The "Hidden" Cost Of Privacy

Schneier points out an article from a while back in Forbes about the "hidden" cost of privacy and how expensive it can be to comply with all the various overlapping privacy laws that don't necessarily improve anyone's privacy. "What this all means is that protecting individual privacy remains an externality for many companies, and that basic market dynamics won't work to solve the problem. Because the efficient market solution won't work, we're left with inefficient regulatory solutions. So now the question becomes: how do we make regulation as efficient as possible?"

Here's how:

[Ethanol-fueled]

1. Fake own death
2. ???
3. Private!

Re:Here's how:

[Logical+Zebra]

1. Fake own death

Well, it worked for Elvis.

Re:Here's how:

[ShieldW0lf]

Privacy and transparency are contrary goals. Given the choice, I choose transparency. Privacy should end.

Re:Here's how:

[sakdoctor]

Privacy for individuals. Transparency for state.

Re:Here's how:

[flaming+error]

Agreed - the government should be transparent, and its dealings should be public and open.

Private lives, however, literally require privacy.

Re:Here's how:

[megamerican]

Privacy for whom? Are you talking about the individual, corporations or government? Transparency for corporations and the government are very important. We don't need laws or regulations to get it we need the people to turn off the TV and start demanding it.

Re:Here's how:

[DragonWriter]

Privacy for individuals. Transparency for state.

Except that "the State" is merely an abstract concept for certain actions of individuals, not some concrete thing that exists independently of any individuals.

Re:Here's how:

[interkin3tic]

Privacy for individuals. Transparency for state.

Also glass windows. Windows should definitely be transparent. If they aren't, you need some windex. Otherwise you'll run into hidden costs, like maybe there's a hundred dollars outside your house and you didn't see it because the window was too dirty and it blew away.

Re:Here's how:

[mcgrew]

It didn't work for Earl.

Re:Here's how:

[oneirophrenos]

Privacy for individuals. Transparency for state.

Except that "the State" is merely an abstract concept for certain actions of individuals, not some concrete thing that exists independently of any individuals.

Those individuals that comprise "the state" should also have the right to privacy, but not in their profession as public servants. Whatever they do in their jobs should be open for anyone to observe, even if their private lives shouldn't.

Re:Here's how:

[nacturation]

1. Fake own death

Well, it worked for Elvis.

Privacy and transparency are contrary goals. Given the choice, I choose transparency. Privacy should end.

Obviously privacy didn't work for Elvis, but are you saying that Elvis is now fully transparent... as in, he's a ghost?

Re:Here's how:

[pete-classic]

You can't really be that obtuse. The government is made up of individuals, but they are easily identifiable, and the distinction between their private lives and their official actions is quite clear.

So, why can't we have both personal privacy and governmental transparency?

-Peter

Re:Here's how:

[ShieldW0lf]

Privacy for individuals. Transparency for state.

Recipe for conspiracy. Just add bastards. For that reason I won't support it or respect it, regardless of any threats made by the state.

Re:Here's how:

[StreetStealth]

It's a pretty simple equation, really:

As power increases, so should transparency.

The more people to whom you are accountable, the more transparent your organization should be. Of course there are occasions upon which certain, highly-accountable things need to be temporarily withheld from disclosure, but they should be explicitly reasoned and have a timeline for their eventual dissemination to those holding them accountable.

Re:Here's how:

[cayenne8]

Correct!

And to help simplify things, rather than this hodge-podge of laws. Just make one. Without expressed permission of the individual, none of their personally identifiable information can be transmitted/transferred between companies.

The information about an individual should be the property of the individual, not the company (or govt. agency) that holds and collects it.

Re:Here's how:

In a world without fences and walls, who needs windows and gates?

Re:Here's how:

[DragonWriter]

The government is made up of individuals, but they are easily identifiable

Easily identifiable? On one level, all citizens comprise the government and participate in it (as voters, or potential voters, jurors, grand jurors, etc.) One could define the government more narrowly as those employed by public agencies, but then is the boundary "regular" employment, or does it include contractors? Are corporations (which are not individuals but creations of law -- and, therefore, the government) public or private? If corporations are private (as I suspect most would say) what about public-private hybrid agencies, government-owned corporations? (examples being the Federal Reserve Banks, the U.S. Postal Service, the National Railroad Passenger Corporation ["Amtrak"])?

and the distinction between their private lives and their official actions is quite clear.

Is voting a matter of "private lives" that should be secret, or "official action" that should be transparent? Is the answer different if the voting is in an election for a government official, or if it is voting directly on a law (as would be the case for a public initiative or referendum)?

What about grand jury deliberations?

What about requests by a rank-and-file public employee to their supervisor for time off because they are undergoing a medical procedure, and the documentation supporting that request?

Re:Here's how:

[DragonWriter]

Without expressed permission of the individual, none of their personally identifiable information can be transmitted/transferred between companies.

What about between people that are not companies?

Re:Here's how:

Privacy and Security on contrary Political goals, in that case I choose Privacy.

Re:Here's how:

[spun]

Privacy is a stopgap measure for preventing oppression. When some people have greater access to information and ability to act on it than others, they have an unfair advantage. The right to privacy is an attempt to combat this unfairness. If everyone had equal access to information, privacy would be unnecessary, because no on could use information against you unfairly without the attempt being known. The real problem with the notion of privacy is that it requires people to give up their natural ability to sense their own environment for a negotiated right not to have their information used against them.

Re:Here's how:

[Tubal-Cain]

The government is made up of individuals, but they are easily identifiable, and the distinction between their private lives and their official actions is quite clear.

The point of not allowing a private life is preventing back-room deals and the like.

Re:Here's how:

As opposed to people that ARE companies?

Re:Here's how:

Without expressed permission of the individual, none of their personally identifiable information can be transmitted/transferred between companies.

Question: if I work for Company A, and I phone a friend who works for Company B to tell him that I spotted a mutual acquaintance of ours at the mall on the weekend, but I don't first obtain permission from that acquaintance to transmit personally identifiable information between companies, have I broken this law?

What if it's just idle gossip between two friends about another? And what if it's not? What if our jobs involve monitoring people's shopping habits for advertising purposes? What if the acquaintance is someone we both know as a result of monitoring their shopping habits professionally? Where, exactly, do you draw the line between idle gossip amongst friends and businesses trading personally identifiable information? Or do you draw that line? If not, are you essentially suggesting that we outlaw all discussion of other people?

Re:Here's how:

[Thinboy00]

Without expressed permission of the individual, none of their personally identifiable information can be transmitted/transferred between other people.

What about between people that are not companies?

There, fixed that for both of you. IANAL, but IIRC companies are people under the law. Also, WTF does "expressed permission" mean? As opposed to ... "impressed permission"? Was that supposed to say "express written permission"?

Re:Here's how:

[Thinboy00]

IANAL. company==person that is a company. Or at least that's what the law says, but it's notoriously inconsistent with reality so...

Re:Here's how:

[Jah-Wren+Ryel]

Without expressed permission of the individual, none of their personally identifiable information can be transmitted/transferred between companies.

The end result will simply be that every business makes you give express permission to do all of that before they will do business with you, which will put us back to square one - either live in the woods and don't do business with anyone or bend over and take it.

Personally, I would rather see a reduction of laws and policies that hurt privacy - like the law that prevents you from purchasing pseudofed over the counter without giving up your personal information to the pharmacist who is pretty much free to do whatever they want with it after they send it in to the feds. Or the policy of the post office to sell lists of everybody who files a change of address form just to get their mail forwarded. Or the policy of a lot of state DMVs to sell lists of people who have driver's licenses along with their photos, addresses and ages.

Re:Here's how:

[Thinboy00]

In a world without fences and walls, who needs windows and gates?

Personally I could do without Windoze and Gates.

Re:Here's how:

[DragonWriter]

There, fixed that for both of you.

So no person can mention personally identifiable information about another person to any third person without express consent of the identified person? So a victim of crime who knows their attacker can't give the name to the police without the attacker's consent?

Re:Here's how:

[Khashishi]

Should there be transparency in who donates money to politicians? What about corps who donate money?

Re:Here's how:

[davester666]

So you are using Saran Wrap for clothing now?

Re:Here's how:

[ShieldW0lf]

That's what it says on the commercial, anyways... but in truth, it's about protecting private conspiracies from the light of day, and it always was.

Re:Here's how:

[icannotthinkofaname]

Also, WTF does "expressed permission" mean? As opposed to ... "impressed permission"?

As opposed to "implied" permission, genius.

Re:Here's how:

[Ironica]

Correct!

And to help simplify things, rather than this hodge-podge of laws. Just make one. Without expressed permission of the individual, none of their personally identifiable information can be transmitted/transferred between companies.

The information about an individual should be the property of the individual, not the company (or govt. agency) that holds and collects it.

That's all well and good, but in general, the greatest harm does not come from personally identifiable information being transferred in the course of normal business. The harm comes from the information being collected and stored, and then compromised by a third party (or possibly someone internal to the company) who uses the information in a way that was not anticipated by the person the info belongs to, and that might damage them (their credit rating, their legal standing, the safety of their family, their eligibility for insurance, etc.)

So I think we need to back up a step on the privacy discussion, and make it perfectly clear that, regardless of whether provable harm comes to an individual as a result of private information being shared, an entity that collects and stores personally identifiable information may be financially liable for any breach of that information, regardless of whether they intended to share it or took measures to prevent it. The fines would be higher for certain types of info, like SSN and birthdate (things that are hard or impossible to change and used to identify you), and lower for less "useful" information (like shopping habits)... but would be chargeable for each and every occasion of your information ending up in someone else's hands.

Then you also need to require companies to disclose how they got your information. Get a random call from Bob's Remodeling? Before you say "We're on the Federal Do Not Call list" and hang up, you say "Where did you obtain this name and number?" and they have to tell you. If you did not opt-in to having your information shared for that purpose (and it would need to say something pretty specific, like "telephone marketing" for example), then the source is again liable.

This would lead to companies like Google, who collect info that's mostly useful in the aggregate, to carefully de-identify databases wherever possible, because the reciprocal is that non-personally-identifiable information will NOT incur fines if disclosed. It would also possibly stop your doctor's office, child's school, and everyone else in creation asking for your SSN, because they know that if someone happens to read your SSN off your form and use it for ID theft, they might have to pay $BIGNUM.

Computers and the cheapness of disk space make everyone want to save every bit of data they can, and ultimately this is the biggest threat to privacy. That's the behavior we need to change.

Re:Here's how:

[Piranhaa]

and it worked for 2Pac as well..

plus, he's STILL making music!

Re:Here's how:

[Archfeld]

I agree in principal but in many areas a single function is made up of several companies or entities. Without the ability to share info, many a business will grind to a halt. What if it is your insurance co. to an emergency ward at the hospital ? Are we going to have to individually authorize every 2 or more entities that actually need to share 'personal' info to conduct business on our behalf ? How is your financial information to be tracked for a credit rating without every company involved getting authorization from you ? What about property ownership and so-called public info that actually contains significant private information ? The fact that I own property at xxx mystreet doesn't insure I live there but it is a good indicator...
IMHO there needs to be 2 sets of rules, #1 that applies to entities you are DOING business with that defines and limits the scope of what, when, where, why and how they can share my info, and #2 a set that prohibits entities that I am NOT DOING business with from seeking, receiving or utilizing any of my personal info without first seeking my permission.

Re:Here's how:

[LKM]

In certain situations, individuals willingly and knowingly give up parts of their privacy. There is nothing wrong with that, and it doesn't contradict the call for more privacy. When you are employed by somebody, you lose some of your privacy for the benefit of your employer. Your employer needs to know what work you do for his company, hence he has some rights to observe what you do. You employ your government, hence the people who participate in said government give up some of their privacy.

Re:Here's how:

[spun]

Well, those private conspiracies have the advantage over regular folks. They are exactly the kind of group that has a greater ability to collect and act on information than the average individual. The question is, without the notion of privacy, what protects the individual from such groups?

The question then becomes the opposite, not 'how do we ensure that powerful groups don't collect and misuse information about individuals,' but, 'how do we ensure individuals have access to information about powerful groups?' The real problem is one of access to information. Without any sort of regulation, the imbalance remains: individuals have limited power to gather and act on information. How do we ensure that all individuals know when groups are gathering information to use against them? Just abolishing privacy will not correct the imbalance, so what is your solution?

Re:Here's how:

Even if what they're doing is both in their private and public lives? Such as taking kick-backs for a bill vote?

Re:Here's how:

[ThrowAwaySociety]

1. Fake own death

Well, it worked for Elvis.

Sure it did. His house is open for public tours!

Re:Here's how:

[pete-classic]

I can't tell if your questions are rhetorical. Do any of them actually seem difficult to answer to you?

-Peter

Re:Here's how:

[Qzukk]

What about corps who donate money?

If the corporation as a non-human entity wishes to "secretly" donate money, its controllers can publicly (with regards to statements to its shareholders) pay its CEO (or another representative) a million dollars, and the CEO can do with that money as he or she pleases, being a private human individual.

Re:Here's how:

[DragonWriter]

I can't tell if your questions are rhetorical.

They are not "rhetorical questions" in the sense of not expecting response; they are, however, "rhetorical" in that part of the purpose they serve is to illustrate a point.

Do any of them actually seem difficult to answer to you?

They are, for the most part, very easy to answer in terms of what I would prefer as policy.

Several are considerably less easy to answer in terms of what applying the maxim "privacy for individuals, transparency for the State" would mean in terms of the specific cases, and some of the ones that are easy to answer in those terms (particularly with the amplification offered that the latter means that "public officials" have no privacy in terms of what they do in the course of that role) would seem to fly in the face of what I would think the people suggesting the maximum would want in that specific case. Which is why I suspect that the maxim, while it may be useful starting point in finding the right balance of privacy vs. transparency, is nothing more than a starting point; it is not something that provides a simple and unambiguous answeres to real-world issues.

