Slashdot Mirror
The Privacy Richter Scale
Hugh Pickens writes "Jay Cline writes that not all privacy issues are created equal and proposes a privacy Richter scale to rank the bad things that could happen to our privacy. A privacy Richter 1 or 2 event is a temporary bad turn for you or a handful of people, but nothing systemic, posing no lasting harm to individuals or society as a whole. Examples include receiving someone else's mail, having someone expose something embarrassing about you to co-workers or friends, or losing your wallet or purse. Privacy events measuring 4 to 7 on the scale are risks that can cause real and lasting damage to a lot of people and include stolen laptops containing thousands of Social Security numbers and credit-card numbers that would allow identity thieves to make fraudulent transactions that could impact credit scores for years. Finally events topping 8 are points of no return for large numbers of people and society as a whole. DARPA's Total Information Awareness program, proposed in 2002 and defunded by Congress in 2003, would have topped the scale. 'The massive collection of data about U.S. citizens could have created a perpetual bureaucracy that put at risk our right of due process and protection against unlawful search and seizure.' So where does Google's plan to consolidate its 60 privacy policies into a single approach rank? 'The current change ranks at a 3,' writes Cline. 'Larry Page's company will weather this change. I don't see irreparable or lasting harm or loss of liberty. If you don't like Google, use Bing. Don't watch weird things on YouTube. You shouldn't be sending confidential things through Gmail in the first place.'"
"You shouldn't be sending confidential things through Gmail in the first place.'"
I'm not saying this is bad advice. But the fact that it is not bad advice, REALLY PISSES ME OFF. Not because I even use gmail- as I was hosting a squirrelmail server for my older brother and family before gmail existed, and don't store any quantity of my email on a corporate server for any length of time. But because gmail is what _everyone else_ is using for their email (to the extent that the younguns who won't get off my gedanken lawn use email at all, vs facebook). But enough about my lawn... my point is, that as a 36 year old computer engineer, who literally came of age in college during the deployment of the internet to the masses, then a decade later saw the T.I.A. etc... It's just so, so, sad. Maybe I was naive, but it really felt like people used to have an _expectation of privacy_, for things as basic as person to person long distance communication. E.g. snail mail and phone calls back in the days. These days, I honestly suspect that even when my cell phone appears to be off, that the government and other organized criminals, can and do listen into to my home. I.e. "the walls literally do have ears". But even setting asside that paranoia, and returning to the mundane level of paranoia/common-sense in the quote I'm taking issue with (don't use gmail for confidential communication), I just can't express how sad and disappointed with society I am, even with that level of paranoia now being accepted as common sense. I mean- people need to have an expectation of privacy. They need to feel like they can talk about confidential, personal, private things with their friends and family a hundred or a thousand miles away. And it really just isn't feasible. You still have to practically be one of the 1% tech illuminati to use encryption and actually feel like that even matters. Honestly, I'm the computer engineer, that perhaps a clinically paranoid schizophrenic, has just given up. I figure just using browsers and visiting sites requiring closed source browser plugins (read: the internet), probably makes my entire system insecure to the point that using encryption is pointless, even if the gubernment can't already crack that at will (or will be able to crack the recorded logs a few years down the line when either quantum computing works better, or they just find an obscure flaw or weakness combined with more brute force and the current systems). I dunno man... It's just sad. I had this vision of the internet actually allowing long distance communication of confidential things. Like minority political and philisophical discussion. But no, the world turned out to the point where people just deal with the fact that even though the tech is there, because of attitudes and government surveillance, we just shouldn't try to have confidential exchanges of communication except in person. Sigh... I hate america. And it may be the best of the lot. sad, so sad.
Don't leave your house
Then they still know where you live... :p
There is a difference between having a reputation in a town, or even in newspapers, that is heard and repeated, that evolves with time, and having many things about your life written forever that can be search, retrieved, crossed with other data within seconds. Whatever the progress changes you realize throughout your life, this one thing you did 10 years ago you forgot and hope everyone else forgot will remain as the main thing you did in your life.
Knowing everything about everyone is certainly the direction we are taking the medium term ; but the society is not ready to cope with that, yet.
Slashdot, fix the reply notifications... You won't get away with it...
Wow! Hijacking a well known metric for a completely unrelated application just to draw a weak metaphor between the original phenomena being measured and this other unrelated event. Who could have ever thought up something so clever? Maybe next he'll invent a "jump to conclusions mat"! After that maybe he'll propose "dollars" as a new term meaning "lines of code" so that when he's introducing himself to unsuspecting women on the bus he can talk about how much "money" he has made.
FAIL
Actually you need a tin foil hat big enough for your house, otherwise google earth will find you. Oh wait.. too late.
If you mod me down the terrorists will have won
... they make for bad analogies.
Well, more seriously, I think there really is a problem with a widely accepted premise that the fragility of the systems that our privacy depends on is deity-given, and that thus we have to somehow cope with "privacy incidents", much like we have to deal with earth quakes instead of getting rid of plate tectonics.
