Schneier On a Generation Gap In Privacy

goompaloompa writes "In the Japan Times, Bruce Schneier writes that a passing conversation online is not what it may seem and that maintaining your privacy is becoming even more difficult as social media and cloud computing become the norm. Furthermore, while users in Japan may think they are secure, their level of protection may vary when the computers that store their data are overseas. At the root of the problem is a new generation gap: old laws incapable of covering current-day scenarios. Quoting: 'Twenty years ago, if someone wanted to look through your correspondence, they had to break into your house. Now, they can just break into your ISP. Ten years ago, your voicemail was on an answering machine in your office; now it's on a computer owned by a telephone company. ... We need comprehensive data privacy laws, protecting our data and communications regardless of where it is stored or how it is processed. We need laws forcing companies to keep it private and delete it as soon as it is no longer needed, and laws giving us the right to delete our data from third-party sites. And we need international cooperation to ensure that companies cannot flaunt data privacy laws simply by moving themselves offshore."

Look at the bright side.

[140Mandak262Jamuna]

Some 20 years from now, the confirmation hearings for supreme court justice nominations will get to be really interesting. Also the mud slinging and sliming and negative ads during election campaigns are going to be even more entertaining than it is now. We will be living in really interesting times.

Re:Look at the bright side.

[commodore64_love]

I hope you're right.

The American fear of their own bodies is borderline psychotic. So what if Miss America posed topless, or Miss Obama is wearing shorts? Who the fuck cares? Even if you're religious surely you must recognize that God created the human body, and what God creates is holy, not sinful. A naked human is as "godly" as a naked cow or naked deer or naked tree.

Re:Look at the bright side.

[Rogerborg]

After all, you can't very well use your opponent's topless photos against her if she can just counter with photos of you doing keg stands in college.

You keep using that word. I do not think it means what you think it means.

What you can do is to buy more screen space and time for your opponent's topless photos, accompanied by even more sinister music, and distribute bumper sticks and shirts that say "T is for Topless. T is for Terrorist." and "I'll be sober in the morning - virtue is lost forever"

We're just heading for the gutter faster.

Re:Look at the bright side.

[gad_zuki!]

Or what will happen is what is happening now: people who are technophobes with little to no online presence will be the only ones winning elections. So the guy who thinks using a Mac is too hard will be running your country. Or the girl who has never contributed to an online discussion.

Perhaps people of the future will be more understanding, but considering we're seeing people waltz into town hall meetings with guns, yelling like nuts, and using loaded terms like "youre hitler!" today, something tells me things will get worse before they get better.

Re:Look at the bright side.

[Ethanol-fueled]

The American fear of their own bodies is borderline psychotic.

Maybe 20 years ago. Thankfully for us chubby-lovers everywhere heroin-chic is no longer a fad. 14 year old girls are willingly sending nekkid pics to entire groups of people with the push of a button. American beaches host chubbies and even fatties, along with skinnies, in bikinis. If there's one good thing the internet did, it's show people how they look compared to other normal people and not models.

Some alarmist religious idiots and other "moralists" used to say that porn caused unrealistic expectations about bodies and behavior. Quite the opposite, it actually made people more comfortable with their bodies! Next time your girlfriend whines about her love handles, just put on a porno and tell her that she's a goddess compared to the women on-screen with the fake tits, beat-up roastbeef pussy, and zit-covered ass. You guys know what I'm talking about. Making a porno is a prerequisite to becoming a celebrity nowdays.

Celebrities themselves are no longer the gods and goddesses people idolized. Now they're just clowns, average airheaded rubes caked with makeup and airbrushing and made famous with "leaked" sex tapes.

One more thing: god dosen't exist.

Re:Look at the bright side.

[gclef]

Winston Churchill?

The more you move offline, the less privacy

[gestalt_n_pepper]

Sorry, but that's the bottom line. Move your data to the cloud; kiss the privacy of that data goodbye. Move your voicemail to the phone company. Same issue. Get your code developed in [offshore country of your choice], you can rest assured that some of that code will go to a competitor in [insert country of choice].
.
Anytime there's an entity between you and your data/property/money, etc. it's no longer really yours. You don't control it any longer.

Sometimes that doesn't matter. Sometimes it does. Big time. Plan accordingly.

Re:The more you move offline, the less privacy

[Anonymous+Brave+Guy]

The key word, which you ignored, is the boss would ASK her to remove the photos.

Why should she even be asked to remove the photo, though? She is doing nothing wrong.

Posting photos where adults happen to be enjoying a glass of wine in good company is not against the law. On the contrary, countries where children are exposed to responsible drinking behaviour from an early age have much, much lower incidence of alcohol-related criminal activity.

She doesn't deserve to be fired, but I see no harm in a boss simply asking her to use better judgment.

I don't see anything wrong with her judgement just the way it is.

I would, however, have a problem with anyone whose judgement said that people should not be free to share photographs of themselves participating in perfectly normal and legal activities, just because they happen to be teachers and the children they taught were not yet allowed to take part in the same activities. That's just political correctness gone mad, and a terrible example of allowing an employer to interfere with an employee's private life outside work.

Re:errr.. yeahh....

