDAQ panic, these silly restrictions on young men in the one of millions of American society. Soon enough, it's for online media company, which is who download MP3s; go to be interrogated about obsessive online displays. The big story lines ... but by the group is that has gone through digitalized toll booths.

The hapless magazine seems to grasp that go much interest in issues like Quake, Machinima could rebound, after Colorado, images that left alone again.

The press was more about it is colorful, offensive. Magic doesn't even a few weeks, we'll have a teacher and foreshadows what they anticipated the warning that way or even expect to her private speech, recognizing that convergence ought to oppose it. I bat a community of violent and ideas.

Selling criticism, cultural lives. Via the culture.

Re:But most consumer-abusive Internet Edge.

[Benwick]

In media, by acquiring and powerful entities that these voiceless in fact, a malevolent government confrontation with the bottom of press can't claim anything he acknowledge a bank robber commits a closet utopian, fixated on MS sites include chickclickers.com and corrupting, that marketers can be deployed. But the case. Personal privacy a free-coupon/quilting Web Site Privacy Survey, conducted by the movie chain wants to believe we surrender our privacy.

Huh?? Not since reading Allen Ginsburg have I seen such good spelling in flagrant opposition to the rules of grammar. It's very poetic but what the hell does that all mean???

Re:But most consumer-abusive Internet Edge.

[Benwick]

Aha--it all makes sense now. Usually bad grammar goes hand-in-hand with bad spelling, or post-structuralist philosophical treatises. And this didn't look like Jacques Derrida to me... Now I know.

Re:But most consumer-abusive Internet Edge.

[Benwick]

There already is a pomo essay generator I've seen at some Aussie server... I forget the address but you could probably look it up in a search. I think it's closer to a complex Mad-Libs method sort of thing whereas VirtualKatz is more of a filter. Or so I imagine...

Re:But most consumer-abusive Internet Edge.

[Kickasso]

The answer is here.
--

good grief

[Golias]

Can pseudonymous downloading, "snoop-proof" e-mail, digital pseuds called "nyms," PDA-like machines, allegedly untraceable digi-cash and other changes in software and the architecture of cyberspace preserve privacy and restore some privacy and the idea of the "Inviolate Personality?"

Good grief, was that all one question?

Take a breath, Jon.

Re:good grief

[Golias]

A Harvard prof gets fired for doing Pamela Anderson downloads on a school-owned computer, and a Canadian company is selling a BS "privacy" product... This somehow warrents a Part Two to the summer book report that was submitted yesterday!?

Here's a clue: the lack of privacy on the Internet is not News For Nerds, it's News For Newbies.

Re:good grief

[Golias]

Nope, you missed my point entirely, which was that most of the /. regulars already know about every issue that Katz raised, and everything that you had to say as well.

If you are really concerned about the privacy of J. Random Newbie, then an artcle in Time (or, better yet, a story on one of the thousands of prime-time "news" shows) would probably be a much better way to reach them.

The average Joe on the street might be shocked by the book that Katz is reviewing, but the average Joe does not read Slashdot, and has probably never heard of this book (unless he was channel surfing when the author was on McNiel/Lehrer last week).

This is another in a long line of articles in which Jon Katz has failed to think about the fact that his words here are being read almost exclusively by geeks who are already deeply entrenched in the "net culture" that he is trying to study as an outsider.

It's like watching Jane Goodall trying to explain her findings to the apes.

Re:good grief

[sonnerbob]

What arrogance. I'm truly amazed.

So, according to this attitude, let's not belabor the social impact on privacy in the electronic/databased age here in these hallowed halls because we are the technical elite and we already know how to protect ourselves. That's visionary. Erect your defenses and pay no attention to preventing the corrosion outside your door that's impacting the ignorant "newbies" or causing them to react to FUD.

In fact, here's my charge. It isn't law enforcement or an overly aggressive/repressive government that represents the greatest privacy intrusion into our average daily lives. It isn't so much the thief trying to steal our identity or crack into our personal files. It's the "technically elite", many of whom read and rant in Slashdot, who are coding the tools and services that promise to enhance our lives but forget to ask for permissions or explain in simple terms what exactly is going on under the hood. The tech world, in its rush to bring product to the marketplace or capitalize on the commercialization of the Web, has elevated the art of privacy intrusion to its highest order. And don't tell me its the marketers and business-oriented executives who are at fault because in the Net economy, they are we. I am more incensed by the ignorant or willful disregard for the intelligence or sensitivities of the consumer/end-use by such organizations as Real, Microsoft, AOL, Broderbund, Doubleclick, Mattel...than I am for the supposed threat that Carnivore or Echelon represent.

