Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Privacy Richter Scale

Posted by samzenpus on from the crossing-the-scales dept.

Hugh Pickens writes "Jay Cline writes that not all privacy issues are created equal and proposes a privacy Richter scale to rank the bad things that could happen to our privacy. A privacy Richter 1 or 2 event is a temporary bad turn for you or a handful of people, but nothing systemic, posing no lasting harm to individuals or society as a whole. Examples include receiving someone else's mail, having someone expose something embarrassing about you to co-workers or friends, or losing your wallet or purse. Privacy events measuring 4 to 7 on the scale are risks that can cause real and lasting damage to a lot of people and include stolen laptops containing thousands of Social Security numbers and credit-card numbers that would allow identity thieves to make fraudulent transactions that could impact credit scores for years. Finally events topping 8 are points of no return for large numbers of people and society as a whole. DARPA's Total Information Awareness program, proposed in 2002 and defunded by Congress in 2003, would have topped the scale. 'The massive collection of data about U.S. citizens could have created a perpetual bureaucracy that put at risk our right of due process and protection against unlawful search and seizure.' So where does Google's plan to consolidate its 60 privacy policies into a single approach rank? 'The current change ranks at a 3,' writes Cline. 'Larry Page's company will weather this change. I don't see irreparable or lasting harm or loss of liberty. If you don't like Google, use Bing. Don't watch weird things on YouTube. You shouldn't be sending confidential things through Gmail in the first place.'"

21 of 75 comments (clear)

  1. this is what pisses me off by Anonymous Coward · · Score: 5, Interesting

    "You shouldn't be sending confidential things through Gmail in the first place.'"

    I'm not saying this is bad advice. But the fact that it is not bad advice, REALLY PISSES ME OFF. Not because I even use gmail- as I was hosting a squirrelmail server for my older brother and family before gmail existed, and don't store any quantity of my email on a corporate server for any length of time. But because gmail is what _everyone else_ is using for their email (to the extent that the younguns who won't get off my gedanken lawn use email at all, vs facebook). But enough about my lawn... my point is, that as a 36 year old computer engineer, who literally came of age in college during the deployment of the internet to the masses, then a decade later saw the T.I.A. etc... It's just so, so, sad. Maybe I was naive, but it really felt like people used to have an _expectation of privacy_, for things as basic as person to person long distance communication. E.g. snail mail and phone calls back in the days. These days, I honestly suspect that even when my cell phone appears to be off, that the government and other organized criminals, can and do listen into to my home. I.e. "the walls literally do have ears". But even setting asside that paranoia, and returning to the mundane level of paranoia/common-sense in the quote I'm taking issue with (don't use gmail for confidential communication), I just can't express how sad and disappointed with society I am, even with that level of paranoia now being accepted as common sense. I mean- people need to have an expectation of privacy. They need to feel like they can talk about confidential, personal, private things with their friends and family a hundred or a thousand miles away. And it really just isn't feasible. You still have to practically be one of the 1% tech illuminati to use encryption and actually feel like that even matters. Honestly, I'm the computer engineer, that perhaps a clinically paranoid schizophrenic, has just given up. I figure just using browsers and visiting sites requiring closed source browser plugins (read: the internet), probably makes my entire system insecure to the point that using encryption is pointless, even if the gubernment can't already crack that at will (or will be able to crack the recorded logs a few years down the line when either quantum computing works better, or they just find an obscure flaw or weakness combined with more brute force and the current systems). I dunno man... It's just sad. I had this vision of the internet actually allowing long distance communication of confidential things. Like minority political and philisophical discussion. But no, the world turned out to the point where people just deal with the fact that even though the tech is there, because of attitudes and government surveillance, we just shouldn't try to have confidential exchanges of communication except in person. Sigh... I hate america. And it may be the best of the lot. sad, so sad.

    1. Re:this is what pisses me off by SuricouRaven · · Score: 2

      That might work if this was just about sniffing, but the situation is more complex than that. It's also about the rise of corporate surveilance rather than government - they don't care overly if you are just being subversive, but they'd love to go through all your emails and browsing history to determine how best to flog you crap you don't need. It's about the use of search to make available to the masses the type of background checking that once would have been available only to governments and those willing to hire a PI - and so your friends, family and employer being able to dig up every tiny speck of dirt from your past, including that time a few years ago you joked that if fundamentalist-religious-types believe they are going to heaven we really should just kill them all. Encrypting all conversations is a requirement for restoring some semblence of privacy, but it is far from a complete solution. Really, the big problem is that most people just don't *care* about privacy.

