Slashdot Mirror
Accidental Privacy Spills
ahem writes "A journalist attends the World Economic forum, and writes an email to a few friends. It's a chatty, casual conference report. The conference is a gathering of the 5,000 most powerful people in the world. The report gives a breezy insight into how stuff gets done at that level, and what the concerns are that keep the world's leaders up at night. That email was intended only for the journalist's friends. That email winds up getting plastered all over the net. Here is a very interesting discussion of the implications of this "privacy spill." Make sure you read down to the Epilogue. Here is the email itself." The Lawmeme discussion is quite thoughtful and in-depth, very good reading.
When will people get that email is not secure. Its the digital equivalent of a postcard, but idiots still email credit card numbers and worse.
The "cue the foo posts in 3, 2, 1..." posts will commence with no subsequent foo posts in 3, 2, 1...
This e-mail was intended to be "leaked" so that it gets more attention. Its called constructive journalism. The journalist intended for it to be public, why else would she have written such a lengthy piece?
... that when you pass "personal" notes in the classroom, the teacher might just be paying attention and decide to read it to the rest of the class. This is not a violation of privacy, but rather a misunderstanding of the rules.
I would expect that a journalist of sufficient importance to be offered a pass such as 'Laurie' received, would know better than to use 'who' when she should have used 'whom'. More than a typo, I think...
Word is bad about saving info. You with find previously deleted text, revisions, computer names, account names, sometime passwords embedded into the document. I would have to say that Word is one of the most insecure formats in which to deliver a message.
BTW - this same way has gotten me past passwords more then once.
Patrick Havens (Mr. 573333 to you.) Graphic Artist / Coder / Father / Journeler
Let's compare it to a real letter, or better yet, a company memo (in dead-tree form), since real letters typically only have one recipient. Let's say a memo gets sent to all 5 members of the HR department of a company. That memo warns that there will be no holiday bonuses this year. It goes on to say that the employees will be informed of this later, but HR is getting a heads-up in advance. Now, one of the HR employees, pissed off about this, decides to scan it, and post it on the company web site. Is he wrong to do this? Most people would say he is, I'll bet.
Now, the question is, why is it so different with e-mail? If I send a printed letter to a friend, I have the expectation that it will not be plastered on bulletin boards around town. If I send an e-mail, people would argue that I can't expect it to remain private. Why? I think the answer is because it's so easy to distribute an e-mail. Clicking the forward button is trivial.
So what's the solution? Disclaimers and confidentiality statements like some companies have on their e-mail? Doubtful. Even if they would hold up in court, who's willing to fight it? How about some sort of flag that specifices whether a message can be forwarded? That smacks of DRM, and no one's going to like that, nor will every client implement it. PGP? Well, that's nice, but once the recipient decrypts it, it's plain text, which can be forwarded. As much as it sucks, we may just have to rely on personal judgement.
So was the person who forwarded her e-mail a jerk? Probably. Should he have asked permission of the author? Definitely. Is there anything that can be done about it? Nope.
There is no sig, there is only Zuul.
But isn't this a copyright infringement?
An author's original work, whether or not it is intentional, is published to the public without thier consent. Since anything you write which is not plagerized is considered automatically copyrighted to you, the fact that it was posted to a public forum wouldn't it be illegal?
This article brings up a number of interesting concerns, including changing views of privacy in the digital environment, the public sphere and how this sphere is affected by new technologies. One subject that I find particularly fascinating is the new interactions between groups that have never been directly concerned with on another. Taken from the text:
---
[Garrett] "Do you imagine for a moment that the participants in the WEF--whether they be the CEOs of Amoco an IBM of the leaders of Amnesty International and OXFAM--waste their time with Internet chat rooms and discussions such as this? Do you actually believe, as you type your random thoughts in such Internet settings, that you are participating in Civilization? In Democracy? In changing your world?:
Whereas rcade says:
"The world doesn't need to wait around for professional journalists to carefully predigest the news for us any more. We're capable of collecting and analyzing information from a thousand different sources and directions, even an injudicious e-mail by a chatty Pulitzer Prize winner to at least one loose-lipped friend."
To these two feuding flamers and their dueling versions of democratic discussion, it seems to me, the only sensible response is "Do we have to choose?"
[...]
Remember how everyone keeps saying that distance is irrelevant on the Internet? Well, this is what happens when distance disappears. You wind up right next to the damndest people.
---
So, Slashdot- are you participating? Are you participating in a political or democratic process? And if so, what is it that you are participating in?
