Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy Policies Only as Good as the People Enforcing Them

Posted by ScuttleMonkey on from the fear-the-market-droids dept.

Techdirt is reporting that while we all know privacy policies may not matter much in the grand scheme of things, a recent study shows that it may be even worse than originally surmised. It seems that the real issue is with who has access to personal data and what they are able to do with it. "of course, it's not just the people reading the policies that don't seem to understand them -- it's those in charge of living up to and enforcing the policies. A new study surveyed a bunch of executives, including both marketing execs and those in charge of enforcing the privacy policy, and quickly discovered that marketers have a very different concept of 'privacy' than privacy officers. Not surprisingly, they don't see anything wrong with sharing all sorts of data that seems to horrify privacy officers."

104 comments

  1. s/News/Not News/ by Lord+Grey · · Score: 4, Informative
    The article links to TechDirt but the actual article is at Forbes:

    What Privacy Policy?

    Survey statistics from the real article:

    More specifically, 80% of marketers said their organizations share e-mail addresses with third parties, compared with 47% of security and privacy officers. Other examples: 65% of marketers said they would distribute a customer's cellphone number, while only 47% of privacy execs said their companies allowed the data to be shared. Forty-five percent of marketers believe their companies shared credit card data, compared with 32% of privacy officers, and 29% of marketers believe their firms distribute social security numbers, compared with 7% of privacy professionals.

    Those numbers just back up what we all believed anyway, right? I mean, is this really news? Or just news with different numbers?

    --
    // Beyond Here Lie Dragons
    1. Re:s/News/Not News/ by Shadow+Wrought · · Score: 5, Funny

      You mean... marketers don't care about us? All they care about is our money? So many illusions shattered.

      --
      If brevity is the soul of wit, then how does one explain Twitter?
    2. Re:s/News/Not News/ by b4upoo · · Score: 3, Insightful

      Although I am not a privacy advocate I do advocate for truth. If companies are sharing data while deceiving customers then prison is the place for these executives.
                          I am convinced that our justice system has become little more than a racial and social system that is clearly devoted to crushing the lower classes. That is why we are bombarded with white collar crime and these people rarely are punished.

    3. Re:s/News/Not News/ by Original+Replica · · Score: 3, Insightful

      You mean... marketers don't care about us? All they care about is our money?

      It's in the nature of what they do. They trade in the awareness and perceptions of other people. A marketer that wanted to preserve consumers privacy and individual choice would be like a surgeon that was afraid of blood and was squeamish about cutting into somebody. A marketers job is to tell you how to think, what to want, and what ideals to have. They respect you like a puppeteer respects a puppet.

      I've always found the marketer/news media duality more entertaining than the marketer/privacy policy duality. Journalists will swear that they aren't trying to influence people. They are just reporting the facts. But the ad sales departments sell commercial slots for those same programs with the pitch about how many millions of viewers can be influenced.

      --
      We are all just people.
    4. Re:s/News/Not News/ by Anonymous Coward · · Score: 0

      Those numbers just back up what we all believed anyway, right? I mean, is this really news? Or just news with different numbers?

      Exactly. Furthermore, note the name -- privacy policy -- it's just "policy" and has no legal standing. A company can change policy any goddamned time it wants to, with absolutely no legal repercussions. The company giveth and the company taketh away.

      The most flagrant use of "policy" that I've ever seen occurred many years back. As executor of a will, I had to cash out a US savings bond from the 1940s. I was working downtown, so I took it to the downtown branch of the bank where I had an account at my neighborhood branch.

      On the back was the statement, "For immediate payment, present this bond to any bank in the United States." This was not only underlined, it was the only text on the back printed in red.

      When I "presented the bond for payment, I got a ration of shit I couldn't believe. First of all, the asshole told me He couldn't verify I was who I said I was and that I was the neighborhood branch's customer. I told him they had no fucking idea who I was -- I'd never been inside the building, having only signed the account application my wife had brought home. It could as easily have been signed by the milkman or her paramour. I was however in front of this asshole with numerous forms of picture ID, including an in-state drier's license and my military ID.

      He finally said he'd forward the bond to the local Federal Reserve Bank. I asked why, in view of the verbiage on the back of the bond, and he said it was the bank's "policy". I said, "So, your bank's policy overrides the underlined, written-in-red word of my US Federal government?" The next word out of his fat, sallow, banker's face was, "Yesss."

      If I'd had a spare length of 4x4 on me, I could have cheerfully driven it right through the son of a bitch's smug, goddamned puss.

      In the end, however, he found a flaw that put the situation to rest. The face of the bond had a small circle labeled, "Issuing agent's date stamp". Thirty years before that day, the stupid-ass "issuing agent" had failed to apply his date stamp.Wonder why my blood boils when I hear the word "policy"? It's totally fucking without any real meaning.

    5. Re:s/News/Not News/ by budgenator · · Score: 2, Interesting

      A marketers job is to tell you how to think, what to want, and what ideals to have. They respect you like a puppeteer respects a puppet.
      How quaint, when I took marketing it was composed of 3 P's, Product, Price, and Placement and consisted of figuring out what the customer wanted, how much he wanted to pay and where he wanted to purchase; adding the forth P, Promotion really inverted things. Seems a 3P marketer wants his offices next door to the R&D department to make it as easy as possible to get potential product into production; a 4P marketer wants to be as close to legal as possible to make it as easy as possible to see how much they can get away with!