    2. Re:this is what pisses me off by kermidge · · Score: 2

      A little paranoid? Perhaps.

      But the way things are now, if you're not a bit paranoid, something is wrong - with you and with the way things are. The very fact that this discussion exists shows that the way things are now is wrong. The fact that many don't understand this is even more wrong.

      As for gmail, I thought about it over a couple of weeks and decided I was OK with a software robot using text in the body to serve me text ads - it's immaterial, and (supposedly - fool I, maybe, for taking their word on it) nobody looks at the crap or relates it to me as a human identity. That someone could, should they choose, make that connection is inexcusable - the capability and the choice both.

      And the privacy "Richter scale" - yeah, I voted it "interesting" for it's discussion potential, but however well-intentioned or humorous it might be, it's lame at best.

      Yeah, the Internet, another dream turns to dust. At my age, doing the same is beginning to look not unattractive.

      "Mr. Gandhi, what do you think of civilisation?" The Mahatma: "I think it would be a good idea."

    3. Re:this is what pisses me off by ledow · · Score: 2

      Not being funny, but you can HAVE that level of privacy. Throw your smartphone (which didn't exist when you were a child) away. Disconnect your computer from the Internet (because my ZX Spectrum never had an Internet connection). Write letters (so that you hand them off to some several thousand minimum-wage workers who really have no personal incentive to ensure your letter reaches its destination at all, let alone unread). Use only your landline (which has ALWAYS been as simple to tap as putting a device in your phone, or a guy at the telecoms provider, or just clamping onto the analog cables running into the street - in the UK these are mainly aerial cables and nobody would notice a man in a hi-vis vest sticking something on the pole at all).

      You *haven't* suddenly walked into a world of less privacy. You were in one already and then you CHOSE to use facilities which, by their very design, allow you to have some of that privacy taken away. And you're still there now. Email is NOT ENCRYPTED - even if it's sent from and arrives at a location you trust, you cannot trust the message without making provisions for this YOURSELF.

      You chose to buy a satnav with a 3G connection because IT HELPS YOU. There were satnavs without it. There still are. But most people I know have satnavs with 3G capability.

      You chose to buy a mobile phone that, by it's very principle of operation, requires the telecoms provider to know your rough location. Then you chose to buy one that has a GPS receiver built-in. Then one that tells your friends on Facebook that you just walked into the restaurant.

      At any time, you can go back to the previous era, but it means ditching technology that you didn't have back then. Some people do. I have JUST bought my first smartphone. Not because I'm a privacy nut, but because I never wanted to have to manage another computer alongside all the ones I do professionally. Up until 4 days ago, I literally had a GSM phone with NO features. Was still trackable, though, by it's very design. My satnav DOESN'T have 3G connections - I get traffic over the one-way radio RDS-TMC system. It's not as good as live updates but it doesn't subvert my privacy or (more importantly) cost me anything to run.

      I *don't* post when I'm going on holiday to Facebook. I don't post which restaurant I'm sitting in. I don't trust anything that comes in an email to not be overhead (i.e. I've never sent my credit card details by email).

      You can do all these things already, and preserve your privacy. But privacy problems are not a result of changing attitudes towards privacy. They are the result of convenient technologies that have the side-effect of some lost privacy. And *everyone* who's used one has chosen to exchange that privacy for that feature. They would have 50 years ago, too. This is how 1984 was written - first published in 1949! - someone sat down and said "What if we had the technology to do X?" and followed through the natural progression of human response to that, even imagining a "future" of only 28 years ago (when I was a toddler).

      You haven't "lost" privacy. You've been given more options of trade-off against it. And almost everyone, of any age and generation, is willing to take that trade-off even with prior warning. Because, on the whole, in Western society, your privacy isn't worth much to you at all. It doesn't make you a higher-class or give you cheaper taxes. When I *MUST* give away my name and address to public record in any court, when I *MUST* give my details to the electoral register even if I don't vote, when I *MUST* fill out a load of forms and take them to a random Post Office employee who passes them off to a dozen random government employees in order to get the document to legally travel to another country - the privacy of a text message to a friend isn't actually worth that much at all.