The metafilter thread can be found here.
The first thing I looked at and read was the e-mail. Was it made up? was it real? who cares. The point is that we are curious by nature. We look at things we know we shouldn't. Sometimes it's just curiosity, sometimes it's an invasion of privacy.
my cube has a window...
Two ways I've gone about this was once I made a pdf with a password of an important letter and sent that. That automatically stops the basic forward or copy paste methods of sending it on. The second was I used a program called EyeMage and encrypted a number of messages to a friend who worked for a nosy boss. All the boss saw were a series of photos of family and scenes sometimes "resent" that had messages hidden inside. This also makes it a little more difficult to forward... but not copy paste.
Patrick Havens (Mr. 573333 to you.) Graphic Artist / Coder / Father / Journeler
This article (and the term 'privacy spill') seems to rightly point out that the propagation of information well beyond it's intended use lies somewhere between an incovenience and a hazard. There's some justified screaming when e-mails slip beyond their intended recipients, especially when they're subjected to scrutiny by the no-life pedantic dinks that comprise some of the Internet population.
But there's also justified screaming when we read stories about Microsoft researching how to extend DRM all the way through the Windows asset model, from Word docs to e-mail.
I hope that at the very least this blurs the black-and-white approach many people have allowed themselves to take on this. DRM can be more than useful than making somebody pay for the new power ballad from the latest band you're exploiting. It can suck when it keeps me from transferring tunes more than three times to my mini-disc. It can be okay when it keeps people from stealing music from some musical artists that are just squeking by to begin with. But it can be very useful in making sure that (for example) some correspondence don't accidentally leave a designated group of recipients. If we're talking, for instance, about distributing documents to doctors, or investors, that might contain sensitive information, then there are some benefits.
So I think this is at least a step towards realizing that we might be able to have it both ways, that there are real benefits for real people to an encryption system suited to offering content to an audience that is larger than might be easy with pgp, but smaller than cc:world
The only acceptable defense of scientific results is to say that they were the product of the Scientific Method.
Except that in the case of email, you can't. Repeat after me, kids:
All you can do is make it difficult or illegal. But give me the most-secure email system, and I can probably do any of these:
But by all means, if someone wants to develop a huge expensive system that "guarantees" uncopyable email, be my guest. It'll be good for laughs.
I'm a bloodsucking fiend! Look at my outfit!
I've just skimmed the article (which seems quite good) and read the letter. I can think of a number of reasons the author wouldn't want an e-mail to slip out, but now that it has, I have to say:
:)
That was a damn fine read.
Sure, it could use some editing, but it's not that bad. It's easy to find worse in the print press, let alone on the internet. Besides, that's just form and style... content is what really matters.
And in content, it is actually very interesting and eye-opening. I would be delighted if the author were to write a more lengthy and involved piece on WEF in Davos that actually *is* intended for publication. After this little debacle, it's sure to get a lot of exposure, and I bet she's got a lot more she could say on the subject.
(And sure, the fuss may have all been a marketing gimmick for a forthcoming article. I don't really care, because if so it was really well done!
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
Does anyone else suspect this "e-mail" was put together by a clever bored Sinophile?
Do you imagine for a moment that the participants in the WEF--whether they be the CEOs of Amoco an IBM of the leaders of Amnesty International and OXFAM--waste their time with Internet chat rooms and discussions such as this? Do you actually believe, as you type your random thoughts in such Internet settings, that you are participating in Civilization? In Democracy? In changing your world? I beg of all of you--the Internet addicts of the world--to turn off your TVs and computers now and then and engage the world. Go have actual eye-to-eye conversations with your family, friends and neighbors. Read a great book. Argue politics over dinner with friends. Go to City Council meeting. Raise money for your local public library. Teach your 12-year-old algebra.
Laurie - can I call you Laurie? - fuck you. Are you so proud that you could hobnob with "cute" Vicente Fox and "huggable" David Stern that you don't see the value of other people's opinions? People who might in fact be active doing things in the real world, in addition to taking advantage of online sites like slashdot, MeFi, etc. for debate, education, info relevant to work, and (though it must not be as "fascinating and fun" as "a day spent with Bill Gates", or as "hilarious" as "the CEO of Heinekin" (sic)) fun.
Do not begin to impugn our work in the real world, just because we don't have the direct access to oil-company executives and NGO bosses that you seem to enjoy so much. We do quite well without it, thanks.
sulli
RTFJ.