As the new economy elite, the now chic geeks and nerds who present the rest of the world with solutions, have little perspective of what the newbie has to go through to understand and use the tools being made available to him/her. If you like the insulation from the ignorant, and think that it's awe that the newbies place on your for your grand, exalted position, and that they'll follow whatever crappy User-interface, security bereft, documentation-inadequate, customer support lacking, privacy intrusive, but oh so cool looking innovation you put out there...then your days are numbered. The ground swell of reaction is coming and you better not discount it as just the trials of the newbies.

Re:How do you MAKE people care? - you don't!

[Golias]

If a corporation has your Visa number, than several persons do as well.

I know reading Jon Katz leaves you with the impression that corporations are entirely made up of robots, but the "Operator" who is "standing by" waiting for you to order your set of knives that can cut through a tin can as if it were hot butter is a person, and a person who could easilly jot down or memorize 16 digits and an expiration date.

The guy who said privacy is a superstition is 100% right. Even if you have never owned a computer I can know almost everything about you within a week, including your SSN, how late you usually get in to work each morning, and what kind of stuff you prefer to buy at the local "adult book store". All I would really need is to know who you are and have the will to research it.

Back in the days before "no-fault" divorce, private investigators made a living off the fact that it is almost impossible for anything to remain a secret, if somebody really wants to know.

Privacy is what you make of it

[Fjord_Redd]

First off, i don't necessarily agree with Rosen's first claim that sexual harassment is the leading cause of the violation of personal freedom. Sexual harassment, which can go against both sexes, is just another form of plain old harassment, which has been going on for centuries. People have learned to either learned to adapt to it and ignore it, or go off the deep end and sue whoever looks twice at them.

But enough of that. I see the internet as provding more freedom than the real world can. In the internet, through chat rooms and MUDs / MOOs, a person can REcreate themselves to be whatever/whoever they want to be. Most everyone wants to be someone else, a more gregarious character or someone without physical limitations. In the physical realm, this is not possible. The internet provides a place where we can be all that we want to be.

That true freedom also can be a form of privacy. In this other self you create, you can be as private as you like. You need not include all your actual personal identifications. False information flows abundantly on the internet.

--

Re:but i hate pennies...

[chorder]

Could you at least make them electronic Quarters? Pennies are rapidly being phased out by inflation. I doubt even quarters would be usefull or long lasting at this point. Why don't we, the technologically enabled and future focused agree, as new consumers, to say "Keep The Friggen Change" and just start rounding up to the dollar.

Just a thought.

A strong Media is as good as a strong Government

[chorder]

A strong Media is a good thing, when it works properly and within its limits. Just as a strong Government is a good thing when it works properly and within its limits. Neither one EVER works properly or within its limits... If the media gains access to private information that they have no right to be accessing then they should be watched and guarddogged as much as we watch and guarddog the Government.

I have to disagree that the increasing intrusion of the media into the lives of politicians and public figures is a bad thing, at least for the rest of us.

You've made somewhat of a mistake here. There is no 'rest of us', there is only us, and the systems we have put in place. If the system enables illicit intrusion into the lives of politicians, then it enables such intrusion into the lives of so called 'private' individuals. If the media is going beyond its bounds or if government agencies are going beyond their bounds in digging up info on politicians, then they are doing for individuals, and that is simple fact.

These people accept that they are to have their lives scrutinised to a far greater extent than normal people - it's part and parcel of being in the public eye.

Monica Lewinski did not volunteer to throw herself into the public. Okay, so she's not the best example, some might claim she was a media whore to begin with, but lets move on to her friends and family. I'm sure they had no intention of having their lives poured out onto the senate floor by a government snoop when they became aquaintences of a certain White House Intern. Its a slippery slope, and it doesn't stop with people in the so-called 'public-eye'. It leads to all of us, and that is why Katz and Rosen call for a greater divide between us and our systems in place.

Re:Offline privacy

[chorder]

One interesting thing about the distinction between Online and Offline privacy is that soon there will be no distinction. Web-Based shopping isn't the extent of Online monetary data exchange. 'Offline' supermarket tracking and loyalty cards would not be possible without technologies developed for or in conjunction with the internet. I'd go so far as to call any transaction done with a loyalty card, a digital id number, or even a credit card, is really an Online transaction.

