Slashdot Mirror
Accidental Privacy Spills
ahem writes "A journalist attends the World Economic forum, and writes an email to a few friends. It's a chatty, casual conference report. The conference is a gathering of the 5,000 most powerful people in the world. The report gives a breezy insight into how stuff gets done at that level, and what the concerns are that keep the world's leaders up at night. That email was intended only for the journalist's friends. That email winds up getting plastered all over the net. Here is a very interesting discussion of the implications of this "privacy spill." Make sure you read down to the Epilogue. Here is the email itself." The Lawmeme discussion is quite thoughtful and in-depth, very good reading.
The "cue the foo posts in 3, 2, 1..." posts will commence with no subsequent foo posts in 3, 2, 1...
The only way to have anything not exposed would be to of encrypted the messages for each person.
The next step? Go the Microsoft way and have either a timed encrypted message or some way to have a message self-delete after so much time. Both are possible but either add it's own complexities or possiblities of comprimise. (ie. the timed message abitliy is out there but basically you view a message which exists on an external server and is displayed on your machine via a doc.write comand. Not the best way.
Patrick Havens (Mr. 573333 to you.) Graphic Artist / Coder / Father / Journeler
How the hell do all these people know I have a small penis?
Poster says:
When will people get that email is not secure. Its the digital equivalent of a postcard, but idiots still email credit card numbers and worse.
Article says:
Encryption is fine for the digital connection, but the digital connection was already the secure part of the link. Garrett's expectations of privacy were compromised between the seat and the keyboard; the same place every technically foolproof scheme fails.
The article is more interesting than just a technological discussion, because it gets into issues of how social norms and technology interface. Of course, it's also waaaaaaay long.
This is a symptom of what has become all too common in todays email society - the trivialization of communication.
The "forward" has become a replacement for an actual composed email message. Its easier to maintain the illusion of staying in touch by forwarding some insipid crap rather than taking the time to actually *gasp* drop someone a personal note.
As a result, most email is not private, or more importantly, personal. I can easily imagine what went through the recipients mind - "wow, this is cool, let me forward it to ____". Why wouldn't he ? After all, we foward crap to each other all the time, why should this very interesting email be any different ?
You get something that looks interesting, you forward it. It couldn't POSSIBLY have been intended for ONLY you.
I would bet that had this letter been handwritten, the recipients would not have shown it around.
Welcome to the global communication era.
Redistributing is an even bigger no-no. . .:)P
You are not the customer.
Word is bad about saving info. You with find previously deleted text, revisions, computer names, account names, sometime passwords embedded into the document. I would have to say that Word is one of the most insecure formats in which to deliver a message.
BTW - this same way has gotten me past passwords more then once.
Patrick Havens (Mr. 573333 to you.) Graphic Artist / Coder / Father / Journeler
Let's compare it to a real letter, or better yet, a company memo (in dead-tree form), since real letters typically only have one recipient. Let's say a memo gets sent to all 5 members of the HR department of a company. That memo warns that there will be no holiday bonuses this year. It goes on to say that the employees will be informed of this later, but HR is getting a heads-up in advance. Now, one of the HR employees, pissed off about this, decides to scan it, and post it on the company web site. Is he wrong to do this? Most people would say he is, I'll bet.
Now, the question is, why is it so different with e-mail? If I send a printed letter to a friend, I have the expectation that it will not be plastered on bulletin boards around town. If I send an e-mail, people would argue that I can't expect it to remain private. Why? I think the answer is because it's so easy to distribute an e-mail. Clicking the forward button is trivial.
So what's the solution? Disclaimers and confidentiality statements like some companies have on their e-mail? Doubtful. Even if they would hold up in court, who's willing to fight it? How about some sort of flag that specifices whether a message can be forwarded? That smacks of DRM, and no one's going to like that, nor will every client implement it. PGP? Well, that's nice, but once the recipient decrypts it, it's plain text, which can be forwarded. As much as it sucks, we may just have to rely on personal judgement.
