Slashdot Mirror
The Privacy Richter Scale
Hugh Pickens writes "Jay Cline writes that not all privacy issues are created equal and proposes a privacy Richter scale to rank the bad things that could happen to our privacy. A privacy Richter 1 or 2 event is a temporary bad turn for you or a handful of people, but nothing systemic, posing no lasting harm to individuals or society as a whole. Examples include receiving someone else's mail, having someone expose something embarrassing about you to co-workers or friends, or losing your wallet or purse. Privacy events measuring 4 to 7 on the scale are risks that can cause real and lasting damage to a lot of people and include stolen laptops containing thousands of Social Security numbers and credit-card numbers that would allow identity thieves to make fraudulent transactions that could impact credit scores for years. Finally events topping 8 are points of no return for large numbers of people and society as a whole. DARPA's Total Information Awareness program, proposed in 2002 and defunded by Congress in 2003, would have topped the scale. 'The massive collection of data about U.S. citizens could have created a perpetual bureaucracy that put at risk our right of due process and protection against unlawful search and seizure.' So where does Google's plan to consolidate its 60 privacy policies into a single approach rank? 'The current change ranks at a 3,' writes Cline. 'Larry Page's company will weather this change. I don't see irreparable or lasting harm or loss of liberty. If you don't like Google, use Bing. Don't watch weird things on YouTube. You shouldn't be sending confidential things through Gmail in the first place.'"
Don't leave your house
Don't use the internet
Don't make phone calls
Wear a tin foil hat
"You shouldn't be sending confidential things through Gmail in the first place.'"
I'm not saying this is bad advice. But the fact that it is not bad advice, REALLY PISSES ME OFF. Not because I even use gmail- as I was hosting a squirrelmail server for my older brother and family before gmail existed, and don't store any quantity of my email on a corporate server for any length of time. But because gmail is what _everyone else_ is using for their email (to the extent that the younguns who won't get off my gedanken lawn use email at all, vs facebook). But enough about my lawn... my point is, that as a 36 year old computer engineer, who literally came of age in college during the deployment of the internet to the masses, then a decade later saw the T.I.A. etc... It's just so, so, sad. Maybe I was naive, but it really felt like people used to have an _expectation of privacy_, for things as basic as person to person long distance communication. E.g. snail mail and phone calls back in the days. These days, I honestly suspect that even when my cell phone appears to be off, that the government and other organized criminals, can and do listen into to my home. I.e. "the walls literally do have ears". But even setting asside that paranoia, and returning to the mundane level of paranoia/common-sense in the quote I'm taking issue with (don't use gmail for confidential communication), I just can't express how sad and disappointed with society I am, even with that level of paranoia now being accepted as common sense. I mean- people need to have an expectation of privacy. They need to feel like they can talk about confidential, personal, private things with their friends and family a hundred or a thousand miles away. And it really just isn't feasible. You still have to practically be one of the 1% tech illuminati to use encryption and actually feel like that even matters. Honestly, I'm the computer engineer, that perhaps a clinically paranoid schizophrenic, has just given up. I figure just using browsers and visiting sites requiring closed source browser plugins (read: the internet), probably makes my entire system insecure to the point that using encryption is pointless, even if the gubernment can't already crack that at will (or will be able to crack the recorded logs a few years down the line when either quantum computing works better, or they just find an obscure flaw or weakness combined with more brute force and the current systems). I dunno man... It's just sad. I had this vision of the internet actually allowing long distance communication of confidential things. Like minority political and philisophical discussion. But no, the world turned out to the point where people just deal with the fact that even though the tech is there, because of attitudes and government surveillance, we just shouldn't try to have confidential exchanges of communication except in person. Sigh... I hate america. And it may be the best of the lot. sad, so sad.
Wow! Hijacking a well known metric for a completely unrelated application just to draw a weak metaphor between the original phenomena being measured and this other unrelated event. Who could have ever thought up something so clever? Maybe next he'll invent a "jump to conclusions mat"! After that maybe he'll propose "dollars" as a new term meaning "lines of code" so that when he's introducing himself to unsuspecting women on the bus he can talk about how much "money" he has made.
FAIL
... they make for bad analogies.