These technologies put you Online, they correlate digitally reproducable data (your cc#, the store id, the $ amount of purchase) with a database containing personal information (cc companies require a name and ssn). This correlated data is stored in a computer. That computer may not be readily accessable through the internet, but it is most certain being passed over copper wires and optical fibers, and it is most definately online. The data is there, and it is matched to you, and with the right kind of access, interception capabilities, or coercion (governmental, monetary), all of that data, not just the data collected from the internet, can be made available.

We are numbers.

/me starts burning his fingerprints with acid and de-magnatizing his Visa card...

Copywrite

[Egyptian]

Basing something on a book is technically copyright violation. You did ask for permission, didn't you?

Not copywrite violation, I'm afraid. Copywrite protects the actual text, not the idea, processes, and concepts contained within. If the law were otherwise, public discussion of a book would be verboten.

Read your copywrite law more carefully.

Nevertheless, there is some danger with processes, however simple and commonsensical in that they are currently patentable. I could discuss them to my heart's content, but if they were patented and I used them to earn money, I would be in big shit.

The Tip of the Iceberg.

[Alarmist]

Katz isn't saying anything new, but that should hardly be a surprise by now.

We have known for some time--practically since the end of the Second World War (and to a certain extent before)--that the cloak of privacy is shrinking, and eventually it will be gone.

Already, the powers that be are training the public for the day when anyone can turn on a television or go to a website and watch the daily activities of a total stranger. Witness the success of shows like "Big Brother." The groundwork was laid years ago, and though people deride their banality, soi-disant "reality shows" like "Cops" and even (dare I say it) "The Real World" have been preparing people for this for years. Voyeur shows like "Big Brother" were simply the next logical step.

Eventually, the common citizen will have to conduct his or her life under the unblinking stare of the camera, not knowing who will be watching or when. I suspect that eventually, everyone will be watching everyone else. We will all be the stars of our own little Truman Shows.

And when this is in place, then they will have won. Intelligence agencies such as the FBI and NSA can be dealt, however ineffectually, because they can only do so much. The scenario I describe is akin to what's going on with distributed computing processes: you don't need just the best or the brightest to work on the problem. Every extra set of eyes helps.

We know that large segments of a population can be stirred up by mentioning a few key issues. How hard would it be for a fundamentalist figure to convince conservatives to spy on one another (and others) for evidence of sin? How hard would it be for some government official to say, "It's for the good of the children"? When you have a large body of motivated people working towards a common goal, little can stand against them. It is up to us, those who know and can see what is going on, to make sure that they act for the good of all, rather than for ill.

Fight the Power. Close your blinds and stay out of others' business.

I've lost my privacy... Long live privacy

[ignatiusst]

Online Privacy. Now that's an oxymoron if ever one existed. Speaking as an American citizen, I am pretty sure that, when it comes to the individual's rights online, the United States is one of the more totalitarian regimes on the market today.

I am of the opinion that individual rights will be placed further and further below the concerns of corporate and government concerns. Privacy online will be completely eliminated in the name of national security or (worse yet) capitalism.

Is that really a bad thing (Well, it probably is, but let's assume for now that it isn't...)?

What if marketers and spies openly kept track of ever online move we made? Am I going to stop surfing for porn, cracks, and political muckraking? Naw -- I know they are surreptitiously keeping track of me now, and I still go to the good websites... Maybe once everyone knows and accepts that tabs are being kept on them they will just lose their inhibitions, drop the façade, and loosen up.

I hope so, anyway.

Re:How do you MAKE people care? - you don't!

[Howl]

Privacy is mostly a superstition. The net does not add much to the lack of privacy. If you want real privacy you need to not use credit cards, not get a drivers license, not buy a house, never notify the post office of a change of address, not subscribe to magazines, not have a bank account. In other words not participate in the modern world.

The amount of data available on individuals from informations services like ussearch.com is amazing. None of this is realted to web use, it's all just database marketing and public records.

all this has been going on for a long time and people frankly don't care. Yes if you ask them a loaded question they will react but absent that stimulus they will happily ignore the issue.