      --
      Apocalypse Cancelled, Sorry, No Ticket Refunds
    6. Re:s/News/Not News/ by CDMA_Demo · · Score: 0, Redundant

      If companies are sharing data while deceiving customers then prison is the place for these executives.

      If I was from Control, you'd already be in prison.
      If you were from Control, you'd already be in prison
      Neither of us are in prison, so obviously...

    7. Re:s/News/Not News/ by Reziac · · Score: 2, Insightful

      Things changed when companies stopped selling a product, and started selling customers to each other.

      --
      ~REZ~ #43301. Who'd fake being me anyway?
    8. Re:s/News/Not News/ by Anonymous Coward · · Score: 0

      Q: How can you tell when someone in marketing is lying to you?

      A: His lips are moving.

    9. Re:s/News/Not News/ by JAlexoi · · Score: 1

      >> Although I am not a privacy advocate
      Really? Care to share your Full Name, CC number,residential address and SSN?

    10. Re:s/News/Not News/ by mpe · · Score: 1

      Q: How can you tell when someone in marketing is lying to you?
      A: His lips are moving.

      The original version was "How can you tell it a politician is lying?"
      Effectivly privacy policies translate into "We won't pass on your details, unless we are lying. We might change out minds (or start lying) in future, without you knowing about it".
      For all practical purposes they are meaningless. Unless those involved were to break an actual law, you have no comeback. AFAIK the only "data protection" laws which exist in the US involve video libraries. No doubt corporate lawyers would argue that they only apply to VHS tapes...

    11. Re:s/News/Not News/ by mpe · · Score: 1

      Although I am not a privacy advocate I do advocate for truth. If companies are sharing data while deceiving customers then prison is the place for these executives.

      In how many such cases do they break the letter of the law though...

      I am convinced that our justice system has become little more than a racial and social system that is clearly devoted to crushing the lower classes. That is why we are bombarded with white collar crime and these people rarely are punished.

      Even more rarely punished proportionally to the damage their crimes do.
      One interesting thing mention in relation to Michael Moore's "Cracker the Corporate Crime Fighting Chicken" is that corporate crime accounts for a major proportion of crime, whilst being ignored by both the media and law enforcement.

  2. Ummm.... Duh... by guruevi · · Score: 4, Insightful

    The strength of a chain is only that of it's weakest link. We recently had a proposal to implement NAC and they're constantly tightening policies. Most solutions however are easily circumvented and rendered incapacitated by only one person or device.

    As usual, the problem with computer and/or network security is not necessarily the computer (unless you're running Windows) but the people sitting in front of it.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
    1. Re:Ummm.... Duh... by illeism · · Score: 1

      As usual, the problem with computer and/or network security is not necessarily the computer (unless you're running Windows) but the people sitting in front of it.

      Which is why we need robots!

      --
      Help test the /. effect at my min
  3. Oh wow this isn't obvious by Broken+scope · · Score: 0, Flamebait

    A system is only as good as the people that control it.

    I would have never come to that conclusion without this article.

    Really, in all seriousness, is this actually a surprise?

    --
    You mad
    1. Re:Oh wow this isn't obvious by flaming+error · · Score: 1, Interesting

      > A system is only as good as the people that control it.

      A system that needs people to control it is destined to fail. A system that controls itself is robust.

    2. Re:Oh wow this isn't obvious by Kjella · · Score: 1

      A system that needs people to control it is destined to fail. A system that controls itself is robust.

      Unless you've secretly developed strong AI, there's always people at the helm somewhere. If they aren't the controls someone implemented those controls. Someone designed those controls. In anything but the simplest systems only people are able to spot people that circumvent the controls and improve them. Whoever checks that everything is controlled could slip something past the entire control system. Then you need watchers, and who watches the watchers? And even when the system is supposed to control itself like say the division of power in government (Legislative, Executive, Judicial) there's always people in the system trying to unravel it. Yes, I know a lot of the time computers are watching other computers but it doesn't change who's in charge.

      --
      Live today, because you never know what tomorrow brings
    3. Re:Oh wow this isn't obvious by Red+Flayer · · Score: 1

      A system that needs people to control it is destined to fail. A system that controls itself is robust.

      Whatever, HAL.

      A system that controls itself is only as robust as the initial designers made it.

      A process that needs people to take action is destined to have problems. A system that consists of actions taken by people cannot control itself, and is destined to have problems.

      --
      "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
    4. Re:Oh wow this isn't obvious by Jarjarthejedi · · Score: 4, Insightful

      The best systems are the ones that take advantage of people's laziness to help them. If it required filling out a form in order to give out any information on a customer I bet you'd see far less information being given out. On the other hand, if you can give out the information easily, you're more likely to give it out freely.

      The more it costs people (in time) to give out your information, the safer your information is.

      --
      There are two kinds of fool One says 'This is old therefore good' Another says 'This is new therefore better'- Dean Ing
    5. Re:Oh wow this isn't obvious by rlwhite · · Score: 3, Funny

      I can't let you do that, Dave.

    6. Re:Oh wow this isn't obvious by flaming+error · · Score: 1

      > the system is supposed to control itself like say the division of power in government
      That is exactly the sort of system I'm talking about. Other self-controlling systems include market economies, and Nature.

      > there's always people in the system trying to unravel it.
      Just because humans want to (and do) subvert such systems doesn't mean all systems are actively managed. Nor does it mean that actively managed systems are comparably robust to self-correcting systems.

      For example, Republicans and Democrats have subverted the separation-of-powers so completely that even SCOTUS now breaks along party lines, but it's not clear that an omnipotent Chief Commander/Committee of Power Division would have prevented that. Nor is it clear that concentration-of-powers would have been a more robust system.

