Slashdot Mirror
The "Hidden" Cost Of Privacy
Schneier points out an article from a while back in Forbes about the "hidden" cost of privacy and how expensive it can be to comply with all the various overlapping privacy laws that don't necessarily improve anyone's privacy. "What this all means is that protecting individual privacy remains an externality for many companies, and that basic market dynamics won't work to solve the problem. Because the efficient market solution won't work, we're left with inefficient regulatory solutions. So now the question becomes: how do we make regulation as efficient as possible?"
1. Fake own death
2. ???
3. Private!
I looked at the title and read it "The 'Hidden' Cost of Piracy." Indicative of the type of articles I expect to see on /. these days?
Mon chien, il n'a pas du nez. Comment scent-il? TrÃs mauvais!
Reframe this debate into the cost of doing business in a democracy.
Ubiquitous networks capture data from home address to everyday transactions in detail. Private informations accumulate. Markets function on personal information. The expectation of privacy, its protection and concommitant personal security relying upon privacy regulation is a straw man standing in-place of an individual right.
Simply raising the strawman argument that your right to privacy is political, denigrates its consititutional status to regulatory statute.
Either the right to privacy is immutatable, codified in the constitution or too expensive? Reframe this debate into the cost of doing business in a democracy.
"What this all means is that protecting individual privacy remains an externality for many companies, and that basic market dynamics won't work to solve the problem.
Most problems, even when you're talking about business, cannot be solved by the free market. Privacy problems could be solved by legislation and/or regulation, but unfortunately governments care even less about your privacy than the corporate Ferengi do.
"Free market" is an oxymoron. Anyone who believes it can solve all the world's problems is just a moron.
Free Martian Whores!
It's funny that one could look at this and say the markets don't work. The markets ARE working and that most people don't actually care about privacy.
If people -cared- about privacy, they would be willing to pay for the extra care it takes to ensure that their data is private. But, we live in a world where most people really don't care so much if everyone else knows what they are doing, so long as they are not confronted with it, or misuse the information.
Like, if you told someone at a grocery store that, to get their "club card" savings, the store would know exactly what they bought, they would say, they probably didn't care. Now, if they got a letter from the grocery store saying, "hey, since you like strawberries, you might like our sale on blueberries", they might dig that too. And, if they got junk mail from blueberry and strawberry growers, even that might be ok. But, if they got an email saying, "hey, you are killing humanity because you are eating strawberries and your preference for red fruit makes you some kind of a communist", then they would be pissed off.
Bottom line is, people don't care about privacy, but they do care about having their personal information being used to hurt them. It's pretty much the 5th amendment proposition, writ large and writ everywhere. Nothing is really private, but, you can't have your personal information be used to attack you, and that is what the market reflects.
This is my sig.
Markets must be managed by a strong central regulatory authority.
Yeah, worked well for the Russians.
My blog
Define the ownership of personal data to include the person whom the data applies to.
If I enter into a business relationship with someone else, all the information I provide should be considered to be co-owned by both of us. Any subsequent sharing of that information with a third party should involve both the consent of both of us as well as sharing the proceeds of that subsequent exchange. When the costs of managing such transactions are factored in, far fewer of them would occur.
The idea that anyone complains about the costs of complying with such regulations puzzles me. I mean, I could start a business stealing cars and then complain that the costs of complying with auto theft laws were onerous and harming the profitability of my enterprise. Tough sh*t. Its all based on fundamental property rights. Just because someone has developed a business model based upon a legal oversight doesn't legitimize their complaint when the law catches up and plugs the loophole.
Have gnu, will travel.
So now the question becomes: how do we make regulation as efficient as possible?
You do it with a market of course.
Unfortunately that tends to mean a migration to places with essentially no regulation.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
Ideally, you come up with a simple baseline standard, whether through harmonization of existing laws and policies or by determining exactly how much privacy we deserve and enforcing it across the board. Then you push the standard at the federal level.
In practice, they will do the above, but to a minimal standard that is riddled with loopholes and overriding state laws that offer greater protection.
