The Death of Privacy

Debra D'Agostino writes, "Why don't companies care about privacy? Because there's not enough money to be made from securing sensitive customer information, says Jeff Rothfeder in an article posted recently at CIO Insight. Furthermore, there's not enough money to be lost in privacy breaches for companies to care. 'Most companies claim that privacy is a priority — chiefly because they believe consumers are more willing to do repeat business with them if personal information is carefully handled,' he writes. 'But in reality, many companies are woefully inept at protecting privacy.'"

Why is this surprising?

[voice_of_all_reason]

Our economic system is based on the idea of "profit at all costs." I mean, isn't this what we wanted and fought the cold war for?

Re:Why is this surprising?

[HateBreeder]

"at all costs" ... within the boundaries of the law.

Coming from a country where most of the major infrastructure (electricity, telephone, water... etc) is owned by the goverment,
I can tell you one thing for certain - Capitalism is an increadible proccess optimizer. A competitive market's benifits overcome it's limitations by several orders of a magnitude.

If that's what you fought the cold war for ... then it was worth every effort.

Re:Why is this surprising?

[Snarfangel]

Our economic system is based on the idea of "profit at all costs." I mean, isn't this what we wanted and fought the cold war for?

That's because companies are able to externalize costs, meaning that the cost is paid by others. The trick is to make them internalize costs, via legislation if necessary -- if I suffer losses because they don't protect my info, they should pay the entire cost for my time, money, and inconvenience.

Re:Why is this surprising?

[oliverthered]

Maybe the problem is that most governments are crap at running things.

Re:Why is this surprising?

[rolfwind]

Privacy shouldn't be such a concern with most businesses one deals with (exceptions such as the doctor and ATT should but don't always apply) because you would have the option of telling them nothing and therefore they couldn't sell it (it always astounds me how much info people give out @ radio shack's checkout - i tell them to fuck off unless they want to lose a sale) except that they demand and verify information based on numbers (SSN primarily) that were never designed for such a purposes to do certain transactions.

The EU has much better privacy laws in this regard and it is correct to impose this if I as a consumer have no choice in what info I have to give out to even get service.

It disturbs me on how much damage that can be done to someone simply by knowing their SSN and a few pieces of publicly verifiable data.

Re:Why is this surprising?

"at all costs" ... within the boundaries of the law.

No "at all costs. PERIOD." If the penalty for breaking the law still is small compared to the financial benefit, then the law will be broken. Claiming otherwise is naive. For example, look at all of the illegal aliens hired by major US corporations like Tyson. These are corporations who actively recruit illegals. But, no real penalty means they will continue to do it in the name of profit.

Re:Why is this surprising?

[just_forget_it]

Except that there is really no competition in infrastructure, government or privately-owned. There can only be one set of roads, one power network, one telephone network. I would rather entrust these to a government with citizens in which to answer than a corporation with shareholders.

Re:Why is this surprising?

[1u3hr]

A competitive market's benifits overcome it's limitations by several orders of a magnitude.

Except for things like health care, education, police, fire protection, transport infrastructure. Leave them up to a "competitive market" and you get a healthy, educated aristocracy living in fear of a mass of peons. Uncontrolled capitalism is worse than inefficient socialism.

Re:Why is this surprising?

[symbolic]

Capitalism is an increadible proccess optimizer. A competitive market's benifits overcome it's limitations by several orders of a magnitude.

This is true only when competition allowed to occur. The standard m.o. seems to be that existng monopolies do whatever they can to raise the barrier of entry for competing entities - either through protectionist legislation or other means. The latest blight on this landscape exists in the form of software patents, but there are others - for instance, the extension of the copyright.

Re:Why is this surprising?

[everett]

Arguably Korea and Vietnam were fought as a part of the "Cold War" with the Soviet Union...

Re:Why is this surprising?

[Quino]

I'm not sure that I buy into this oversimplification. I'd say that *any* large bureaucracy is crap at running things, private of public.

If there's a modicum of competition, that might keep the very large private entity somewhat in check. If there is none, then the large private company is no better than a government, and quite likely worse since they are operating under a profit motive.

Re:Why is this surprising?

[Rob+the+Bold]

That's because companies are able to externalize costs, meaning that the cost is paid by others. The trick is to make them internalize costs, via legislation if necessary -- if I suffer losses because they don't protect my info, they should pay the entire cost for my time, money, and inconvenience.

This would work for plenty of corporate-caused ills today, e.g., pollution. For anyone who complains that this is "socialism", remember: companies are effectively socializing the risks and costs of doing business, while only privatizing the profit.

Re:Why is this surprising?

[danielaborg]

"at all costs" ... within the boundaries of the law.

In theory. In practice it's more like "at all costs unless you might get caught".

Re:Why is this surprising?

