Slashdot Mirror
Accidental Privacy Spills
ahem writes "A journalist attends the World Economic forum, and writes an email to a few friends. It's a chatty, casual conference report. The conference is a gathering of the 5,000 most powerful people in the world. The report gives a breezy insight into how stuff gets done at that level, and what the concerns are that keep the world's leaders up at night. That email was intended only for the journalist's friends. That email winds up getting plastered all over the net. Here is a very interesting discussion of the implications of this "privacy spill." Make sure you read down to the Epilogue. Here is the email itself." The Lawmeme discussion is quite thoughtful and in-depth, very good reading.
When will people get that email is not secure. Its the digital equivalent of a postcard, but idiots still email credit card numbers and worse.
The "cue the foo posts in 3, 2, 1..." posts will commence with no subsequent foo posts in 3, 2, 1...
The only way to have anything not exposed would be to of encrypted the messages for each person.
The next step? Go the Microsoft way and have either a timed encrypted message or some way to have a message self-delete after so much time. Both are possible but either add it's own complexities or possiblities of comprimise. (ie. the timed message abitliy is out there but basically you view a message which exists on an external server and is displayed on your machine via a doc.write comand. Not the best way.
Patrick Havens (Mr. 573333 to you.) Graphic Artist / Coder / Father / Journeler
This e-mail was intended to be "leaked" so that it gets more attention. Its called constructive journalism. The journalist intended for it to be public, why else would she have written such a lengthy piece?
How the hell do all these people know I have a small penis?
... that when you pass "personal" notes in the classroom, the teacher might just be paying attention and decide to read it to the rest of the class. This is not a violation of privacy, but rather a misunderstanding of the rules.
This is a symptom of what has become all too common in todays email society - the trivialization of communication.
The "forward" has become a replacement for an actual composed email message. Its easier to maintain the illusion of staying in touch by forwarding some insipid crap rather than taking the time to actually *gasp* drop someone a personal note.
As a result, most email is not private, or more importantly, personal. I can easily imagine what went through the recipients mind - "wow, this is cool, let me forward it to ____". Why wouldn't he ? After all, we foward crap to each other all the time, why should this very interesting email be any different ?
You get something that looks interesting, you forward it. It couldn't POSSIBLY have been intended for ONLY you.
I would bet that had this letter been handwritten, the recipients would not have shown it around.
Welcome to the global communication era.
Redistributing is an even bigger no-no. . .:)P
You are not the customer.
Word is bad about saving info. You with find previously deleted text, revisions, computer names, account names, sometime passwords embedded into the document. I would have to say that Word is one of the most insecure formats in which to deliver a message.
BTW - this same way has gotten me past passwords more then once.
Patrick Havens (Mr. 573333 to you.) Graphic Artist / Coder / Father / Journeler
Let's compare it to a real letter, or better yet, a company memo (in dead-tree form), since real letters typically only have one recipient. Let's say a memo gets sent to all 5 members of the HR department of a company. That memo warns that there will be no holiday bonuses this year. It goes on to say that the employees will be informed of this later, but HR is getting a heads-up in advance. Now, one of the HR employees, pissed off about this, decides to scan it, and post it on the company web site. Is he wrong to do this? Most people would say he is, I'll bet.
Now, the question is, why is it so different with e-mail? If I send a printed letter to a friend, I have the expectation that it will not be plastered on bulletin boards around town. If I send an e-mail, people would argue that I can't expect it to remain private. Why? I think the answer is because it's so easy to distribute an e-mail. Clicking the forward button is trivial.
So what's the solution? Disclaimers and confidentiality statements like some companies have on their e-mail? Doubtful. Even if they would hold up in court, who's willing to fight it? How about some sort of flag that specifices whether a message can be forwarded? That smacks of DRM, and no one's going to like that, nor will every client implement it. PGP? Well, that's nice, but once the recipient decrypts it, it's plain text, which can be forwarded. As much as it sucks, we may just have to rely on personal judgement.
So was the person who forwarded her e-mail a jerk? Probably. Should he have asked permission of the author? Definitely. Is there anything that can be done about it? Nope.
There is no sig, there is only Zuul.
This is an excellent illustration of being extremely careful with the information you posess. And, as the subject indicates, who your friends are. If she considered the information to be somewhat sensitive in nature, then she could have easily: (1) kept it to herself for a future article or (2) maybe make it clear in the email to not redistribute. She obviously chose to do neither, which sort of opened the doors. Unfortunate that someone on her "distribution list" felt that everyone needed to know what went on at the World Economic Forum based on Laurie's experiences. From reading the email it really doesn't look like she has divulged any really serious world secrets. Another prime example of how to learn from one's mistakes.
-- Rick
From the original email: "...various insundry countries...".
S/he's a reporter but thinks "insundry" is a word? The phrase is "...and sundry".
But wait, it gets funnier, I googled (tm) for "insundry" and got more than 100 hits. I guess a lot of people hear "and sundry" as "insundry". Is there a word for that? It's like a meme, but it's something you've heard. A heme! Oh, wait. Taken. A misspelleme?