So was the person who forwarded her e-mail a jerk? Probably. Should he have asked permission of the author? Definitely. Is there anything that can be done about it? Nope.
There is no sig, there is only Zuul.
From the original email: "...various insundry countries...".
S/he's a reporter but thinks "insundry" is a word? The phrase is "...and sundry".
But wait, it gets funnier, I googled (tm) for "insundry" and got more than 100 hits. I guess a lot of people hear "and sundry" as "insundry". Is there a word for that? It's like a meme, but it's something you've heard. A heme! Oh, wait. Taken. A misspelleme?
// todo: implement sig
When will people get that email is not secure. Its the digital equivalent of a postcard, but idiots still email credit card numbers and worse.
:)
The problem is that _nothing_ is secure once it's decrypted. Even if the e-mail had been sent encrypted and with "DO NOT PUBLISH" written on every other line, some random friend might still have sent the body of the e-mail (after decrypting it to read it) to a friend of theirs, who then forwards it to a friend who has a webpage... and so on. The same applies to written letters as well (ever heard of the "Xerox machine"?)
What's really amazing to me is some of those responses to the second letter. "You shouldn't write anything that you don't stand behind"?!?! Jesus, do people really think that _everything_ is for public consumption? I reserve the right to have a private life! I mean, we're talking about a letter from a woman to her pals. I would like to think that my e-mail is not innately for public consumption. But according to some people, if a person with a weblog gets their hands on one of my e-mails, then suddenly it's my fault for not somehow making my e-mails self-destruct once they've been read! I have more to say about people who think like that, but I doubt that slashdot's lameness filter will let me post it.
What? Where's the "liberal bastion"? These are "free-market capitalists".
I found the email fascinating because of how weird and out-of-touch the Americans look. This is supposed to be our swimming pool -- the business elite. Instead well look like religious wackjobs trying to have a 'splendid little war'.
She sat at the window watching the evening invade the avenue.
Except that in the case of email, you can't. Repeat after me, kids:
All you can do is make it difficult or illegal. But give me the most-secure email system, and I can probably do any of these:
But by all means, if someone wants to develop a huge expensive system that "guarantees" uncopyable email, be my guest. It'll be good for laughs.
I'm a bloodsucking fiend! Look at my outfit!
I've just skimmed the article (which seems quite good) and read the letter. I can think of a number of reasons the author wouldn't want an e-mail to slip out, but now that it has, I have to say:
:)
That was a damn fine read.
Sure, it could use some editing, but it's not that bad. It's easy to find worse in the print press, let alone on the internet. Besides, that's just form and style... content is what really matters.
And in content, it is actually very interesting and eye-opening. I would be delighted if the author were to write a more lengthy and involved piece on WEF in Davos that actually *is* intended for publication. After this little debacle, it's sure to get a lot of exposure, and I bet she's got a lot more she could say on the subject.
(And sure, the fuss may have all been a marketing gimmick for a forthcoming article. I don't really care, because if so it was really well done!
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
Any major revlations in this "leaked" article? ... Nope...
..from American security and military speakers that, "We need to attack Iraq not to punish it for what it might have, but preemptively, as part of a global war. Iraq is just one piece of a campaign that will last years, taking out states, cleansing the planet."
From the article:
You know, as a resident of this planet, I don't want it "cleansed" by some clown in Washington. The days when there was a standoff between the USA and the USSR, so that neither got to "take out" as many countries as they wanted, look pretty attractive in hindsight.
At its peak, about once every few days (slower since the dot-bust), I'd get a message directed to an address that bounces into my postmaster recycle bin containing all sorts of wonderfully cool private information: business plans, financial spreadsheets, customer contact lists, credit reports. Obviously, this was intended for the identical address at the VC firm, but the sender (wrongly) presumed that they could shorten that to just stonehenge.com.
What's odd is that nearly every time I responded with my curt message of "hey, you shouldn't be sending private info with big financial impact without either verifying the recipient or encrypting the data", they would come back at me, like it was my fault! Weirder, they'd ask me what the proper email address was, like I knew (or cared).