It's comparable to the security vs. convenience problem. There's a far greater cost to this patchwork system, and it's not nearly as good as it should be, but while it'd be far more convenient to harmonize everything the lobbyists will ensure the result will be evenly ineffective.
No, a firm regulatory hand is materially different from a command economy. Ask any Eastern European who sells into the EU.
#!
There are even more direct costs for consumers who wish to maintain their privacy these days. For example, how many of you have signed up for the discount card at the supermarket or the "rewards card" at any number of other businesses? Unless you have taken other steps which also cost money, such as arranging a mail drop or renting a PO Box, you have essentially "sold" your privacy in exchange for a discount on purchases. Those of us who value our privacy and wish to maintain it are frequently compelled to forgo such discounts or else pay, in time, money or effort, to set up specialized fronts to protect our "true" identities (i.e. the mail drop, aliases, corporate credit card, etc). Perhaps privacy was less expensive in the distant past, but in modern society preserving it effectively is becoming ever more labor intensive and expensive. In fact, the invasion of our privacy is now so pervasive that people give strange looks to those of us who decline to be part of "rewards", club cards, and other privacy invasive schemes in exchange for discounts; as if they cannot understand why someone wouldn't fill out a card with their real name, address, SSN, and mother's maiden name in exchange for a $5 discount.
Yes, it is.
Transparency for the state means transparency on laws as they are prepared, transparency towards regulatory bodies of those laws, etc... It means that the rules that state officials prepare and their work is fully transparent.
Still, the said officials can retain the full privacy of everything that isn't directly work related (IE. What they do on their time off work, what they do during their lunch breaks, whose photo they have in their wallet and what bodyparts have they pierced...)
State is indeed some concrete thing, independent from individuals. Ideal situation is that state represents the masses but it never represents the individuals.
You have:
SOX, CISP, GLBA, HIPPA as the most expensive for corporations. I can speak to CISP and HIPPA from a professional standpoint. The others I cannot.
CISP compliance has a serious impact in that test environments cannot use raw customer data for testing for banks. Sanitized data must be used in test environments normally. In the event of a product fix that needs to be testing back in a test environment offshore resources for instance cannot have access to those environments and the data must be documented and exist only for a limited time. Pulling 20,000 records for testing for instance may take 4-6 hours pre-CISP but post CISP the sanitization process may push that out to 5-10 hours. If you are attempting to do that process in the evening, with only a 6 to 8 hour window CISP meant that many had to beef up their systems to ensure the process was complete within the window. For smaller banks the costs must have been harsh. Updating software, policies and procedures can easily rack up a 6000 labor hours in the first year.
On average CISP complaince can double the turn around time of a production fix (say 20-60 hours of labor) into 40-80 hours for turn around. YOu have an entire chain of events that fire off and kicking out certain staff due to the existence of customer information takes time with SAPs, VPN connectivity, etc... Great for the customer, I cannot argue it, but expensive.
HIPPA I can speak to growing up in hospitals and clinics as well as painting in those locations part time. Part of the requirement that I see directly is, if I have to paint a clinic or office the clinic staff (not I the painter) has to go through and ensure that ANY AND ALL patient documentation is out of sight prior to me starting. HIPPA has too many "reasonable" language mistakes in it as who defines "reasonable"? The judge? Lawyers? JACO? Who? So paranoia is high with patient data (as it should be.) But getting staff to lock all that up prior to maintenance adds time.
Another hidden factor is space. A clinic now has to try and keep other patients out of ear shot pushing the lobby out farther.
Further segragation of roles and even something as simple as those privacy screens add up. In a typical hospital with 200 computers in it let us say, means at $10 bucks a screen you have $2000 in new expenses.
I've seen a few locations require the inter-office mail couriers to have locked boxes while moving around the facility. Those have to cost at least $350 bucks a box for those.
Now all those HIPPA forms are going to double if not triple the amount of paper you are ordering. Liability and insured communications also increase costs and add delays. More cerified mail goes out now as far as I can see since HIPPA also.
One thing to keep in mind is that ANY GOVERMENT COMPLIANCE that exists is disporotionally expensive to smaller organizations. SOX killed a lot of smaller corporations due to the cost of compliance. The smallest get exemptions, the largest can afford it, it's the mid-size businesses that get crushed.