      Your point that humans devised the system is well taken. And if you argue that the system needs people to defend it, I accept that. But fighting subverters is not the same thing as controlling the process.

      > there's always people at the helm somewhere.
      In the context of privacy policies that's true today. That doesn't mean a self-correcting privacy structure is impossible.

    7. Re:Oh wow this isn't obvious by Hognoxious · · Score: 1

      Enterprise is infected with carbon units.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  4. What other areas does this apply to? by RabidMoose · · Score: 5, Interesting

    I, for one, would seriously like to see a survey conducted across a wide ranges of job types and industries, polling employees about how compotent they feel they are at their job. I get the feeling a rather large number of people are just desk-fillers, who happened to be able get through the interview process, only to realize they have no idea what they're doing. And the same people have bosses who are just as incompotent, so everybody keeps their job.

    1. Re:What other areas does this apply to? by TravisO · · Score: 1

      Such thoughts, despite being shockingly correct, when spoken out loud may cause the universe to collapse. So please keep them to yourself.

      Welcome to enlightenment my friend.

    2. Re:What other areas does this apply to? by Lucidus · · Score: 2, Insightful

      Unfortunately, I don't think you would learn very much from your survey. One of the things the less competent are less competent at, is self-evaluation. I am sure many of us have observed this, and there have been studies which support the same conclusion with some rigor. The biggest screw-up in the company always believes he is indispensable. On the other hand, highly capable people tend to have a much more accurate understanding of both their strengths and their weaknesses.

    3. Re:What other areas does this apply to? by Original+Replica · · Score: 1

      So what do we do with the people who aren't really competent at anyneeded job? There are all too many people in this world with no real skill, or motivation, or critical thinking ability. It appears to be morally/politically unacceptable to let them fail severely enough to inspire self motivation and the real desire for a useful skill.

      --
      We are all just people.
    4. Re:What other areas does this apply to? by Bugs42 · · Score: 2, Funny

      I, for one, would seriously like to see a survey conducted across a wide ranges of job types

      I, for one, am glad to see a post that begins with "I, for one" but doesn't end with "overlords."

      --
      Programmer: an ingenious device that converts caffeine into code.
  5. Thank you, oh, master of the obvious! by Noryungi · · Score: 2, Insightful

    Privacy only as good as the people taked to enforce it? And how is this news, hmmmm?

    I mean, I once heard of a farmer who gave the keys to the henhouse to a fox. And, guess what? The next day: no more chicken! What a surprise!

    In other news, people with matches put more things on fire, and war is dangerous business for just about everyone, including puppies and cute little kids.

    --
    The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
    1. Re:Thank you, oh, master of the obvious! by ChowRiit · · Score: 1

      I mean, I once heard of a farmer who gave the keys to the henhouse to a fox. And, guess what? The next day: no more chicken! What a surprise!

      That's a pretty damn talented fox!

  6. Any policy... by eepok · · Score: 3, Insightful

    Any policy is only as good as the people enforcing them.

    See: US Constitution, Antitrust Law, the Tax Code

    1. Re:Any policy... by Bearpaw · · Score: 4, Informative

      True, although it's worth noting that the enforcement of the US Constitution is ultimately the responsibility of US citizens.

    2. Re:Any policy... by eepok · · Score: 1

      So very true. So what's that say about the education and capability of our body politic?

    3. Re:Any policy... by dkleinsc · · Score: 1

      To summarize the summary: People are a problem.

      --
      I am officially gone from /. Long live http://www.soylentnews.com/
    4. Re:Any policy... by karbyn-aceous · · Score: 0

      yeah ... exactly. And don't look now, but nobody but purists (puritans? lol) and 'crazy people' care. Oh, and Texans and guns. Seriously, you guys let your rights slip away word by word.

    5. Re:Any policy... by Anonymous Coward · · Score: 0

      "True, although it's worth noting that the enforcement of the US Constitution is ultimately the responsibility of US citizens."

      Now I'm really worried.

    6. Re:Any policy... by hhandyman · · Score: 1

      If you want privacy then be the first holder of the keys to your secrets.. dont say it.. and it cant be repeated. Nuff said. Ok.. alright.. simple If you dont want anyone to know your size dont go skinnydipping under the spy satalites.

  7. In related news by Anonymous Coward · · Score: 1, Funny

    Water is wet. Shit stinks. Money is nice to have. Details at 11.

    1. Re:In related news by sm62704 · · Score: 5, Insightful

      Shit stinks

      When my oldest daughter was born, the first time I changed her diaper I said "Wow! A miracle baby! My kid's shit don't stink!

      Two weeks later I almost gagged changing her, I was ready to call the EPA. Later I found that no newborn's shit stinks. It only stinks after the baby has bred bacteria in its bowels.

      Shit does not, in fact, stink. Bacteria stinks. You might actually need to run a scientific experiment to determine this statement's validity.

      The article would be a lot more newsworthy is the researchers had found surprising data rather than what everyone expected.

      --
      mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
    2. Re:In related news by Anonymous+Monkey · · Score: 1

      you need to watch "Bill Cosby Himself." He talks about that very thing.