[Diss+Champ]

If someone breaks into your ISP, it's not just your information they get. Say the ISP has the data for N people. If more than 1/N people of loose morals are capable of breaking into the ISP, your odds of having your data exposed are larger this way than your odds of having your data exposed by someone breaking into your house. Making simplifying assumptions like people being equally interested in breaking into houses and ISPs, and one person per house etc of course.

My gut feeling (which may be wrong, gut feelings often are when it comes to security) is that your correspondence is much much safer in your house, unless there is a particular reason someone wants your particular information rather than information to fish through. Furthermore, most people are STILL vulnerable to the house break-in, as there is sufficient information there to fool the ISP through a social engineering vector. Also, the people who broke into your house probably didn't care about your information, from your description they were likely just after the tangible properly.

Finally, the ISP may simply sell the information anyway.

Diction complaint

[russotto]

Dammit, it's "flout", not "flaunt".

Re:Privacy, hah.

[Anonymous+Brave+Guy]

Which is lovely, until all the organisations you necessarily deal with — government departments, financial institutions, employers/clients, and so on — start putting personal data about you on their own systems that you don't control.

Re:The younger generation

[Kjella]

Maybe I'm just not young enough anymore, but I don't agree. I'm fairly indifferent about privacy when it comes to telling people where I've been, what I'm doing or where I'm going because for most of the time it's of absolutely no interest to anyone but the friends and family even if I shout it to the world. Now if I had a stalker or crazy ex-wife or whatever else that would make it matter, it's completely different. Then I need to shut out those people, but I'd still consider it their wrongdoing that I need those access controls. Bugger off and leave my life in peace.

Exactly the same applies if there's a government stalker. I don't want to keep my life a secret because they got some orwellian control freak vision, it's something I could do in response but I'd rather fight for a government that didn't do that sort of thing. The whole reasoning that "if you don't want the government to know, you must make it impossible" is sad and not consistent with reality. If you followed me into a grocery store you'd know what kind of tooth paste I use, but if I knew anyone cared I'd do my best not to reveal it for the hell of it.

The fact that people can blog and twitter so freely about their life is a good sign, it's a sign they feel confident in their ability to live their life openly and still without undue government interference. Maybe that's because the people are naive and don't realize how the government manipulates them, but that's a bit too simplistic. I mean you can say the same about free speech, maybe the dissidents are just being naive and really put on the death list for when the revolution comes but I'd say people openly criticizing the government is a much better sign than people too afraid to say a thing.

Re:How scared should i be?

[gclef]

It's not that people are paranoid, but there are occasional events that are creepy, which point to a need for more privacy.

The one that was the tipping point for me actually happened to a co-worker: in the mid-late 90's he was taking AZT (yes, he had AIDS). The creepy part came shortly after getting his first AZT prescription filled...a few weeks after his first prescription he started getting mailed advertisements for graveyard plots. Yes, his pharmacy had sold the fact that he was taking AZT to a marketing company, who realized he was about to die & tried to sell him a grave. It's not that he was being targeted in any malicious way, but I think it's clear (at least, to me) that his privacy had been badly violated by his pharmacy.

That's the sort of thing I use as a model for privacy. In the intervening years, health data has been (somewhat) protected, but I think it's still a valid point for consideration: you may not think of your own information as important, but some of it can still be used to make some very creepy conclusions about you, and will be used in some very creepy ways if you're not careful.

Re:We don't need more privacy laws

[ObsessiveMathsFreak]

The average person in their average life does not need privacy. They need discretion from their peers and the public regarding their personal life and laws which protect their right to live how they choose without discrimination.

And the day a national newspaper publishes pictures of your private sexual encounters for millions of perverts to salivate over, will you still think we don't need privacy then?

And the day someone steals a silly video you made, publishes it online a you personally become a worldwide joke, will you still think we don't need privacy then?

And the day you are arrested for urinating behind a bush and are now subject to the all prying eyes of termagants and vigilantes the world over, will you still think we don't need privacy then?

People's private habits will always be a source of derision, ridicule and contempt for others, even those with habits of their own. People will used any excuse to laugh at, mock and inflict violence on others. You go find the nicest homosexual couple in your town and put up a big sign outside their house saying "Nicest gay couple in town reside here"; I guarantee you they will be egged, stoned, assaulted or killed with a month, no matter how placid the local populace. Now ask yourself, how easy should it be to put that tag up in Google maps?

Privacy means more than just keeping your private details a secret. It means keeping yourself safe from other human beings. We are social animals, and that means we will gang up and rip someone apart as easily as we gather together and cooperate on anything else. All we need is sufficient excuse.

You say people don't need privacy. Well I think that Max Mosely needed privacy. I think that the Star Wars Kids needs privacy. I think that people who were caught taking photgraphs of themselves in high school need privacy. I think these people were vulnerable and needed our protection from newspapers, databases and the crowing mobs howling with delight at their misfortune. I think they needed it and we let them down. What right should any of use have to any privacy whatsoever if we can't protect the people that need it most?

Re:We don't need more privacy laws

[necrognome]

The only people who *need* privacy are those who are a) doing something illegal or unethical and want to keep others from finding out or b) doing something competitive and want to keep their progress from their competition.

People in category (a) deserve no legal cover for their actions.

In other words, "People who are doing something unethical deserve no legal cover for their actions." 'Unethical' may be defined as "belonging to a class of activities that my peers and I disagree with or find distasteful." Your argument, and the fact that many others have similar positions, actually makes an excellent case for privacy.