-=[ Who Is John Galt? ]=-
Well at least it is hidden, that's what the privacy advocates wanted right?
I read the script, and I think it would help my character's motivation if he was on fire. -Bender
"Because the efficient market solution won't work, we're left with inefficient regulatory solutions."
What a load of clap-trap...read this and ignored the rest of the article as it's obvious they don't understand economics.
I looked at the title and read it "The 'Hidden' Cost of Piracy." Indicative of the type of articles I expect to see on /. these days?
It would have to have been "The 'Hidden' Benefits of Piracy" if it was going to ever make it through the editors.
I am the richest astronaut ever to win the superbowl.
Free markets *are* efficient -- it's the fundamental state of affairs for any market. By definition sellers and buyers in a free market are not acting out of any coercion or under the influence of fraud, but are free to make only the deals they feel are mutually beneficial.
Unfortunately profit motive can destroy free markets, and all recent examples of capitalism are driven by profit motive -- if there's collusion among a small number of providers, or the current providers form barriers to entry (via new "regulatory" legislation, for example) the market is no longer free, and no longer subject to the same forces of efficiency.
It might seem like a minor distinction, but if you're going to accuse Americans of misunderstanding economic philosophies you should probably avoid conflating them yourself.
Because as we've seen with healthcare, sometimes the free market simply does not work for a particular area.
Simple regulation:
Just arrange the law such that companies MUST, with every request for personal information, also provide the information on how to sue them for breach of privacy.
Fear of being sued would allow the market to "fix" it from there.
Help me understand why this was tagged creampiesurprise? Is there a joke I missed?
If a company wants to reduce its costs for protecting private information, stop collecting the damn stuff in the first place. As a recent example, why do I need to register at a website just to listen to a few bird call recordings? Or give my (fictitious) name and address just to read an article?
From teh OP-
How about by setting your privacy policies to exceed what is strictly required by law?
Oh Noes, it can't be that- conservatives don't believe in a right to privacy, so our information has to be held hostage by people who view it as their property.
If it is online, it is not secure in todays world.
Take all records off line. Require a photo be placed in the file at the home/main office you visit most. You must present a photo ID and signature for any transaction, and it must match what is in the profile, or the transaction/whatever will not be processed.
This is highly inconvienent to everyone involved, but will reduce security issues.
If it is online, it is not secure in todays world.
An individual, up to a government backed hack group, can break into your system. All that is required is time, or an idiot forgetting a laptop in the front seat of the car.
If it is online, it is not secure in todays world.
You can have privacy/security, or you can have easy. Pick one.
As long as we allow the financial ( including Federal Taxes ) and medical industries to store and or retrieve our information at off-shore facilities ( like India and others ) we can not have any privacy. In fact, we are opening ourselves up to a greater risk of identity theft.
The rate of security breaches have not slowed down, we are just not hearing about them in the headlines. You have to search for them.
So American's were completely brainwashed by the Reagan years
American's WHAT were brainwashed? Oh, I see, you simply don't understand how to use an apostrophe. Understandable since English is probably not your first language.
Not all of us are Reaganites. His slashing the capital gains tax hurt a LOT of ordinary, non-rich workers when it unleashed a flurry of corporate buyouts and sellouts, which resulted in workers being laid off or hours cut.
And wealth doesn't trickle down, it flows up. The programmer, bricklayer, songwriter, carpenter, laboror creates wealth. His employer simply aggregates and controls it. Cutting taxes on the poor and middle class helps the economy, cutting taxes on the upper class hurts it.
Free Martian Whores!
Free markets *are* efficient -- it's the fundamental state of affairs for any market.
That is not universally accepted. In order for markets to be efficient, everyone must (1) be rational (but people are known to often not be rational), and (2) have perfect information (but information is expensive to obtain, verify, and sort through... at what point does the cost of obtaining better information outweigh the benefit of obtaining that information?).