They are, in that sense, illustrative of the issues I think that have not been adequately considered by those proposing the maxim as the guideline, and as in itself a resolution of the apparent conflict between privacy and transparency, and they (among others) are questions I think anyone who would seriously advance the maxim as a rule and solution rather than a very rough and incomplete starting point need to be able both to answer and to show how the answers flow naturally from the rule.

Re:Here's how:

[DragonWriter]

As opposed to "implied" permission, genius.

The term you are looking for, then, would be "express permission" not "expressed permission".

Re:Here's how:

[shentino]

Unfortunately, this is an evil bit problem.

There are greedy assholes that will exploit the situation no matter what the trade off point is.

Re:Here's how:

[AliasMarlowe]

Should there be transparency in who donates money to politicians? What about corps who donate money?

Only those eligible to vote should be allowed to donate money to politicians or political parties or their ilk, and all such donations should be public. For everyone else, including corporations, such donations should be forbidden with severe penalties.

Re:Here's how:

[pete-classic]

Several are considerably less easy to answer in terms of what applying the maxim "privacy for individuals, transparency for the State" would mean in terms of the specific cases, and some of the ones that are easy to answer in those terms (particularly with the amplification offered that the latter means that "public officials" have no privacy in terms of what they do in the course of that role) would seem to fly in the face of what I would think the people suggesting the maximum would want in that specific case.

Ah, now we're getting somewhere! Could you give an example of a case where you suspect the rule gives the "wrong" result? (I'm poised to be persuaded!)

-Peter

Re:Here's how:

I want to be the first acrylic president: see through case, led fans... boosh

Re:Here's how:

[DragonWriter]

Ah, now we're getting somewhere! Could you give an example of a case where you suspect the rule gives the "wrong" result?

The public-employee-requesting-time-off-for-health-reasons example (if using the "public official" rule to determine the scope of "the State"): its clearly public officials acting within the course of their duties, and so would clearly seem to fall into the "transparency for the State" side of the rule, but I don't think people arguing for the rule are generally intending to argue that public employees would lose health privacy in this area. Alternatively, the voting example if one uses the "law-making process" rule to determine what is "the State" rather than the "public official" rule: again, its something that would fall within the zone of "transparency for the State", but I don't think all the people arguing for that would support the abolition of the secret ballot.

I want to make it clear that I think the maxim expresses something that is a valid factor in balancing privacy against transparency, I just don't think it alone works as a simple, straightforward rule for deciding concrete cases.

Re:Here's how:

You admitted to being a liar. Not that any other outcome was likely, or even possible.

Re:Here's how:

Straw man arguments are lies.

Re:Here's how:

I'd rather not live in a police state, thanks.

Re:Here's how:

Hush, child. The adults are discussing things that are on topic.

Re:Here's how:

[hairyfeet]

I would agree to that to a point. If in their "private lives" their kids are getting cushy "make work" jobs by some lobbying firm, or if his house is getting remodeled by "a friend" who just so happens to want a big pork barrel project pushed through congress? Then I'd say that IS my business as a taxpaying citizen.

So while I agree that everyone does deserve to be left the hell alone on their own time, and think those paparazzi that chase famous folks even into the toilet should get their asses kicked, I think that for those making policies any and all gifts, favors, etc should have to be on their tax records and those records should be open as long as they are in office.

And personally I think those damned vulture paparazzi that will even stake out stars funerals should seriously get their asses kicked. Maybe it is because of where I was born and raised (AR) but we would kick your ass if you hounded somebody like that. I have run into plenty of celebrities over the years here, from Governor Clinton(old Bill will always be Gov to me) to Malcolm McDowell and you know what? Nobody bugged them or treated them any different here. Everybody just did like I did when I ran into Malcom McDowell in the mall(he was married to Mary Steenburgen at the time who is a local) and said "Hey, I liked you in Clockwork Orange and Time after Time. Great Work." and that was it. Leave them poor folks alone!

Re:Here's how:

[MenThal]

As power increases, so should transparency.

So that's why the emperor had no clothes!

Re:Here's how:

[Nerdposeur]

Personally, I would rather see a reduction of laws and policies that hurt privacy - like the law that prevents you from purchasing pseudofed over the counter without giving up your personal information to the pharmacist who is pretty much free to do whatever they want with it after they send it in to the feds.

Meth production and use was an epidemic in northern Georgia a few years ago. I was a reporter at the time, and saw bulk ephedra for sale in gas stations. Since that law was passed, usage has dropped drastically. Part of the decline may be that the drug is so destructive that it got a bad reputation, but if the law helped, I think it's worth it.

Re:Here's how:

[Jah-Wren+Ryel]

Meth production and use was an epidemic in northern Georgia a few years ago. I was a reporter at the time, and saw bulk ephedra for sale in gas stations. Since that law was passed, usage has dropped drastically. Part of the decline may be that the drug is so destructive that it got a bad reputation, but if the law helped, I think it's worth it.

You are a reporter? Go do your research. Even the FBI says that usage hasn't significantly dropped nationwide. What has happened is simply that production consolidated from "mom & pop" "bathtub stills" to highly organized, extremely violent criminal gangs doing the distribution of meth produced in "super labs" south of the border.

Typical war on drugs stupidity - they did not reduce meth consumption, but they set the market conditions for it be become hyper-violent and a hell of a lot more profitable than it once was. Meanwhile the entire country gets to pay for the increased criminal activity with reduced privacy. The first person charged with buying too much pseudofed did so because his kid and himself had a chronic illness and he went over the limit without even realizing there was a limit.

Re:Here's how:

Unless you're defining power as work over time, then the equation remains irreducibly complex.

What about the power of a parent over a child? Or a employer over his employee? Or the employee over the employer? Or non-profit groups representing people who don't know them? Or religious figures?

Personally, I think that the desire for privacy is an anachronistic vestige that will have no place in a Universally Connected culture.

Re:Here's how:

[Requiem18th]

The REAL solution, or at least an aid is for individuals to be allowed to fake data and make up multiple identities.

After all, multiple email addresses work wonders towards protecting privacy on line.

Re:Here's how:

[aadrink]

"The information about an individual should be the property of the individual, not the company (or govt. agency) that holds and collects it."

I couldn't agree more. It's not just a fancy idea you propose here, but it is a very fundamental issue for individual freedom. It is a matter of basic human freedom and dignity to be in command of your own representation, be it physical (i.e. dress code), digital or otherwise.

The current way in which organizations are collecting and storing many individuals' descriptions together in an aggregated, centralized database of some sort, is a remnant (unnecessary continuation) of our pre-internet past. Presently, it should not be as difficult or expensive to consult many individually authored, disparately stored representations of the many clients an organization has (like you and me). Each individual should be free (as in freedom) to create his/her own representation, kept at a provider of choice (or DYI), which could then be (partially) exposed (if so desired), to the many organizations that provide their service to you.

This ideal situation would ultimately shift the power from the organizations who now own your data (but don't have any incentives to care about it, as Mr. Schneier recently observed) to you and me, the people being represented. I am, like you, very concerned with the fact that the data which is supposed to represent me, is not under my own control.

  -- aadrink

piracy? oh, privacy

[Cormacus]

I looked at the title and read it "The 'Hidden' Cost of Piracy." Indicative of the type of articles I expect to see on /. these days?

Nothing to fear ....

...if you have nothing to hide. Haha...tell that to Iranians...or the Burmese...I'd say they have plenty to fear and hide from their governments...quite justifiably. Oh, is this offtopic? f*** offtopic moderation!!!! how's this: LINUX SUX. Geeks are responsible for fascist oppression! Now I can be a troll...cuz I trollin' trollin' trollin'...that's the way I be rollin' rollin' rollin.

Re:Nothing to fear ....

LINUX SUX
x = x+1;

LINSUX
x += 1;

Simplify, simplify my dear troll. But yes, Linux does indeed suck the balls and the ass.

Re:Nothing to fear ....

I'm the troll from above...man, clearly what I wrote wasn't really that funny (yours was, btw)...but when I clearly write "I am trolling" to indicate my half-assed attempt at irony, why all the hate? (not from you, but from the mods.) Haha...not that I care....

But seriously, with regard to my out of line post above, Linux is kind of problematic and has some serious kernel design flaws at a fundamental level (it's more than just having to compile each version anew or having an unfriendly GUI overlay). These flaws, according to many respected thinkers, are most probably the result of the significant number of coders with asperger's syndrome who work on open source software. I mean, this 'OS' may 'work' for their dedicated, focused minds, but hey, though they could care less, there are OTHER people in the world who need to use a computer! Until more "mainstream" coders can be enticed to join open source, it will never go anywhere

Hmm...was that a bit better of an effort? (don't be offended by the above...*I* myself have one of those focused minds that gets preoccupied with detail...but my obsession is trolling...I may not feel your annoyance, but I sure find it funny...and my therapist calls this "progress") ;-)

Re:Nothing to fear ....

I'm the person who responded to your troll with that code troll, and I thank you for your compliment.

Trolling Slashdot is the trolls' therapy. Personally, I find that displacing my worldly frustrations across a bunch of anonymous dorks is preferable to beating my wife and kids(or Mexicans).

Nothing beats the chuckle I get from my first "NIGGER" comment modded down because some pantywaist lacks a sense of humor. Double laughs for people who actually post "Slashdot should get rid of AC" complaints about trolls running rampant. FUCK 'EM.

Jews

Jews steal land and water.

Re:Jews

From filthy Palestinians, so I don't see anything wrong with it.

Re:Jews

That's because you are a Jew.

There's a reason that the whole world has hated Jews for thousands of years.

Schneier the capitalist

Well, I see that Bruce Schneier has been indoctrinated into the "capitalism is most efficient" cult, just like every other American.

Newsflash - there's no such thing as an "efficient" market, and capitalism is never sustainable over the long term. Markets must be managed by a strong central regulatory authority.

So American's were completely brainwashed by the Reagan years, it's hilarious. Free markets are efficient! BAHAHAHA

Re:Schneier the capitalist

[morgan_greywolf]

Markets must be managed by a strong central regulatory authority.

Yeah, worked well for the Russians.

Re:Schneier the capitalist

[sharp-bang]

No, a firm regulatory hand is materially different from a command economy. Ask any Eastern European who sells into the EU.

Re:Schneier the capitalist

Free markets *are* efficient -- it's the fundamental state of affairs for any market. By definition sellers and buyers in a free market are not acting out of any coercion or under the influence of fraud, but are free to make only the deals they feel are mutually beneficial.

Unfortunately profit motive can destroy free markets, and all recent examples of capitalism are driven by profit motive -- if there's collusion among a small number of providers, or the current providers form barriers to entry (via new "regulatory" legislation, for example) the market is no longer free, and no longer subject to the same forces of efficiency.

It might seem like a minor distinction, but if you're going to accuse Americans of misunderstanding economic philosophies you should probably avoid conflating them yourself.

Re:Schneier the capitalist

[mcgrew]

So American's were completely brainwashed by the Reagan years

American's WHAT were brainwashed? Oh, I see, you simply don't understand how to use an apostrophe. Understandable since English is probably not your first language.

Not all of us are Reaganites. His slashing the capital gains tax hurt a LOT of ordinary, non-rich workers when it unleashed a flurry of corporate buyouts and sellouts, which resulted in workers being laid off or hours cut.

And wealth doesn't trickle down, it flows up. The programmer, bricklayer, songwriter, carpenter, laboror creates wealth. His employer simply aggregates and controls it. Cutting taxes on the poor and middle class helps the economy, cutting taxes on the upper class hurts it.

Re:Schneier the capitalist

[Timothy+Brownawell]

Free markets *are* efficient -- it's the fundamental state of affairs for any market.

That is not universally accepted. In order for markets to be efficient, everyone must (1) be rational (but people are known to often not be rational), and (2) have perfect information (but information is expensive to obtain, verify, and sort through... at what point does the cost of obtaining better information outweigh the benefit of obtaining that information?).

Re:Schneier the capitalist

It's worth pointing out that under the Reagan administration, the overall size of government, measured both in revenue and power over the people, was expanded rather than reduced. This is in stark contrast to how Reagan himself sold his politics ("government is the problem, not the solution").

After all, Reagan was in the business of government, and he absolutely succeeded in making that business more a more lucrative business than it was when he started. The same could be said of nearly every administration, of course, but it is particularly amusing when a man who claims to stand for limited government succeeds big-time in doing the exact opposite.

Any American who was "brainwashed" during the Reagan years is a moron indeed.

Re:Schneier the capitalist

[JesseMcDonald]

It is sufficient that a free market is at least as efficient as any other system, given the same issues of limited rationality and imperfect information. These issues are a part of every system made up of human actors, and do not unique affect market economies.

In any event, the need for rationality is often overstated. It is enough that most participants practice rational self-interest given subjective--essentially arbitrary--goals. The goals themselves can be perfectly irrational. Failing at rational self-interest itself requires one to deliberately act in a way known to be contrary to one's own goals. Naturally, this is a very rare occurrence. Similarly, free individuals acting via an open market is the only efficient way to answer the question you posed regarding the value of good information relative to the cost of acquiring it.

Re:Schneier the capitalist

[morgan_greywolf]

No, a firm regulatory hand is materially different from a command economy.

Not to an anarcho-capitalist.

Re:Schneier the capitalist

[nine-times]

And wealth doesn't trickle down, it flows up.

Yeah, contrary to the term "trickle down economics", I think the real intent was always to help wealth flow up. However, I don't think it was *purely* for the nefarious reasons that people assume, but rather from an economic philosophy that "Rich people are rich because they know how to manage and spend money well. If we want our economy to be run as well as possible, we should give as much money as we can to rich people." You can see it if you listen carefully to some people's rhetoric.

