Slashdot Mirror
The Death of Privacy
Debra D'Agostino writes, "Why don't companies care about privacy? Because there's not enough money to be made from securing sensitive customer information, says Jeff Rothfeder in an article posted recently at CIO Insight. Furthermore, there's not enough money to be lost in privacy breaches for companies to care. 'Most companies claim that privacy is a priority — chiefly because they believe consumers are more willing to do repeat business with them if personal information is carefully handled,' he writes. 'But in reality, many companies are woefully inept at protecting privacy.'"
as if millions of voices suddenly cried out 'DUH!' and were suddenly modded down.
Edward@Tomato - /home/Edward/ man woman
man: no entry for woman in the manual.
"Qua!?"
Our economic system is based on the idea of "profit at all costs." I mean, isn't this what we wanted and fought the cold war for?
Why don't companies care about privacy? Because there's not enough money to be made from securing sensitive customer information, says Jeff Rothfeder
Well, duh. Does he have any other brilliant insights? Like that there's not enough money to be made from decent working conditions, proper financial disclosures, or from protecting the environment?
That's why we have laws and penalties. What we need is stiffer penalties for privacy violations by companies. And, unlike child pornographers and murderers, who tend to be insensitive to the potential penalties, companies really do respond to penalties that hurt the bottom line.
... So why should corportations?
... Do You own a GMail account?
Most Consumers, barely consider privacy implications when purchasing software or signing up for services.
Most Consumers, will easily hand out their personal information when signing up to a service, as long as it does a good job at providing it.
See for instance, GMail.
A privacy nightmare, yet it's a damn good web-mail service.
Most people won't bother with privacy. period.
Sigs are for the weak.
There's no money in it because consumers don't care. But apparently there is money in writing columns discussing stuff that most people don't really care about.
While I think he's right about the privacy part, I have no intention of getting over it, now or ever.
If Jesus wants me it knows where to find me.
Unfortunately the only way to keep something private is not disclose the information and that isn't practical because it's required for certain things (bank accounts and medical treatment). The only way to deal with the sale of your personal information is to completely devalue it by making it all public. That's the nail in the coffin for the so-called information economy and a major setback to a facist new world order. No, I'm not telling you where I buy my tinfoil.
If a company screws up with your data, you should be able to sue them. Period. Once you do that, companies will start being more careful.
The author needs to realize that it is not the companies responsibility to protect you from being harmed by an identity theft.
The company only protects information from the consumer that protects their assets.
If the author really wants privacy then he will have to pay a lot more than what he is currently paying for certain services. A lot of service companies sell certain types of information to other companies for profit so that way their consumer won't have to pay a higher fee.
If people keep wanting to buy things cheaper, have cheaper internet acces, etc. then in order for that company to do that they might sell information about you, like your buying and surfing habits online, etc. to market research teams. THat is how they make up for it all so that you can get a service cheaper than before.
If he wants to protect his privacy then don't sign up for internet service, nor a cellphone. Just get a land-line phone, use snail-mail, shred credit card applications and basically live like a una-bomber. But if he wants cheaper services then he will have to give something up for it.
Previewing comments are for sissies!
They're not inept in the least. In a marketplace like ours where "competition" often means that you have a couple of choices in an oligarchy, if you're lucky, there's no reason to satisfy customer demands.
Consider this particular case: I used to work at a company that had a very large call center staffed. The call center, from the business perspective, was a cost liability only. It provided no income.
One might argue that it's job is the maintain income by satisfying customers, but as it turned out our customer turnover and return rate was so high that it actually benefited us to ABUSE customers to make them get off the phone. Simple economics showed that it cost us more to help people than to chase them away, so, with the exception of a handful of particularly loyal buyers, we did just that. We enacted policies that basically encouraged our "service" reps to force people off the phone as fast as possible (either service them in under two and half minutes, or lose your job). We didn't staff the call center that well because if you don't show the abandonment numbers, you can make yourself look really good by pointing out how fast you handled the actual calls that come through. And if someone gets angry enough to cancel, just do it and don't worry about it, because three other suckers will be attracted by the low price "deals" to replace him.
Until consumers wise up and stop chasing bargains to whatever poor quality store has them and starts demanding a return of actual service and respect, they're not going to get any of their demands met and they're not going to get any respect. Simple matter of economics: it costs them less to abuse consumers because nobody cares about the overall product, including service, they just think "value" starts and stops at "lowest price".
Consumers get the level of service, privacy, etc. they pay for, and since all they care about is how little they pay, that's how little of each of those things they get.