This might sound a bit draconian, but why not simply execute any CEO & CTO of companies / organisations that encounter major data breaches which could have been avoided (determined by an investigation)? That sure would improve the situation. (OK, large scale personal fines would also do).
you need to protect it yourself. of course, this makes living your life something of a hassle. yes, privacy has a cost
but i never understood the concept that you would trust the protection of your privacy to a government entity or a corporation. no matter how well-intentioned these entities might even be, doesn't it seem like a logical conflict to you?
if you put it out there, its out there. period, end of story. so if you want privacy DON'T PUT IT OUT THERE. no matter what safeguards, real or imagined, physical or legal, that help you sleep at night, real privacy begins and ends with your own personal behavior
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
He asked for it.
I see rationalization for government and business intrusion into private lives. 90% of the information requested and/or demanded by any given government agency or business is totally unnecessary. It is none of my phone company's business how many people live in the house, or might use the phone. It is none of my ISP's business how many computers I own, or how many of them might connect through the gateway, or even HOW they might connect. The government's preoccupation with the precise identification leads to requirements for fingerprints, DNA samples, and more. I once ordered a pizza, in person, with cash in hand, and the cashier insisted that she needed my phone number and address!! The stupid broad doesn't even need to know my NAME to trade a pizza for a twenty dollar bill!
In the article, a baker was entrusted with financial information of her clients. HOW FREAKING BOGUS!! To bake a wedding cake does NOT require storing my credit card information, or any other personal details.
Totally unnecessary information is harvested for the most trivial dealings. And, it's WRONG.
No government agency, and no business should request information that is not absolutely essential to perform the business at hand. Nor should they request any more information than they are willing and capable of storing in a SECURE manner. It is their RESPONSIBILITY to safeguard that information, it isn't some "expense", or an "option", it shouldn't be considered a "burden". If and when safeguarding information becomes an "expense", then it should be obvious that they are collecting unnecessary and trivial information.
TFA is bogus rationalization, and an attempt to get people to sympathize with some perceived need to dump privacy laws. Forbes and Lee Gomes should be slapped silly for even writing and printing the article.
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
The problem is that we don't have enough regulations. If one regulation isn't working, slap another on top of it. Keep piling them up until the problem goes away. Remember, the government is our friend, and only sociopaths would object to more government involvement in their lives. ... but seriously folks...
The core problem is that the property rights around privacy are ill defined. Who owns the information? Regulations can be minimized while being more effective, if they addressed the property rights involved. While I don't think the information itself can be owned, the media upon which it resides can be. Your diary, your server, etc. For example, you don't own your address information, and cannot legitimately stop someone from disseminating that information ("Bob lives at 123 Main Street"), but that letter is your private property, and you should be able to sue the crap off anyone who opens it and reads the contents. Mail servers are typically the property of the ISP, but you are renting its use so your emails are as much your property as your clothes hanging in a closet of a rental apartment.
Don't blame me, I didn't vote for either of them!
Live in small town, use cash. live simply. Try Amish style. Or stop caring; What's the worse that can happen? Hacked, credit gets bad? Bail the country. Go off grid. Lot's of options.
6.8SPC TR of 550, l xwind at 6, drift rt at 26" drops 77". AT has 503 ft-lbs at 1403 fps. FT 0.86
It's worth pointing out that under the Reagan administration, the overall size of government, measured both in revenue and power over the people, was expanded rather than reduced. This is in stark contrast to how Reagan himself sold his politics ("government is the problem, not the solution").
After all, Reagan was in the business of government, and he absolutely succeeded in making that business more a more lucrative business than it was when he started. The same could be said of nearly every administration, of course, but it is particularly amusing when a man who claims to stand for limited government succeeds big-time in doing the exact opposite.
Any American who was "brainwashed" during the Reagan years is a moron indeed.
These Forbes guys are a bunch of pinko commie bastards!
"basic market dynamics won't work to solve the problem"
How anti-capitalist!
They've got that privacy thing down!
I call them because my Internet connection is down. I verify my identity with them. "Do I have permission to access your account, sir?"
No, you don't. I expect you to investigate my connection problems without looking into my account. Furthermore, I do not grant you permission to access any other data on YOUR network either.