[spun]

Unfortunately, this kind of lawsuit costs money. And most reputable lawyers would never take such a case on commision. If it happened to enough people, they might work on a class action suit. And you would end up getting $5 as recompense for the thousands you lost, while the lawyers walked away with millions. In your ideal system, it seems, only the rich would be able to afford justice. Is this really what you want?

Re:Why is this surprising?

[KDR_11k]

Yes but as a result they lose customers. Unless they are selling basic needs without competition they can't raise prices without consequences. As such they'll think twice before passing such costs on to the customer and may opt to take a dent in their profits statistic instead.

well, duh

[oohshiny]

Why don't companies care about privacy? Because there's not enough money to be made from securing sensitive customer information, says Jeff Rothfeder

Well, duh. Does he have any other brilliant insights? Like that there's not enough money to be made from decent working conditions, proper financial disclosures, or from protecting the environment?

That's why we have laws and penalties. What we need is stiffer penalties for privacy violations by companies. And, unlike child pornographers and murderers, who tend to be insensitive to the potential penalties, companies really do respond to penalties that hurt the bottom line.

Re:well, duh

[compro01]

That's why we have laws and penalties. What we need is stiffer penalties for privacy violations by companies. And, unlike child pornographers and murderers, who tend to be insensitive to the potential penalties, companies really do respond to penalties that hurt the bottom line.

and why exactly whould the government (willingly) create laws against that when they can make such handy use of the corperate data collection?

and since the vast majority of the people simply don't seem to care, the government won't be force to create/enforce such laws.

Re:well, duh

[oohshiny]

Are they really violations?

They are violations of privacy. They may not yet be a violation of privacy laws, but hopefully we can change that.

Re:well, duh

[cptgrudge]

And, unlike child pornographers and murderers, who tend to be insensitive to the potential penalties, companies really do respond to penalties that hurt the bottom line.

Exactly. We need a few rounds of truly hard-core lawsuits to smack these companies into line.

It isn't like your info can just be used once. It's permanent damaage that has been done. Do you get a new SSN? No. Do you get a new mother's maiden name? No. A new birth date? Obviously not. Credit cards and bank accounts can be closed, but with that information released, you have been done irreversable damage. Any schmuck identity thief can now steal your identity. These stupid companies always offer "a year of credit reporting services" to the victims, but does that really matter? Compared to the other problems that could arise, that's nothing.

The loss of the info to parties that have an interest in misusing that data, to your detriment. Damage to credit, damage to net worth, loss of peace of mind, time spent fixing problems. And this could last the rest of your life. IANAL, but here's what I figure the compensation could be:

• $250,000 for each individuals' data loss
• Free credit reporting service for life
• The company must keep the credit reporting service active individually monitored on their own dime - they can't just reimburse you and have you keep up on it yourself. You could delegate this to someone else or to yourself if you want to be rid of the company altogether, but you would be compensated additionally for the expense of a personal credit reporting service manager. If the victim took this route, they would absolve the company from further responsibility.

Let's see, Equifax loses a computer with 2,500 individuals' personal info. That's $625 million in damages up front for the data loss. Probably another 10 people they will need to pay for another 60 years (or so) until the customers cease to exist, which we might estimate at (8 cogs @ 35,000 + 2 managers @ 50,000) x 60 years. That's another $22.8 million. Almost $650 million.

AT&T loses 19,000 customers worth of data? $4.75 billion in initial damages, and another $173 million in staff. Nearly $5 billion in the end.

Think they'd lock that info up tight then? Or would they just hush it up and try to get away with it without anyone knowing?

Consumers don't care about their privacy

[HateBreeder]

... So why should corportations?

Most Consumers, barely consider privacy implications when purchasing software or signing up for services.
Most Consumers, will easily hand out their personal information when signing up to a service, as long as it does a good job at providing it.

See for instance, GMail.
A privacy nightmare, yet it's a damn good web-mail service.
Most people won't bother with privacy. period. ... Do You own a GMail account?

Re:Consumers don't care about their privacy

[Stradenko]

Province, your name (maybe) and any personal data that you've ever transmitted by email through gmail. Google's business is finding needles in haystacks.

That said, I like gmail, and for some reason...I blindly trust google to not screw up too bad.

Re:Consumers don't care about their privacy

[Gareth+Williams]

Do you know if Hotmail or Yahoo have bots looking at your emails?

Considering the aforementioned webmail services also provide automatic spam filtering, I'd say they certainly do. A computer program scanning your email for keywords is a computer program scanning your email for keywords - whether the purpose be delivering targetted advertising to you or deciding if said email is spam or not makes no difference. I don't see why everyone thinks privacy is so much worse with gmail. It's not. It's equally bad :)

What's that? They archive it forever, your mail doesn't get deleted when you press "delete"? Oh no. You think hotmail and Yahoo have no backups or something?