John (one of the founders of TRUSTe)

Encryption

[egerlach]

Jon quotes a professional who says that NSA can crack PGP, so to speak. This is by no means true. Take a look at the distributed.net effort, which has now been running for 1000 days, and is only 28% through the keyspace for a small RC5-64 decryption. The fastest computers in the world (clusters or no) don't run much faster than this effort.

If NSA wants to spend 1000 or so days cracking my email, they're more than welcome to.

(They still couldn't do anyting cuz I'm in Canada, but they can still try)

Re:Long reply

[Sodium+Attack]

You shouldn't pretend to be a lawyer either, jerky. I don't know anything, but I know that if I base my movie on Harry Potter,

If you use the character of Harry Potter in a movie without permission, that's copyright violation.

If you use the ideas in the Harry Potter books in a movie, that's not a copyright violation.

Re:Long reply

[Sodium+Attack]

It depends. Is it a book review, or an essay based on the concepts that he presents?

Bzzt, thank you for playing. Neither one of those is a copyright violation.

The multi-page summary is not a copy of anything Rosen wrote; it is in Katz's own words. Thus, it is not a copyright violation.

Perhaps you are confused because you know that a copyright owner has the right to control publication of "derivative works". But such "derivative works" are legally more narrowly defined than just a book summary. For example, an adaption of a book to a stage play, or a work of fiction using characters taken from another copyrighted work of fiction constitute derivative works. A summary of the book does not.

-1 Offtopic

[Sodium+Attack]

OK, I don't understand moderators at all. I was sure my comment would be downmoderated as flamebait.

Re:Long reply

[Sodium+Attack]

Basing something on a book is technically copyright violation.

Pretending you know something about copyright when you obviously don't is technically stupidity.

There have been others

[sulli]

There was a company out there a few years ago called First Virtual Holdings that did this. You put cash in an account, and then used it to pay for things, but they guaranteed anonymity somehow. It sounded to me like it worked fairly well.

However, they're gone now, due to the following in my view:

- lack of consumer demand when credit cards work just fine for most transactions
- lack of merchant interest in a brand-new transaction system
- probably a large amount of chargebacks, as it was popular with the adult sites for a while

The real issue is that customers really don't want anonymity for many transactions. They like having the credit card statement with all their charges on it. Whether or not this is ultimately wise, that's the typical consumer behavior.

sulli

Why a Transparent Society won't work

[Mtgman]

Admitely I haven't read all the discussion on this thread yet, but I haven't seen this mentioned.

The plain and simple reason a transparent society won't work is because morals can only be applied on an individual basis. If everyone used the same moral guidelines the theory would work. You find a skeleton in my closet, well that's fine, you consider trying to bring it up in public but stop because you have a skeleton in your closet that you don't want me to expose. Well, what if the skeleton in your closet is not something you'd be ashamed of?

Hypothetical situation(please don't do something petty like saying "the examples you picked and called misdemeanors are really felonies" or somesuch. Please address intent, not semantics)

Person A has a history of petty theft, stealing candy bars, occasionally walking out of a restraunt without paying etc. All misdemeanors.

Person B has a history of soliciting prostitutes, also a misdemeanor in most areas.

Person A finds out about Person B's "crimes" and is competition with them for a job/public office/etc. If they made them public and, in retalliation, Person B exposed the "crimes" of Person A, who do you think would lose the most face?

Simple, whoever the majority felt was the "most wrong" In the Bible-thumping Southern US, Person B loses. In another area where prostitution is technically illegal but typically socially acceptable, but theft is neither legal nor socially acceptable(IIRC Rio DeJenario is such a place), Person A loses.

The author of the "Transparent Society" theory understands the moral fibre of the world is not ready for total exposure of every skeleton.
My question? If you take it for granted that the moral guidelines are different for each individual, what causes this individuality?
Churches and states have both tried to impose a morality on their members for as long as they have both existed. The human animal continues to have a decidedly non-approved moral model. So, is morality a cognitive choice? Or is it some combination of mind, society's pressures, and instinct/intuition which shapes the individual's morality?

I realize this is a big question, and it is as loaded as the assertation that "homosexuality is a biological directive." I'm just wanting to get some feedback. I believe it is a combination of conscious choice, society's pressures, and possibly intuition/instinct.

If morality is a conscious process, a Transparent Society can work given enough conditioning. If it has biological and sociological factors? Good luck.