      --
      We are the Borg...
    3. Re:In related news by Anonymous Coward · · Score: 0

      Yay, a post about shit that isn't a troll

    4. Re:In related news by bwcbwc · · Score: 1

      Actually, it depends what the bacteria feed on. The bacteria don't just magically appear in the baby's intestines. They are already there, but the only thing in the baby's digestive system is whatever amniotic fluid the baby has swallowed while in the womb. No real decay products to deal with there. Once they start consuming mother's milk or formula, it starts to stink quite a bit, but the real killer comes when they start to eat baby food and you they get their first meat-based food.

      --
      We are the 198 proof..
    5. Re:In related news by bwcbwc · · Score: 1

      OMG. My sig is relevant for once.

      --
      We are the 198 proof..
  8. Most privacy policies are worthless anyway. by Ken+D · · Score: 5, Interesting

    Seriously. Google the phrase "except as allowed by law", you will find tons of privacy policies that look like this "BlahCo does not share your data except as allowed by law".

    Oh great! They won't break the law. That's comforting. Thanks for spending money telling me how you won't do anything to break the law. You'll just distribute my info to anyone to whom it is legal to do so.

    How about "BlahCo will not share your data except as REQUIRED by law." Oh no, that would stop their marketing efforts....

    1. Re:Most privacy policies are worthless anyway. by st33med · · Score: 1
      Heh, good point. Think I need to check privacy policies for that when I visit a site...

      BTW, checked SourceForge's privacy policy:

      SourceForge has a user's permission or as required by law, SourceForge will only share the personally identifiable information a user provides online

      Good thing :)

    2. Re:Most privacy policies are worthless anyway. by swm · · Score: 4, Interesting

      A few years ago, congress passed a law requiring companies to disclose their privacy policies to their customers. That's when we started getting those dense little privacy notices stuffed into our credit card bills and splashed onto web signup pages.

      Someone went through and *read* one of those things (from a major brand, I forget who) and worked out the actual content of it. What it came down to was

      "If you don't check the box [on the signup page], we will do whatever we like with your personal information.

      "If you do check the box, we will do whatever we like with your personal information, but we won't break the law."

    3. Re:Most privacy policies are worthless anyway. by Anonymous Coward · · Score: 0

      You're suggesting that a privacy-conscious person who wants to find bad policies should use Google to do so? Maybe you should look into Google's own practices regarding privacy first before advocating the use of their search engine to find other violators.

    4. Re:Most privacy policies are worthless anyway. by mpe · · Score: 1

      A few years ago, congress passed a law requiring companies to disclose their privacy policies to their customers.

      As opposed to passing a law restricting what companies could do with data about their customers, which would acually be of some use. However so long as it's only "plebs" being abused this is unlikely to happen. The only data protection type law in the US appears to have originated because the media got hold of information on a "patrician".

      Someone went through and *read* one of those things (from a major brand, I forget who) and worked out the actual content of it. What it came down to was
      "If you don't check the box [on the signup page], we will do whatever we like with your personal information.
      "If you do check the box, we will do whatever we like with your personal information, but we won't break the law."

      More simply "heads I win, tails you lose!"

  9. wow! by xpuppykickerx · · Score: 1, Informative

    i hope they didn't spend too much money figuring this out.

  10. Always the case? by nine-times · · Score: 1, Insightful

    Aren't any policies or laws only as good as the people enforcing them?

  11. Some companies, such as Deniro just plain lie. by www.sorehands.com · · Score: 4, Interesting

    There are some companies, that just plain lie. In one such instance, Deniro Marketing, they were provided a unique e-mail address, and now that e-mail address is getting spam for drugs, enhancement products, stock tips, etc.

    I have had other companies (versuslaw.com) try to claim that "you must have been infected with a virus that distributed your address book." Of course, I run OS/2 and Post Road Mailer. Nobody writes virii for OS/2 and Post Road Mailer does not run scripts or anything else. Of course, I had another company blame it on their fulfillment people.

    --
    Fight Spammers!
    1. Re:Some companies, such as Deniro just plain lie. by sconeu · · Score: 1

      Could be a dictionary attack.

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    2. Re:Some companies, such as Deniro just plain lie. by Progman3K · · Score: 1

      Or someone who had your address in their address book got pwned

      --
      I don't know the meaning of the word 'don't' - J
    3. Re:Some companies, such as Deniro just plain lie. by GryMor · · Score: 1

      Could check that by having some honeypot addresses that are just never shared but should get hit by dictionary attacks more frequently than the uniques.

      --
      Realities just a bunch of bits.
    4. Re:Some companies, such as Deniro just plain lie. by b4upoo · · Score: 1

      What fraction of people that send you spam wind up in prison? Deliberate privacy violations are probably showing an even worse record. Until we are willing to put people of the white collar and upper executive class in prison for long periods of time we will have no control over violations at all.

    5. Re:Some companies, such as Deniro just plain lie. by ShadowsHawk · · Score: 1

      We registered at BabysRus and now we're getting physical mailers for various baby products. I never signed a waiver allowing them to give away (or sell) my information.

    6. Re:Some companies, such as Deniro just plain lie. by mpe · · Score: 1

      What fraction of people that send you spam wind up in prison?
      Might help if law enforcement actually took much of an interest. Even if the spam itself isn't technically illegal most spammers break all sorts of laws.

      Deliberate privacy violations are probably showing an even worse record.

      Is there are law against it?

  12. No surprise by Anonymous Coward · · Score: 1, Interesting

    No surprise. Privacy policies are really there to cover the corporation's assets, though they also function nicely as a platform for lawsuits.

  13. Policy != same interpretations by jellomizer · · Score: 3, Insightful

    There is a thick gray line for what falls under protecting privacy and sharing critical information.