It's much better than it used to be. Years ago, I used the "strings blah.doc" trick on a Word file an office mate had sent me. What I found was that in addition to the text he intended, a bunch of his email headers were included! He of course blamed Eudora, because Microsoft certainly wouldn't be at fault.
It turns out that Windows didn't use to bother zeroing out RAM when it handed it over to an application, so I guess at times you could call malloc() and get random junk from other running applications. And Office of course doesn't actually write files out in a known format, it pretty much just dumps memory out intact (which is why it's such a pain to reverse engineer the file format). The combination of the OS not clearing RAM and Office writing out memory which it had allocated but never bothered using resulted in email headers in Word documents. This was fixed years ago, of course. I kinda missed it, though. I still routinely run strings on Office docs to see what shows up.
At its peak, about once every few days (slower since the dot-bust), I'd get a message directed to an address that bounces into my postmaster recycle bin containing all sorts of wonderfully cool private information: business plans, financial spreadsheets, customer contact lists, credit reports. Obviously, this was intended for the identical address at the VC firm, but the sender (wrongly) presumed that they could shorten that to just stonehenge.com.
What's odd is that nearly every time I responded with my curt message of "hey, you shouldn't be sending private info with big financial impact without either verifying the recipient or encrypting the data", they would come back at me, like it was my fault! Weirder, they'd ask me what the proper email address was, like I knew (or cared).
I spent about 20 minutes one day talking with the IT director at the VC company. I tried to make him understand that ultimately, it was his company that might be held liable for not making their email address clear to the clients they were dealing with. But he seemed to think that all I needed to do was agree to forward the misdirected email. We never did agree on that.
I still get misdirected emails for a video production house in Canada as well.
Why don't people understand that every character in an email address matters?
Uhm, no, you are mistaken in your understanding of malloc. This is the standard for malloc:
Taken from malloc (1).
It is not the operating systems responsibility to clear the memory of something recently allocated, and it is good programming practice to set the bits to 0 after a malloc unless you know for a damn well certainty that you will fill the entire segment.
Dacels Jewelers can't be trusted.
I'm thinking it's a hoax due to this line:
"I learned from American security and military speakers that, "We need
to attack Iraq not to punish it for what it might have, but
preemptively, as part of a global war. Iraq is just one piece of a
campaign that will last years, taking out states, cleansing the planet."
Straight up, that may BE their initiative, but they would never SAY it. Christ. Especially to a group of other world leaders, not all of whom agree.
Neural Nets in Python
Any time we release a document to any other group of people, inside work or out, we are 'encouraged' to copy all, paste into a new document. That document is then password protected from editing (weak, I know, but it shows diligence). Only then is it to be sent out.
:)
Of course, following all of that is a royal pain in the arse, so it only gets done on vendor communications and whatnot, and typically it's iffy then. But it is funny to see a template that had gotten hit by a virus from my boss once- I called him up and had him panic about having another bug on his box
Not really in the personal privacy sphere but I once saw a DEA document that they published in PDF with the name of their agents blacked out. in Acrobat the names were actually blacked out but in OS X preview app you could see them.
I know absolutely nothing about PDF but I assume they have layers.
Ironically it was a report about some Israelis trying to gather information on DEA agents and there they had all their names and addresses published in the internet.
I realize copyright issues on things like this is really not where it's at or what copyright was really intended for. And "piracy" or whatever is a touchy subject.
And I find it utterly pathetic people forwarded a personal email--one or two iterations (friend of a friend) is pushing, but to make it out to a list so that it was web archived??? Don't these archives have standards on copyright or "gee, it may be someone else's work we have here...."??
That all said, the "author" seems to be taking of a beating on this. Although this isn't an avenue one would typically pursue, in this case, it may be warranted, or at least a frank discussion of the line should be put forward.
Now, all that said... What about her copyright rights?
As my understanding of copyright goes, isn't her piece protected by copyright? I call this less in the realm of privacy--if it was sent over email, it's legally usually considered public (non-private if you will), even if it was intended for a group of friends. *I* consider my emails private, but I know that *legally* they are not. If it was sent to another, there is no expectaton of privacy, as least my understand of internet case law is on this.
But then, copyright law should kick in. Now, no one does this with email really, or only the nuts do. But, again, this seems to be an extreme case where people are just attacking and criticizing left and right.... Her friends were not given rights to distribute (forward). All the web sites that received the work, even in ignorance, did not have the right to replicate and distribute further the material.