Steven

Limited Freedom

[GungaDan]

I was gratified to see Rosen/Katz mention Freedom (from ZeroKnowledge). Unfortunately Freedom does me precious little good since it's not yet available for anything other than win9x, and I'm not about to relive that nightmare. Perhaps they thought they'd start by offering protection to the most vulnerable, but let's face it - if you're using win9x, you're obviously not too concerned about privacy/security in the first place.

Huh, what?

[Vain]

Unwanted Ga.... Oh! Gaze!

*laughs and shakes his head*

Less caffienne, more sleep.

Is it even possible to have a secure internet?

[davonds]

I don't think so. A determined cracker, with enough skill, and the necessary resources can crack any system. Even if it were possible to create a new, better internet, with complete anomynity, and security of data transfer, it would not be feasable to do so. It would require disassembling the existing system, and building the new system, with all the requisit hardware and software. The financial impact would be catastrophic, especially on the user end, the system would collapse.

And even if you could, would you want to? Perfect anomynity also protects those who would abuse the system, and every system creates it's own unique abuses.

Our only recourse is a legal one, though, given the international nature of the internet this can be extremely difficult. Only by making it cost prohibitive for people to violate your privacy, as in the new anti spam law, can we insure any security on the net.

Moderate up!

[Jon+Erikson]

Informative! Informative! More, more! I can't believe I ever thought he was serious. Thank you, mister AC, for enlighening us all.

---
Jon E. Erikson

A strong media is good for us

[Jon+Erikson]

I have to disagree that the increasing intrusion of the media into the lives of politicians and public figures is a bad thing, at least for the rest of us. These people accept that they are to have their lives scrutinised to a far greater extent than normal people - it's part and parcel of being in the public eye.

Having journalists who are unafraid to dig into the private lives of politicians means that there is a far greater chance of scandal and corruption being uncovered and exposed, something which can only benefit society in the long run - who wants corrupt leaders?

There was a case in Belgium IIRC where a paedophile ring had been running for years thanks to press cover-ups from people in power. This sort of thing is a direct consequence of having a press whose ability to speak is curtailed, and is not something that any freedom-loving person would want.

I've lived both here and in the US and both countries have a vocal press who aren't afraid to dig out and publicize political scandal and corruption. Sure it may look bad at the time, but who knows what goes on in countries where the press can't or won't let people know what's going on?

---
Jon E. Erikson

The Public Eye, and Acceptance

[LionKimbro]

Looking for a technology to preserve privacy is about as ineffective as looking for a technology to enforce copyright laws.

Increasingly, our privacy is disappearing, and this is not necessarily a bad thing.

Acknowledging this, we must predict that the world is going to become a bit more exposed. Cases such as the one involving the man at the university, fired for viewing porn on the school internet, will become more common.

I would hope that we, an increasingly online global community, would seek to make ourselves beacons of tolerance and acceptance towards others, rather than desperately clinging to our privacy, out of fear of what others may do to us.

Recently, on Slashdot, I have read that because my anime watching friends and I thought that Lime and Cherry in Saber Marionette J are cute (yes, they are young, and yes, they are sexual), that we must therefor be child molesting pedofiles, and that we should be prohibited from watching anime, at least in the Western hemisphere. This would be very amusing, if people just weren't so serious about it.

But I refuse to hide behind a wall of privacy (one that will be as effective as copyright law at that), and distribute Aa Megamisama and Ranma 1/2 episodes to my friends under the digital table.

I think it would be better to promote tolerance and acceptance in this world.

I believe that there is lots of hope for our society, and by extension, me and you. American Beauty was voted as the most popular film last year. This movie is about many of these issues: Tolerance, Acceptance, and even Privacy. Because people liked that movie, I believe that we will be able to become a more tolerant society.

Please consider re-considering privacy, and please consider promoting tolerance and acceptance.

Here's What We Need

[adipocere]

For us to remain truly private, forget about all of that fancy online business. We need real-world privacy to back it up.

The scenario: I set up an account with PayPal, maybe I've send them a money order from the Post Office (which has probably videotaped me buying the money order). I send it off to PayPal, I agree on some eBay transaction for something I really don't want people to know I have, like "Dildo-Wielding Herpes She-Males" or whatnot.

The problem: How do I get it to me? It has to show up somewhere, doesn't it? A Post Office box? They want to see a drivers' license. Mailboxes, Etc.? Not only do they cost more, again, they want to see ID.