The problem is not so much that from time to time some database containing SSNs is publicly compromised, but that there are SSNs (with all those different functions they serve) in the first place. The object of interest should be the complete lack of any effective protection, which essentially means that large bodies of data are easily available at any time to anyone willing to commit some crimes, while those supposed "incidents" are just the few occasions where it has been publicised, often because some (more-or-less) white-hat did some demonstration.
Wow! Hijacking a well known metric for a completely unrelated application just to draw a weak metaphor between the original phenomena being measured and this other unrelated event.
Not to worry, they'll probably combine it with other bastardized metrics and consign the lot to oblivion. How about a Beaufort scale for phishing and 419 scams, or a Fujita scale for antisocial behaviors (on the internet, of course).
Perhaps what's really needed is a Kelvin scale for relevance. The suggested "Privacy Richter" scale is pretty cold.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
1) This means we've already lost, if we're quantifying the lack of privacy rights and the trampling thereof.
2) This seems as useful as color-coding terrorist threat levels ala Homeland Security.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
It's also a way political correctness may be enforced in future. Never say anything offensive or contriversial to or about anyone anywhere under your real name or anything that can be linked to your real name... ten years down the line a potential employer might find it while googling you, judge you a potential liability or source of workplace discord and throw your application in the bin.
Remember a few years ago when those Duke LaCrosse players were being prosected for rape?
On 60 Minutes, that Lelie Stahl said something to the effect of , 'why are you parents fighting so hard? Make a deal.'
The parents responded, 'because in this day and age of Google and the internet, their names will be forever tied to this People will dearch their names and this will come up. They will never get a job or they will be tarnished for the rest of their lives - unless we get every single charge dismissed.'
Stahl, 'Oooh, I didn't think of that.'
And as for potetic justice, the prodecutor, Nifong, has been dibarred
I just wish every prosecutor who tried to "make an example" to boost his political career would be disbarred.
So if Google implements encrypted mail, would that be a -3 event?
Like someone once said when referring to earthquakes, "for you, the _big one_ is the one that results in a brick falling off of a building, hitting you on the head, and killing you." So with the example of a 1 or 2, if what's revealed results in a lost job, etc. that's pretty big to you (albeit it possibly just a source of mirth for other people.)
Bark less. Wag more.
It's also a way political correctness may be enforced in future. Never say anything offensive or contriversial to or about anyone anywhere under your real name or anything that can be linked to your real name... ten years down the line a potential employer might find it while googling you, judge you a potential liability or source of workplace discord and throw your application in the bin.
Hmm gets worse than that.... in 10 years time whats "politically correct" may have shifted and all those 'Gingers have no soul' posts may come back to roost.
I've always said that it should be a matter of solidarity that everyone should say and do at least one thing outrageous to society, i.e. say something which people consider abhorrent and break some minor law. Then no amount of recording of words or deeds (e.g. criminal records) puts anyone at a disadvantage.
For example - and this one requires coordination - in the UK it's illegal to draw a picture of a minor doing something sexual. In response to this item, an appropriate exercise in civil disobedience would be for at least, say, ten thousand people to download one such drawing and report themselves.
Different privacy "issues" affect people in different ways. Consequently there is no sensible way to assign a numerical score to a particular event (such as having your bank account number leaked) in absolute terms.
For example, if someone reveals an unwelcome fact about you on FB, the impact of that "outing" will depend of whether it affects your employability, whether you are interested in being employable (never forget: not everyone is a 20-something american. Some people are retired and don't care that pictures of them being arrested could fall into the hands of an HR person), whether a potential partner may see it - or it may even depend on the values and morals of the viewer. There are no absolutes.
Even having your credit card number taken is not necessarily a big deal, depending where you live. A lot of countries take a view that bank fraud is absorbed by the bank, not by an individual who blamelessly had their account targeted.
So, assigning numbers to event without taking into account the context, the situation of the people involved or the place where they live is largely meaningless. And once you do start to account for all these extra circumstances, any numerical evaluation becomes so specific that you can't generalise a level of threat or seriousness to a particular sort of privacy loss.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
And where you buy your tin foil.
Professor Karmadillo Songs of Science
In Bosnia and Herzegowina we have national id cards. We had them also in former Yugoslavia, so - nothing new here. Except these new ones are barcoded so it is easy to register us on border checkpoints and like. Every time I cross border, they put my id card in scanner and register passage... :).
But, we also have long established practice of copying our id card for lots of procedures/applications at banks, telecoms and such. You come to open bank account (like I did just today) and they get your id card and copy both sides... What is interesting, today my friend witnessed this, and he works for another company copying id cards a lot... He was surprised when he saw bank clerk copying id card because at his company they spent friday-sunday destroying all copied id cards because of recent law forbiding this id card data collection. At least somebody came to his senses...