You see it in their complaints about any funding to help poor people, to provide health care, or anything else. The idea is, all poor people are poor simply because they've made bad choices, done the wrong thing, and are providing no value to society. Inversely, they believe that rich people deserve all their rewards because they are only rich because of their good judgement and contributions to society.

However, it is true that wealth has a habit of naturally trickling up. Like all forms of power, having economic power gives you the ability to draw more economic power to yourself. It's easier to get loans and investments if you already have lots of money, you can hire competent people to manage your money for you, and you have the upper hand in any conflicts you get into with those less powerful than you (even if you're in the wrong). It's just easier to go from having $100 million to $101 million than it is to go from $0 to $1 million.

Re:Schneier the capitalist

[Repossessed]

Are you seriously suggesting that humans are rational? Do you know *anything* about history, psychology, marketing or politics?

Re:Schneier the capitalist

[mcgrew]

I agree, with additions. When I say that wealth flows upwards, I mean that the wealthy do not create wealth. The poor and middle class create wealth.

And luck has more to do with poverty and riches than any other cause. Look at Bill Gates - his parents were lawyers working for IBM. If he'd been born in poverty, there would never have been a Microsoft. If the guy IBM was going to buy their OS from hadn't gotten sick of IBM's BS and told them where to shove it, PC/M would have been the dominant OS, rather than DOS.

My uncle was rich. He was wounded in WWII, and several lucky things caused his wealth. First, creativity and eye-hand coordination runs in the family. Second, he was in the right place at the right time. If his ship hadn't been bombed, he wouldn't have wound up in the hospital with his future partner, who had lost a leg. When the guy showed his new artificial leg to my uncle, my uncle said "that's a piece of shit, I can make a better leg than that", and did.

His partner was a born salesman. He'd walk into the hospital to talk to the new amputees, who would say something to the effect of "what the fuck would you know about it?" and he'd just roll his pants leg up. Instant sales.

Sure, there was a lot of hard work and sacrifice involved, but if it hadn't been for luck he'd never gotten rich.

The same goes with poverty. Few people are born rich and wind up poor. Even if they squander all their money, they still have contacts. A while back there were radio commercials about Donald Trump's "how to get rich" book, what would he know about getting rich? He was born into wealth!

Do you think anyone would have ever heard of Paris Hilton if her parents weren't the billionaires who owned the hotel chain? What chance does a kid born of illiterate drug addled parents who is shuffled between foster homes have?

If you give rich people money, they'll just squirrel it away -- they already have plenty. But give it to a waitress and she'll spend it, because she has to. Only money that's spent helps the economy.

Re:Schneier the capitalist

[Timothy+Brownawell]

Failing at rational self-interest itself requires one to deliberately act in a way known to be contrary to one's own goals. Naturally, this is a very rare occurrence.

And yet somehow, people still end up blindly clicking "yes" on something and getting a fake-antivirus scamware, or joining MLM pyramid scams, or selling everything to help DEPOSED PRINCE ABDUL OF ELBONIA get his money somewhere safe, etc.

Re:Schneier the capitalist

[GNT]

No. Wikipedia article is WRONG. Free markets categorically DO NOT require (1) rationality (2) perfect information. They only require that the actors ACT on the PRICE and that they are reasonably free of third-party coercion.

This DOES in fact give the the free-market maxima and it is down-hill the moment you slide to the left with too little law for property rights and when you slide to the right using coercion.

Sheesh. Did anyone properly pay attention to the writing of Von Mises and all the other Austrian economists?

Re:Schneier the capitalist

[Timothy+Brownawell]

No. Wikipedia article is WRONG. Free markets categorically DO NOT require (1) rationality (2) perfect information. They only require that the actors ACT on the PRICE and that they are reasonably free of third-party coercion.

Huh? What does any of that have to do with whether (free) markets are efficient, ie whether it's possible to beat the market without using inside information?

Privacy cost beyond market efficiency

Reframe this debate into the cost of doing business in a democracy.

Ubiquitous networks capture data from home address to everyday transactions in detail. Private informations accumulate. Markets function on personal information. The expectation of privacy, its protection and concommitant personal security relying upon privacy regulation is a straw man standing in-place of an individual right.

Simply raising the strawman argument that your right to privacy is political, denigrates its consititutional status to regulatory statute.

Either the right to privacy is immutatable, codified in the constitution or too expensive? Reframe this debate into the cost of doing business in a democracy.

Re:Privacy cost beyond market efficiency

[mcgrew]

Unfortunately, not all of us live in a Democracy. We Americans, for example, live an a Plutocratic Republic that pretends to be a Democracy.

Go ahead, Ferengi, mod me down for expressing an honest opinion that happens to be true. When the Corporation can "donate" a thousand bucks to the Republican and another grand to the Democrat, it doesn't matter which candidate loses, the corporation wins.

Re:Privacy cost beyond market efficiency

When the Corporation can "donate" a thousand bucks to the Republican and another grand to the Democrat, it doesn't matter which candidate loses, the corporation wins.

The corporation wins, assuming that the voters choose to vote for those two parties. that's a pretty safe assumption, but it's not totally guaranteed. If the people ever decide that they would prefer to not give all their political power to that corporation, then the corporation loses.

This crap only happens because we want it to. Almost nobody ever votes against it. If you based your vote on who had the best corporate backing, then please stop bitching about the choice that you made.

Re:Privacy cost beyond market efficiency

[mcgrew]

Personally, I almost always vote for a "third party" candidate, but the corporate media refuses to cover the Libertarians, Constitutionalists, and... um, what party did McKinney run under, I forgot? Anyway, there were five parties on ballots in enough states that mathematically any of five could have won the last Presidential election. But the MSM never covered them. People tend to vote for candidates they've actually heard of and know at least a little about.

And then there's the fact that the corporate media have convinced most voters that a vote for anybody but the Repubs and the Dems is somehow wasted. Personally, I think if you smoke pot, hire hookers, or gamble, a vote for a Repub or a Dem is worse than wasted. What moron votes for a man who wants to put him in prison??

Re:Privacy cost beyond market efficiency

You are absolutely correct, posting as ac because this post is pointless except the fact that i agree so heavily with mcgrew its not at all funny.

Ferengi

[mcgrew]

"What this all means is that protecting individual privacy remains an externality for many companies, and that basic market dynamics won't work to solve the problem.

Most problems, even when you're talking about business, cannot be solved by the free market. Privacy problems could be solved by legislation and/or regulation, but unfortunately governments care even less about your privacy than the corporate Ferengi do.

"Free market" is an oxymoron. Anyone who believes it can solve all the world's problems is just a moron.

Re:Ferengi

[radtea]

"Free market" is an oxymoron. Anyone who believes it can solve all the world's problems is just a moron.

On the other hand, a well-designed market is one of the most effective machines for achieving as close to Pareto-optimal results as anyone has ever found. Well-designed markets are actually able to achieve the state that socialist managers of the economy should be aiming for, and they do it much more reliably and cheaply than socialist managers have ever been able to achieve. And they do this despite having right-wing nitwits on one side who think that any regulatory or legal oversight is somehow a violation of their god-given right to screw people over, and left-wing nitwits on the other side who believe that markets are somehow the agents of satan, rather than just a particularly good social management tool.

It's unfortunate that so many on the left take the right-wing nutjob view of markets seriously, because if you adopt the view of markets as just an ordinary tool of neo-socialist economic management you can find a whole lot of ways to deploy them usefully to achieve efficient allocation of limited resources across the whole economy. Well-designed markets can't solve all the world's problems, but neither can anything else, and markets have a long history of solving problems more effectively than most of the alternatives.

Re:Ferengi

[TubeSteak]

Well-designed markets can't solve all the world's problems, but neither can anything else, and markets have a long history of solving problems more effectively than most of the alternatives.

You fail to explain what "well-designed" means.
Is "well-designed" code for "well regulated"?

Without regulation, you end up with markets that are less 'free'.
(See: 19th America & the trust busting that followed)

Re:Ferengi

[nine-times]

"Free market" is an oxymoron.

I'm not sure what you mean here, but I think it's true that many people have it wrong. They believe that "free market" indicates zero governmental involvement, which isn't really a good way of thinking of things. Worse yet, they sometimes don't see governmental involvement as a violation of the free market, so long as the governmental involvement comes in the form of subsidies rather than regulation.

A real free market is one in which both the sellers and purchasers are given free and open choices, and "market forces" set the prices and terms of goods and services. Influence on the market by non-governmental bodies (monopolies and cartels) is just as effective at making a market unfree as governmental regulation. Also subsidies and tax breaks have the effect of regulation, and are just as effective at making the market unfree. Even manipulation (like people pumping/dumping stock) effectively subvert those terrific free-market forces which allow for efficient allocation of economic resources.

So when viewed this way, it becomes clear that well-formed governmental regulation can have the effect of making a market more free. Power has a tendency to pool, in that an entity with power can use that power to accrue more power. Left unchecked, that tends to lead to the sort of monopolies and cartels that might engage in price-fixing and economic abuse. If there is careful governmental legislation that, without bias toward any particular supplier or business model, prevents those monopolies from exerting undue control over the market, then it may in fact spur competition creating the very "free market" forces that you want. Forced to compete, companies tend to innovate, improve efficiency, drop prices, etc.

But beyond all that, it's also true that the free market doesn't do everything. We don't trust our police force to the "free market", and the reason is pretty simple: free markets are more efficient, but don't guarantee even and just allocation of resources. We believe that the law applies to rich and poor alike (at least most of us believe it should, even though it often doesn't), so having the only police force be the private army of the rich would be horribly unjust.

Re:Ferengi

Who modded this insightful? It has no content other than name-calling anyone who disagrees with a vague statement.

Re:Ferengi

"well designed" means "imaginary"

Re:Ferengi

unfortunately governments care even less about your privacy than the corporate Ferengi do.

This is very true.

US Law requires businesses to collect your SSN (as an employee and in some financial cases, customer), many government agencies also use your SSN for identification, this has actually created a mini-market for stolen SSN's (last I heard, they were selling for around $20.00 each)

Think about what a tempting target this could be for someone earning a meager wage at one of these companies. (and with all the phishing going on.. an employee.. or even scummy business owner could EASILY get away with it)

This information is lost or stolen on an almost daily basis:
http://datalossdb.org

The way to protect your privacy is (duh) don't give this information to anyone! but, laws actually require you to fork it over to them.

One would hope that most businesses would just as soon not have to deal with this powder keg, yet the law forces them to collect it.

In effect, our government is the problem. Moreover, I find it strange how politicians don't seem to care (there are, afterall, a large contingent of people who are upset about this)

If the republicans could re-invent themselves as a party that believes in privacy (har, har) they'd EASILY gain control again. (but they won't do it..)

Re:Ferengi

[akpoff]

What he should have written instead of "Well-designed market..." is "Markets free from government intervention..."

Begging the proposition.

[tjstork]

It's funny that one could look at this and say the markets don't work. The markets ARE working and that most people don't actually care about privacy.

If people -cared- about privacy, they would be willing to pay for the extra care it takes to ensure that their data is private. But, we live in a world where most people really don't care so much if everyone else knows what they are doing, so long as they are not confronted with it, or misuse the information.

Like, if you told someone at a grocery store that, to get their "club card" savings, the store would know exactly what they bought, they would say, they probably didn't care. Now, if they got a letter from the grocery store saying, "hey, since you like strawberries, you might like our sale on blueberries", they might dig that too. And, if they got junk mail from blueberry and strawberry growers, even that might be ok. But, if they got an email saying, "hey, you are killing humanity because you are eating strawberries and your preference for red fruit makes you some kind of a communist", then they would be pissed off.

Bottom line is, people don't care about privacy, but they do care about having their personal information being used to hurt them. It's pretty much the 5th amendment proposition, writ large and writ everywhere. Nothing is really private, but, you can't have your personal information be used to attack you, and that is what the market reflects.

Re:Begging the proposition.

[jellomizer]

However your worst case scenario would have a backlash effect. People would avoid using that that store to prevent institution. So the store will either face closing down, or be more particular to who they give information too.

We actually have a lot more privacy shopping now then we ever did. Back in them old days you go to the mom and pop store they know who you are and are often hubs of gossip. So the entire community would know what stuff you are buying and make guesses on why you are buying such things.

Today we are just a number most of the data goes back and forth without a person analysis the data. Customer 24601 has purchased strawberries consistently throwout the month of June and July. Statistics show that people like Strawberries and blueberries, so lets give Customer 24601 a coupon for blueberries. Kinda heartless and calculating, but most individuals don't care about your data as your self but in aggregate. But back in them old days your data was about you and the aggregate was to complex to calculate.

Re:Begging the proposition.

[OzPeter]

It's funny that one could look at this and say the markets don't work. The markets ARE working and that most people don't actually care about privacy.

The problem with your statement is that markets only work when there is freely available knowledge. In the case of privacy, I would say that the markets are "working" not because people don't care, but rather that they don't know. So it is not really a free market scenario that they are entering into.

If I offered you a service and didn't mention the punch in the head I would also give you, then are you taking up that service because you don't care about being punched in the head?

Re:Begging the proposition.

[tjstork]

The problem with your statement is that markets only work when there is freely available knowledge.

Most people assume that they are being monitored or tracked anyway, just because computerization is so pervasive. I think some opinions to the contrary might be more their projection on people, than any reality. "If they only knew..." has a tinge of fanaticism to it that most people don't have.

If I offered you a service and didn't mention the punch in the head I would also give you, then are you taking up that service because you don't care about being punched in the head?

I would assume that if I went to buy a cup of soup from you, and you punched me in the head, that I probably would not buy soup from you any more.
Therefor, if people are getting punched in the head, they don't care.

Re:Begging the proposition.

[Jawn98685]

Bullshit.

