Schneier On a Generation Gap In Privacy

goompaloompa writes "In the Japan Times, Bruce Schneier writes that a passing conversation online is not what it may seem and that maintaining your privacy is becoming even more difficult as social media and cloud computing become the norm. Furthermore, while users in Japan may think they are secure, their level of protection may vary when the computers that store their data are overseas. At the root of the problem is a new generation gap: old laws incapable of covering current-day scenarios. Quoting: 'Twenty years ago, if someone wanted to look through your correspondence, they had to break into your house. Now, they can just break into your ISP. Ten years ago, your voicemail was on an answering machine in your office; now it's on a computer owned by a telephone company. ... We need comprehensive data privacy laws, protecting our data and communications regardless of where it is stored or how it is processed. We need laws forcing companies to keep it private and delete it as soon as it is no longer needed, and laws giving us the right to delete our data from third-party sites. And we need international cooperation to ensure that companies cannot flaunt data privacy laws simply by moving themselves offshore."

Privacy, hah.

[Ethanol-fueled]

We need comprehensive data privacy laws...forcing companies to keep it private and delete it as soon as it is no longer needed, and laws giving us the right to delete our data from third-party sites...We need international cooperation to ensure that companies cannot flaunt data privacy laws simply by moving themselves offshore."

Fat chance. Just don't write anything on the goddamn internet. Maybe you missed the memo, but MySpace and Facebook aren't cool anymore and Twitter only serves to further cheapen your existence. The internet fads will only devolve in content while they expand their data-mining capabilities. The only way that our leadership (and the corporations who own them) will fix the internet is if enough people get tired of it and withdraw altogether from its data-mining fast-food for the brain. Problem is that there are too many infantile latchkey kids out there who won't last 5 seconds without blinkenlights or deluding themselves into believing that others actually give a shit what they have to say.

My own online presence involves only downloading, passive viewing of news websites along with E-mail and trolling Slashdot, and what I write in the latter two are not personal or representative of my meatspace self. Fuck the internet. The meatspace reigns supreme.

Re:Privacy, hah.

[Anonymous+Brave+Guy]

Which is lovely, until all the organisations you necessarily deal with — government departments, financial institutions, employers/clients, and so on — start putting personal data about you on their own systems that you don't control.

Re:Privacy, hah.

[gnick]

... along with E-mail and trolling Slashdot, and what I write in the latter two are not personal or representative of my meatspace self.

Hallelujah. I'm the same way. When I go home to 1313 Mockingbird Lane and shoot up (with the smack that I buy from my buddy Lance and his wife Jody) and get high with my girlfriend (Trixie, who I rent from the corner Central and Missouri here in Springfield, IL), I'll jump on the Internet but completely anonymously and provide no personal information whatsoever. I don't even log into Slashdot normally, it's just that I sometimes forget and have Firefox v3.0.2 remember all of my passwords, Springfield National Bank account details, and tax return information and forget to block it. (How do you block cookies again? Oh well, I'm sure that the privacy-protection-software pop-up I just clicked on will take care of it.) Moral of the story - If you say nothing about yourself and hide in the shadows like I do, nobody will know anything.

Fuck the internet.

Yeah, what's it ever done for anyone? Personally, I prefer the days when I could call Amazon up on the phone and have them read me a list of everything on the fucking planet until they got to the $15 item I was after.

Seriously though. Set your own level of paranoia. Some people want to be invisible - That's getting tough, but it's possible. Some people don't give a crap who knows what - That's actually probably pretty safe. There are huge masses of people out there putting everything out for public view. Hide in the masses. Then, presumably like most of slashdot, there are people like me who lie somewhere in the middle. I'm in New Mexico. I'm a guy in my early 30's. I'm married with kids. All that's true, and I'm comfortable associating it with the name gnick. Meh. There are so many leaks in the system that leaking a few details is far less scary than the info about you that's most likely being leaked elsewhere. And identity theft is a PITA to fix, but it's unlikely to hit you. We all know somebody who's been bent over a barrel and seriously inconvenienced by it, but even if you're a complete idiot your chances at immunity (or at least minimal pain) are pretty good.

Re:Privacy, hah.

[Sockatume]

what I write in the latter two are not personal or representative of my meatspace self.

Surely that's the whole reason why content on the internet is so incredibly banal? Connect people to the web, give them an anonymous persona, and the sense of group integrity and social self-preservation that keeps them from blurting out pointless rubbish at random passers-by vanishes, along with any reward they would get from carefully crafting high-quality verbal output.

Re:Privacy, hah.

[metamatic]

Fat chance. Just don't write anything on the goddamn internet.

And then when people search for you, you can be sure that all they'll find will be inaccurate information published about you by other people--who probably dislike you, or else why would they be motivated enough to write about you--and information published by corporations and government bodies.