Imagine that, tons of identities in hundreds of binders in tens of companies... Looks like Fukushima to me
http://opencm3.net, http://www.nongnu.org/gm2/
From OP : "You shouldn't be sending confidential things through Gmail in the first place"
Why ? Why shouldn't I ? what should I do to send those ? use real mail ? Gmail is an email service, it's not supposed to search through you correspondance, and it shouldn't be allowed to.
I'm sick and tired of assholes trying to defend privacy invading policies with illconceived arguments. Gmail is a service, a service that you PAY FOR through advertising, and there is ABSOLUTELY NO REASON why google should take the right to search through your mail, the same way there is no reason for USPS to search through your mails...
And I'm not an anti-google troll, I have an Android Phone, and I use Gmail and even G+, and they are good products, but all the more reason for us to protect the quality of these services by preventing Google from abusing its position of power regarding its users and invading their privacy.
It appears that if you are a private person, you look like you got something to hide. I'm afraid that wanting privacy will be a black mark...
You don't need to be so afraid of what others think. There will be attempts by others to check you out. It's using technology to try and determine if you are in some way a threat.
If their check doesn't turn up anything, then "great". They will be just as overworked, rushed, and stupid as everyone else. The threat in this senario is more overarching laziness than anything else. No one is really interested in you. They are really interested in covering their asses if in fact you turn out to be a criminal (or in your example a bad employee)
BOSS: "How could you hire that AC? He was a terrible janitor! He looked at tentacle porn on company computers!"
HR SHLUB:"I ran the internet backgound checker. It isn't MY fault"
Over course, there are places in this world (fill-in-your-own-example-of-a-violently-represive-regime) where the check and any perceived threat discovered will be dealt with more harshly.
"Give a woman two glasses of wine and some pad thai, and they'll agree to just about anything." the Sports Guy
this one thing you did 10 years ago you forgot and hope everyone else forgot will remain as the main thing you did in your life.
that's only if that's the ONLY thing you ever did. the obvious thing is to just do something that pales in comparison. and then something else.
world was created 5 seconds before this post as it is.
"The chief problem with the plate-tectonics analogy is that privacy isn't a matter of "incidents", but a cultural issue that evolves over a long time."
Sorry to disillusion you, but plate tectonics is also over a very long time - hundreds of millions of years - which is why some of the "Creationists" don't believe in it.
"Generally speaking, an earthquake just happens -- there's an enormous rumble, things fall over, and then it's all over."
In a major eathquake there are often aftershocks - sometimes only1 magnitude less than the original event - which can topple the already damaged buildings.
That would be a better measurement. And we are a few minutes before midnight.
Hmm gets worse than that.... in 10 years time whats "politically correct" may have shifted and all those 'Gingers have no soul'
posts may come back to roost.
Well, if that ever comes up you can take comfort in the truth being the ultimate defense.
Random Thoughts From A Diseased Mind (Not For Dummies)
FTA: "So how serious is the Google policy change? By the sound of the running commentary, this is the worst thing for privacy that's happened so far this year."
It's the same privacy policy. Unlike having 60 policies, there is one. It's easy to read.
And since when has anyone had a chance to opt-out of any privacy change, be it at your bank, Facebook, or your job?
Could you opt out of the original 60 policies? No.
Great point is at the end.
FTA: "What's the worst-case scenario here? Google amasses a detailed profile about each one of us who continues to use its mostly free products"
They already have that detailed profile, dumbasses!
FTA: "Potentially, that information later on gets breached, sold or subpoenaed by the federal government."
THEY ALREADY HAVE, @#%@#%! They aren't collecting new data. They already have the data. It could be asked for by the government at any time prior to the privacy policy change. Courts give 2 shits about privacy policies when they request data with a warrant or subpoena.
I better stop now, I'm going to blow a fucking gasket at the idiocy of the author of this piece of garbage. On to the great point:
FTA: "If you don't like Google, use Bing."
Thank you. 'Nuff said.
I8-D
Define "weird things on YouTube."
I object to power without constructive purpose. --Spock
There's a simple solution to this --- just say no! If someone asks you to do something you aren't comfortable with, then get up and leave and go somewhere else. If enough people have the guts to do this, then these practices will change. If people in general follow them quietly, then they'll become an accepted part of our society and that'll be that! People are always too quick to forget that they do, in fact, have a choice in nearly everything they do!
I always pay cash for my tin foil.
The author is definitely from California, having chosen Richter as his example scale. Since Charles Richter probably isn't the best example, and since these kinds of things are usually named after their authors, and since Jay was obviously modest enough to not propose naming it after himself, I suggest it be called the Cline scale. Certainly, it might not be better than having Jefferies Tubes named after you, but it's better than the john. Congratulations Jay, something will be named after you. Someone make a wikipedia entry.
Uhmmm.... then let advertisers target Gmail users by the fact they use Gmail. There, done, and now the analogy isn't completely broken either.