People do care about privacy. Your example is lame in that it excuses (ignores) the deliberately obfuscated consequences of "agreeing" to the terms attached to the club card "deal". If the supermarket told their customers, right up front, something like "...and in addition to using it for our own marketing purposes, we will be selling the information we collect about you and your shopping habits to as many takers as we can scare up, and there are plenty of them.", I'd hazard that far fewer customers would take the "deal". And let's not even waste time discussing those companies that have no compunction at all when it comes to reserving the right to "...change the terms of this agreement at any time..." in the way-fine print of the agreement.

Re:Begging the proposition.

[JoeMerchant]

Nothing is really private, but, you can't have your personal information be used to attack you, and that is what the market reflects.

Unfortunately, the only way to enforce this type of scheme is through court cases after the fact... "don't ask, don't tell" is far more efficient.

Re:Begging the proposition.

[shentino]

Having your privacy invaded is so profitable to the ne'er do wells that you can't pay them enough not to do it.

Letting the market sort things out neglects the fact that people who are powerful enough can, will, and even do lie, cheat, and steal.

Since everyone does it, there's really not much benefit to switching, since you likely gain little.

Case in point: CBS's subsidiary getting snookered into passing off private information through CBS only for it to be dumped into the hands of the RIAA.

And by the time your privacy is breached, it is too late for you to "shop elsewhere", because the damage has already been done.

Re:Begging the proposition.

[copponex]

You are right that most people don't care about their privacy, but then again, if you ask people if they want to pay 20% less for a car if it had no airbags or seatbelts or anti-lock brakes, they may have no problem with it. However, the cost to society in the form of radically more serious injuries makes sense for the market to have these rules in the long run.

The costs and benefits of privacy regulation can certainly be debated. But without regulations, markets don't function well, since they are not self-aware or interested in self-preservation. For reference, move to Somalia.

You can make the argument whether regulations should extend beyond standardization, but it's a relatively simple choice as far as I'm concerned. The market solution for salmonella poisoning would be that a bunch of people would die, and people would avoid buying products from the same company, until the next round of deaths occur. The scary communist solution is to demand outside inspections from a third party - the best option being the government.

Now, why is the government a good idea? Because people without money can compel it to be transparent. If you had a private party doing the inspections, you could not review their actions. All of the criticism of the FDA is possibly only because as a state entity, it must be transparent.

Re:Begging the proposition.

[OzPeter]

I still believe that most people are ignorant of being tracked, rather than assuming they are and being powerless to stop it. I think this because people in general have little comprehension of anything that is not in their immediate world - for example manually setting a VCR time. Technically a simple system to set up but seemingly beyond a lot of people. So how do you explain to them about the extent and possibilities of tracking systems which are hugely more complex in operation?

To add onto my "punch in the head" argument, I think it should be better stated as "a punch in the head at some indeterminate time in the future". So there is no immediate feedback to correct the market. Thus people will keep doing business with me while I abide my time before I come out punching.

Re:Begging the proposition.

[twidarkling]

I would assume that if I went to buy a cup of soup from you, and you punched me in the head, that I probably would not buy soup from you any more.
Therefor, if people are getting punched in the head, they don't care.

But what if the punch is delivered 3 days later, by someone not affiliated with me at all? In fact, the only thing I did was tell them that you bought soup from me. And then they come up and punch you in the head. It's directly because you bought soup from me, but you've no way of knowing without a lot of effort, even if you have a clue on where to start on figuring it out.

That's how corporate privacy invasion works. You give data to a few people in some manner, then they give it to someone else, who then uses it in some way to screw you over in some fashion.

Re:Begging the proposition.

[tjstork]

In fact, the only thing I did was tell them that you bought soup from me. And then they come up and punch you in the head. It's directly because you bought soup from me, but you've no way of knowing without a lot of effort, even if you have a clue on where to start on figuring it out.

Boy uh, that's a stretch.

That's how corporate privacy invasion works. You give data to a few people in some manner, then they give it to someone else, who then uses it in some way to screw you over in some fashion.

What's the punch? Like, if GM knows that I like American cars, and sells it to everyone, than, what's the harm? If anything, I'm getting free advertising for my way of life.

Re:Begging the proposition.

[tjstork]

Technically a simple system to set up but seemingly beyond a lot of people

Not really, I mean, the question with VCR times is, why bother doing it. The only reason you needed a VCR to have the right time in it would be if you used the time shifting features it had, but most people bought VCRs to watch movies with, not record them. They only wanted to know that they could record... a fact since born out by knowing that DVD players outsell time shifting things like TIVO by a fairly wide margin.

Re:Begging the proposition.

[tjstork]

However, the cost to society in the form of radically more serious injuries makes sense for the market to have these rules in the long run.

Does it? The fact of the matter is that all of the safety devices on cars have probably doubled the price of cars, and yet, the greatest thing that has lowered the fatalities has been better driver education, not any of the tech goodies. If you had a car without any safety devices whatsoever, you would have car payments 1/2 of what they are today, allowing for people to save more for college, lower their debt, get themselves out of poverty, but instead, your artificial regulatory price increases just keeps making poverty worse.

The scary communist solution is to demand outside inspections from a third party - the best option being the government.

The problem with your whole point is that you would assume that the government would, in fact, actually do the inspections. What would really happen is that the government would not do the inspections, people would still die of Salmonella, and then the problem would restated as a request for more public funds.

Now, why is the government a good idea? Because people without money can compel it to be transparent. If you had a private party doing the inspections, you could not review their actions. All of the criticism of the FDA is possibly only because as a state entity, it must be transparent.

Government is completely non-transparent and non-accountable, that's the whole point. Why should the FDA be transparent? It's not like there's another FDA. The fact is, its not.

Re:Begging the proposition.

[FishWithAHammer]

How about selling the knowledge that you like gay goat porn? American cars is one thing, a proclivity for watching a goat cornhole a dude would probably not reflect well on you if people knew.

Re:Begging the proposition.

[tjstork]

American cars is one thing, a proclivity for watching a goat cornhole a dude would probably not reflect well on you if people knew.

Your post was so damned funny that you defeated the purpose of your argument. If someone got a goat to cornhole him, he'd probably be a giant star on youtube for a couple of days. I remember like in the early 1990s there was some girl out there that blew a horse, and that video was definitely popular.

Re:Begging the proposition.

[tjstork]

. Your example is lame in that it excuses (ignores)

Dude, I've stood in supermarket lines and asked people if they care. They don't. Why do you always have to assume that people are stupid when they are not?

Re:Begging the proposition.

[tjstork]

Letting the market sort things out neglects the fact fact that people who are powerful enough can, will, and even do lie, cheat, and steal.

And how does the government change that? You trade a prince of a corporation for a despot of the government. I could choose to not shop at Acme but I am a US Citizen always.

Re:Begging the proposition.

[copponex]

Let me list your extraordinary claims, and then you can provide the citations:

1) Safety devices have doubled the price of cars
2) Driver education is more effective at saving lives than seatbelts and airbags
3) The government never does it's job
4) Government is less transparent than a corporation
5) Government is somehow not accountable

For instance, the FDA issues rules on food safety for restaurants, available here. You know when you to go a restaurant, and they have those little papers that allow you to see how the restaurant is rated for food safety? Do you think any restaurant would ever post that information on it's own?

The real fact is that protecting profits are far more important than protecting consumers for any business. The only agency that can compel a powerful organization to be honest is a policing authority, which is typically provided by the government. If you have a better idea that isn't based entirely on your own hallucinations and imaginary data, please let me know.

Re:Begging the proposition.

Stupidly, the soup & head punch analogy is probably the most clear and insightful thread in this entire post.

Re:Begging the proposition.

[cdrguru]

PDA? The FDA does not inspect restaurants. It is a matter for the public health department of the municipalty or county. They may be held accountable to some sort of FDA standard, but enforcement to the restaurant is not at the federal level.

And no, most restaurants do not post any sort of ranking by the FDA, public health department or anyone else. What does scare them here in Arizona is getting a low grade by the TV station that does their own "Dirty Dining" report, which is completely separate from anything else. And can be used as a club to beat restaurants into submission if they aren't friends of the TV station.

Nice try for big government. But it doesn't work that way.

Re:Begging the proposition.

[copponex]

Most municipalities are required by law to post their scores where the public can see them. And again, if big government doesn't work, why does every economic leader in the world have one?

Re:Begging the proposition.

[Qzukk]

People would avoid using that that store to prevent institution

Unlike spam, I can't get a credit card of the form John+Kroger Doe in order to track down who's leaking my information.

Re:Begging the proposition.

[doulos05]

Bottom line is, people don't care about privacy, but they do care about having their personal information being used to hurt them.

And therein lies the fundamental problem. In most people's minds, bad things should always happen fast. Few people realize that, in real life, most things develop slowly, over time. Until more people realize that fact, we will continue to take "short, fast, cheap, and easy" over "longer, slower, more expensive, and harder" as a default. Frankly, I worry about the privacy debate not for my own sake, but for my kid's sake. By the time they are born, it is likely that their entire lives will be recorded electronically (with the possible exception of the first few years). Where they live, what they do, etc, etc. I'm not worried someone in power today will do something bad with that, most of them aren't even aware of the possibilies. I'm worried that some politician-to-be from the class of 2009 is going to do something with it when they get into a high-level public office 15 to 20 years from now.

Re:Begging the proposition.

[Qzukk]

Boy uh, that's a stretch.

Sadly, it's not even close to a stretch at all (aside from the silliness of receiving a punch). I just got a check last week from the FTC claiming that waaaaay back in 1998 a bank apparently sold a list of 3 million credit card numbers for the purpose of "scrubbing" internet transactions. They sold the numbers of other banks' members, so "not doing business with them" would not have gotten you off the list.

Needless to say, some porn company purchased the list and used it to fraudulently charge a lot of people a lot of money. What a punch in the face!

Re:Begging the proposition.

[FishWithAHammer]

Yeah, but without a name on it. Bob Jones might have some trouble getting a job (fair or not) if it's going around that he buys gay goat porn.

Re:Begging the proposition.

[FiloEleven]

So you've found out where the punch came from, and your linked article says that the sites have been ordered to pay up. Yeah, it sucks that it happened, but it seems like restitution is being made. What more do you want? Do you think that privacy regulation will really stop all fraudulent activity? If not then you have to consider the consequences of placing more hoops for companies to jump through with the benefit of reduced fraud, keeping in mind that megacorps can take it all in stride while small- and medium-sized businesses struggle. I am not prepared to make a call on regulation with regards to the privacy thing, though I generally disfavor regulation. It just seems like lots of pro-regulation people only see "reduced fraud" without "increased burden" which translates directly to "increased costs."

Re:Begging the proposition.

[FiloEleven]

The real fact is that protecting profits are far more important than protecting consumers for any business. The only agency that can compel a powerful organization to be honest is a policing authority, which is typically provided by the government. If you have a better idea that isn't based entirely on your own hallucinations and imaginary data, please let me know.

www.consumerreports.org

Reports on quality, including safety. They are not mandatory, so do not count as a policing authority, yet companies love their feedback and will do much to please them because consumers trust their reviews. They also, unlike government regulators, have a very good track record of being on the up-and-up.

Re:Begging the proposition.

Do you think we all care about the health/safety inspections at restaurants? I, for one, just don't care. Of course, I also believe that having rid ourselves of many of the minor diseases/virum/etc that we have left ourselves open for just one big one (can you say 'bird flu' or 'swine flu')

Personaly, I think that a good case of food poisoning about three times a year is good for a person. It sure makes me happy to still be alive after it's over.

Re:Begging the proposition.

[Qzukk]

So you've found out where the punch came from

That's just it, I haven't. How did this strange bank get ahold of my name and number? Who is responsible for getting it to them? Did $27 (well, times however many people got the check) paid 11 years after the fact really show the people involved the error of their ways? From what I've found of the lawsuit, it was only against the porn company, leading me to believe that the bank made a tidy little sum from its part in this crime. (And others? Who else did this bank sell my number to?)

It just seems like lots of pro-regulation people only see "reduced fraud" without "increased burden" which translates directly to "increased costs."

That's a tough one, but reducing fraud also translates to "reduced costs". The problem is that for most of the companies (like the aforementioned bank) the "costs" apply to someone else entirely, so why should they bother with the burden?

Re:Begging the proposition.

[copponex]

They're a great organization. But they have no power to put any white collar criminals in jail or compel a corporation to reveal anything that the corporation doesn't want to reveal.

Re:Begging the proposition.

[Jawn98685]

Somehow, I rather doubt that your supermarket checkout queue queries were couched in terms that came anywhere close to illuminating the full consequences of taking the "club card" deal. If they had been, I'm certain that the responses would have been substantially different. The sad fact is that people often are stupid, like when they decline to (or are simply unable to) exercise enough discretion to read and understand the terms of some legal agreement they're about to enter into. It is not that they don't care about their privacy, it is that they are ignorant of the consequences, and are deliberately kept so by those exploiting their ignorance.

Re:Begging the proposition.

[FiloEleven]

If I am a consumer, what do I care about the employee of HooplaCorp skimming millions off the top of their profits? All I care about is that their HoopySloop works as advertised and has some standard of quality that measures up to what I paid for it. We already have agencies to investigate fraud and theft; are there reasons that those are not sufficient?

Can you perhaps give me an example or two of how corporate secrets or white collar criminals a) adversely affect me as a random consumer, and b) would be stopped or severely curtailed by more government regulations?

Understand, I know that a market with some level of regulation is more free than a rules-free market. I just tend to think that the mandatory regs ought not to extend beyond disallowing fraud and theft.

Re:Begging the proposition.

[copponex]

Sure.

First example, regulations on banking. Canada has a highly centralized, highly regulated, thoroughly vetted system that was ridiculed for not jumping on the credit default swap band wagon. It's also the only solvent western bank in the world right now.