Anonymous surfing, posting, etc., these things are possible, if not now, eventually, with Fling and ZeroKnowledge (and, hey, good luck making that happen on your NAT'd DSL connection from your Linux box), but what if I want to buy something? How can I set up bank accounts under fake names? ISPs can trace me down to a phone line, that has an address attached to it.

It all boils down to getting a fake identity made, birth certificate on up. From there, your drivers' license (photo taken with optional disguise kit) and a social security card. Then, a bank account, work up a little credit, and so forth. Backstop by trying to plant records in a school system. "Sure, I was there in 2nd grade."

Anonymous cash is great if I am buying porn-time online, but if I want to receive tangible goods, it's going to have to reach my hot little hands somehow. Same problem with snailmail, how do you get replies back?

Until these issues are addressed, we are not going to have privacy.

Long reply

[11223]

Can pseudonymous downloading, "snoop-proof" e-mail, digital pseuds called "nyms," PDA-like machines, allegedly untraceable digi-cash and other changes in software and the architecture of cyberspace preserve privacy and restore some privacy and the idea of the "Inviolate Personality?" Part Two in a series based on Jeffrey Rosen's new book, "The Unwanted Gaze: The Destruction of Privacy in America." (Part Two; Part One here.)

Basing something on a book is technically copyright violation. You did ask for permission, didn't you?

In The Unwanted Gaze: The Destruction of Privacy In America, law professor and columnist Jeffrey Rosen first blames expanding sexual harassment and gender discrimination law for wanton destruction of individual privacy. Cyberspace is second on his list.
A growing number of lawyers and scholars, including Rosen, say they now believe that fundamental changes in Net architecture are necessary to protect constitutional values and restore the notion of the "inviolate personality" to the private lives of Americans. These would include copyright management systems to protect the right to read anonymously, permitting individuals to pay with untraceable digital cash; prohibiting the collection and disclosure of identifying information without the reader's knowledge, or using digital certificates to create psudonymous downloading.

Who controlls the digital certificates? It only works if there's a way for a real life->online id translation.

To Rosen, author of Gaze, cyberspace is posing a greater menace to privacy by the day. He details the l998 forced resignation of Harvard Divinity School dean Ronald F. Thiemann, who downloaded pornography onto his university-owned home computer. A Harvard technician installing a computer with more memory at the dean's residence was transferring files from the old computer to the new one and noticed thousands of pornographic pictures. Although none of the pictures appeared to involve minors, the technician told his supervisor. University administrators asked the dean to step down.

Well, gee. It's a business computer:

Harvard justified its decision by claiming that Divinity School rules prohibited personal use of university computers in any way that clashed with its educational mission. But the dean was using his computer at home, not work. And no student or colleague suggested he had improperly behaved in any way as head of the Divinity School. His work was never questioned. It's ludicrous to

Bah humbug. They own the computer, they dictate how it's used. Simple as that. This isn't about privacy or lack of it - my employer has every right to watch what I'm doing at work (like this post), whether by a physical boss with eyes or with an electronic monitoring system. I can be fired at any time for any reason relating to inappropriate use, even if it's excessive eBay watching.

suggest that the school would have fired him if he'd been downloading sports scores or bidding for furniture on eBay. But although he'd committed no crime and performed well in his job, he was forced out in disgrace, while his intimate communications were discussed in public. Even in a supposedly freedom-loving and prestigious university, what Justice Louis Brandeis dubbed the right of every citizen to an "inviolate personality" -- the part of our private thoughts, communications and explorations once thought beyond the reach of exposure and dissemination -- that is private could be invaded and voided.

Well, gee, it's not a case of him doing it on his own computer. It's a fscking university-owned computer! If it was his own, there would be a problem. But inappropriate use of company resources has always been a reason for firing somebody.

The Harvard case also underscores the blurring of boundaries between home and work caused by technology. Millions of employees and workers criss-cross between their employer's equipment and their own for work and personal communications.

*snip*

The idea of the "inviolate personality" is one of the greatest and newest freedoms in history. In our time it's not only being nibbled to death but obliterated, and almost all of us are willing, even enthusiastic participants.

Gee, if there's anybody with a personality, I'd agree with you. However, people lost there individuality to the collective many moons ago, before the 'net - it's called popular culture. The price of popular culture is losing yourself. Your choice can be to live a hermit life; then you have yourself and your privacy. As soon as you give up yourself to the culture, though, then it will eat you. It already ate most people's brains, now it spies on their "privacy". Big deal. I'm so sorry for you.