Suing folks isn't going to stop the spread of this. But it seems simple polite, reasonable treatment of this personal email was violated. And on top of that, copyright rights, normally not pursued on correspondance, violated as well.
Sucks to be her.
I'm afraid I find both the author of this article's sympathy for and defense of Ms. Garrett and his alarm about the memetic and viral nature of digital information misguided.
As to the former, let's get down to brass tacks - if you read the original email, you clearly have a person that is enjoying the cache of being a capital-P Pullitzer Prize Winning Journalist!!! so she gets to hobnob with the Ubermenschen Clubs Rule-da-Woild fun fest. She want to share her aw-shucks I'm a regular girl (but oh so smart and important 'cause see who I'm rubbing elbows with) reactions with a select group of friends. She either doesn't pick her friends too good and/or doesn't explain the rules to them and/or just doesn't get the nature of the internet. And she gets widebanded.
Well, she's embarassed. Why? Because her regular person persona has clashed violently with her respected and erudite journalist persona - the very thing that got her into the "inner circle" to start with. She was, plain and simply, made to look foolish.
Hey, it happens. I more or less left a job out of fallout (or more precisely my reaction to it) to a poorly considered email I wrote. I chose to view it as a learning experience, I certainly didn't see it as an excuse to rail against the facts of the medium. I learned two things - one is, indeed: once you hit send it is out there and you absolutely can't control it. Two: I stand up and take responsibility for what I say, absolutely.
Instead of taking this lesson gracefully, she writes a letter that basically tries to rip down netheads and blame them for the situation. She scoffs at their discussion, how dare these grubby little geeks presume to enter discourse on the high and mighty, compares them to Star Trek fans in full fanatic mode and tells them to get a life. The letter is linked in the sidebar of Metafilter and it is worth a read for the context of this article.
This is the nature of information. This is why my sig says what it does. I'm frsked if I know if information "wants" anything but I know that it is its nature to jump the boundaries, be fungible, replicate and spread. There is no "solution." No solution is needed. Deal with it.
A person who wants to claim to be a professional in the field of disseminating information had better accept this or they will find themselves irrelevant very, very quickly.
It Is the Nature of Information to Transgress Artificial Boundaries
Is her complaint really about privacy or is it about the heat she may be taking for having an off-the-cuff report of the WEF spread around that perhaps is not congruent with the way the rest of the media wants such things reported - i.e., edited by editors with political axes of their own to grind?
Did she write an "official" report on the WEF - and if so, how does it square with her "unofficial" one?
Otherwise, the analysis makes no sense. Intellectual property is what's in your head. Once it's outside your head and outside your direct control (i.e., encrypted on your hard drive), it is no longer property and no longer yours. You can use encryption - which works only if the decryptor agrees to maintain the encryption. Or you can use a non-disclosure contract - which works only as long as the second party does not breach the contract and also imposes the same contract on anyone to whom they are allowed to forward. These things are merely delaying tactics.
Once one of these events occurs, do you then go back and complain about the whole history of technology that you didn't use a quill pen and the Pony Express?
And if you react irrationally and decide to forego the Net, is that supposed to alter the technological and economic impact of the Net such that we should be worried about it?
None of that makes any sense...
I think Garrett's complaint stems not so much from the privacy issue but from her concern over her public, social, and professional status as a result of off-the-cuff remarks. And this is not an issue anyone should be concerned with.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
While it is correct that malloc does not guarantee that the memory will be cleared (even on Unix, it will contain random junk), it is still unacceptable that the OS leaks data from one application to the next. In Unix, if you find junk in a malloc'ed segment, it can only come from the application itself (previously allocated, used, and then freed memory), never from another app.
Wrong. Apparently nobody here has ever coded on a system with only 1-2 megs of RAM available. I'm done explaining it, but read the thread or go read a book on what is and isn't possible with malloc() and not blitting zero to your memory segment.
Dacels Jewelers can't be trusted.
The days when there was a standoff between the USA and the USSR, so that neither got to "take out" as many countries as they wanted, look pretty attractive in hindsight.
As a Hungarian, I can assure you that the Cold War era was in no way attractive relative to the current international situation. Furthermore as a "resident of the planet" myself, I also do not wax nostalgic over the threat of the planet being "cleansed" by an all-out nuclear war between two superpowers.
Although things could certainly be better right now (you American's voting out that clown Bush in 2004 would be great start), at least in my country, things are much better than they were only twenty-odd years ago.