Yeah, that'll show them.

Look at the bright side.

[140Mandak262Jamuna]

Some 20 years from now, the confirmation hearings for supreme court justice nominations will get to be really interesting. Also the mud slinging and sliming and negative ads during election campaigns are going to be even more entertaining than it is now. We will be living in really interesting times.

Re:Look at the bright side.

[damburger]

But where every single candidate for every single public office will have pictures of them sleeping in a puddle of their own puke after an ill-advised underage tequila session, will people by necessity stop holding public figures to absurd, archaic and hypocritical standards of personal behavior and start paying attention to how well they actually do their fucking jobs?

Re:Look at the bright side.

[commodore64_love]

I hope you're right.

The American fear of their own bodies is borderline psychotic. So what if Miss America posed topless, or Miss Obama is wearing shorts? Who the fuck cares? Even if you're religious surely you must recognize that God created the human body, and what God creates is holy, not sinful. A naked human is as "godly" as a naked cow or naked deer or naked tree.

Re:Look at the bright side.

[Tikkun]

I don't imagine that the country will suddenly become less hypocritical 20 years from now, we'll just have less people running for office, attempting to become police officers and working in the intelligence community.

Assuming that things keep going this way, boring mediocre people will run the country. Whether this is a good thing or not is up for debate.

Re:Look at the bright side.

[TubeSteak]

But where every single candidate for every single public office will have pictures of them sleeping in a puddle of their own puke after an ill-advised underage tequila session, will people by necessity stop holding public figures to absurd, archaic and hypocritical standards of personal behavior and start paying attention to how well they actually do their fucking jobs?

Your premise is false.
Not every single candidate will have pictures of them sleeping in a puddle of their own puke.
Further, the "absurd, archaic and hypocritical standards" are either written into Constitution/laws or the rules of order/ethics.

You can't have a respected office, no matter how good the candidate is, if they're a drunken lout in their off hours.

Re:Look at the bright side.

[gad_zuki!]

Or what will happen is what is happening now: people who are technophobes with little to no online presence will be the only ones winning elections. So the guy who thinks using a Mac is too hard will be running your country. Or the girl who has never contributed to an online discussion.

Perhaps people of the future will be more understanding, but considering we're seeing people waltz into town hall meetings with guns, yelling like nuts, and using loaded terms like "youre hitler!" today, something tells me things will get worse before they get better.

Re:Look at the bright side.

[Anonymous+Brave+Guy]

You can't have a respected office, no matter how good the candidate is, if they're a drunken lout in their off hours.

I believe the point is not what they do in their off hours, but what they might have done in their off hours thirty years ago as a student.

People change. Almost everyone made some sort of "mistake" in their youth. In a sane world, we don't hold that against them long after it matters.

Re:Look at the bright side.

[dwillden]

You can't have a respected office, no matter how good the candidate is, if they're a drunken lout in their off hours.

Please explain Senator Ted Kennedy then? A drunken, homicidal lout who has managed to stay in office for how many decades? And is deferred to with respect by many in both parties.

And please cite the relevant portion of the Constitution that states drunken college party pics are grounds for exclusion from holding office.

Most folks I know tend to think people usually grow up after leaving college for the real world. And thus would ignore such pics if not for the Media hyping every such incident ad nauseum.

Re:Look at the bright side.

In 20 years the ability to fabricate photos and video of embarrassing incidents will be available to everyone for cheap or free. There will be no-one WITHOUT embarrassing stuff online, true or false.

Re:Look at the bright side.

[TubeSteak]

And please cite the relevant portion of the Constitution that states drunken college party pics are grounds for exclusion from holding office.

First: I never said it was "grounds for exclusion from holding office."
I was specifically responding to the idea that candidates should be judged solely on merit and not on their behavior.
Bad behavior reflects not just on the person in public office, but on the office itself.

Second: Deliberative bodies set their own rules.
Who was the last US Senator, US Congressman, or State Governor that was impeached?
They usually don't even resign, just duck and cover until the heat dies down.

Last but not least: The United States Constitution
Article 1. Section 5.

Each House shall be the Judge of the Elections, Returns and Qualifications of its own Members, and a Majority of each shall constitute a Quorum to do Business; but a smaller number may adjourn from day to day, and may be authorized to compel the Attendance of absent Members, in such Manner, and under such Penalties as each House may provide.

Each House may determine the Rules of its Proceedings, punish its Members for disorderly Behavior, and, with the Concurrence of two-thirds, expel a Member.

Your State's Constitution may vary.
But if a House of Representatives decides drunken college party pics are grounds for exclusion, then you're excluded.
If you are in office and take drunken college party pics, they can kick you out or censure you as it suits them.