    Giving an email adress for some may not seem like critical information that will violate a persons privacy, while to others it would be like a crime against humanity and all that is decent. Or you can go more to the middle, like the information that TiVo collects, while it is not accoated to any particular person however their viewing habits are monitored and tracked and used for advertisers, to but a little green thumb next to stuff you may be interested in. Or to see that you actually do watch that show that in public your vietemently deny ever seeing. Perhaps it could go one step further of using your system ID left join to user names of system IDs name and adresses.... All information falls on the sliding scale. If you are a good data miner and have the access you can figure out most anything.

    Eg. a normal Slashdot post. you have the user name. Then you can see all the posts the person posts in the past. For example you can probably search all my posts and find my Real Name and my Current address. As looking at pages I have linked to areas of interests I talked about with some authority on, or if I had a home page setup people would see my home page... Then you may cross reference my login name with other sites and see other interests I may have or it could be someone else with the same handle however it could be a clue, further on. Then finding my name and location my may find where they work and most likely their resume if they are looking for a job......
    Now I would prefer that you didn't do such as I would feel it would be a violation of my privacy. However there is a lot of information that can be gathered from a person today.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    1. Re:Policy != same interpretations by TheLink · · Score: 1

      "while to others it would be like a crime against humanity and all that is decent"

      Actually to me it's more of whether they LIED or not.

      If they said they'd keep it a secret, or "you'd only get email from us", and spam starts showing up on your unique hard to guess email address reserved for them (e.g. brand@something.random.yourdomain.com, then it's likely they lied.

      If they lied about something like that, I'd say they'd lie about other stuff too.

      --
    2. Re:Policy != same interpretations by jellomizer · · Score: 1

      Still there is a gray line. Lets say I said I will not give your email to any 3rd party. My compnay owns Xyz.com and sells JKL and BYL.com and sell IOQ which is a cross sell of Xyz.com so I gave the address to BYL.com from Xyz.com without going to a 3rd party company just an other division.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  14. I'm not surprised... by Registered+Coward+v2 · · Score: 4, Insightful

    Marketers are rewarded for increasing sales / revenue / market share and so would view anything that can do that as a good thing to do.

    Privacy officers, OTOH, are trying to protect customer data and so have a different outlook and reward structure.

    My point - this is why strategies (Financial / Customer / Process) need to be articulated at the C level and reviewed and outcomes monitored on a regular basis - so everyone is on the same page.

    What really bothered me was this:

    And in 2005, data broker Choicepoint sold more than 145,000 individuals' personal data to Nigerian scammers it believed were legitimate marketers.

    In another ongoing case, Ponemon founder Larry Ponemon says he is consulting with a major financial institution currently being investigated by several states' attorneys general in a major data breach attributed to an e-mail marketing partner. The company, Ponemon says, gave data from six million customer accounts to a marketing firm in Southeast Asia, where it was eventually posted to a Central Asian site dealing in black-market credit card numbers.

    As criminals grow in sophistication and are able to co-opt crocked government officials you'll probably see more off this - why phish when you can buy the data you need outright?

    Setup a shell company, buy the data you want and go to town (and anywhere else you want) on somebody else's dime. Off course, as corporate losses mount from such fraud the corporations will push for tighter controls simply because it starts to hit them in the wallet.

    I had someone charge airline tickets on my card - I had flight numbers, ticket numbers and names and could not get the airline to cancel the tickets; even after I told them it was fraud and the charges were disputed. Right now fraud is just a cost of doing business I guess.

    --
    I'm a consultant - I convert gibberish into cash-flow.
    1. Re:I'm not surprised... by Anonymous Coward · · Score: 0

      Couldn't you show up and punch out whoever tried to use those tickets?

    2. Re:I'm not surprised... by CodeBuster · · Score: 1

      even after I told them it was fraud and the charges were disputed.

      So phone your card company, explain the situation and have them hit the airline with a chargeback. The majors all have anti-fraud divisions that will investigate the situation and reverse charges when the evidence is in favor of the customer, particularly if you were prompt in reporting the fraudulent activity.

    3. Re:I'm not surprised... by Registered+Coward+v2 · · Score: 1

      even after I told them it was fraud and the charges were disputed.

      So phone your card company, explain the situation and have them hit the airline with a chargeback. The majors all have anti-fraud divisions that will investigate the situation and reverse charges when the evidence is in favor of the customer, particularly if you were prompt in reporting the fraudulent activity.

      First thing I did; since my card statement online shows the passenger name, flight and ticket # I tried to let the airlines know so they could take action before the ticket was used. In one case the outbound but not the return was used; I'd love for them to strand the thief in a foreign country or have them arrested.

      --
      I'm a consultant - I convert gibberish into cash-flow.
  15. Next on slashdot, coats keep you warm! by blahbooboo · · Score: 1

    Thanks for the article captain obvious :)

  16. the system in question is composed of people by circletimessquare · · Score: 1

    who is modding this crap as interesting?

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  17. Re: Shit don't stink by Anonymous Coward · · Score: 0

    Thanks for the insight. Now THIS is why I read Slashdot!

  18. Privacy by Archangel+Michael · · Score: 1

    Just like the cake ... it is a lie

    Just like a spoon ... there is no privacy

    Let just microchip everyone with the Mark of the Beast and be done with it already. Sheesh.

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  19. The survey doesn't even touch the hidden sharing by Darlin+Candy · · Score: 2, Interesting

    I was surprised to find my own company shared email addresses. I created an account for my companies website with my work email address... When I began being spammed with viagra ads and ways to play poker legally I was shocked. When I asked my director about this, they said they knew of nothing about it and would look into it. a couple weeks later I was informed they found the issue and it should be resolved.... What does that mean? I may never know.