Thank you.
"You're a fucking PUSSY, boy!" Here in Springfield we do our trolling offline. Grow a pair and put your name and address on your post, Toad.
BTW, quoting Walt (Gran Torino) again, "get off my lawn!"
Free Martian Whores!
If someone tries to design their site from day one with privacy in mind,
a user is likely to have pretty good privacy. Any single law will not help.
It is sufficient that a free market is at least as efficient as any other system, given the same issues of limited rationality and imperfect information. These issues are a part of every system made up of human actors, and do not unique affect market economies.
In any event, the need for rationality is often overstated. It is enough that most participants practice rational self-interest given subjective--essentially arbitrary--goals. The goals themselves can be perfectly irrational. Failing at rational self-interest itself requires one to deliberately act in a way known to be contrary to one's own goals. Naturally, this is a very rare occurrence. Similarly, free individuals acting via an open market is the only efficient way to answer the question you posed regarding the value of good information relative to the cost of acquiring it.
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
No, a firm regulatory hand is materially different from a command economy.
Not to an anarcho-capitalist.
My blog
a) Get rid of all existing private regulations across all industries ... nothing else?
b) Pass a new law that says privacy is assumed absolute across all matters unless permission is otherwise given
c)
Seriously, I don't know why anything should be otherwise. No one in any industry should be allowed to share my information with anyone else unless I gave them permission.
I realize that is not how it is now, but it is how it SHOULD BE.
I like the fourth solution offered in the article (regarding corporate behavior):
"4. Penalties for bad behavior need to be expensive enough to make good behavior the rational choice."
And wealth doesn't trickle down, it flows up.
Yeah, contrary to the term "trickle down economics", I think the real intent was always to help wealth flow up. However, I don't think it was *purely* for the nefarious reasons that people assume, but rather from an economic philosophy that "Rich people are rich because they know how to manage and spend money well. If we want our economy to be run as well as possible, we should give as much money as we can to rich people." You can see it if you listen carefully to some people's rhetoric.
You see it in their complaints about any funding to help poor people, to provide health care, or anything else. The idea is, all poor people are poor simply because they've made bad choices, done the wrong thing, and are providing no value to society. Inversely, they believe that rich people deserve all their rewards because they are only rich because of their good judgement and contributions to society.
However, it is true that wealth has a habit of naturally trickling up. Like all forms of power, having economic power gives you the ability to draw more economic power to yourself. It's easier to get loans and investments if you already have lots of money, you can hire competent people to manage your money for you, and you have the upper hand in any conflicts you get into with those less powerful than you (even if you're in the wrong). It's just easier to go from having $100 million to $101 million than it is to go from $0 to $1 million.
Are you seriously suggesting that humans are rational? Do you know *anything* about history, psychology, marketing or politics?
Liberte, Egalite, Fraternite (TM)
I agree, with additions. When I say that wealth flows upwards, I mean that the wealthy do not create wealth. The poor and middle class create wealth.
And luck has more to do with poverty and riches than any other cause. Look at Bill Gates - his parents were lawyers working for IBM. If he'd been born in poverty, there would never have been a Microsoft. If the guy IBM was going to buy their OS from hadn't gotten sick of IBM's BS and told them where to shove it, PC/M would have been the dominant OS, rather than DOS.
My uncle was rich. He was wounded in WWII, and several lucky things caused his wealth. First, creativity and eye-hand coordination runs in the family. Second, he was in the right place at the right time. If his ship hadn't been bombed, he wouldn't have wound up in the hospital with his future partner, who had lost a leg. When the guy showed his new artificial leg to my uncle, my uncle said "that's a piece of shit, I can make a better leg than that", and did.
His partner was a born salesman. He'd walk into the hospital to talk to the new amputees, who would say something to the effect of "what the fuck would you know about it?" and he'd just roll his pants leg up. Instant sales.
Sure, there was a lot of hard work and sacrifice involved, but if it hadn't been for luck he'd never gotten rich.