With the Data Protection Act here in the UK and similar laws throughout the EU, companies are legally obliged to keep personally identifiable information confidential and if they do not they can be prosecuted. Implement that in the US, there's your answer.
Claiming to have a privacy policy increases business (and profits) while actually respecting privacy is expensive (especially when you consider how much personal information can be worth). Because of this, most companies will share their data with "Business Partners"- and if you share your data with 10 other companies, odds are they won't all have privacy standards as high as you.
Another problem mentioned in the article is when a company goes out of business, they no longer have any financial incentive to keep your records private- it's not like they will lose your business if you find out. While this is illegal (now) if it violates their privacy policy, there can still be strong financial incentives to sell personal data.
Of course, what the article doesn't mention is that many web companies have "privacy policies" that bascially say "anything you tell us may be used against you- we have the right to sell or reveal your personal information in any way we feel like". Once you give information to them, everyone can find out about it.
You are reading a copy of my copyrighted post.
NOOOOOOOOOO...
oh. Death of privacy. Nevermind, no big deal.
"Scud Storm!" -- Jeremy of PurePwnage.com
We apparently live in an "information" age, and as such information is power and/or profit depending on your aims.
This article states the obvious, if you pass your data on to a company for the purpose of say making a transaction they are going to try and hold on to that data, because it has additional value.
The fact is that information about people, is worth a lot of money, not so much names, postal and email addresses (although it has some in a certain context) but data that includes demographic information or any other information that can be used to deduce trends or intentions, (like age, sex, income, health information, credit and spending history, even complaints).
Without a rigorous and enforceable framework to regulate the use and transfer of this information it is going to be used in whatever manner ensures maximum profit for the company, be that keeping the data secret and using it in house to "add value" and so that you continue to trade with them or spreading it far and wide to generate some cash quickly.
What is needed are real penalties for intentional and accidental information disclosures, after all if data has a value and its yours then surely you are entitled to be reimbursed if it is compromised, but that will probably never happen, especially given the complexity of identifying the leaks.
In addition the line FTA: "...offering these records to the highest bidder, despite an online privacy policy that explicitly stated the company would never share customer data with any third party" proves the point that regardless of what an online or other privacy policy might state it is just that, a policy, usually subject to change, and more over not a guarantee to the customer (unless it is described as such and you don't see that all that often)
As an example, I recently started getting a huge amount of junk mail (the old kind that comes through the letter box) mainly offering credit cards and other credit facilities, it was badly targeted (offering products aimed at people with bad debt, corporate entities, people with good credit, and people over 60).
I managed to speak to 4 of the more prominent companies (international banks) and a smaller number of the smaller firms to ascertain the original source of the data, it turns out that the finance companies making these offers where inter sharing data massively, leading to a web of sources. My search lasted just over two months of calling and writing (asking people to remove the data as I went along) that ultimately ended with a major credit reference agency (one of the 2 Major UK agencies), who I have never dealt with directly, but who were used for a credit check when I recently purchased a mobile phone through a very large and reputable telecoms provider.
It turns out that the credit reference agency ticked the little box on their computer system that said that I consented to the sharing of my data (something that I make a point of not doing and doubly so as I hadn't dealt with them directly...). They have offered to stop sharing my data, but that is all, and of course the "damage" is already done. All a bit late really as once your data is out there its out there forever, or until you move or your details change enough to make it useless.
So there really is no real way of protecting your data any more, and one mistake by you or someone else and you are stuffed. The only thing I can suggest is changing your name, address, phone number, email address and possibly your gender about every 12 months....
This is why I hope privacy will become a dirty word in the future. The only thing wrong with traditional surveillance is the imbalence of power between the watchers and the watched. However, technology is finally starting to level the playing field. What we need to do is encourage their use and stop lobbying for things like strong encryption, which only gives the illusion of privacy and strive to make a completely transparent society. The strongest cipher is useless if a fly on the wall records your password as you type it. Such methods only encourage an arms race that we cannot win. Currently the rich, powerful and crooked have the ability to peek behind your veil of "privacy".... let's work to turn this situation around!
However, the important thing to find out is whether or not this can be acheived without significant risk of discovery to the enquirer. This is a tough question for a commissioned third party to answer, as they have carte blanche. I dunno about the US but, in the UK, the answer is usually: no.
Anyone who works with sensitive or private data (especially when it relates to children or vulnerable adults) has it so heavily drummed into them that security is crucial, that it has become part of the culture (which, of course, is the point).