If you're storing your personal email in plain text on someone else's server (or even if you're just transmitting it in plain text, full stop) then you'd better get used to the idea that you have no privacy anyway.

Gmail is a good service, and so far their track record for keeping data confidential seems to be pretty good. You might as well trust them as anybody else.

Re:Consumers don't care about their privacy

[Deviant+Q]

I am of course not 100 % sure, but I am fairly confident Google simply finds and displays those ads in real time. It isn't building an "ad profile" to show you based on your email; the only data that's processed is the current screen.

I kind of envision it as a script that grabs all the nouns, sends them with an XMLHttpRequest to some server code, and gets back ads in an iframe. But I definitely haven't poked around.

Re:Consumers don't care about their privacy

[RAMMS+EIN]

And while we're on the topic of email and privacy, are people aware that SMTP and POP3 and IMAP all transmit messages in the clear, and POP3 and IMAP will do the same for your password? Email has so many problems that sometimes, I wonder why we're still using it.

The reason..

is because companies make money off of our information. They sell it to governments and other businesses. To many companies, their customer information is as valuable as their product/services. If you are a consumer, you are owned.

This practice has got to stop. We have zero protection from this. Our government allows and incourages this behavior. Something has got to give.

If a tree falls in the woods, and no one cares...

[tjeffer]

There's no money in it because consumers don't care. But apparently there is money in writing columns discussing stuff that most people don't really care about.

Ob. Scott McNealy

[thatguywhoiam]

"You have no privacy. Get over it."

While I think he's right about the privacy part, I have no intention of getting over it, now or ever.

Meh

They're not inept in the least. In a marketplace like ours where "competition" often means that you have a couple of choices in an oligarchy, if you're lucky, there's no reason to satisfy customer demands.

Consider this particular case: I used to work at a company that had a very large call center staffed. The call center, from the business perspective, was a cost liability only. It provided no income.

One might argue that it's job is the maintain income by satisfying customers, but as it turned out our customer turnover and return rate was so high that it actually benefited us to ABUSE customers to make them get off the phone. Simple economics showed that it cost us more to help people than to chase them away, so, with the exception of a handful of particularly loyal buyers, we did just that. We enacted policies that basically encouraged our "service" reps to force people off the phone as fast as possible (either service them in under two and half minutes, or lose your job). We didn't staff the call center that well because if you don't show the abandonment numbers, you can make yourself look really good by pointing out how fast you handled the actual calls that come through. And if someone gets angry enough to cancel, just do it and don't worry about it, because three other suckers will be attracted by the low price "deals" to replace him.

Until consumers wise up and stop chasing bargains to whatever poor quality store has them and starts demanding a return of actual service and respect, they're not going to get any of their demands met and they're not going to get any respect. Simple matter of economics: it costs them less to abuse consumers because nobody cares about the overall product, including service, they just think "value" starts and stops at "lowest price".

Consumers get the level of service, privacy, etc. they pay for, and since all they care about is how little they pay, that's how little of each of those things they get.

Not surprising

[paladinwannabe2]

Claiming to have a privacy policy increases business (and profits) while actually respecting privacy is expensive (especially when you consider how much personal information can be worth). Because of this, most companies will share their data with "Business Partners"- and if you share your data with 10 other companies, odds are they won't all have privacy standards as high as you.

Another problem mentioned in the article is when a company goes out of business, they no longer have any financial incentive to keep your records private- it's not like they will lose your business if you find out. While this is illegal (now) if it violates their privacy policy, there can still be strong financial incentives to sell personal data.

Of course, what the article doesn't mention is that many web companies have "privacy policies" that bascially say "anything you tell us may be used against you- we have the right to sell or reveal your personal information in any way we feel like". Once you give information to them, everyone can find out about it.

You know...

I've never seen the advantage of using real personal data.

I even use fake personal data for my three eBay accounts.

I even moved my htdocs to a dutch server to avoid giving personal data in the "Kontakt" part since that's a requirement in Germany. But I don't know the advantages of hosting htdocs in Germany.

Asking the wrong question...

[tygerstripes]

When research is done into data security, it usually concludes that, yes, it is possible to obtain sensitive information from a company regarding its customers (duh).

However, the important thing to find out is whether or not this can be acheived without significant risk of discovery to the enquirer. This is a tough question for a commissioned third party to answer, as they have carte blanche. I dunno about the US but, in the UK, the answer is usually: no.

Anyone who works with sensitive or private data (especially when it relates to children or vulnerable adults) has it so heavily drummed into them that security is crucial, that it has become part of the culture (which, of course, is the point).

Obviously there are breaches and slips, and people are not always challenged when they should be. However, these occurrences are infrequent, irregular and - most importantly - unpredictable. You couldn't approach a company/authority/whatever with a cunning ploy to discover data that worked last time and be sure of not getting caught out this time. It's not worth the risk, and employees are getting more savvy every day.