The same goes with poverty. Few people are born rich and wind up poor. Even if they squander all their money, they still have contacts. A while back there were radio commercials about Donald Trump's "how to get rich" book, what would he know about getting rich? He was born into wealth!
Do you think anyone would have ever heard of Paris Hilton if her parents weren't the billionaires who owned the hotel chain? What chance does a kid born of illiterate drug addled parents who is shuffled between foster homes have?
If you give rich people money, they'll just squirrel it away -- they already have plenty. But give it to a waitress and she'll spend it, because she has to. Only money that's spent helps the economy.
Free Martian Whores!
Sorry, I meant to say that most municipalities require restaurants by law to post their scores where the public can see them..
Failing at rational self-interest itself requires one to deliberately act in a way known to be contrary to one's own goals. Naturally, this is a very rare occurrence.
And yet somehow, people still end up blindly clicking "yes" on something and getting a fake-antivirus scamware, or joining MLM pyramid scams, or selling everything to help DEPOSED PRINCE ABDUL OF ELBONIA get his money somewhere safe, etc.
A classic from nearly 100 years ago:
"If you want privacy, pay cash. If you want good privacy, pay with dirty cash." - Wilton.
I have no idea who Wilton is, I got the plaque at a garage sale for 50 cents and the date on the back was 1909.
-=[ Who Is John Galt? ]=-
Let the opposing forces of risk of a lawsuit vs the cost of privacy solutions face off...
Thou shall upon calling someone for the purposes of solicitation declair immediately, "This call is a solicitation."
Upon that declariation thou shall speak unto the individual thou hast called the source from which ye came about the person you have called.
Once declaired thou shalt state the full legal business name thou doth represent along with your full legal name. If thou is not apt to divulge you full legal name then thou hast no business in calling complete strangers.
Once thou hast declair all of that you may then ask the called person if they are busy and if you can have a moment of their time.
If the individual you have called says yes you may proceed.
If not, or at the end of the call thou shall ask if the person you have called would like to remain on your list and if not be removed immediately with a letter, hand signed and dated by the caller indicating that the person who hast been called has been removed from the calling list.
Let it be know that under no circumstance, save goverment use for emergency purposes only, shall a pre-recorded message be used.
If thou fails in this creed let ye be gutted and left for the vultures or any other carnivorious scavangers that be appropriate to ye homeland! AS well as a fine of no less then $141,391,222 USD per incident (We are using RIAA calculations based on the average length of a song compared to a solicitation call time.) or $4000 per second, which ever is greater.
-=[ Who Is John Galt? ]=-
how do you then fulfill the need to finance programs like medicare and medicade and social security and child protection agencies without looking into individual case files for signs of wasteful spending?
you can't review expenditures/audit without having the details....
every day http://en.wikipedia.org/wiki/Special:Random
No. Wikipedia article is WRONG. Free markets categorically DO NOT require (1) rationality (2) perfect information. They only require that the actors ACT on the PRICE and that they are reasonably free of third-party coercion.
This DOES in fact give the the free-market maxima and it is down-hill the moment you slide to the left with too little law for property rights and when you slide to the right using coercion.
Sheesh. Did anyone properly pay attention to the writing of Von Mises and all the other Austrian economists?
No. Wikipedia article is WRONG. Free markets categorically DO NOT require (1) rationality (2) perfect information. They only require that the actors ACT on the PRICE and that they are reasonably free of third-party coercion.
Huh? What does any of that have to do with whether (free) markets are efficient, ie whether it's possible to beat the market without using inside information?
Anonymous is dieing on the net. That is not new.
Everyone was anonymous six years ago on the web. Browsing the web anonymously, today, is impossible. From the fact, of how bad identity theft has become, shows that you don't pay for privacy. You have to show who you are, where ever you go. Even federal investigations will need warrants and permissions to snoop on people's system before long. That is already in motion, called the " Invisible Man Act". Just from how many legals exploit the ability to go to where they are not suppose by using official software. If you are new to the net that would be considered news.
That author is basically posting information that was in the News four months ago. I would attach dupe to this post. If Shnieder posted it.
... since after all you're talking about it. I'd say the kitty reeking of bacon is out of the bag now.