The more you move offline, the less privacy

[gestalt_n_pepper]

Sorry, but that's the bottom line. Move your data to the cloud; kiss the privacy of that data goodbye. Move your voicemail to the phone company. Same issue. Get your code developed in [offshore country of your choice], you can rest assured that some of that code will go to a competitor in [insert country of choice].
.
Anytime there's an entity between you and your data/property/money, etc. it's no longer really yours. You don't control it any longer.

Sometimes that doesn't matter. Sometimes it does. Big time. Plan accordingly.

Re:The more you move offline, the less privacy

[Anonymous+Brave+Guy]

If a teacher posts a bunch of wedding photos and in some of those she's drinking wine, DON'T fire the teacher for actions performed off-the-clock. Simply ask her to remove the photo.

Why should she even do that? There is nothing illegal or inappropriate about either getting married or drinking wine.

If someone has a problem with photos such as you describe, then the problem is with the person, not the photo.

If that someone is the teacher's boss, then they need to find a new line of work, because they're lousy at supporting their staff.

Re:The more you move offline, the less privacy

[Anonymous+Brave+Guy]

The key word, which you ignored, is the boss would ASK her to remove the photos.

Why should she even be asked to remove the photo, though? She is doing nothing wrong.

Posting photos where adults happen to be enjoying a glass of wine in good company is not against the law. On the contrary, countries where children are exposed to responsible drinking behaviour from an early age have much, much lower incidence of alcohol-related criminal activity.

She doesn't deserve to be fired, but I see no harm in a boss simply asking her to use better judgment.

I don't see anything wrong with her judgement just the way it is.

I would, however, have a problem with anyone whose judgement said that people should not be free to share photographs of themselves participating in perfectly normal and legal activities, just because they happen to be teachers and the children they taught were not yet allowed to take part in the same activities. That's just political correctness gone mad, and a terrible example of allowing an employer to interfere with an employee's private life outside work.

All only by your choice....

[Lumpy]

voicemail held by the phone company? only if you dont use an answering machine or you use their VM service. you CAN change your cellphones settings to ring your own VM system at home.

Email, use IMAP and yank it all from the servers. They cant read your email from 2 weeks ago if it's not there.

Also encrypt. It's not hard anymore.

The younger generation

[Jafafa+Hots]

has lived their entire lives online, they twitter about their bowel movements... I don;t think they even think about privacy as being something desirable.

Re:The younger generation

[Kjella]

Maybe I'm just not young enough anymore, but I don't agree. I'm fairly indifferent about privacy when it comes to telling people where I've been, what I'm doing or where I'm going because for most of the time it's of absolutely no interest to anyone but the friends and family even if I shout it to the world. Now if I had a stalker or crazy ex-wife or whatever else that would make it matter, it's completely different. Then I need to shut out those people, but I'd still consider it their wrongdoing that I need those access controls. Bugger off and leave my life in peace.

Exactly the same applies if there's a government stalker. I don't want to keep my life a secret because they got some orwellian control freak vision, it's something I could do in response but I'd rather fight for a government that didn't do that sort of thing. The whole reasoning that "if you don't want the government to know, you must make it impossible" is sad and not consistent with reality. If you followed me into a grocery store you'd know what kind of tooth paste I use, but if I knew anyone cared I'd do my best not to reveal it for the hell of it.

The fact that people can blog and twitter so freely about their life is a good sign, it's a sign they feel confident in their ability to live their life openly and still without undue government interference. Maybe that's because the people are naive and don't realize how the government manipulates them, but that's a bit too simplistic. I mean you can say the same about free speech, maybe the dissidents are just being naive and really put on the death list for when the revolution comes but I'd say people openly criticizing the government is a much better sign than people too afraid to say a thing.

Re:errr.. yeahh....

[Attila+Dimedici]

There are two important differences. One, if they break into your home, there is a good chance you would know that someone had, if they break into your ISP, there is a good chance you won't know that someone broke in (even if you do, you probably won't know if they were after your stuff). Two, if someone breaks into your home, they only get your stuff, if they want someone else's stuff, they have to break into their home. If someone breaks into your ISP, not only can they get your stuff, but they can get the stuff of everyone else who uses that ISP.

Re:errr.. yeahh....

[Diss+Champ]

If someone breaks into your ISP, it's not just your information they get. Say the ISP has the data for N people. If more than 1/N people of loose morals are capable of breaking into the ISP, your odds of having your data exposed are larger this way than your odds of having your data exposed by someone breaking into your house. Making simplifying assumptions like people being equally interested in breaking into houses and ISPs, and one person per house etc of course.