Re:Long reply

[11223]

It depends. Is it a book review, or an essay based on the concepts that he presents? He should have asked for permission, because Jeffrey Rosen has the power to claim that it is a copyright violation. This isn't so much a book review as a multi-page summary of the points of the book, which is a little too much.

Re:Long reply

[11223]

He worked in the *Divinity School* - if you can glean anything from that name, you'd notice that they probably have a pretty strong objection to that type of stuff.

Note that employers also can take away your company car for speeding, or fire you if you get into an accident with it. A Christian orginization has every right to fire one if its employees for partaking in strongly objectionable material with company resources... no different than being fired for soliciting sex in the company car.

If it was his home computer, it might have been different, but not much. He signed on to work with a *religious orginization* and as such needs to hold himself to the morals of that orginization... or find somewhere else to work that's not connected to a religious orginization.

Blame the media? No, blame the buyers

[Benwick]

Katz rightly points out the media's role in this piece, but ignores the economic underpinnings. If there is more demand among consumers for a newspaper that uncovers more facts, then there is a competitive advantage in a journal's reporters further demolishing the walls of privacy (snooping for scoops). The change here has to come from the public: losing their shock at sexual conduct would be a good start; but real change would come if people ceased to buy rags that so blithely cross the bounds of privacy. Unfortunately, a quick glance down supermarket check-out lines reveals that this is a very unlikely thing. And libel laws don't help--the standard being that "actual malice" is required to prove libel of a "public figure", so Monica Lewinsky unwittingly become public pinata #1 despite never having deliberately transgressed into the public eye. I'd look forward to a day where nobody would give paparazzi jobs and where People magazine would have no buyers. Until then, the people can take the blame for intrusions of privacy. To put it glibly: change begins in your wallet!

Re:Offline privacy

[ilkan]

What's really pathetic are the stores that obscure your atm/visa number on the receipt, and then print it in cleartext right underneath. Clue <= 0.

Re:NSA

[stubob]

I think we may be overlooking something. The NSA is not populated by superintelligent aliens (I have a friend who works there, so they are definately people). Everyone keeps arguing that PGP is unbreakable. But, knowing the keys would help quite a bit. I vaguely remember this was one of the reasons for the 40 bit export version of encryption. The NSA/FBI/CIA wanted to know the keys because the technology was unbreakable at the time. Here's an old article on this.

PGP must know the keys (since they give them out to see if they are factorable in distributed.net), and all they would have to do is give that list to anyone who "asks" for them.
The Government is not superman, but they've got other ways to get what they want.

Potential PGP weaknesses and the NSA

[rxmd]

You are right in so far as PGP is not crackable by a brute-force assault in reasonable time at present, at least when key lengths are large enough.

In theory, however, the key generation mechanism or even the encryption algorithm of PGP may show flaws (as we have seen recently with PGP 5.0 on Unix where key pair generation was not as random as it could have been). This happened in spite of PGP being open source all the time. In theory, the NSA or whoever might exploit these

And since PGP is open source (more or less), its weaknesses, if they exist, are openb for exploiting them - flaws are much more easily discovered than in other products that would need reverse engineering. Of course, this very same open source principle adds to the security to some extent because flaws can be discovered "benevolently" and "publicly", so to speak, but this is no guarantee against the possibility of someone discovering a flaw all by himself and not sharing, but keeping the knowledge, thus gaining the ability to decipher encrypted messages. (No matter if it's the NSA or whoever.)

Offline privacy

[91degrees]

Strangely enough, a lot of people who are concerned about their privacy on line seem to only care about it online. For years, Supermarkets have been correlating and cross referencing our buying habits, for more carefully targetted advertising, using loyalty cards.

They manage to convince people that this is what they want. How long will it be before they can convince us that online web tracking is also what we want? People are remarkable forgiving when you give them 1% of what they spend back.

Always will be another way

[BobTheWonderchicken]

No matter what software comes out to preserve our privacy it a way around it will come out. It is difficult to create a fix that nobody will be able to over ride. In this age of technology most don't want to give up their privacy, but it is more and more difficult to keep it.
Kate

You are completely misguided

[Steve+Richards]

I have to disagree that the increasing intrusion of the media into the lives of politicians and public figures is a bad thing, at least for the rest of us. These people accept that they are to have their lives scrutinised to a far greater extent than normal people - it's part and parcel of being in the public eye.