Both the US and Canada allow subprime mortgages. The difference is that in Canada banks are required to get insurance for those types of loans, and they are not allowed to resell the mortgages into secondary securities markets. In the US, where the secondary securities market is unregulated, speculation heated up the entire economic system, which as always, led to the bust after the boom.

The white collar criminals come into play as the people who closed the mortgages without documentation, in exchange for commissions. Then their bosses knowingly packaged and sold these poorly documented loans to other people, got their friends to stamp a AAA insurance rating on the package as long as a few loans were well qualified, also to make a commission. All of these shenanigans occurred precisely because there was no transparency required, since the transactions were unregulated. I have shown proof that government regulation works in the paragraph above this one, but you can read more about it here: http://www.brookings.edu/papers/2009/0423_canada_nivola.aspx

Now, as for corporate secrets, it's a shame that you even have to ask for evidence. Just off the top of my head:

Asbestos, cigarette, lead paint, and countless other companies knowingly sold their products after they knew of the serious health problems their products caused. Corporations reserve the right to lie about their products, defeating the purpose of the free market entirely. Regulations work - once the public pressure became too great, all of these items were regulated and outright banned in some cases. Car companies knowingly made unsafe vehicles and were forced by the public through government legislation to improve the quality of their safety devices, due to the work of people like Ralph Nader.

As a consumer, you may be dying or have children who are seriously ill, and these issues can be resolved with sensible regulations and enforcement of law.

Re:Begging the proposition.

[FiloEleven]

I guess I'm having a hard time seeing how more privacy regs are going to change the fact that you, the victim, can't always follow the chain of cause and effect. As soon as those numbers start being used in fraudulent purchases, you have an existing mechanism for recovering your money. What more are you entitled to?

reducing fraud also translates to "reduced costs"

Good point. So as far as cost/benefit goes, it's a question of how much it costs companies and consumers to prosecute fraud versus how much it costs companies to comply with mandatory regulation, a cost which they will pass on to consumers.

Re:Begging the proposition.

[Qzukk]

As soon as those numbers start being used in fraudulent purchases, you have an existing mechanism for recovering your money.

Why should I have the burden and costs of recovering my money over and over and over again because Bank of Stupid (or 50 other banks I've never heard of and never did business with, and have no possible way of determining whether they are or have been a party to frauds like this) kept selling my credit card number to thieves?

a cost which they will pass on to consumers.

So some bank I've never heard of will charge credit card thieves more for the list of credit card numbers, or charge other people I've never heard of more to protect their thieving clients, causing them to go out of business? Hold on a second, let me get out the world's smallest violin...

Maybe if we just passed a law stating that you can't sell personally assigned (CC#) or identifiable (Name/address/etc) information to others rather than continuously dancing around the issue, no matter how you received that information, nobody would worry about the cost of compliance, because the only cost would be not doing it.

Re:Begging the proposition.

[FiloEleven]

Thanks, I appreciate your response.

I didn't think of the financial sector when you mentioned white collar crime, and this is the first I've heard of Canadian banks' stability. Interesting stuff.

I am of the opinion that what led to the bust was the boom, and that the speculation boom itself was due to a number of factors, not least being the Fed's artificially low interest rates and Congress' "mandate" for affordable housing. I see the entire "Systemic Differences" section of the article you linked as being more influential in the bubble and the bust than any lack of regulation. Canada's different outlook (and their regulations) kept their banks from participating heavily in the boom, so naturally the bust affected them less as well. My belief in a more fundamental cause for the crash sort of sidesteps any meaningful discussion about the financial regulation issue, so I'll focus more on the second half of your post.

Corporations reserve the right to lie about their products, defeating the purpose of the free market entirely. Regulations work - once the public pressure became too great, all of these items were regulated and outright banned in some cases.

They didn't have a right to lie about their products--they all committed fraud by claiming their products were safe when they knew otherwise, and they got caught. It wasn't the regulations that did the job, it was the public's awareness of the problem. If you know that lead paint is harmful especially to children, and you have children, are you going to paint your house with it? Of course not! Once the problem is discovered the market takes care of it on its own: people stop buying lead paint, and companies selling it either change their product or shrivel and die.

If regulations took no effort to follow (i.e. "don't put lead in your paint") then I'd be more okay with them. In reality, the regs are closer to "all of your paint must now be tested for lead," a process which costs money. That cost does two things: (1) raises the price of the good, since the cost of testing gets passed on to the consumer, and (2) crowds out small and medium-sized businesses who can't handle the new overhead of testing, while allowing supercorps with capital to burn to fill the vacuum.

For an example of recent horrible regulation, check out this piece on CPISA, last year's for-the-children lead scare response.

"Either they take all the children's books off the shelves," Associate Executive Director Emily Sheketoff of the American Library Association told the Boston Phoenix, "or they ban children from the library."

Re:Begging the proposition.

[FiloEleven]

Why should I have the burden and costs of recovering my money over and over and over again because Bank of Stupid (or 50 other banks I've never heard of and never did business with, and have no possible way of determining whether they are or have been a party to frauds like this) kept selling my credit card number to thieves?

Well, you shouldn't stop at blaming the bank. In fact, I'm not sure how much blame the bank deserves: the list had nothing but credit card numbers: no names or expiration dates. It was the credit card companies who processed the transactions without that information because they were such small amounts, so IMO they deserve more blame than the bank, and since you have a direct relationship to the card company you CAN hold them accountable. Or, rather, you could if the contract you signed to get the card didn't strip you of all your rights...

Maybe if we just passed a law stating that you can't sell personally assigned (CC#) or identifiable (Name/address/etc) information to others rather than continuously dancing around the issue, no matter how you received that information, nobody would worry about the cost of compliance, because the only cost would be not doing it.

This seems pretty reasonable at first glance. I'd have to think through the ramifications more fully before passing judgment. I do see a problem in that you'd have to give people the power to consent to such information sharing or sale, as there are lots of legitimate services that rely on being able to give your name and address to a third party (ebay and amazon, for instance). Once you put that in, though, what's to prevent a credit card company or a bank from putting that consent into all of its (generally unread) contracts? That seems to put you nearly back at square one.

It's a tricky issue.

Simple solution

[PPH]

Define the ownership of personal data to include the person whom the data applies to.

If I enter into a business relationship with someone else, all the information I provide should be considered to be co-owned by both of us. Any subsequent sharing of that information with a third party should involve both the consent of both of us as well as sharing the proceeds of that subsequent exchange. When the costs of managing such transactions are factored in, far fewer of them would occur.

The idea that anyone complains about the costs of complying with such regulations puzzles me. I mean, I could start a business stealing cars and then complain that the costs of complying with auto theft laws were onerous and harming the profitability of my enterprise. Tough sh*t. Its all based on fundamental property rights. Just because someone has developed a business model based upon a legal oversight doesn't legitimize their complaint when the law catches up and plugs the loophole.

Re:Simple solution

[JustinOpinion]

I don't think adding another class of "Intellectual Property" will make things more efficient. Just the opposite. And all the usual complaints against Intellectual Property would apply to this "ownership of private information", too. Some problems that come to mind:

1. It would be difficult to define and easy to use such laws to sue to an over-reaching extent.
2. As with many laws, it favors the rich and powerful (people or corporate) because they have the means to sue exhaustively.
3. Corporations are considered legal "persons" in some ways. If such a law applied to corporate information, this could be disastrous.
4. The rich and powerful (e.g. politicians) would use this to block transparency and get away with more than they already do.
5. Much of public knowledge would become illegal, or at least regulated.
6. Transaction costs for any customer interaction would increase dramatically, since even information like a name or address would seem to be implicated.

I'm sure there are plenty of others that could be added to this list. I don't think defining new kinds of ethereal property is the way to go...

Re:Simple solution

[Locke2005]

No one is forcing you to share CORRECT information with the people you enter into a business relationship with. The only reliable data they have on you is the record of what you have actually purchased from them, along with the delivery and billing info. Your name, age, and address should have no market value at all, since they are available for free for every registered voter.

I agree with you, though -- I should get a cut of any profits made by selling my information.

Re:Simple solution

[mcgrew]

If I enter into a business relationship with someone else, all the information I provide should be considered to be co-owned by both of us

I can't agree. I'm not giving that information away, I'm allowing him to use it. After all, if I buy a CD I don't own the song, now do I? No information I provide while doing business should be provided any thord party unless I explicitly allow it, and when my business relationship ends, any info I provided should be destroyed.

Re:Simple solution

[PPH]

1. It would be difficult to define and easy to use such laws to sue to an over-reaching extent.
2. As with many laws, it favors the rich and powerful (people or corporate) because they have the means to sue exhaustively.

Not really. Using current property law removes the issue of civil suits. Following my obligatory bad car analogy, stealing a poor person's old beater earns the thief the same penalties as stealing a rich guy's Beemer.

3. Corporations are considered legal "persons" in some ways. If such a law applied to corporate information, this could be disastrous.

Time to fix this loophole. If a corporation is a person, then why can't it go to prison for a felony? Why is there no corporate death penalty? A corporation is a creation of the state. As such, it shouldn't have powers that the state does not possess. I have some rights to be secure in my property and papers from aqusition by the state without due process. So why is the state running around creating entities not bound by these same restrictions? If a corporation wants to define itself as a person, then it should lose the shield of limited liability, just like a sole proprietor.

4. The rich and powerful (e.g. politicians) would use this to block transparency and get away with more than they already do.
5. Much of public knowledge would become illegal, or at least regulated.

Quite the opposite. We (the public) own that information. If politicians (entrusted with managing our property) choose to distribute it selectively, then the rest of us should be compensated for such an uneven distribution. Want to keep publicly funded research out of the hands of the public? Its going to cost you extra.

6. Transaction costs for any customer interaction would increase dramatically, since even information like a name or address would seem to be implicated.

Which transaction? The data exchanged between myself and a business as a part of some transaction would proceed as it does now. What would (and should) 'cost more', is the subsequent exchange of that information with some third party. Its like me putting money in a bank. Its still my money. I'm just entrusting that bank with its safekeeping. When they turn around and use it for their own benefit (making loans), the result to me is that I receive interest on my deposit. Why shouldn't information be treated the same way? In fact, the company has already profited once from that exchange of data (when we did business). And if all of that is too much for them to handle, there's always the option of an anonymous sale. Once the deal is done (with the possibility of transaction being managed by some trusted third party), I walk away with the product and they walk away with the cash and no data.

Re:Simple solution

I should get a cut of any profits made by selling my information.

Except that you're say... 1 in 100,000 entries in a database. Say a company pays $100 for access to the database (just blindly throwing numbers out there for the sake of argument). The TOTAL value on your entry will be 0.1 cents. The 'profit' even less. Getting a 'cut' of that profit... the cost of the paper used in the cheque would be worth more than your 'cut'. Maybe you could cut a deal where they could offer you one grass seed, provided you pick it up yourself.

Re:Simple solution

[Arthur+Grumbine]

... stealing a poor person's old beater earns the thief the same penalties as stealing a rich guy's Beemer.

Depends how crappy the beater car is. If it's worth less than $400, then it seems it might earn you only a misdemeanor instead of the usual grand theft felony charge.

Re:Simple solution

[cdrguru]

The problem with corprate data is that it would likely become just as private as that of other persons.

The problem with transactions is today some of the cost and risk are mitigated through other means. So you get a cheaper price at the grocery store because the store is selling their scan data. Don't want to participate? Then pay higher prices.

Anonymous sale? Sure, you can buy a pack of gum anonymously. But just try to buy soemthing big. Today, we all benefit from the retailer offering financing to buyers. You might take the discount and the financing. Or, you are getting an overall lower price because some buyers (not you) are signing up for the financing which untimately makes the store more money. Preventing this sort of thing - which is exactly what limiting information transfers will do - and we all pay more everywhere.

I think the first step is to eliminate credit cards and financing at the retail level. If you don't have the cash to buy a car, then don't. The problem is that the economy has grown since 1890 by quite a bit because of retail financing, easy credit and the like. While stuffing the credit genii back in the bottle is certainly possible, the result is a contraction of the economy to 1890 (or thereabouts) levels.

I don't see "information privacy" and "easy credit" being easily combined. And probably one huge difference between USA and European countries is easy credit and the significant boost in retail buying power that provides.

Re:Simple solution

[PPH]

The problem with corprate data is that it would likely become just as private as that of other persons.

Corporations exist by permission of the state. A condition of receiving that permission (or issuing securities) is submitting certain data for scrutiny. Any corporation is free to give up their limited liability status and try operating as a sole proprietorship if they want privacy.

So you get a cheaper price at the grocery store because the store is selling their scan data. Don't want to participate? Then pay higher prices.

Not really. The membership card retailers aren't the cheapest in my neighborhood (even with the discounts). I think the people buying the scan data are getting a list of suckers.

I don't see "information privacy" and "easy credit" being easily combined. And probably one huge difference between USA and European countries is easy credit and the significant boost in retail buying power that provides.

Or so Equifax and TransUnion would like you to believe (FUD). Get a security freeze put on your credit records. It doesn't slow a credit card down. At worst, you have to fill out an additional form when applying for a loan, but the process is smooth. And the difference between US and EU credit isn't that big a deal. Their credit cards work just like ours. In fact, the EU seems to be more advanced than the USA in terms of their
credit technology. I find it interesting that this article shows no examples of US smart cards (they exist, but they are way behind the USA).

Markets?

[AvitarX]

So now the question becomes: how do we make regulation as efficient as possible?

You do it with a market of course.

Unfortunately that tends to mean a migration to places with essentially no regulation.

You don't?

So now the question becomes: how do we make regulation as efficient as possible?"

Ideally, you come up with a simple baseline standard, whether through harmonization of existing laws and policies or by determining exactly how much privacy we deserve and enforcing it across the board. Then you push the standard at the federal level.