My gut feeling (which may be wrong, gut feelings often are when it comes to security) is that your correspondence is much much safer in your house, unless there is a particular reason someone wants your particular information rather than information to fish through. Furthermore, most people are STILL vulnerable to the house break-in, as there is sufficient information there to fool the ISP through a social engineering vector. Also, the people who broke into your house probably didn't care about your information, from your description they were likely just after the tangible properly.

Finally, the ISP may simply sell the information anyway.

We don't need more privacy laws

[foniksonik]

What we need are more clarity about laws regarding basic rights and their nemesis discrimination.

The average person in their average life does not need privacy. They need discretion from their peers and the public regarding their personal life and laws which protect their right to live how they choose without discrimination.

Yes I advocate transparency. The truth will set you free and all that...

The only people who *need* privacy are those who are a) doing something illegal or unethical and want to keep others from finding out or b) doing something competitive and want to keep their progress from their competition.

People in category (a) deserve no legal cover for their actions.

People in category (b) have a thing called security which they should implement to provide a deterrent to unwanted attention or disclosure.

Everyone else just needs to know that their insurance won't go up if they are found to practice aggressive sexual methods or that they suck at cooking and start fires on the range every other weekend trying to cook.

People will be better off when their neighbors know about their weird behavior and learn to accept it (just like those neighbors will be better off when you find out about their quirks). This is called living in a community and it's about time we got back to it instead of trying to live in isolated 'privacy' gardens where we think we're the only ones who have issues and everyone else's lives are perfect.

Think of all the anxiety and social problems this would prevent. It's hard to discriminate against some group of people when you find out that all of your friends are in that group.

Re:We don't need more privacy laws

[ObsessiveMathsFreak]

The average person in their average life does not need privacy. They need discretion from their peers and the public regarding their personal life and laws which protect their right to live how they choose without discrimination.

And the day a national newspaper publishes pictures of your private sexual encounters for millions of perverts to salivate over, will you still think we don't need privacy then?

And the day someone steals a silly video you made, publishes it online a you personally become a worldwide joke, will you still think we don't need privacy then?

And the day you are arrested for urinating behind a bush and are now subject to the all prying eyes of termagants and vigilantes the world over, will you still think we don't need privacy then?

People's private habits will always be a source of derision, ridicule and contempt for others, even those with habits of their own. People will used any excuse to laugh at, mock and inflict violence on others. You go find the nicest homosexual couple in your town and put up a big sign outside their house saying "Nicest gay couple in town reside here"; I guarantee you they will be egged, stoned, assaulted or killed with a month, no matter how placid the local populace. Now ask yourself, how easy should it be to put that tag up in Google maps?

Privacy means more than just keeping your private details a secret. It means keeping yourself safe from other human beings. We are social animals, and that means we will gang up and rip someone apart as easily as we gather together and cooperate on anything else. All we need is sufficient excuse.

You say people don't need privacy. Well I think that Max Mosely needed privacy. I think that the Star Wars Kids needs privacy. I think that people who were caught taking photgraphs of themselves in high school need privacy. I think these people were vulnerable and needed our protection from newspapers, databases and the crowing mobs howling with delight at their misfortune. I think they needed it and we let them down. What right should any of use have to any privacy whatsoever if we can't protect the people that need it most?

Re:We don't need more privacy laws

[necrognome]

The only people who *need* privacy are those who are a) doing something illegal or unethical and want to keep others from finding out or b) doing something competitive and want to keep their progress from their competition.

People in category (a) deserve no legal cover for their actions.

In other words, "People who are doing something unethical deserve no legal cover for their actions." 'Unethical' may be defined as "belonging to a class of activities that my peers and I disagree with or find distasteful." Your argument, and the fact that many others have similar positions, actually makes an excellent case for privacy.

Re:Give up already

[mcgrew]

Information wants to be free.

That tired old cliche is still around? You could as honestly say that information wants to be private, or information wants to be valuable.

When information isn't free, neither are you.

Re:e-mail privacy and the real root of the problem

[cpghost]

Not in my case. I constantly (as in "every 70 seconds") download any newly arrived mail from my ISP to my own machine and then delete the copy on the server as soon as I have a local one.

IMHO, you're putting an unnecessary strain on the IMAP server of your ISP (70 seconds polling is really aggressive)... and it doesn't buy you any more confidentiality either. A "deleted" file on the IMAP server is merely unlinked, i.e. it is still present in the free blocks of said server, and can be reconstructed. Depending on the load of that server, deleted mails can remain readable many days, of not weeks and months after you've thought you deleted them.

Run your own mail server at home: it provides you with a lot more control and not just w.r.t. confidentiality. You can also fine-tune the anti-spam settings to your heart's desires. You may want to get your own domain and a static IP address though, but it's worth every penny.