  20. In other news... by KC7GR · · Score: 2

    Weather due to change within 24 hours! Sun expected to rise in east!! Horny dolphins shock whale-watchers with aquatic orgy!!!

    @Slashdot editors: Slow news day?

    --

    Bruce Lane, KC7GR,

    Blue Feather Technologies

    1. Re:In other news... by Anonymous Coward · · Score: 0

      It appears to be a slow news day indeed!

  21. Who do you think? by BalorTFL · · Score: 2, Funny

    who is modding this crap as interesting?

    It's those damn moderator-robots, of course!
    (Which I'm told are the robust, self-controlled pinnacles of Slashdot moderating who will never fail us.)

  22. This pretty much says it for me: by BattyMan · · Score: 3, Interesting

    From the TechDirt discussion:

    When it comes to business "data" and citizen "data" we have seem to have two standards. Business believe that they can expropriate private data at will. We already have had example where the medical profession has taken samples from patients (without their permission in some cases) and developed tests, patented those tests, and made money; and given the patient zippo.

    Now if you, as a citizen, take business "data" such as a song you are deemed to be guilty of theft! Not only that, but as Mike has pointed out in other articles, the MPAA and the RIAA want to ignore due process. If they say you are guilty, you are guilty irrespective of the existence of any evidence.

    Business' should NOT have a right to expropriate, at will, what is not theirs.

    If corporate Amerika treated my "intellectual 'property'" (i.e. my personal identity, beginning with my email address, which I'll point out that they pay me NOthing for, but rather obtain by extortion: "you must surrender an email addres to register to use this website"!) as MY PRIVATE PROPERTY, maybe I would feel more inclined to treat their "intellectual 'property'" (i.e. music and movies _I_'ve paid money to them to use!) with a little bit more respect.

    As it stands now, what's good for the goose is good for the gander, and just as they see nothing wrong with sharing "my" email address with their "coroporate partners and marketing associates", I find nothing wrong with sharing "their" music and movies with my family and friends.

    --
    Exceeding the recommended torque is not recommended.
    1. Re:This pretty much says it for me: by Anonymous Coward · · Score: 0

      Hell ya! You said it. It's hard to feel bad for downloading some music and movies at the supposed plight of these mega corporations when the world and media is awash with examples of how they undermine us and target us on a daily basis.

    2. Re:This pretty much says it for me: by Anonymous Coward · · Score: 0

      If corporate Amerika treated my "intellectual 'property'" (i.e. my personal identity, beginning with my email address, which I'll point out that they pay me NOthing for, but rather obtain by extortion: "you must surrender an email addres to register to use this website"!)

      Do you mean like Slashdot? To which you must surrender an email address (currently, don't know about the 5-digit era).

      This is not extortion and nor is it force. Choose not to surrender your address. I haven't and nor will a phoney address be created.

      Also, I buy lots of stuff with a phoney email address. E.g., ihatemail@yoursite.com. Guess what? I get an order confirmation number/receipt page anyway (in case there is a problem). I get my stuff. Some even have tracking numbers available without going online. NOBODY has refused to sell to me because there wasn't an email address. This includes large purchases.

    3. Re:This pretty much says it for me: by BattyMan · · Score: 1

      Do you mean like Slashdot? To which you must surrender an email address (currently, don't know about the 5-digit era).

      Exactly. But I trust Rob. Give him a chance, register a honeypot address.
      Also, the email address I gave him (and which I've had since the 5-digit era, when I was a n00b) has been exposed in so many other places (domain name registration, for example) that it doesn't make any difference anymore. I use that one for a honeypot.

      It's ${MyBank}, ${MyMortgageLender}, CitiBank, Sears, Amazon, eBay, PayPal, YouTube, MyFace, SpaceBook, AdultFriendFinder, Alt.com, etc etc etc that want an email "to send yer password to" just so they can be _sure_ that it's a real, working addy. Which of these guys (if any) can you trust?

      Despite their history of ePending and spamming, I didn't really have the option of NOT dealing with Sears when the dishwasher puked all over the floor and needed a new pump seal. They wanted a REAL email, and they wanted to test it.

      What I've discovered recently is that Gmail accepts ".whatever" added to your username @gmail.com, so "battyman1.any_damn_thing@gmail.com" not only goes straight to the Gmail honeypot, but also identifies _who_ sent it there (or gave it to their friend to send there). This makes honeypot addresses compellingly easy to create. Mikie likes it!

      --
      Exceeding the recommended torque is not recommended.
  23. Stuff that matters? by taustin · · Score: 1

    Is this a subtle way of announcing that Fark ran out of Obvious tags?

  24. Until... by XanC · · Score: 1

    Until it changes without notice to read "we'll do whatever we want" and they still have all your data you gave them under the previous policy.

    So even a great policy doesn't really mean jack, if you don't trust the people and the company. And not just now, you have to trust everybody who might ever have access to that data in the future!

  25. In other news by Rob+T+Firefly · · Score: 0, Troll

    I'd like to extend my most sincere congratulations to Commander Obvious on his promotion to Captain.

    --
    Slashdot Burying Stories About Slashdot Media Owned
  26. I love it when your scientific by techpawn · · Score: 1

    A new study surveyed a bunch of executives,

    Oh! I love it when you talk all statistical and scientific to me! Giving me the hope of REAL data... but alas you dash my hopes...