The absolute worst kinds of data integrity slip-up are from fucking sloppy work by people using info systems. I worked in HR for a while, and ended up maintaining the personnel data system (for about 7,500 peeps - and it was a shit piece of software). I discovered that one or two staff members were using the software incorrectly and, frankly, in a totally incompetent fashion, because they couldn't be bothered to use the proper routines. I wish I could've made that impossible, but it wasn't my software.
They had replaced the addresses of several employees with the addresses of several job applicants who happened to have the same name, because it hadn't crossed their minds that the personnel tables accessed by the applicant-processing module and the contracted-employees module might be the same. The result? I got a phone call from an irate HR manager asking why they had been returned a contract with payroll info, tax stuff etc from someone who had never worked for us with a note saying "not known at this address". Of course, the girl responsible tried to blame it on me, and got heavily bollocked shortly afterwards for being a dense fuckwit.

Glad I'm not working there anymore.

democracy breaks down at around 1e7

[Speare]

I've noticed that democratically controlled systems, or the corporate equivalent of "vote with your dollars," breaks down when the population gets between 1e7 and 1e8. Suddenly, the political parties have become somewhat desensitized or even immune to the feedback for their outrageous actions. Corporations can essentially ignore pretty much any sort of public relations fiasco, since a boycott can't possibly raise enough countervotes to seriously impact the bottom line.

Honestly, at this point, if you said that Sam Walton's heirs, the Olsen Twins, and Dick Cheney were found in a secret lovenest in an undisclosed location in Tora Bora, writing a draft of USAPATRIOT ACT III which says that shoplifters were terrorists and should be buried under a hill of depleted uranium razorblades, there would be a five day story on the news and a 1% drop in poll/profit numbers, then it would be off to the next "scandal."

Privacy?

[homer_s]

If you want to keep something private, don't share it with anyone else.
If I tell my friend that I shoplifted, then it is no longer a secret - he can reveal it to whoever he wants, whenever he wants. Sure, I can make him promise not to do so, I can even make him sign a contract that penalises him if he shares the secret.
But none of that can *prevent* him from sharing the secret. And once he does so (due to malicious intent, due to carelessness or maybe because a supervillain tortured him), the secret is out. No contract will put the genie back in the bottle.
Same thing with your email and phone records - once some company has the information, it is no longer secret. Sure, you may be able to sue them and punish them, but your 'private' information is out - no judge or law in the world can undo that. Yet.

Obviously

[Null+Perception]

There is always more money to be made by saying one thing and doing another. If the consumer believes thier information is private, thats all that matters.

Communism vs crony Capitalism

[Travoltus]

Capitalism really peaked in the 1960s when respect for the middle/working class - the center of any free market economy - was at its zenith.

Since then, we've been on a long descent into crony capitalism in which corporations receive billions of dollars in welfare / bankruptcy bailouts while single parents are demonized as the destruction of society. Corporation lobbyist dollars and campaign contributions now trump votes and letters/calls from regular citizens. Corporations pollute our waters and air and aren't held liable to the people they make sick or even kill. Corporations buy politicians and laws at will, and they're getting more and more efficient at brushing aside the will of the majority.

In America, the rich are now glorified and the poor are demonized. This is absolutely positively a direct contradiction to America's much vaunted "Judeo Christian" values.

There is no God any more in the eyes of corporate America... only money.

Corporations trade your personal information and the free trade of your private information is essential to their bottom line, even more surely than free mp3's are desired by the common terrori^H^H^H^H^H^H^Hmp3 pirate. If corporations - specifically marketers - could have it their way, all your transactions and whereabouts would be public information.

The old evil empire was communism, which sacrificed individuals to the state.

Capitalism fails miserably when it crosses the "profits over people" line, as it sacrifices the individual to the corporation.

What saves the Western world is DEMOCRACY, far more than capitalism. And when DEMOCRACY is threatened, as it is being threatened by the corporate state right now, neither capitalism nor communism can save you.

Re:Capitalism's benefits.

[Irvu]

I never claimed that Communism or Socialism had no such faults. Nor, if you look at my argument was I even claiming this for all of Capitalism. Capitalism as a principle falls down in many ways. That is why we don't have a "pure" capitalist society. The question is not the arbitrary ideal of capitalism any more than socialism or communism (neither of which have been run in pure form at a state level either). The question is where capitalism makes sense and where it does not. In this case, delivery of essential infrastructure, it does not.

Customers don't care either

[John+Hasler]

> "Why don't companies care about privacy?"

Because most customers don't care about privacy. They'll yammer on about it when surveyed and will support legislation when they don't see it as costing them anything, but they won't do anything about it. If they did, the companies would damnsure care. A lot.