      You chose to trade-off. If you own a mobile phone, or a GPS device that talks to central servers, or have a Facebook account, or don't use PGP for *EVE

    4. Re:this is what pisses me off by AdrianKemp · · Score: 2

      Sorry but until HTTPS is done correctly it will do exactly squat in actual privacy. What you say about sniffing is true, but it just redirects the problem it doesn't solve it.

      The fact that my bank gets all of the security certificates from a third party makes the actual security of the system non-existent (as demonstrated by countless authorities getting screwed).

      When people start doing it right, and issuing self-signed certificates with credentials we'll be getting somewhere. Once my bank gives me a certificate from them at the time that I create my online account with them there will be an actual chain of trust.

    5. Re:this is what pisses me off by Bengie · · Score: 2

      "The privacy advocates have to tone it down to things people actually care about before they will get anywhere."

      This.
      1) The internet is about copying. If you put your data out there, it's going to be copied all over.
      2) If you don't want to pay for your page views through ads, then start giving out your CC #. It needs to get paid for some how.
      3) Data collected by Google/etc isn't just for ads, that data also helps improve their searches.

      Many privacy advocates are just as bad as politicians. They don't know what they're talking about and their think everything works via magic. "Google, stop collecting any/all data and still give us relevant searches"... It's Magic!

      There's a happy medium somewhere.

  2. Re:If you like privacy... by BurstElement · · Score: 5, Funny

    Don't leave your house

    Then they still know where you live... :p

  3. Re:If you like privacy... by hcs_$reboot · · Score: 4, Insightful

    There is a difference between having a reputation in a town, or even in newspapers, that is heard and repeated, that evolves with time, and having many things about your life written forever that can be search, retrieved, crossed with other data within seconds. Whatever the progress changes you realize throughout your life, this one thing you did 10 years ago you forgot and hope everyone else forgot will remain as the main thing you did in your life.
    Knowing everything about everyone is certainly the direction we are taking the medium term ; but the society is not ready to cope with that, yet.

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  4. idea fail by Tim4444 · · Score: 4, Insightful

    Wow! Hijacking a well known metric for a completely unrelated application just to draw a weak metaphor between the original phenomena being measured and this other unrelated event. Who could have ever thought up something so clever? Maybe next he'll invent a "jump to conclusions mat"! After that maybe he'll propose "dollars" as a new term meaning "lines of code" so that when he's introducing himself to unsuspecting women on the bus he can talk about how much "money" he has made.

    FAIL

  5. Re:If you like privacy... by outsider007 · · Score: 2

    Actually you need a tin foil hat big enough for your house, otherwise google earth will find you. Oh wait.. too late.

    --
    If you mod me down the terrorists will have won
  6. Plate tectonics are like cars ... by Anonymous Coward · · Score: 3, Insightful

    ... they make for bad analogies.

    Well, more seriously, I think there really is a problem with a widely accepted premise that the fragility of the systems that our privacy depends on is deity-given, and that thus we have to somehow cope with "privacy incidents", much like we have to deal with earth quakes instead of getting rid of plate tectonics.

    The problem is not so much that from time to time some database containing SSNs is publicly compromised, but that there are SSNs (with all those different functions they serve) in the first place. The object of interest should be the complete lack of any effective protection, which essentially means that large bodies of data are easily available at any time to anyone willing to commit some crimes, while those supposed "incidents" are just the few occasions where it has been publicised, often because some (more-or-less) white-hat did some demonstration.

  7. Assigning privacy ranks by HBI · · Score: 5, Insightful

    1) This means we've already lost, if we're quantifying the lack of privacy rights and the trampling thereof.
    2) This seems as useful as color-coding terrorist threat levels ala Homeland Security.

    --
    HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
  8. Re:If you like privacy... by SuricouRaven · · Score: 3, Insightful

    It's also a way political correctness may be enforced in future. Never say anything offensive or contriversial to or about anyone anywhere under your real name or anything that can be linked to your real name... ten years down the line a potential employer might find it while googling you, judge you a potential liability or source of workplace discord and throw your application in the bin.

  9. Duke LaCrosse players by Anonymous Coward · · Score: 4, Insightful

    Remember a few years ago when those Duke LaCrosse players were being prosected for rape?