Obviously there are breaches and slips, and people are not always challenged when they should be. However, these occurrences are infrequent, irregular and - most importantly - unpredictable. You couldn't approach a company/authority/whatever with a cunning ploy to discover data that worked last time and be sure of not getting caught out this time. It's not worth the risk, and employees are getting more savvy every day.
The absolute worst kinds of data integrity slip-up are from fucking sloppy work by people using info systems. I worked in HR for a while, and ended up maintaining the personnel data system (for about 7,500 peeps - and it was a shit piece of software). I discovered that one or two staff members were using the software incorrectly and, frankly, in a totally incompetent fashion, because they couldn't be bothered to use the proper routines. I wish I could've made that impossible, but it wasn't my software.
They had replaced the addresses of several employees with the addresses of several job applicants who happened to have the same name, because it hadn't crossed their minds that the personnel tables accessed by the applicant-processing module and the contracted-employees module might be the same. The result? I got a phone call from an irate HR manager asking why they had been returned a contract with payroll info, tax stuff etc from someone who had never worked for us with a note saying "not known at this address". Of course, the girl responsible tried to blame it on me, and got heavily bollocked shortly afterwards for being a dense fuckwit.
Glad I'm not working there anymore.
Meta will eat itself
I've noticed that democratically controlled systems, or the corporate equivalent of "vote with your dollars," breaks down when the population gets between 1e7 and 1e8. Suddenly, the political parties have become somewhat desensitized or even immune to the feedback for their outrageous actions. Corporations can essentially ignore pretty much any sort of public relations fiasco, since a boycott can't possibly raise enough countervotes to seriously impact the bottom line.
Honestly, at this point, if you said that Sam Walton's heirs, the Olsen Twins, and Dick Cheney were found in a secret lovenest in an undisclosed location in Tora Bora, writing a draft of USAPATRIOT ACT III which says that shoplifters were terrorists and should be buried under a hill of depleted uranium razorblades, there would be a five day story on the news and a 1% drop in poll/profit numbers, then it would be off to the next "scandal."
[
they shouldn't, people should care, and by extension so should their governments. but when a country buys information from private companies in order to contravene its own laws concerning the privacy of its citizens, then you can't really expect the people to care, can you? the battle over control of personal information is already over; the consumer lost. frankly, the consumer never new there was a battle, never cared, and at any point in the conflict when they could have made a difference, were far more likely to open the door and let the invaders in than they were to barricade it.
take frequent customer supermarket discounts. is your purchasing info really worth 15$/wk? mine isn't. i've recently had a building management company ask me for the transactional history of my chekcing account because i don't have a credit rating. thats right, 'don't have a credit rating.' i've lived outside of the US, where its illegal for companies to transfer personal information across borders. i don't have a credit card because i don't need one. why should i have to pay interest to spend my own money. a car rental company asked me for a second credit card because i was from out of state; why should i need a second one? because i owe that much money, and i'm therefore paying twice as much in interest payments just to buy things.
the future? forget the future, the present. the present is the matrix, as in the movie. except that instead of electricity you're providing goos and services. you're not batteries, but you are drones. and many of you continue to function in this role despite the fact that you know you're drones. you think that you're with the overseers of the drones. you're not. you're think you're better than all the poor people that buy used cars and use all the coupons they can. you're not.
when you can't speak your mind or they fire you, take away your credit cards and get you evicted, so that you can't rent another apartment, or a car, or anything else that requires that you possess a credit card in order to be considered a citizen, will you still be free, if in fact you ever were?
...vividly encapsulates that post-Watergate/pre-punk/coked-up moment when you could trust no one, least of all yourself.
If you want to keep something private, don't share it with anyone else.
If I tell my friend that I shoplifted, then it is no longer a secret - he can reveal it to whoever he wants, whenever he wants. Sure, I can make him promise not to do so, I can even make him sign a contract that penalises him if he shares the secret.
But none of that can *prevent* him from sharing the secret. And once he does so (due to malicious intent, due to carelessness or maybe because a supervillain tortured him), the secret is out. No contract will put the genie back in the bottle.
Same thing with your email and phone records - once some company has the information, it is no longer secret. Sure, you may be able to sue them and punish them, but your 'private' information is out - no judge or law in the world can undo that. Yet.
You misspelled pwned.
Ignore this signature. By order.
Capitalism really peaked in the 1960s when respect for the middle/working class - the center of any free market economy - was at its zenith.