Not necessarily -- it is feasible that process A has allocated some pages of physical memory and then A stops running. Process B then allocates some memory and is given those same physical pages. Unless I have a fundamental misunderstanding of how virtual memory systems work, there is no guarantee that those pages get cleared.
Of course, if you care about security then you would want that memory zeroed. But that would be up to the kernel implementer. Apparently, the behavior of brk is not really consistent across the different standards (BSD, POSIX, ...)
I don't have any problems with Laurie Garrett's original email or the second one. It's quite refreshing to get a sneak peak into that world. I have problems with how the issue was handled later on by turds like Matt Haughey and his lakeis. That also includes the writer of the LawMeme article. If you want to convince yourself of their duplicity, all you need is to read their last shit dropped on metatalk. The best part is what they write about Slashdot. People who spend all their day on a website called metafilter. Tee hee. No wonder Matt Haughey is so bitter. He is completely dead. His former company, Pyra just got bought up by Google so he has every reason to hate the world. February 28, 2003 Accidental Privacy Spills. (found via /.) In which are discussed the Laurie Garrett thread and its implications for privacy, correspondence, and the getting of life.
posted by brownpau to MetaFilter-related at 2:42 PM PST
That should be /. I know I tested that link. Gah.
posted by brownpau at 2:48 PM PST on February 28
Double post, I'm afraid.
Worth looking at again though.
posted by feelinglistless at 2:51 PM PST on February 28
Ah hell, sorry, everyone. That's what I get for not dropping by MeTa often enough.
posted by brownpau at 2:56 PM PST on February 28
Actually it's fun to read what the Slashdotters have to say. What a closed group self-righteous introverts, spending all day arguing on a website. They really need to get a life.
posted by Stan Chin at 3:18 PM PST on February 28
maybe i should move to europe (it would be canada but i hear they're becoming mroe and more like us everyday hell they pay taxes to the riaa for cdrs for christ's sake)
they are jesus freaks with nukes, and bush is pushing a holy war
and ashcroft is a jack-booted goose stepping nazi and i'm glad to see the rest of world is leery of him too he alone has made me reconsider my citizenship more than once
i've been reading news.google.com caches the last few days basically saying that 2/3rd's of the english don't support their prime minister at all, i wonder what similar polls in teh US would (have?) reveal(ed) and even went so far as to say 1/3rd would not support a war even if a second resolutoin from teh UN said so.. they had a "revolt" in the house of lords over some war-related issue, it seems that bush isn't the only one with a dissenting public
if you disagree with me REPLY have the balls not to moderate
Am I the only one that can't stand it when people go over seas and snicker about how gauche America is and Americans are. I am British by birth, I lived in Canada and am now and forever more an American citizen and resident. Invariably, when I go overseas, especially Europe, people for some odd reason feel it fit to start in on how horrible America is. They start with a fairly inocuous, off the cuff criticism and look for the slightest support of their observations and if they find the support they are looking for, you have to spend the next 30 minutes listening to how America "just doesn't get it". What is worse is when the American joins in on anti-American tirade. I don't think for an instant the every foreign national should blindly follow the lead of the party in power. The people who do that are clearly partisans and are just the type of people who engage in this self-loathing anti-Americanism. A pragmatic person can see that life is extremely complex. Those that say they have the answers are almost invaribly those that do not even understand the question. Economics, foreign policy, politics ... are 99 parts art and 1 part science. The answer is ALWAYS contingent upon many unknown varibles. No one can, with any consistency, predict outcomes in these fields. Leaders of countries, especially true democracys (and republics) rarely make flip decisions. These elected officials futures depend upon their decisions today. So when people such as the author of the email in question express the views that she did, they are really just saying that they either don't understand the questions or just are just too bitter to be intellectually honest.
The reason that countries make these comments about other countries (especially America) is that they are trying to exert their influence over the foreign power itself. America engages in this as does every other country. It is just a game of politics.
BTW unilateral means one-sided. Multilateral means many-sided. Unilateral does not mean "without UN support." America is not acting unilaterally, it is acting multilaterally without UN support. The trick is to be intellectually honest and not fall prey to politics.
To keep this on-topic, it sucks that the author's email was forwarded and read in such a public forum. The moral is pick your friends wisely.
Stephen Roach was one of the speakers at Davos (chief economist at Morgan Stanley) -- he just knocked down his growth estimates for the next few years.
From what I've head from different sources, there's really no reason to be too excited about the economy right now -- we're in a transition, and it's going to take a long time to find a new balence.
disclaimer: I work for Morgan Stanley
there is no thing
what else could you want?