    On 60 Minutes, that Lelie Stahl said something to the effect of , 'why are you parents fighting so hard? Make a deal.'

    The parents responded, 'because in this day and age of Google and the internet, their names will be forever tied to this People will dearch their names and this will come up. They will never get a job or they will be tarnished for the rest of their lives - unless we get every single charge dismissed.'

    Stahl, 'Oooh, I didn't think of that.'

    And as for potetic justice, the prodecutor, Nifong, has been dibarred

    I just wish every prosecutor who tried to "make an example" to boost his political career would be disbarred.

  10. Not really realistic by ubrgeek · · Score: 2

    Like someone once said when referring to earthquakes, "for you, the _big one_ is the one that results in a brick falling off of a building, hitting you on the head, and killing you." So with the example of a 1 or 2, if what's revealed results in a lost job, etc. that's pretty big to you (albeit it possibly just a source of mirth for other people.)

    --
    Bark less. Wag more.
  11. Re:If you like privacy... by mlush · · Score: 5, Insightful

    It's also a way political correctness may be enforced in future. Never say anything offensive or contriversial to or about anyone anywhere under your real name or anything that can be linked to your real name... ten years down the line a potential employer might find it while googling you, judge you a potential liability or source of workplace discord and throw your application in the bin.

    Hmm gets worse than that.... in 10 years time whats "politically correct" may have shifted and all those 'Gingers have no soul' posts may come back to roost.

  12. Risk importance is relative - not absolute by petes_PoV · · Score: 4, Insightful

    Different privacy "issues" affect people in different ways. Consequently there is no sensible way to assign a numerical score to a particular event (such as having your bank account number leaked) in absolute terms.

    For example, if someone reveals an unwelcome fact about you on FB, the impact of that "outing" will depend of whether it affects your employability, whether you are interested in being employable (never forget: not everyone is a 20-something american. Some people are retired and don't care that pictures of them being arrested could fall into the hands of an HR person), whether a potential partner may see it - or it may even depend on the values and morals of the viewer. There are no absolutes.

    Even having your credit card number taken is not necessarily a big deal, depending where you live. A lot of countries take a view that bank fraud is absorbed by the bank, not by an individual who blamelessly had their account targeted.

    So, assigning numbers to event without taking into account the context, the situation of the people involved or the place where they live is largely meaningless. And once you do start to account for all these extra circumstances, any numerical evaluation becomes so specific that you can't generalise a level of threat or seriousness to a particular sort of privacy loss.

    --
    politicians are like babies' nappies: they should both be changed regularly and for the same reasons
  13. Re:If you like privacy... by rishistar · · Score: 2

    And where you buy your tin foil.

    --
    Professor Karmadillo Songs of Science
  14. Maybe interesting... recent law in Bosnia by dragisha · · Score: 4, Interesting

    In Bosnia and Herzegowina we have national id cards. We had them also in former Yugoslavia, so - nothing new here. Except these new ones are barcoded so it is easy to register us on border checkpoints and like. Every time I cross border, they put my id card in scanner and register passage...
    But, we also have long established practice of copying our id card for lots of procedures/applications at banks, telecoms and such. You come to open bank account (like I did just today) and they get your id card and copy both sides... What is interesting, today my friend witnessed this, and he works for another company copying id cards a lot... He was surprised when he saw bank clerk copying id card because at his company they spent friday-sunday destroying all copied id cards because of recent law forbiding this id card data collection. At least somebody came to his senses...
    Imagine that, tons of identities in hundreds of binders in tens of companies... Looks like Fukushima to me :).

    --
    http://opencm3.net, http://www.nongnu.org/gm2/
  15. Re:encrypted gmail by evalhalla · · Score: 2

    If you use https to write from the gmail web interface to another gmail account (read via https and the web interface) the email is already encrypted, and you can be sure that nobody except for google (and some governments) can read it. Even if google started to encrypt email sent to other providers you couldn't trust them not to read your email before encryption (and forward it to said governments, of course).

  16. We do have a choice! by Edrick · · Score: 3

    There's a simple solution to this --- just say no! If someone asks you to do something you aren't comfortable with, then get up and leave and go somewhere else. If enough people have the guts to do this, then these practices will change. If people in general follow them quietly, then they'll become an accepted part of our society and that'll be that! People are always too quick to forget that they do, in fact, have a choice in nearly everything they do!