// todo: implement sig
Comment removed based on user account deletion
What? Where's the "liberal bastion"? These are "free-market capitalists".
I found the email fascinating because of how weird and out-of-touch the Americans look. This is supposed to be our swimming pool -- the business elite. Instead well look like religious wackjobs trying to have a 'splendid little war'.
She sat at the window watching the evening invade the avenue.
Wow check out what he said
[original message]
This is a symptom of what has become all too common in todays email society - the trivialization of communication.
The "forward" has become a replacement for an actual composed email message. Its easier to maintain the illusion of staying in touch by forwarding some insipid crap rather than taking the time to actually *gasp* drop someone a personal note.
As a result, most email is not private, or more importantly, personal. I can easily imagine what went through the recipients mind - "wow, this is cool, let me forward it to ____". Why wouldn't he ? After all, we foward crap to each other all the time, why should this very interesting email be any different ?
You get something that looks interesting, you forward it. It couldn't POSSIBLY have been intended for ONLY you.
I would bet that had this letter been handwritten, the recipients would not have shown it around.
Welcome to the global communication era.
Except that in the case of email, you can't. Repeat after me, kids:
All you can do is make it difficult or illegal. But give me the most-secure email system, and I can probably do any of these:
But by all means, if someone wants to develop a huge expensive system that "guarantees" uncopyable email, be my guest. It'll be good for laughs.
I'm a bloodsucking fiend! Look at my outfit!
I've just skimmed the article (which seems quite good) and read the letter. I can think of a number of reasons the author wouldn't want an e-mail to slip out, but now that it has, I have to say:
:)
That was a damn fine read.
Sure, it could use some editing, but it's not that bad. It's easy to find worse in the print press, let alone on the internet. Besides, that's just form and style... content is what really matters.
And in content, it is actually very interesting and eye-opening. I would be delighted if the author were to write a more lengthy and involved piece on WEF in Davos that actually *is* intended for publication. After this little debacle, it's sure to get a lot of exposure, and I bet she's got a lot more she could say on the subject.
(And sure, the fuss may have all been a marketing gimmick for a forthcoming article. I don't really care, because if so it was really well done!
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
Any major revlations in this "leaked" article? ... Nope...
..from American security and military speakers that, "We need to attack Iraq not to punish it for what it might have, but preemptively, as part of a global war. Iraq is just one piece of a campaign that will last years, taking out states, cleansing the planet."
From the article:
You know, as a resident of this planet, I don't want it "cleansed" by some clown in Washington. The days when there was a standoff between the USA and the USSR, so that neither got to "take out" as many countries as they wanted, look pretty attractive in hindsight.
Oh, my - the five-digit riff-raff crashed the party.
It's much better than it used to be. Years ago, I used the "strings blah.doc" trick on a Word file an office mate had sent me. What I found was that in addition to the text he intended, a bunch of his email headers were included! He of course blamed Eudora, because Microsoft certainly wouldn't be at fault.
It turns out that Windows didn't use to bother zeroing out RAM when it handed it over to an application, so I guess at times you could call malloc() and get random junk from other running applications. And Office of course doesn't actually write files out in a known format, it pretty much just dumps memory out intact (which is why it's such a pain to reverse engineer the file format). The combination of the OS not clearing RAM and Office writing out memory which it had allocated but never bothered using resulted in email headers in Word documents. This was fixed years ago, of course. I kinda missed it, though. I still routinely run strings on Office docs to see what shows up.
At its peak, about once every few days (slower since the dot-bust), I'd get a message directed to an address that bounces into my postmaster recycle bin containing all sorts of wonderfully cool private information: business plans, financial spreadsheets, customer contact lists, credit reports. Obviously, this was intended for the identical address at the VC firm, but the sender (wrongly) presumed that they could shorten that to just stonehenge.com.
What's odd is that nearly every time I responded with my curt message of "hey, you shouldn't be sending private info with big financial impact without either verifying the recipient or encrypting the data", they would come back at me, like it was my fault! Weirder, they'd ask me what the proper email address was, like I knew (or cared).
I spent about 20 minutes one day talking with the IT director at the VC company. I tried to make him understand that ultimately, it was his company that might be held liable for not making their email address clear to the clients they were dealing with. But he seemed to think that all I needed to do was agree to forward the misdirected email. We never did agree on that.
I still get misdirected emails for a video production house in Canada as well.
Why don't people understand that every character in an email address matters?
Uhm, no, you are mistaken in your understanding of malloc. This is the standard for malloc:
Taken from malloc (1).
It is not the operating systems responsibility to clear the memory of something recently allocated, and it is good programming practice to set the bits to 0 after a malloc unless you know for a damn well certainty that you will fill the entire segment.
Dacels Jewelers can't be trusted.
Any time we release a document to any other group of people, inside work or out, we are 'encouraged' to copy all, paste into a new document. That document is then password protected from editing (weak, I know, but it shows diligence). Only then is it to be sent out.
:)
Of course, following all of that is a royal pain in the arse, so it only gets done on vendor communications and whatnot, and typically it's iffy then. But it is funny to see a template that had gotten hit by a virus from my boss once- I called him up and had him panic about having another bug on his box
Peasants.