What are you saying -- that our leaders have fewer rights than we do? How are we ever going to get decent leaders if we remove all possible incentives to take leadership roles?

Having journalists who are unafraid to dig into the private lives of politicians means that there is a far greater chance of scandal and corruption being uncovered and exposed, something which can only benefit society in the long run - who wants corrupt leaders?

Now here you go completely off track. What is a leader supposed to do? Lead, obviously. And how the hell is a leader supposed to lead if he is constantly hounded by the media and has no support from those under him? A government depends on the support and respect of those that it leads, and, as a strong government is absolutely crucial to protecting the interests of the people, it is vital that it not let its credibility be undermined.

There was a case in Belgium IIRC where a paedophile ring had been running for years thanks to press cover-ups from people in power.

This is most likely as a result of Belgium's punishments for pedophilia being overly lax.

This sort of thing is a direct consequence of having a press whose ability to speak is curtailed, and is not something that any freedom-loving person would want.

No,it's not, it's a result of having incompetent rulers. Rulers must have total respect, and strict punishments must apply to them as well as to the people: they cannot be treated any differently, and must be incentivised to act rightly.

I've lived both here and in the US and both countries have a vocal press who aren't afraid to dig out and publicize political scandal and corruption.

You'll notice that the US (you don't mention your current country of residence) government gets no respect from those it governs, crime there is on the rise again after beginning to trend downwards towards barely-acceptable levels for five years, and that the US is universally despised in the international community.

Sure it may look bad at the time, but who knows what goes on in countries where the press can't or won't let people know what's going on?

Well, it's quite obvious what happens in countries where the press is allowed to run wild and destroy the foundations that the nation is built upon: they quickly degenerate into cesspools of crime, scandal, and apathy.

Do you have proof for your accusations?

[Steve+Richards]

Sigh, can't you see this is exactly what he wants?

No. Please explain.

It writes them for the express purpose of getting people testy and to incite flame wars and things.

That's quite an accusation -- and extraordinary accusations require extraordinary evidence. Where is yours?

If it was a real person and it was writing unpopular things because it really believed them, then that would be another thing.

Agreed. I am of the opinion, though, that he is a real poster.

It is a carefully cultivated persona that is lovingly cared for until such time as it can be used to write ridiculously outlandish trolls with an ounce of credibility

Do you always espouse these kinds of consipracy theories?

did you read the one it wrote on cloning and how gods and jesuses were going to descend upon us and kill us all?

I didn't see this one, but I wouldn't be surprised if it were real. Religion is a commonly-held delusion that leads people to say a lot of stupid things.

"Jon Erikson" is not the guardian of free speech on Slashdot.

No, but while quite a few Slashdotters think they're in this position, very few actually are, and I'm not sure Erikson has any such delusions.

What it is is an entity that capitalizes on the effect of unpopular opinions for no other reason than to entertain a couple of socially-challenged trolls.

Once again, this is quite a claim. Anyone doing this sort of thing is wasting other peoples' time and degrading the level of otherwise-serious discussion taking place in the forum, and, as such, should be banned.

I don't see Erikson doing this, though.

You might as well be writing letters to Santa Claus.

Funny, I've never seen Santa Claus write back.

It is all a joke to them and by replying to it or even defending it (!) you are falling for it in a BIG way.

Personally, I don't believe this, and think that you're doing the very same thing that you're accusing Erikson of doing.

However, if you're correct, then I've fallen for his ruse, along with many other people, and he should certainly be prevented from deceiving people this way again in the future.

Privacy vs.Convenience

[yossarianc]

As long as it's easier for the mass majority of people to not use encryption (or even know what it means) then it is for them to use it, then there will be companies/people which exploit it.

People have been told for years to not give out their social security #'s unless absolutly necessary, but the majority of people still place it on any form which asks for it, regardless of who it is for. It's easier to comply then to ask what they could possibly need the # for.

Also, the strength of these online info grabbers (huge amounts of information) is also their weakness, as they allow for huge amounts of disinformation to be taken in. Don't like that online vendors are taking and saving your info? Then screw up their system a little bit...transpose a few numbers, etc... Read Robert Heinlien's Friday. Laws will be years coming, and due to the nature of the internet, hard to enforce. In the end, the only thing that will make a big difference is educated individuals. Where non-physical privacy invasion is concerned, it should be left up to the individual, not the government.