    --
    Ask not what you can do for your country. Ask what your country did to you
    1. Re:I love it when your scientific by Anonymous Coward · · Score: 0

      your != you are

  27. Maintain Your Privacy First by stewbacca · · Score: 2, Interesting

    The only way to "try" and maintain your privacy is to NOT give away things like your name, e-mail address, phone numbers, etc. That still won't ensure privacy, as this article proves, but you don't need to make it any easier for them. Given most of you aren't willing to go to the extremes required to maintain your privacy yourselves, you should just expect your privacy to be violated. How many of you screaming "privacy!" right now have unlisted phone numbers, for example?

    1. Re:Maintain Your Privacy First by Anonymous Coward · · Score: 0

      Unlisted phone numbers cost money.

      The point everyone is trying to make is that privacy should be the default--it shouldn't cost you any time or money.

    2. Re:Maintain Your Privacy First by Anonymous Coward · · Score: 0

      How many of you screaming "privacy!" right now have unlisted phone numbers, for example?

      I wouldn't scream it. That defeats the purpose. My phone is unlisted AND the ringer is always in the off position. Generally, when ordering something, I do not give a real email address or phone number. They want my money first, that is all they get and an address where to ship stuff. If it isn't tangible, I am not buying it.

  28. Gotta Love the Double Standard . . . by The+Angry+Mick · · Score: 4, Interesting

    . . . in this little gem from the Forbes article:

    Ponemon notes that despite their differences, the two groups [marketeers and privacy officials] tend to agree about the privacy value of another kind of information: their own. Ninety-three percent of marketers and 99% of privacy officers surveyed said their own privacy was "an important personal issue."

    Translation:

    "I don't give a shit about my customer's privacy, but nobody better ever fuck with mine.

    --

    I'm not tense. I'm just terribly, terribly, alert.

    1. Re:Gotta Love the Double Standard . . . by shermo · · Score: 1

      There's a big difference between 99% and 93%.

      In other words "Only 1% of privacy officers surveyed didn't think their own privacy mattered, whereas a massive 7% of marketeers don't care about their own privacy"

      --
      Insanity: voting in the same two parties over and over again and expecting different results
  29. Ameritrade by bcrowell · · Score: 5, Interesting

    A classic example of this is Ameritrade.

    1. http://bbs.spamgourmet.com/viewtopic.php?t=81&postdays=0&postorder=asc&start=45&sid=21389b26d00d7c69bc59424a299b3f98
    2. http://groups.google.com.fj/group/news.admin.net-abuse.email/browse_thread/thread/de64222d0929c6b4/a402bc49558f7330

    I set up an account with them, using a single-purpose email address, amtdcrowell06 at lightandmatter.com. Notice the amtd on the front, which was a unique prefix I chose just for use with them. I started getting spam like crazy. Strangely enough, the spam was all about stocks -- pump-and-dump stuff. Ameritrade tried to blame it on a virus, which wasn't very plausible, since I was running FreeBSD, postfix, and mutt. They tried to blame it on a brute force or dictionary attack, which also wasn't very plausible -- the prefix doesn't really consist of dictionary words, and 13 characters, consisting of a mixture of letters and digits, gives a total of 10^20 possible addresses that would have had to be checked by brute force. I wouldn't have minded if it was a myspace account or something, but these were people who had large amounts of my money. I migrated my account to scottrade. Years later the news broke that ameritrade had leaked tons of email addresses. They blamed it on some unknown insider. Since people had been telling them about the problem for years, you'd think they'd have clued in a lot earlier. It's amazing how bad an internet-based company can be at the internet thing. If any slashdotters are using ameritrade, you might want to think about switching to some other company. (Ameritrade's web interface also had some functionality that didn't work properly in Firefox on Linux.) You can transfer your portfolio from one company to another without having to pay capital gains, and without incurring transaction costs.

    --
    Find free books.
    1. Re:Ameritrade by RobBebop · · Score: 1

      You can transfer your portfolio from one company to another without having to pay capital gains, and without incurring transaction costs.

      I am an AMTD customer. Can you please explain this transfer in a little more details to spare me from doing the research?

      Gmail succesfully filters all my stock spam, but it wasn't until just now that I realized WHY I was getting it. That is a scumbag thing for a securities broker to do....

      --
      Support the 30 Hour Work Week!!!
    2. Re:Ameritrade by bcrowell · · Score: 3, Informative

      I am an AMTD customer. Can you please explain this transfer in a little more details to spare me from doing the research?
      Well, let's say you're going to switch to scottrade, which is what I did. Basically all you do is call up scottrade and tell them what you want to do. They'll guide you through the process of transferring your positions from ameritrade to them -- they're motivated to help you complete the process, because they want you as a customer. It was pretty easy when I did it. The only minor hassle was that small amounts of money ($5 and $10 amounts) kept showing up in my ameritrade account for a while from dividends from the stocks I'd had in that account before, and I had to talk to ameritrade to get that money sent to me (couldn't have them write me a check by the normal mechanism, because I no longer had a functioning account). Although the experience with Ameritrade was annoying, the whole thing did kind of work out well in a way, because Ameritrade gave me a certain number of free trades when I opened my account, whereas Scottrade would have charged me $7 a trade. So I got all my positions established for free, and then transferred them to a brokerage that wasn't so incredibly clueless about security and running a w3c-standards-compliant web site.