Well, more seriously, I think there really is a problem with a widely accepted premise that the fragility of the systems that our privacy depends on is deity-given, and that thus we have to somehow cope with "privacy incidents", much like we have to deal with earth quakes instead of getting rid of plate tectonics.
The problem is not so much that from time to time some database containing SSNs is publicly compromised, but that there are SSNs (with all those different functions they serve) in the first place. The object of interest should be the complete lack of any effective protection, which essentially means that large bodies of data are easily available at any time to anyone willing to commit some crimes, while those supposed "incidents" are just the few occasions where it has been publicised, often because some (more-or-less) white-hat did some demonstration.
Wow! Hijacking a well known metric for a completely unrelated application just to draw a weak metaphor between the original phenomena being measured and this other unrelated event.
Not to worry, they'll probably combine it with other bastardized metrics and consign the lot to oblivion. How about a Beaufort scale for phishing and 419 scams, or a Fujita scale for antisocial behaviors (on the internet, of course).
Perhaps what's really needed is a Kelvin scale for relevance. The suggested "Privacy Richter" scale is pretty cold.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
1) This means we've already lost, if we're quantifying the lack of privacy rights and the trampling thereof.
2) This seems as useful as color-coding terrorist threat levels ala Homeland Security.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
Remember a few years ago when those Duke LaCrosse players were being prosected for rape?
On 60 Minutes, that Lelie Stahl said something to the effect of , 'why are you parents fighting so hard? Make a deal.'
The parents responded, 'because in this day and age of Google and the internet, their names will be forever tied to this People will dearch their names and this will come up. They will never get a job or they will be tarnished for the rest of their lives - unless we get every single charge dismissed.'
Stahl, 'Oooh, I didn't think of that.'
And as for potetic justice, the prodecutor, Nifong, has been dibarred
I just wish every prosecutor who tried to "make an example" to boost his political career would be disbarred.
So if Google implements encrypted mail, would that be a -3 event?
It appears that if you are a private person, you look like you got something to hide. I'm afraid that wanting privacy will be a black mark. For example, is this day and age in the US, if you don't have a credit history with the credit burueas, good luck in getting a job, insurance, and traveling will be more of a hassle - they do a credit check to see if you are a threat.
I think it's going to be that way in the near future. No LinkedIN, FaceBook or some other online profile? Sorry, you're not employable because we can't verify your character.
Like someone once said when referring to earthquakes, "for you, the _big one_ is the one that results in a brick falling off of a building, hitting you on the head, and killing you." So with the example of a 1 or 2, if what's revealed results in a lost job, etc. that's pretty big to you (albeit it possibly just a source of mirth for other people.)
Bark less. Wag more.
Different privacy "issues" affect people in different ways. Consequently there is no sensible way to assign a numerical score to a particular event (such as having your bank account number leaked) in absolute terms.
For example, if someone reveals an unwelcome fact about you on FB, the impact of that "outing" will depend of whether it affects your employability, whether you are interested in being employable (never forget: not everyone is a 20-something american. Some people are retired and don't care that pictures of them being arrested could fall into the hands of an HR person), whether a potential partner may see it - or it may even depend on the values and morals of the viewer. There are no absolutes.
Even having your credit card number taken is not necessarily a big deal, depending where you live. A lot of countries take a view that bank fraud is absorbed by the bank, not by an individual who blamelessly had their account targeted.
So, assigning numbers to event without taking into account the context, the situation of the people involved or the place where they live is largely meaningless. And once you do start to account for all these extra circumstances, any numerical evaluation becomes so specific that you can't generalise a level of threat or seriousness to a particular sort of privacy loss.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
google's new privacy policy, coupled with their extensive data gathering and tracking network, which includes millions and millions of web sites using their ad networks or web stats, google voice, google search, google products, youtube, books, docs, calendar, groups, google wallet (checkout), plus, gmail, search, chrome, android, moto mobile, and more..... added to the ease at which they bend over for authorities and big business..... added to their rumored never-delete policy...... and it's an 8, easy. no way in hell is all that just a 3 on this so-called privacy scale.
It looks to me more like a Mercalli scale (or a Beaufort one).
In Bosnia and Herzegowina we have national id cards. We had them also in former Yugoslavia, so - nothing new here. Except these new ones are barcoded so it is easy to register us on border checkpoints and like. Every time I cross border, they put my id card in scanner and register passage... :).