I spent about 20 minutes one day talking with the IT director at the VC company. I tried to make him understand that ultimately, it was his company that might be held liable for not making their email address clear to the clients they were dealing with. But he seemed to think that all I needed to do was agree to forward the misdirected email. We never did agree on that.
I still get misdirected emails for a video production house in Canada as well.
Why don't people understand that every character in an email address matters?
Uhm, no, you are mistaken in your understanding of malloc. This is the standard for malloc:
Taken from malloc (1).
It is not the operating systems responsibility to clear the memory of something recently allocated, and it is good programming practice to set the bits to 0 after a malloc unless you know for a damn well certainty that you will fill the entire segment.
Dacels Jewelers can't be trusted.
Since the writer went to the conference as a journalist, she was expected to publish something. With a bit of cleanup, she could have published that as a column. Nobody in Europe would be upset.
The US media is very gentle on the Administration. You don't see publicly in the US media that, to most of the world's elites, Bush and his cronies are viewed as inept and dangerous. "Jesus freaks with nuclear weapons" is a bit harsh, but it's mainstream British opinion.
On the economic front, everybody who can read the numbers knows it's going to be at least a few years before things get better. Whole countries are going bankrupt. IMF policy doesn't work. The bubble in the US still hasn't fully deflated. Japan has been in the tank for a decade, and nobody knows how to fix it.
Again, none of this should surprise anyone other than heavy TV viewers.
Not really in the personal privacy sphere but I once saw a DEA document that they published in PDF with the name of their agents blacked out. in Acrobat the names were actually blacked out but in OS X preview app you could see them.
I know absolutely nothing about PDF but I assume they have layers.
Ironically it was a report about some Israelis trying to gather information on DEA agents and there they had all their names and addresses published in the internet.
Instead of ranting at the bloggers and posters, Mrs. Garrett should simply have said something along the lines:
"That email was private and intended for a only a few friends. I am sorry it has been exposed to the world, it was never meant as perfectly accurate, peer-reviewed report of the Davos forum, but rather my quick impressions. Please take it as such, and do not base any business or investment decisions on it. Ciao."
The fact is, she was naive and unthinking to fail to realize the possibility that one of her friends may forward it, and that the email would get out. Yes, she should have a right to privacy, but the possibilty certainly exists, and instead of relying upon a nebulous "right", she should have taken steps to minimize or eradicate that possibility instead. Both she and her friend made a mistake, and the email got out into the news-hungry metanet where it snowballed. But ranting at random people for that only made matters worse. Something for us all to keep in mind.
Flying is easy, just throw yourself at the ground and miss. -Douglas Adams
Still, I'm glad I've read it... it's decent news coverage of such a relatively important event. I mean, good use of sources of all types is what journalism is all about... Thanks, Laurie! :-P
Incidentally, this diatribe is from someone who posted a personal note from ex-President Clinton on her website. Presumably with permission, natch, but it's no less private by nature.
Newsflash yourself, guy. The full quote, which I'm guessing you haven't heard, is from Stewart Brand, stated in print for the first time as follows:
The quote was never meant to be used as a bludgeon to claim that all information should be free; it was part of an illustration of exactly the kind of tension going on here.
You're essentially claiming she should have been more careful in some fashion that would have prevented the email fro being leaked in the first place. Careful in what? Her use of email for delivery only to the intended recipients? Her choice of friends?
I'd like anyone with that attitude to look back over all the emails they've written since they've been online and to consider ones they've written that they only wanted a selected group of individuals to see. Don't think of claiming you've never written an email like that. Can you honestly tell me that if that email showed up suddenly on a web discussion board, you wouldn't be incensed? (And can you honestly tell me that if people responded to you with "information wants to be free!" you wouldn't want to break their kneecaps?)
Having said that, I agree Ms. Garrett should have been more careful in her responses to this trust violation. She displayed a snitty disdain for all internet discourse that, as a fan of her writing, I find considerably disappointing.