In practice, they will do the above, but to a minimal standard that is riddled with loopholes and overriding state laws that offer greater protection.

It's comparable to the security vs. convenience problem. There's a far greater cost to this patchwork system, and it's not nearly as good as it should be, but while it'd be far more convenient to harmonize everything the lobbyists will ensure the result will be evenly ineffective.

Privacy Costs the Consumer Directly Too

[CodeBuster]

There are even more direct costs for consumers who wish to maintain their privacy these days. For example, how many of you have signed up for the discount card at the supermarket or the "rewards card" at any number of other businesses? Unless you have taken other steps which also cost money, such as arranging a mail drop or renting a PO Box, you have essentially "sold" your privacy in exchange for a discount on purchases. Those of us who value our privacy and wish to maintain it are frequently compelled to forgo such discounts or else pay, in time, money or effort, to set up specialized fronts to protect our "true" identities (i.e. the mail drop, aliases, corporate credit card, etc). Perhaps privacy was less expensive in the distant past, but in modern society preserving it effectively is becoming ever more labor intensive and expensive. In fact, the invasion of our privacy is now so pervasive that people give strange looks to those of us who decline to be part of "rewards", club cards, and other privacy invasive schemes in exchange for discounts; as if they cannot understand why someone wouldn't fill out a card with their real name, address, SSN, and mother's maiden name in exchange for a $5 discount.

Re:Privacy Costs the Consumer Directly Too

[WMD_88]

I don't own any credit cards, and pay for almost everything with cash, to avoid the stuff you write about. But I have a Borders Rewards card.

I hate myself. :(

(On the other hand, the Borders near my house closed, so I don't have a convenient place to use it anymore.)

Re:Privacy Costs the Consumer Directly Too

[kent_eh]

Nothing says the information you put on the form has to be entirely accurate or complete.
For instance, my dear departed mother-in-law still buys a lot of things at Safeway. At least as far as they know.

That said, I skew my purchasing towards places that have less invasive "loyalty" programs.

You are wrong.

Yes, it is.

Transparency for the state means transparency on laws as they are prepared, transparency towards regulatory bodies of those laws, etc... It means that the rules that state officials prepare and their work is fully transparent.

Still, the said officials can retain the full privacy of everything that isn't directly work related (IE. What they do on their time off work, what they do during their lunch breaks, whose photo they have in their wallet and what bodyparts have they pierced...)

State is indeed some concrete thing, independent from individuals. Ideal situation is that state represents the masses but it never represents the individuals.

Re:You are wrong.

[cencithomas]

Still, the said officials can retain the full privacy of everything that isn't directly work related (IE. What they do on their time off work, what they do during their lunch breaks, whose photo they have in their wallet and what bodyparts have they pierced...)

but but but!... If public servants' privacy off-hours is strictly defended (and I'm not saying it shouldn't be), how does the public keep politicians from using their 'private' time to cut back-room deals on public legislation? Just trust their say-so on the matter?

Re:You are wrong.

[DragonWriter]

Transparency for the state means transparency on laws as they are prepared, transparency towards regulatory bodies of those laws, etc...

Tranparency on voting on public initiatives and referenda? (That's, after all, part of the process of making laws.) Transparency on voting for public officials (after all, choosing lawmakers is part of making law.)

It means that the rules that state officials prepare and their work is fully transparent.

So, no private personnel matters (including health matters) for any public employee?

And does the rule for "state officials" apply only to public employees, or does it apply to contractors as well?

State is indeed some concrete thing, independent from individuals.

No, its not. Its an abstract concept with a fuzzy boundary, and is, in any case, comprised of, not independent from, individuals.

The idea of "privacy for individuals, transparency for the State" is perhaps a useful starting point in determining how to balance the fundamentally conflicting goals of privacy and transparency, but its just that--a starting point in how to balance conflicting interests--not some kind of clear answer.

Re:You are wrong.

[Tubal-Cain]

So, no private personnel matters (including health matters) for any public employee?

I don't consider health matters private. Why should I care who knows about my injuries and ailments?

Re:You are wrong.

[DragonWriter]

I don't consider health matters private.

I would submit that many people who would state "privacy for individuals" as an important goal would see health matters as a particularly important part of that.

But, certainly, that particular one of the many issues raised by the "privacy for individuals, transparency for government" idea becomes easier if you just simply decide that, even for individuals, health privacy isn't important.

Re:You are wrong.

[Thinboy00]

What if you have disease foo? Do you want everyone to know? What if there's a social stigma or something?? What if you're not a slashdotter and actually have lots of friends and you don't want them to know about disease foo???

Re:You are wrong.

[T+Murphy]

My impression of Congress is they spend their working hours doing nothing, and their leisure hours being wined-and-dined by lobbyists, so I propose we give them privacy when in session and watch their every move everywhere else.

Re:You are wrong.

[mccrew]

Can't tell if you are being serious or not, so I'll assume you are.

Next time you are doing well in a job interview, preferably with a small company, mention that you have some chronic condition that is really expensive to manage. Do this regardless whether you actually have the condition or not.

What do you think your chances are that you'll be getting an offer as compared to if you'd not mentioned it at all? Does your opinion change?

Re:You are wrong.

[Ironica]

Still, the said officials can retain the full privacy of everything that isn't directly work related (IE. What they do on their time off work, what they do during their lunch breaks, whose photo they have in their wallet and what bodyparts have they pierced...)

but but but!... If public servants' privacy off-hours is strictly defended (and I'm not saying it shouldn't be), how does the public keep politicians from using their 'private' time to cut back-room deals on public legislation? Just trust their say-so on the matter?

If a public official makes their "private time" part of their public office, then that time is part of them doing their job. Most office holders, once you get beyond Podunk City Deputy Councilmember, are not working 9-5:30 punch in/punch out. Their "public" actions and "private" actions are not delineated by what time they occur, but by where and with whom they occur.

I think we also need to remember that our officials are people, too, and allow them to hold and even express opinions that are NOT a matter of policy. Someone could personally believe very deeply that abortion is a bad idea, and still acknowledge that by the law of the land and the will of the people, it is legal and something that women are entitled to choose. If we allow people to have a personal and professional sphere of life, we'll have *less* influence of the personal sphere on the professional.

Re:You are wrong.

[Ironica]

I don't consider health matters private. Why should I care who knows about my injuries and ailments?

You may not care, personally. Here are reasons why many people do care:

1) Certain health issues may be highly correlated with certain traits or lifestyle decisions which are highly sensitive topics. If you picked up gonorrhea 15 years ago because "There's a time and a place for everything, and it's called college", do you want your current prospective employer deciding whether to hire you based on whether they expect you to sleep around with the staff?

2) Some people specifically don't want the sympathy or pity that full disclosure of their infirmities would engender.

3) Health insurers might deny you for coverage or claims if they knew you had X abnormality. Employers might turn you down because you're more expensive to insure (and their insurer gives them a break if they keep people with certain issues off the payroll).

4) Sometimes "your" health history isn't just yours. Should my birth histories be made public, so that my children's earliest moments are a matter of public record? What if they're applying to some college, and someone comes out with a study that correlates c-section delivery with underacheiving... should "my" health history compromise their chances of admittance?

5) Fear of disclosure of treatment already prevents many people from seeking help when they know they have mental health issues, due to stigma. If all health-related information was public knowledge, this would be far worse.

6) Even if an individual doesn't have any issues they think should be private, if privacy is not the norm, then anyone who strives to keep things private will have a spotlight shone on them. What are they hiding? If everyone sent all their mail on postcards, then everyone would be suspicious of the guy whose mail came in envelopes, but with envelopes as the norm, you can send confidential or private information through the mail without piquing the public's interest.

Re:You are wrong.

[genericpoweruser]

Remember that STD you got from that tattooed chick at the carnival?...

Re:You are wrong.

[Tubal-Cain]

1) Certain health issues may be highly correlated with certain traits or lifestyle decisions which are highly sensitive topics. If you picked up gonorrhea 15 years ago because "There's a time and a place for everything, and it's called college", do you want your current prospective employer deciding whether to hire you based on whether they expect you to sleep around with the staff?

I can honestly say STDs didn't occur to me. The worse case scenario I came up with was some condition derived from drug use back when the person was young and stupid, though the majority of STD cases are probably also symptoms of young and stupid.

Are we talking about all health records being public, or just public officials? I would want to know if a candidate was very 'loose' in his/her early life.

2) Some people specifically don't want the sympathy or pity that full disclosure of their infirmities would engender.

If it's a prior affliction or something minor enough that you can hide in everyday behaviour, people forget. Though if they haven't seen you in a while they will likely ask about it. A simple 'fine' will end the topic. If it isn't hidable (cane, wheelchair, McCain's raising-his-arms-higher-than-his-shoulder), sympathy is probably unavoidable.

3) Health insurers might deny you for coverage or claims if they knew you had X abnormality. Employers might turn you down because you're more expensive to insure (and their insurer gives them a break if they keep people with certain issues off the payroll).

Is it not illegal to lie when they ask about that?

4) Sometimes "your" health history isn't just yours. Should my birth histories be made public, so that my children's earliest moments are a matter of public record? What if they're applying to some college, and someone comes out with a study that correlates c-section delivery with underachieving... should "my" health history compromise their chances of admittance?

Again, the answer is affected by whether this is a matter for everyone or just elected officials. If it's for everyone, the c-section would likely be a part of the child's medial history as well, so the point is moot. If it's just public officials, it could be a problem. But maybe there just isn't enough children of female elected officials (I can't imagine a c-section being on the father's record) to be worth the college's time or effort. And the notoriety of teaching the official's kids may be worth the risk, anyways.

5) Fear of disclosure of treatment already prevents many people from seeking help when they know they have mental health issues, due to stigma. If all health-related information was public knowledge, this would be far worse.

That would be closing the barn door after the horses have escaped. If they are avoiding treatment because they don't want anyone to know about their condition, making their condition public suddenly does away with that excuse.

6) Even if an individual doesn't have any issues they think should be private, if privacy is not the norm, then anyone who strives to keep things private will have a spotlight shone on them. What are they hiding? If everyone sent all their mail on postcards, then everyone would be suspicious of the guy whose mail came in envelopes, but with envelopes as the norm, you can send confidential or private information through the mail without piquing the public's interest.

Yes. Your point?

Re:You are wrong.

[selven]

That is a government health care problem, not a privacy problem.

Re:You are wrong.

The same way you keep citizens from buying or selling illegale drugs.
You dont, but if you catch them, you fine/jail them.

Accepting that some crimes can go unpunished is better then having
no privacy at all.

Re:You are wrong.

[rohan972]

Next time you are doing well in a job interview, preferably with a small company, mention that you have some chronic condition that is really expensive to manage. Do this regardless whether you actually have the condition or not.

What do you think your chances are that you'll be getting an offer as compared to if you'd not mentioned it at all? Does your opinion change?

So the purpose of privacy is to allow you to deceive others into paying for your medical care? Or at least to allow you to promote yourself as being reliable when you know full well your condition will force your productivity down due to time off for medical care?

I'm in favour of strong privacy rights, but if I wasn't, your argument would definitely not persuade me.

Re:You are wrong.

So the purpose of privacy is to allow you to deceive others into paying for your medical care?

He didn't say that. You inferred it. Correctly or incorrectly is difficult to say.

Or at least to allow you to promote yourself as being reliable when you know full well your condition will force your productivity down due to time off for medical care?

If you change will into may, then yes, maybe. Note, again, that he didn't say that the (imaginary or not) condition would take lots of time to manage, just that it is expensive to manage. Not necessarily the same thing, and not necessarily implying that the condition would affect work productivity either.

I'm in favour of strong privacy rights, but if I wasn't, your argument would definitely not persuade me.

I'm glad that you are in favor of strong privacy rights.

I think his argument is somewhat stronger and more persuasive than you do, for the reasons outlined above. You may of course disagree, as is your right. I just wanted to provide a slightly different point of view.

Re:You are wrong.

[Ironica]

Ok, since you're the person I was originally responding to...

Are you an elected official?

Because you said that you don't care who knows your health information. I didn't understand you to be speaking of elected officials, but about the confidentiality of the everyday person in health matters.

Me, I don't care who my elected officials have slept with, especially not years past. Why do you? Is there some practical reason, that tells you that a preference for brunettes makes them more likely to succeed at peace in the Middle East, or is it just your sordid curiosity?

One does not need to disclose any infirmity or illness to an employer which does not affect their job duties. So yes, you can hide health information from your employer. For some things, it's illegal for them to ask (like pregnancy), so the legality of lying in response is moot.

My point about avoiding treatment for mental illness because of the fear of disclosure is that, if you're not *diagnosed*, you can continue to hide the condition. If everyone's health history is public, there is no way to keep your chronic depression or occasional thoughts of suicide or inappropriate feelings toward your cousin confidential, and seek treatment for these things. This is bad, because then people will just forgo treatment, even more often than they already do.

The final point is that, while you, personally, may not feel any need to have privacy for your health information, there are many, many people who have entirely legitimate reasons for not wanting to be judged by the public at large for their health record. Therefore, privacy should be the norm, so that they're also not judged for keeping their record private.

Elected officials don't have a whole lot of privacy about their health matters anyway. Candidates for major offices get physicals and screenings that are public record. The records of their family members are often scrutinized as well. That's a different issue than "Why should I care who knows about my injuries and ailments?" and wasn't what I was trying to address at all.

CISP\HIPPA Compliancy

[kenp2002]

You have:

SOX, CISP, GLBA, HIPPA as the most expensive for corporations. I can speak to CISP and HIPPA from a professional standpoint. The others I cannot.