The more you know, the less you understand.
Since the writer went to the conference as a journalist, she was expected to publish something. With a bit of cleanup, she could have published that as a column. Nobody in Europe would be upset.
The US media is very gentle on the Administration. You don't see publicly in the US media that, to most of the world's elites, Bush and his cronies are viewed as inept and dangerous. "Jesus freaks with nuclear weapons" is a bit harsh, but it's mainstream British opinion.
On the economic front, everybody who can read the numbers knows it's going to be at least a few years before things get better. Whole countries are going bankrupt. IMF policy doesn't work. The bubble in the US still hasn't fully deflated. Japan has been in the tank for a decade, and nobody knows how to fix it.
Again, none of this should surprise anyone other than heavy TV viewers.
I took it all as perfectly correct reporting, without even being run through a 'should I actually publish this' filter. In some ways I'd call that MORE accurate and correct than a more carefully worded story.
Being alarmed about war planning myself, and also very skeptical of the prospects of economic wellness from uncontrolled laissez-faire globalization, I found it incredibly encouraging to learn that yes, Virginia, there is such a thing as Reality.
It's not just that these rich movers and shakers are 'just people'- it's that they're not in control, and that they are capable of recognizing when the policies of those like them lead to olgiarchy and the collapse of the worldwide economy. These aren't a bunch of Socialists but they're not having any of the economic social darwinist garbage- if holding to parody-Libertarian dogma means the poor get poorer and it affects THEIR PROFITS, they'll recognise that relatively quickly and they will do something else! I like that these are pragmatic people. They'll go with what works...
I think that was worth dismaying a journalist, I really do. I think the truth is much more important than her feelings of chagrin at being mocked for spelling mistakes or whatever- some people don't seem to 'get' that her ability to REPORT was terrific and plainly on display, and the news was desperately important.
it is a trust problem.
Somebody she trusted, violated that trust.
If I tell you a secret, and you just start telling people it, it is not the peoples fault, it is the person who violated that trust.
Of course, peple with 2 or more brain cells will usually indicated it is not for the public. Like "please don't spread this information".
Once it is out, it is out. Personally, I think she should of encrypted it.
The Kruger Dunning explains most post on
Not really in the personal privacy sphere but I once saw a DEA document that they published in PDF with the name of their agents blacked out. in Acrobat the names were actually blacked out but in OS X preview app you could see them.
I know absolutely nothing about PDF but I assume they have layers.
Ironically it was a report about some Israelis trying to gather information on DEA agents and there they had all their names and addresses published in the internet.
Just think about the privacy implication of such cross-application leaks on a multi-user system. Rather than relying on a broken word processor, an attacker could write a program that intentionnally malloc'ed large chunks of memory, and then went searching through them for interesting data of his fellow users...
the author hadn't flattened the layers. it got noticed I think by a reporter using a slower computer than many used at the time so they saw the names appear then get blanked over where-as for most people that happened too quick to see. it was reported here on Slashdot
Instead of ranting at the bloggers and posters, Mrs. Garrett should simply have said something along the lines:
"That email was private and intended for a only a few friends. I am sorry it has been exposed to the world, it was never meant as perfectly accurate, peer-reviewed report of the Davos forum, but rather my quick impressions. Please take it as such, and do not base any business or investment decisions on it. Ciao."
The fact is, she was naive and unthinking to fail to realize the possibility that one of her friends may forward it, and that the email would get out. Yes, she should have a right to privacy, but the possibilty certainly exists, and instead of relying upon a nebulous "right", she should have taken steps to minimize or eradicate that possibility instead. Both she and her friend made a mistake, and the email got out into the news-hungry metanet where it snowballed. But ranting at random people for that only made matters worse. Something for us all to keep in mind.
Flying is easy, just throw yourself at the ground and miss. -Douglas Adams
Still, I'm glad I've read it... it's decent news coverage of such a relatively important event. I mean, good use of sources of all types is what journalism is all about... Thanks, Laurie! :-P
Incidentally, this diatribe is from someone who posted a personal note from ex-President Clinton on her website. Presumably with permission, natch, but it's no less private by nature.
Newsflash yourself, guy. The full quote, which I'm guessing you haven't heard, is from Stewart Brand, stated in print for the first time as follows:
The quote was never meant to be used as a bludgeon to claim that all information should be free; it was part of an illustration of exactly the kind of tension going on here.
You're essentially claiming she should have been more careful in some fashion that would have prevented the email fro being leaked in the first place. Careful in what? Her use of email for delivery only to the intended recipients? Her choice of friends?
I'd like anyone with that attitude to look back over all the emails they've written since they've been online and to consider ones they've written that they only wanted a selected group of individuals to see. Don't think of claiming you've never written an email like that. Can you honestly tell me that if that email showed up suddenly on a web discussion board, you wouldn't be incensed? (And can you honestly tell me that if people responded to you with "information wants to be free!" you wouldn't want to break their kneecaps?)
Having said that, I agree Ms. Garrett should have been more careful in her responses to this trust violation. She displayed a snitty disdain for all internet discourse that, as a fan of her writing, I find considerably disappointing.