Since then, we've been on a long descent into crony capitalism in which corporations receive billions of dollars in welfare / bankruptcy bailouts while single parents are demonized as the destruction of society. Corporation lobbyist dollars and campaign contributions now trump votes and letters/calls from regular citizens. Corporations pollute our waters and air and aren't held liable to the people they make sick or even kill. Corporations buy politicians and laws at will, and they're getting more and more efficient at brushing aside the will of the majority.
In America, the rich are now glorified and the poor are demonized. This is absolutely positively a direct contradiction to America's much vaunted "Judeo Christian" values.
There is no God any more in the eyes of corporate America... only money.
Corporations trade your personal information and the free trade of your private information is essential to their bottom line, even more surely than free mp3's are desired by the common terrori^H^H^H^H^H^H^Hmp3 pirate. If corporations - specifically marketers - could have it their way, all your transactions and whereabouts would be public information.
The old evil empire was communism, which sacrificed individuals to the state.
Capitalism fails miserably when it crosses the "profits over people" line, as it sacrifices the individual to the corporation.
What saves the Western world is DEMOCRACY, far more than capitalism. And when DEMOCRACY is threatened, as it is being threatened by the corporate state right now, neither capitalism nor communism can save you.
--- Grow a pair, liberals... stop letting the Republicans bully you!
The benefits outwigh the costs only in some cases. To take your comments about process optimization and basic infrastructure you have to consider the costs of privatized infrastructure. Here in the U.S. private companies (varying from state to state) control more or less of the infrastructure. In California almost all of the power infrastructure is in private hands. Those hands recently determined that it was more cost-effective to shut down power stations rather than run them. This was effective because the resulting scarcity of power caused the price of all other killowat hours to go up.
The practical upshot of this was that companies such as Enron were able to stop spending money on some power plants and reap a much higher profit off of the others. For the consumers this meant that even as they faced surging utility bills (as much as 300% increases) they also were forced to deal with "rolling blackouts". The Government of California meanwhile felt its hands were tied and could do nothing to ensure that power was available to its citizens and thus that the essential infrastructure of the economy was running.
Incidentally all of this occurred just before a nasty recall election that booted the governor and brought the Gubernator into office, in part on the grounds that he would do better on the economy.
Just to forestall the obvious comments out the free market consider the cost of competition. If we are to presume that such excesses as I have described above will be checked by the action of the free market we face two problems.
Firstly the cost of getting into competition is extreme. Nuclear power plants don't grow on trees and neither do millions of miles of electrical lines. Infrastructural utilities are, in many ways, immune to competition because of the immense cost of investement and the infeasability of running multiple parallel infrastructure. Picture having multiple distinct road systems, power lines, sewers, or water systems. Picture the difficulty of switching from one system to another. Simple physical space and cost limitations make that infeasible.
Secondly, it was the free market that made that gouging possible. By having a free market on KwH pricing and opening up all aspects to competition and thus making the little intentional blackout scheme profitable.
To put it another way, do you want to pay the "market rate" for garbage removal?
Or, What security do you have when your elected officials can't guarantee the flow of water?
at a local retailer, the policy is that there is a reduced price for people who pony up all the personal info. usually it's about 2% or less. and the staff are pushy about it!
my response is to pull a $1.25 (or whatever the discount they're offering me is) and ask the cashier if s/he will give me their home phone number and address for the money in my hand. when they reply 'no' i say 'well then, i'm sure you can appreciate why i'm refusing your discount'.
another retailer in my area wants you to fill out a form at every purchase. grossly inconvenient as well as invasive. in the phone number box i always put '911-9934' on the off chance that their automated phone spam machine just might get them into a wee bit of trouble when the ambulances and fire trucks show up at the call centre for a false alarm.
2 1337 4 u!
Corporations have all the rights of an individual, except that they're completely immune from prosecution (the company can continue to exist and do business; only its officers can be criminally charged.. but not civilly, as the corporation shields them from those).
A little History of corporations would be beneficial.
Probably the best quote from the whole summary:
This is what corporations became in the years following the 1886 ruling in Santa Clara County vs. the Southern Pacific Railroad.
And we have so delightfully inherited that tradition.
Corporations were government constructs, once. Now they're independent entities that can do anything they wish, until they get caught.
We are the fire that lights our world.. and we are the fire that consumes it.
> "Why don't companies care about privacy?"
Because most customers don't care about privacy. They'll yammer on about it when surveyed and will support legislation when they don't see it as costing them anything, but they won't do anything about it. If they did, the companies would damnsure care. A lot.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.