CISP compliance has a serious impact in that test environments cannot use raw customer data for testing for banks. Sanitized data must be used in test environments normally. In the event of a product fix that needs to be testing back in a test environment offshore resources for instance cannot have access to those environments and the data must be documented and exist only for a limited time. Pulling 20,000 records for testing for instance may take 4-6 hours pre-CISP but post CISP the sanitization process may push that out to 5-10 hours. If you are attempting to do that process in the evening, with only a 6 to 8 hour window CISP meant that many had to beef up their systems to ensure the process was complete within the window. For smaller banks the costs must have been harsh. Updating software, policies and procedures can easily rack up a 6000 labor hours in the first year.

On average CISP complaince can double the turn around time of a production fix (say 20-60 hours of labor) into 40-80 hours for turn around. YOu have an entire chain of events that fire off and kicking out certain staff due to the existence of customer information takes time with SAPs, VPN connectivity, etc... Great for the customer, I cannot argue it, but expensive.

HIPPA I can speak to growing up in hospitals and clinics as well as painting in those locations part time. Part of the requirement that I see directly is, if I have to paint a clinic or office the clinic staff (not I the painter) has to go through and ensure that ANY AND ALL patient documentation is out of sight prior to me starting. HIPPA has too many "reasonable" language mistakes in it as who defines "reasonable"? The judge? Lawyers? JACO? Who? So paranoia is high with patient data (as it should be.) But getting staff to lock all that up prior to maintenance adds time.

Another hidden factor is space. A clinic now has to try and keep other patients out of ear shot pushing the lobby out farther.

Further segragation of roles and even something as simple as those privacy screens add up. In a typical hospital with 200 computers in it let us say, means at $10 bucks a screen you have $2000 in new expenses.

I've seen a few locations require the inter-office mail couriers to have locked boxes while moving around the facility. Those have to cost at least $350 bucks a box for those.

Now all those HIPPA forms are going to double if not triple the amount of paper you are ordering. Liability and insured communications also increase costs and add delays. More cerified mail goes out now as far as I can see since HIPPA also.

One thing to keep in mind is that ANY GOVERMENT COMPLIANCE that exists is disporotionally expensive to smaller organizations. SOX killed a lot of smaller corporations due to the cost of compliance. The smallest get exemptions, the largest can afford it, it's the mid-size businesses that get crushed.

Re:CISP\HIPPA Compliancy

SOX/SAS 70 costs can - in certain ways - be passed on to the client, just like we did when the government mandated the 834 file format. And "HIPPA" is spelled "HIPAA" (health insurance portability and accountability act).

Re:CISP\HIPPA Compliancy

[Red+Flayer]

SOX killed a lot of smaller corporations due to the cost of compliance.

[citation needed]

Re:CISP\HIPPA Compliancy

Since you're a professional, you'll know that HIPPA stands for Health Insurance Portability and Pccountability Act.

Wait, that's not how you spell "accountability"?

Re:CISP\HIPPA Compliancy

[kenp2002]

SOX killed a lot of smaller corporations due to the cost of compliance.

[citation needed]

http://www.forbes.com/forbes/2008/1222/028.html and the other million plus hits your lazy smug ass could find if you just went to google. You could also pay attention when SOX went live and MSNBC, CBS, CNN, and about 20 other news networks cover the nationwide bitch fest for 2 years.

Thank you for sleeping through that part of history. Get off your lazy ass and google it and wipe the smug shit eating grin off your face you brat.

Re:CISP\HIPPA Compliancy

[Red+Flayer]

I paid attention, you twit.

I've done my homework, while you apparently have just heard what you wanted to hear, without actually reading any of the facts.

The link you provided? Guess what -- it doesn't refer to small companies at all. It refers to large companies.

As a matter of fact, the cost of SOx compliance for smaller public companies (less than $75 mil in revenues) is less than $80,000 per year -- far less than 1% on average. If $80,000 a year is driving your public company out of business... well... you've got bigger problems.

So, douchebag, before you are so quick to call someone a lazy smug ass, why don't you do your homework and actually look into the costs. Get up off your lazy smug ass and bother to research your mistaken assertions before you make them, next time.

You're flat-out wrong about the impact of SOx on small companies... and to be nice, rather than point out how wrong you were, I chose instead to write "[citation needed]" to give you the opportunity to defend your written words, or restate your assertion if needed. Instead, you reacted by spewing a bunch of completely misplaced insults, while linking to an article that doesn't support your argument at all. So besides being an asshole, I find that you are either lazy (didn't bother to read your supposed citation), dishonest (read it but felt like making an entirely different claim), or just plain stupid. Based upon your vitriolic hyper-defensive reaction, I'm inclined to believe the third possibility is the most accurate.

Re:CISP\HIPPA Compliancy

I guess I don't get it because CISP really represents what you need to do to keep credit card data secure. If you're not doing it, then you are hiding from your customers that your system is actually really insecure. By and large the CISP rules are good rules, there are a few that are really vague, but there's tons of basic stuff like data retention, access logging, password management that everybody should have already been doing. When a company complains about the cost for CISP compliance, to me that sounds like "We don't have secure systems at all, and it will cost real money to fix them, but we value the money over security and integrity and professionalism."

Sounds right

[cybereal]

Well at least it is hidden, that's what the privacy advocates wanted right?

Efficiency

[tnmc]

"Because the efficient market solution won't work, we're left with inefficient regulatory solutions."

What a load of clap-trap...read this and ignored the rest of the article as it's obvious they don't understand economics.

Re:Efficiency

[mcgrew]

What a load of clap-trap...read this and ignored the rest of the article as it's obvious they don't understand economics

I don't think economists understand economics. If they did, why did they let the world's economy melt down?

I'm reminded of a Dilbert cartoon from last month, "the MBA vs the crazy old witch. MBA and COW are in PHB's office, and PHB says "well, spreadsheets don't lie... but neither does bat excrement. Tell me again, who ruined the economy? Was it witches?"

Re:Efficiency

[srobert]

Milton Friedman? Is that you? I thought you were dead.

Re:piracy? oh, privacy

[CorporateSuit]

I looked at the title and read it "The 'Hidden' Cost of Piracy." Indicative of the type of articles I expect to see on /. these days?

It would have to have been "The 'Hidden' Benefits of Piracy" if it was going to ever make it through the editors.

Better Regulation

Because as we've seen with healthcare, sometimes the free market simply does not work for a particular area.

Regulations: simple

Simple regulation:

Just arrange the law such that companies MUST, with every request for personal information, also provide the information on how to sue them for breach of privacy.

Fear of being sued would allow the market to "fix" it from there.

creampiesurprise tag?

Help me understand why this was tagged creampiesurprise? Is there a joke I missed?

Re:creampiesurprise tag?

Looks like guerrilla advertising to me. Not surprising, given the general spaminess of the Slashdot tag system.

Still kinda funny though, as it's advertising a porn site whose schtick is 1) hilariously fake, and 2) almost absurdly misogynistic in premise. It posits a situation where a woman somehow doesn't realize that precum leaking out during unprotected sex is nearly as bad as the actual "creampie." Thrown in some bad acting and you've got a niche for particularly gullible idiots.

Stop collecting unnecessary information

[noidentity]

If a company wants to reduce its costs for protecting private information, stop collecting the damn stuff in the first place. As a recent example, why do I need to register at a website just to listen to a few bird call recordings? Or give my (fictitious) name and address just to read an article?

Re:Stop collecting unnecessary information

[kenp2002]

Unfortunately, depending on the nature of the business you have to collect it.

If you charge a $60 meal at a resturant you would probably like to know which resturant, when, and for how much. We then also need to tie that to an account at a bank in which the funds are drawn against.

Same for if you buy something at new egg. The IP is recorded and the geolocation of that IP is also stored. In the event of fraud an actioning system can track the fact that you live in say, New York and all of a sudden a $5000.00 purchase originates from Tokyo. Your bank, the POS (point of sale) must record that for fraud protection.

Otherwise the first time you are on the recieving end of that fraud the first thing they ask is, "What did you do to try and prevent this?"

You cannot prevent activities you have no record of.

Per your example of registering, it keeps spammer off forums, ensures a resonable count of members, and lowers the number of automated scripts that can tie up the system so people like you can actually listen to the bird calls rather then sit watching the web browser load until it times out.

I remember the early versions of forums before registation and having 40000+ users like se894gkgh posting 400 pr0n listings an hour was pretty bad....

Easy answer

From teh OP-

Because the efficient market solution won't work, we're left with inefficient regulatory solutions. So now the question becomes: how do we make regulation as efficient as possible?

How about by setting your privacy policies to exceed what is strictly required by law?

Oh Noes, it can't be that- conservatives don't believe in a right to privacy, so our information has to be held hostage by people who view it as their property.

Privacy

[Ceiynt]

If it is online, it is not secure in todays world.
Take all records off line. Require a photo be placed in the file at the home/main office you visit most. You must present a photo ID and signature for any transaction, and it must match what is in the profile, or the transaction/whatever will not be processed.
This is highly inconvienent to everyone involved, but will reduce security issues.
If it is online, it is not secure in todays world.
An individual, up to a government backed hack group, can break into your system. All that is required is time, or an idiot forgetting a laptop in the front seat of the car.
If it is online, it is not secure in todays world.
You can have privacy/security, or you can have easy. Pick one.

Re:Privacy

[icebrain]

You must present a photo ID and signature for any transaction

Please pick something besides signature. It's mostly useless for real comparison, and some of us can't get a consistent one--it looks different every time.

Re:Privacy

[cdrguru]

Signature is an exclusively Western concept. It doesn't work in a global market.

Ever see what Japanese do for a "signature"? They buy stock rubber stamps from kiosks on the street.

What a joke! Privacy? What privacy?

[macbeth66]

As long as we allow the financial ( including Federal Taxes ) and medical industries to store and or retrieve our information at off-shore facilities ( like India and others ) we can not have any privacy. In fact, we are opening ourselves up to a greater risk of identity theft.

The rate of security breaches have not slowed down, we are just not hearing about them in the headlines. You have to search for them.

Shoot CEOs and CTOs on data breach.

[Seth+Kriticos]

This might sound a bit draconian, but why not simply execute any CEO & CTO of companies / organisations that encounter major data breaches which could have been avoided (determined by an investigation)? That sure would improve the situation. (OK, large scale personal fines would also do).

if you want privacy

[circletimessquare]

you need to protect it yourself. of course, this makes living your life something of a hassle. yes, privacy has a cost

but i never understood the concept that you would trust the protection of your privacy to a government entity or a corporation. no matter how well-intentioned these entities might even be, doesn't it seem like a logical conflict to you?

if you put it out there, its out there. period, end of story. so if you want privacy DON'T PUT IT OUT THERE. no matter what safeguards, real or imagined, physical or legal, that help you sleep at night, real privacy begins and ends with your own personal behavior

MOD PARENT DOWN

He asked for it.

Pure bullshit

[Runaway1956]

I see rationalization for government and business intrusion into private lives. 90% of the information requested and/or demanded by any given government agency or business is totally unnecessary. It is none of my phone company's business how many people live in the house, or might use the phone. It is none of my ISP's business how many computers I own, or how many of them might connect through the gateway, or even HOW they might connect. The government's preoccupation with the precise identification leads to requirements for fingerprints, DNA samples, and more. I once ordered a pizza, in person, with cash in hand, and the cashier insisted that she needed my phone number and address!! The stupid broad doesn't even need to know my NAME to trade a pizza for a twenty dollar bill!

In the article, a baker was entrusted with financial information of her clients. HOW FREAKING BOGUS!! To bake a wedding cake does NOT require storing my credit card information, or any other personal details.

Totally unnecessary information is harvested for the most trivial dealings. And, it's WRONG.

No government agency, and no business should request information that is not absolutely essential to perform the business at hand. Nor should they request any more information than they are willing and capable of storing in a SECURE manner. It is their RESPONSIBILITY to safeguard that information, it isn't some "expense", or an "option", it shouldn't be considered a "burden". If and when safeguarding information becomes an "expense", then it should be obvious that they are collecting unnecessary and trivial information.

TFA is bogus rationalization, and an attempt to get people to sympathize with some perceived need to dump privacy laws. Forbes and Lee Gomes should be slapped silly for even writing and printing the article.

Re:Pure bullshit

[ducomputergeek]

My ex-fiancee was a wedding planner. Typically those that make wedding cakes have to plan things out months in advance. Even if you cancel a couple weeks in advance, they are unlikely to fill that slot on the roster on short notice and incur an opportunity loss. If the wedding gets cancelled a few days before, well, the cake is usually already made. Or there is always the problem of not getting paid after the event because the bride/groom racked up a bigger bill than they really could afford.

That's why deposits are required and often times the full bill due days/weeks ahead of time. They've been burned enough times.

Re:Pure bullshit

[davecb]

The article "begs the question": in the process of asking it, they insert their conclusions, and then ask us to accept that in our answer.

The classic example is "Have you stopped beating your wife?"

Whe you see one of these, be aware the author is up to something...

--dave

Re:Pure bullshit

[Runaway1956]

No problem with paying in advance. I wouldn't mind at all. But, putting my financial data into a computer which can't reasonably be secured is out of the question. Any information put into the data base that isn't essential for planning purposes is out of the question. That data should include my name, where the cake is going, and the date, along with price, and whether it is paid for or not. There shouldn't even be a need to save my credit card number with that data - if I charge it, it is charged, and paid for.

You don't even need to save the bride and groom's names, phone numbers, and addresses, assuming that I (Dad) have paid for the cake. It is all impertinent data, that you are probably unwilling to go to the "expense" of safeguarding. It creates a burden on you, and it opens me to some as-of-yet unheard of exploit.

Re:Pure bullshit

[cdrguru]

The problem is the pizza store that does not collect information for marketing purposes loses out to the ones that do. They want your phone number so they can connect it with other purchases in person and by phone. They can then mail coupons to their customers specifically at much lower cost than doing a blanket mailing to everyone in the city.