      --
      Find free books.
    3. Re:Ameritrade by Naturalis+Philosopho · · Score: 1

      Dude, I hate to burst your bubble, but in all likelihood they knew that they'd been pwned all along but just didn't want to admit it or do anything about it. I mean, what were you going to do? Move to another trader? ...oh, right.

  30. Dictionary attacks aren't all that common. by argent · · Score: 1

    Not for spam delivery. Spam bounces, yes, but even that's rare.

    The vast majority of the no-such-account spam to my mail server is to fragments of Usenet user IDs, old accounts, and so on. The only cluster of dictionary attacks are bounces from spam with my domain forged as the sender... and most of that is things like "DeloresrecessPayton" and "tanyaarentcouch", not credible user names. The top non-real accounts it's hitting are "pklss05", "zurw9t5", and "v72u6d1"... of the couple of thousand spams a day that get through my first level filters, there's only about 10 addresses that have two-digit counts, and they're all message-IDs like that.

    1. Re:Dictionary attacks aren't all that common. by sconeu · · Score: 1

      My argument was based on experience.

      Back on '01, I bought something from an online vendor. This was an account that had never been used before. Within an hour, I had gotten spam there. I complained, and got an apology.

      However, three hours later, four of my other accounts (two of which were also unused) got identical spam, suggesting to me that it was a dictionary.

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    2. Re:Dictionary attacks aren't all that common. by argent · · Score: 1

      Oh, I'm sure it can happen, but it's rare enough that after 15 years of spam to my server, with bursts of traffic that led me to block several countries at the router simply because I couldn't afford the extra traffic from the SMTP handshakes from spam attempts, I've only seen rare indications of dictionary attacks, and none recently.

  31. Best Incident I ever Read Was About SOE by Il128 · · Score: 1

    SOE employee tells, SOE volunteer about a customer complaining about the SOE volunteer's behavior... SOE Volunteer uses access given to SOE Volunteer to look up Customers personal information and SOE actually Telephones Customer to warn them not to be complaining about them. - http://n3rfed.blogs.com/n3rfed/2005/07/this_update_is_.html

    --
    Thanks to eating disorders most chicks are reasonably good looking these days.
  32. why isn't this someones job? by nx6310 · · Score: 1

    I mean there's Green Peace for the planet, Human Rights Watch for human rights...etc.

    If there has ever been a need in need of invention this is it, internet users would like to go to one big third party and check out whether or not Facebook will give their information to say, my insurance company when I fake getting a Tattoo infection.

    I seriously think as a business this would be a very lucrative industry, at the same time I for one wouldn't mind entering Wakoopa in the search engine of this company's website.

  33. Don't forget the caveats... by The+Angry+Mick · · Score: 1
    Don't forget about all those clauses to the effect of (emphasis mine):

    We reserve the right to update this policy at any time and to notify you, the customer, by making changes to this web page.

    It's perfectly legal, but what if they change the terms for say, one hour, sell their entire customer database, then change it back? Unless you're refreshing that page 24-7, you will be screwed. Remember when Yahoo did this?

    --

    I'm not tense. I'm just terribly, terribly, alert.

    1. Re:Don't forget the caveats... by Yer+Mom · · Score: 1

      Don't forget about all those clauses to the effect of (emphasis mine):

      We reserve the right to update this policy at any time and to notify you, the customer, by making changes to this web page.

      It's perfectly legal, but what if they change the terms for say, one hour, sell their entire customer database, then change it back? Unless you're refreshing that page 24-7, you will be screwed

      So we should all set up a cron job to load their privacy policy every 5 minutes. When they complain, point out how they're not leaving you much choice if you want to keep up to date.

      Maybe then they'll pick up a clue at the corner store...

      --
      Never mind Spamassassin. When's Spammerassassin coming out?
    2. Re:Don't forget the caveats... by zblack_eagle · · Score: 1

      Then if people find out about it you may expect a class-action lawsuit fighting whether that is reasonable notice. It might not be as obviously damaging as a utilities bill hypothetically changing the contract to let themselves bill you extra money, but in this age of mass identity theft it may be interesting to see where such a case would go

    3. Re:Don't forget the caveats... by The+Angry+Mick · · Score: 1

      Oooh . . . that is a sublimely evil idea. I like it!

      --

      I'm not tense. I'm just terribly, terribly, alert.

    4. Re:Don't forget the caveats... by mpe · · Score: 1

      So we should all set up a cron job to load their privacy policy every 5 minutes. When they complain, point out how they're not leaving you much choice if you want to keep up to date.

      You'd probably need to do it a lot more often that that to catch all possible changes. It would be pointless anyway, this is just a policy even if it turned out they had violated it then good luck trying to sue them.

  34. New Democratic Party of Canada by SleepyHappyDoc · · Score: 2, Interesting

    I knew this a while ago. In a fit of stupidity, several years ago, I decided to join Canada's NDP, and I was dumb enough to give them my email address. What ensued has been very educational about the position privacy concerns really occupy in Canada. Not only do they use a huge variety of spam-filter evasion techniques on their missives, but they blatantly ignore their own privacy policy, to the point of ridiculing their own members when they ask about it. Now, I shouldn't have expected a lot from a political party, but it seems interesting that the people who demand that others obey privacy rules (to the point of creating laws to compel people to do so) would have such a disdain for them. If they won't follow it, what possible incentive does anyone else have to waste any effort doing so?

    --
    Stasis is death. Embrace change.
  35. The News is by myCopyWrong · · Score: 1

    that people who read Forbes don't like the violation. We know it's wrong and the public is catching up. That's good news.