But, we also have long established practice of copying our id card for lots of procedures/applications at banks, telecoms and such. You come to open bank account (like I did just today) and they get your id card and copy both sides... What is interesting, today my friend witnessed this, and he works for another company copying id cards a lot... He was surprised when he saw bank clerk copying id card because at his company they spent friday-sunday destroying all copied id cards because of recent law forbiding this id card data collection. At least somebody came to his senses...
Imagine that, tons of identities in hundreds of binders in tens of companies... Looks like Fukushima to me
http://opencm3.net, http://www.nongnu.org/gm2/
I don't think Charles Richter had anything to do with Internet privacy.
From OP : "You shouldn't be sending confidential things through Gmail in the first place"
Why ? Why shouldn't I ? what should I do to send those ? use real mail ? Gmail is an email service, it's not supposed to search through you correspondance, and it shouldn't be allowed to.
I'm sick and tired of assholes trying to defend privacy invading policies with illconceived arguments. Gmail is a service, a service that you PAY FOR through advertising, and there is ABSOLUTELY NO REASON why google should take the right to search through your mail, the same way there is no reason for USPS to search through your mails...
And I'm not an anti-google troll, I have an Android Phone, and I use Gmail and even G+, and they are good products, but all the more reason for us to protect the quality of these services by preventing Google from abusing its position of power regarding its users and invading their privacy.
The chief problem with the plate-tectonics analogy is that privacy isn't a matter of "incidents", but a cultural issue that evolves over a long time.
Generally speaking, an earthquake just happens -- there's an enormous rumble, things fall over, and then it's all over.
That analogy holds up reasonably well when compared to a lost laptop. But it's actively misleading when it's compared to a systemic, persistent factor like long-term data collection.
The problem with Google's policy (as a minor example) or the government's domestic spying (as a major one) is that they will lead to the collection of enormous data corpuses, and -- worse still -- to the institutionalised belief that collecting that data is OK. And thence to the historically-inevitable risk that that data will eventually fall into the hands of an amoral company or a corrupt government.
Richter scale: fairly good for discourse about earthquakes. Not so useful when deciding whether we as a society want to live in an earthquake zone.
That would be a better measurement. And we are a few minutes before midnight.
FTA: "So how serious is the Google policy change? By the sound of the running commentary, this is the worst thing for privacy that's happened so far this year."
It's the same privacy policy. Unlike having 60 policies, there is one. It's easy to read.
And since when has anyone had a chance to opt-out of any privacy change, be it at your bank, Facebook, or your job?
Could you opt out of the original 60 policies? No.
Great point is at the end.
FTA: "What's the worst-case scenario here? Google amasses a detailed profile about each one of us who continues to use its mostly free products"
They already have that detailed profile, dumbasses!
FTA: "Potentially, that information later on gets breached, sold or subpoenaed by the federal government."
THEY ALREADY HAVE, @#%@#%! They aren't collecting new data. They already have the data. It could be asked for by the government at any time prior to the privacy policy change. Courts give 2 shits about privacy policies when they request data with a warrant or subpoena.
I better stop now, I'm going to blow a fucking gasket at the idiocy of the author of this piece of garbage. On to the great point:
FTA: "If you don't like Google, use Bing."
Thank you. 'Nuff said.
I8-D
There's a simple solution to this --- just say no! If someone asks you to do something you aren't comfortable with, then get up and leave and go somewhere else. If enough people have the guts to do this, then these practices will change. If people in general follow them quietly, then they'll become an accepted part of our society and that'll be that! People are always too quick to forget that they do, in fact, have a choice in nearly everything they do!
The author is definitely from California, having chosen Richter as his example scale. Since Charles Richter probably isn't the best example, and since these kinds of things are usually named after their authors, and since Jay was obviously modest enough to not propose naming it after himself, I suggest it be called the Cline scale. Certainly, it might not be better than having Jefferies Tubes named after you, but it's better than the john. Congratulations Jay, something will be named after you. Someone make a wikipedia entry.
Uhmmm.... then let advertisers target Gmail users by the fact they use Gmail. There, done, and now the analogy isn't completely broken either.