So the pizza place that doesn't ask for your phone number is doomed to fail. Because they aren't as efficent in marketing their product as others are.

Re:Pure bullshit

[kenp2002]

I see rationalization for government and business intrusion into private lives. 90% of the information requested and/or demanded by any given government agency or business is totally unnecessary. It is none of my phone company's business how many people live in the house, or might use the phone. It is none of my ISP's business how many computers I own, or how many of them might connect through the gateway, or even HOW they might connect. The government's preoccupation with the precise identification leads to requirements for fingerprints, DNA samples, and more. I once ordered a pizza, in person, with cash in hand, and the cashier insisted that she needed my phone number and address!! The stupid broad doesn't even need to know my NAME to trade a pizza for a twenty dollar bill!

In the article, a baker was entrusted with financial information of her clients. HOW FREAKING BOGUS!! To bake a wedding cake does NOT require storing my credit card information, or any other personal details.

Totally unnecessary information is harvested for the most trivial dealings. And, it's WRONG.

No government agency, and no business should request information that is not absolutely essential to perform the business at hand. Nor should they request any more information than they are willing and capable of storing in a SECURE manner. It is their RESPONSIBILITY to safeguard that information, it isn't some "expense", or an "option", it shouldn't be considered a "burden". If and when safeguarding information becomes an "expense", then it should be obvious that they are collecting unnecessary and trivial information.

TFA is bogus rationalization, and an attempt to get people to sympathize with some perceived need to dump privacy laws. Forbes and Lee Gomes should be slapped silly for even writing and printing the article.

Nonsense. They need to show the credit card company due dilligence that they protected customer's credit card payment. In the event of fraud they must produce a record of when the card was used, where it was used, and who took the card.

Without evidence you are not getting a conviction. No data retention, no evidence.

Re:Pure bullshit

[Runaway1956]

I actually gave that aspect a little bit of thought while at work today. Yeah - some records have to be retained, for reasons such as you point out.

But, if the business MUST retain such information for essential legal reasons, that data should be stored on a server that is OFFLINE. No access via a workstation connected to the internet, no automatic updates from Microsoft, nada. It is a secure server, dedicated to storage of essential customer data. And, that server should also be purged periodically. The burglar who steals the server and/or the backups for the server shouldn't get the credit card numbers for every customer you have served since Noah's ark ran aground.

Re:Pure bullshit

[Runaway1956]

Perhaps. But, the pizza place that demands my information before ringing up a pizza simply doesn't make a sale to me. I informed the lady who demanded my phone number etc that none of my personal information was any of her busines, and I turned around and walked out. I've not returned to that pizza joint since, nor do I intend to. There are plenty of other pizza places around, two of them closer, and none of them demand personal information for a cash sale.

Re:Pure bullshit

[kenp2002]

The data is purged after 11 years by federal requirements for financial transactions from online systems (usually). Some institutions retain hard copies stored in abandoned salt mines until they run out of room. I found a check register from 1808 once at a bank I worked for many years ago prepping hard copy boxes for shipping.

The data has to be online though for the expert system to determine fraud. Normally data though is "need to know" to a system. I couldn't for instance get your Social Security number via the expert system for fraud. It isn't needed for the behavior modelling. I would just get a unique HASH for you, cash amounts, locations as a hash, and product codes as a hash (not even what you buy but catagories like, CANDY, ELECTRONICS, etc.) That is all that is exposed in the interface. I may know that you spend $324.76 at location 0E31341341 and it is an item type of 55TT512330. But I'll never know what location that is nor what type of item that is (the hashes are tied to your account so Target for me may show up as 55456456 and as ee40343639 for you.)

This is important because if an alert is found then a report is generated that goes to a different department and all they'll ever get is something to the effect of

YOUR NAME, CONTACT #, THE TRANSACTION #, AMOUNT, LOCATION (NON-HASH), CARD NUMBER (Last 4 digits).

They can't even get your address depending on how the report is written.

As far as stealing a server, They would have to steal a 300 lbs computer that is likely bolted to the floor in a bomb proof room. Yes, I have worked in 4 data centers for financial institutions that are designed to take an atmospheric nuke as close as 1 mile. (The buildings are engineered to collapse around the data center sealing the servers away until they can be recovered. One of them even had 6 months of food and water in a storage room in case someone was in there at the time!) P.S. There are two in down town Minneapolis that I know of. 1 in Saint Paul.

For web sites and hosting servers the simplest thing I have seen is ISCSI and even ISATA drives that are encrypted. Because a physical intruder doesn't know which SAN box is hosting the drives for an application server, this forces them to have to try and steal damn near the entire data center.

Also I have seen a growing trend in keeping the application center separate from the data center. Thus your SAN machines are not in the same room that the application servers are in (Different Floors for instance). Steal the app server, you have no data.

Data is not normally store in the format of:

john doe, 123-45-6789, ACCT: 0101015A6, etc...

It is partitioned normally:

ACCOUNT:
ACCT #, BANK, LOCATION, DATE OPENED, etc...

CUSTOMER:
NAME, SOCIAL, BLAH, LIST OF ACCOUNTS

TRANSACTIONS:
ACCT #, AMOUNT, TYPE, etc...

So gaining access to one part doesn't give you everything. All the data in a financial institution is kinda chopped up for not only performance reasons, but security. Most even have PER FIELD permissions. This is why newer folks are suprised to see in some databases a

FIRSTNAME
FIRSTINITIAL
LAST NAME
LAST INITAL
FIRSTLAST
MIDDLENAME
MIDDLEINITIAL

Seems inefficent until you realize there are different permissions on each field. (Obviously you can also do this via permissions on querys but I am not a DBA so I can't speak to the performance issues)

Retail locations get into trouble because of their POS (point of sale) databases that have the CC number and the transaction together in the data. Evening batches draw up all the stores into a big database initally then farmed out to sub systems and archived. While this activity is going on you have "all your eggs in one basket."

There really is no logical way to avoid this phase. You need all the data in one table to look at certain things before they get parsed out to various groups within the enterprise (supply chain, financing, executive reports, marketing, etc...)

Once your past that inital

Re:Pure bullshit

[Runaway1956]

While I find this to be quite interesting - I'll point out that my previous post was addressing a small business owned by someone like a wedding cake baker.

But, since you've gone to the effort of explaining how secure a data center is, and why - I MUST point out that exploits are found on almost a monthly basis that yields tons of valuable information for criminals. Some of those exploits are fixed almost immediately, while others run in the wild for years, with efficient botnets harvesting data steadily.

While the data centers may be secure, in and of themselves, the transmission of data to and from the data centers is by no means "secure". That perceived security is only a relative thing. In the original article, data was compromised at the vendor's physical location.

If I were to successfully incorporate WalMart retail stores into a botnet, what percentage of the US population's financial data could I access?

Or, if I penetrated the computers of local insurance agents for a company like Nationwide.

The possibilities are endless. And, IMHO, one is a fool to use electronic banking, trusting that every mom and pop store has really secure methods of transferring data via the web, as well as local storage.

When we see a year or two pass, with no compromise of massive amounts of financial data by criminals, THEN I might consider our business dealings to be secured. Google yields dozens of hits on "ATM exploit" for instance.

Simple solution!

[Brandybuck]

The problem is that we don't have enough regulations. If one regulation isn't working, slap another on top of it. Keep piling them up until the problem goes away. Remember, the government is our friend, and only sociopaths would object to more government involvement in their lives. ... but seriously folks...

The core problem is that the property rights around privacy are ill defined. Who owns the information? Regulations can be minimized while being more effective, if they addressed the property rights involved. While I don't think the information itself can be owned, the media upon which it resides can be. Your diary, your server, etc. For example, you don't own your address information, and cannot legitimately stop someone from disseminating that information ("Bob lives at 123 Main Street"), but that letter is your private property, and you should be able to sue the crap off anyone who opens it and reads the contents. Mail servers are typically the property of the ISP, but you are renting its use so your emails are as much your property as your clothes hanging in a closet of a rental apartment.

easy.....

[AnAdventurer]

Live in small town, use cash. live simply. Try Amish style. Or stop caring; What's the worse that can happen? Hacked, credit gets bad? Bail the country. Go off grid. Lot's of options.

Commies!

These Forbes guys are a bunch of pinko commie bastards!

"basic market dynamics won't work to solve the problem"

How anti-capitalist!

Cox Customer Support

[hoooocheymomma]

They've got that privacy thing down!

I call them because my Internet connection is down. I verify my identity with them. "Do I have permission to access your account, sir?"

No, you don't. I expect you to investigate my connection problems without looking into my account. Furthermore, I do not grant you permission to access any other data on YOUR network either.

Thank you.

Re:Cox Customer Support

[ubergeek09]

Maybe they've had problems with people sueing them because of remarks made about unpaid accounts and such. People can become very angry when anything is said about their finances.

To quote Walt Kowalski...

[mcgrew]

"You're a fucking PUSSY, boy!" Here in Springfield we do our trolling offline. Grow a pair and put your name and address on your post, Toad.

BTW, quoting Walt (Gran Torino) again, "get off my lawn!"

Re:To quote Walt Kowalski...

well that was a shameless plug...story wasn't *that* cool, btw. Anyway, I (the original Linux sux poster, not the racist one) post anonymously because there are crazy people on da 'Nets who would do more than challenge me to an honorable and manly fist fight. And...I just do fairly good-natured, self-depreciating trolls. I do NOT endorse the racist ones. Besides being to offensive, it's too *easy* to piss people off that way. Pointless. I like to say something absurdly irrational and see if people can believe it's true to the point they will bother arguing about it.

The simple act of paying attention to privacy

[goffster]

If someone tries to design their site from day one with privacy in mind,
a user is likely to have pretty good privacy. Any single law will not help.

Simple

[brunes69]

a) Get rid of all existing private regulations across all industries
b) Pass a new law that says privacy is assumed absolute across all matters unless permission is otherwise given
c) ... nothing else?

Seriously, I don't know why anything should be otherwise. No one in any industry should be allowed to share my information with anyone else unless I gave them permission.

I realize that is not how it is now, but it is how it SHOULD BE.

Re:Simple

[cdrguru]

The problem is, we currently have laws in the US that clearly state that if you collect information or aggregate it in various ways, you own it. This allows the company that creates a list of companies that manufacture metal products to copyright that collection and sell it. And, further, to allow them to sue people that simply duplicate their list and try to sell that.

So what do you do about a company that collects scan data from supermarkets and markets various analyses of this data? Today, their product is an aggregation and analysis of what could be considered private information. Yes, this is a multimillion dollar business that produces information vital to retail companies.

Similarly, the growth of the "credit industry" started with local and regional credit bureaus. They still exist in some places - it isn't just Equifax and TransUnion. They would have to be closed as well. And most of the loan offices that offer secured loans to people. Because they couldn't get information they rely on to operate with a reasonable expectation of getting loans repaid.

I think all in all for something like what you propose we are talking about eliminating somewhere north of 10% of the economy of the US. Probably not a real popular idea when people figure out the whole picture.

So how do you do it so as to not impact the economy in this manner?

Bottom Line

I like the fourth solution offered in the article (regarding corporate behavior):

"4. Penalties for bad behavior need to be expensive enough to make good behavior the rational choice."

Clarification

[copponex]

Sorry, I meant to say that most municipalities require restaurants by law to post their scores where the public can see them..

Oldie but goodie

[kenp2002]

A classic from nearly 100 years ago:

"If you want privacy, pay cash. If you want good privacy, pay with dirty cash." - Wilton.

I have no idea who Wilton is, I got the plaque at a garage sale for 50 cents and the date on the back was 1909.

Let the lawyers and insurance guys fight it out...

Let the opposing forces of risk of a lawsuit vs the cost of privacy solutions face off...

Solution

[kenp2002]

Thou shall upon calling someone for the purposes of solicitation declair immediately, "This call is a solicitation."

Upon that declariation thou shall speak unto the individual thou hast called the source from which ye came about the person you have called.

Once declaired thou shalt state the full legal business name thou doth represent along with your full legal name. If thou is not apt to divulge you full legal name then thou hast no business in calling complete strangers.

Once thou hast declair all of that you may then ask the called person if they are busy and if you can have a moment of their time.

If the individual you have called says yes you may proceed.

If not, or at the end of the call thou shall ask if the person you have called would like to remain on your list and if not be removed immediately with a letter, hand signed and dated by the caller indicating that the person who hast been called has been removed from the calling list.

Let it be know that under no circumstance, save goverment use for emergency purposes only, shall a pre-recorded message be used.

If thou fails in this creed let ye be gutted and left for the vultures or any other carnivorious scavangers that be appropriate to ye homeland! AS well as a fine of no less then $141,391,222 USD per incident (We are using RIAA calculations based on the average length of a song compared to a solicitation call time.) or $4000 per second, which ever is greater.

solve this dilemma?

[way2trivial]

how do you then fulfill the need to finance programs like medicare and medicade and social security and child protection agencies without looking into individual case files for signs of wasteful spending?

you can't review expenditures/audit without having the details....

Privacy?

[Shadow-Copy]

Anonymous is dieing on the net. That is not new.

Everyone was anonymous six years ago on the web. Browsing the web anonymously, today, is impossible. From the fact, of how bad identity theft has become, shows that you don't pay for privacy. You have to show who you are, where ever you go. Even federal investigations will need warrants and permissions to snoop on people's system before long. That is already in motion, called the " Invisible Man Act". Just from how many legals exploit the ability to go to where they are not suppose by using official software. If you are new to the net that would be considered news.

That author is basically posting information that was in the News four months ago. I would attach dupe to this post. If Shnieder posted it.

Worked for Elvis? Maybe not...

[macraig]

... since after all you're talking about it. I'd say the kitty reeking of bacon is out of the bag now.