December 28, 2007
Privacy has always been a concern on the internet. But as more and more people let it all hang out on the many social networking websites popping up like weeds all over the web, there's much more at risk. Every other week, it seems, I'm reading about some new privacy gaffe. Last month, it was Facebook's Beacon opt-out policy; this week, it's Google Reader sharing private data. The privacy problems just keep piling up as more people tune in and turn on.
Nearly a decade ago, Sun Microsystems CEO Scott McNealy snapped out a warning to the worriers of the Internet Age: "You don't have any privacy. Get over it." McNealy's words look more prescient every year. In 2006, AOL unwittingly divulged the personal lives of 650,000 customers by publishing their search histories as research data. Despite AOL's attempts to anonymize the info, the New York Times quickly outed a 62-year-old lady in Georgia whose searches revealed her dog was wetting the upholstery. The Justice Department has subpoenaed Google, Yahoo!, MSN, and AOL for lists of search queries. More recently, Facebook employees were caught reading the customer logs.
Nothing warms the cockles of a user's heart quite like the tender mercies of your friendly neighborhood CEO. That privacy stuff you're so worried about? Get over it! You might wonder if Mr. McNealy has the same glib attitude towards the privacy of himself and his own family. Only criminals have stuff to hide, right? Here's Bruce Schneier's take on the value of privacy:
Last week, revelation of yet another NSA surveillance effort against the American people has rekindled the privacy debate. Those in favor of these programs have trotted out the same rhetorical question we hear every time privacy advocates oppose ID checks, video cameras, massive databases, data mining, and other wholesale surveillance measures: "If you aren't doing anything wrong, what do you have to hide?"
Some clever answers: "If I'm not doing anything wrong, then you have no cause to watch me." "Because the government gets to define what's wrong, and they keep changing the definition." "Because you might do something wrong with my information." My problem with quips like these -- as right as they are -- is that they accept the premise that privacy is about hiding a wrong. It's not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect.
I promote openness and making things public. Not everything, of course; just the good and publicly useful sections you've culled from the repertoire of your life. If you don't consider any part of your life worthy of public consumption in any form, are you really doing anything?
Even as a proponent of selectively exhibiting parts of your life in public, there's a huge part of my life that's private. I didn't realize it, but I've relied on privacy through obscurity until now. My life is so utterly mundane that I can't imagine anyone caring what I do, what I buy, what I read, and who I talk to. I thought privacy was overrated. I certainly never considered privacy a basic human right, on par with life, liberty, and the pursuit of happiness. But it is.
Too many wrongly characterize the debate as "security versus privacy." The real choice is liberty versus control. Tyranny, whether it arises under threat of foreign physical attack or under constant domestic authoritative scrutiny, is still tyranny. Liberty requires security without intrusion, security plus privacy. Widespread police surveillance is the very definition of a police state. And that's why we should champion privacy even when we have nothing to hide.
If power corrupts, then access to a pure, unfettered stream of data on every American corrupts absolutely. The default strategy of privacy through obscurity may have worked by default in the hodepodge, sporadically digital worlds of the 80's and 90's. Not any more. Now that so much of the world is online or stored in a vast database somewhere, all those tiny digital artifacts of who you are and what you do can be woven into a complete tapestry of your life. And you better believe it will be, because it makes some people a lot of money.
So what can we do about it? Is privacy possible in the digital age?
The truth is, fighting to protect privacy is a quixotic venture. Sure, there are any number of technologies, techniques and work-arounds you can employ, all in the effort to protect your privacy. But such a quest is like trying to dig a hole in middle of a fast flowing river. The rich and powerful gain some amount of privacy only because they can afford to grid their personal lives with a kind of digital body armor.
Garfinkel says we need to rethink privacy in the 21st Century. "It's not about the man who wants to watch pornography in complete anonymity over the Internet. It's about the woman who's afraid to use the Internet to organize her community against a proposed toxic dump - afraid because the dump's investors are sure to dig through her past if she becomes too much of a nuisance."
I'm with Bruce on this one. Demand privacy even if you don't think you need it. Consider that the next time you sign up for some new social networking service, or a grocery discount card, or give out your telephone or social security number for some trivial reason. Neglecting to protect our right to privacy is, in effect, giving up on privacy altogether. And that's not a world I want to live in. Openness is important-- but so is privacy, in equal measure. I believe we can have both, but not without active effort on our part.
Posted by Jeff Atwood
There were a couple of stories on Slashdot that had some decent responses to the "what do you have to hide?" statement:
1. People have an annoying habit of abusing their power.
2. There are secrets people have that aren't illegal.
3. Because there are lots of little things we do every day that break the rules.
4. Because there is a big difference between serving the public interest and fascism.
Because there are lots of little things we do every day that break the rules. These include: j-walking, downloading MP3's, subletting without telling your landlord, [...] putting chairs in the street to save your parking spot, stealing office supplies, stealing the [hotel's] towels, littering, loitering, the office NCAA pool, etc etc. All of these are necessary for the functioning of our society in some way or another, but are illegal. Yet we would go batshit insane without a few personal pet vices.
And all too often, the hunters are the ones proclaiming to be looking for TRUTH. But they are more concerned with removing any obstactles to finding the TRUTH, even when that means bulldozing over people's rights (the right to privacy, the right to anonymity) in their quest for it. And sadly, these people often cannot tell the difference between the appearance of TRUTH and TRUTH itself. And these, the ones who are so convinced they have found the TRUTH that they stop looking for it, are some of the worst oppressors of Natural Rights the world has ever known.
They are the hunters, and it is right and good for the prey to be afraid of the hunters, and to run away from them. Do not be fooled when a hunter says "why are you running from me if you have nothing to hide?" Because having something to hide is not the only reason to be hiding something.
Is it even possible to demand any privacy? In the grocery store example, even if you don't sign up for the discount card, they can still track your every purchase if you use a credit card (since the number is a unique identifier).
There are large database companies that exist only to consolidate data and sell that for direct marketing purposes. I've heard horror stories that they can basically track everything you've purchased, except for pure cash transactions. (I hope that's not true, but have no way of knowing.)
Other than tearing up our credit cards and buying things anonymously in cash, we have no control over this.
One of the problems is that there is actually no right to privacy written into the Constitution, in the USA. I was actually kind of surprised to realize this, taking Constitutional Law classes in college. It is, however, implied from other rights, as interpreted by the Supreme Court in many, many decisions.
Still, sometimes the lack of an explicit description of this right leads to problems, I think.
I think that normal people have every right to expect their personal lives to not be interfered with or published without their explicit consent. And I think that criminals lack the same right. However, sometimes this gets into treating *everybody* as though they were a criminal (such as inspecting the baggage of random airline passengers, or installing devices to scan all email at an ISP for possible illegal activity), and the fact of the matter is that the vast majority of people are *not criminals*, and don't deserve to be treated like one.
Every time I'm subjected to some violation of my privacy without my consent, I feel like the state or the organization thinks I'm a criminal, and that doesn't help anybody--me, the state, or actual criminals. It even leads to non-criminal people standing up for the rights of criminals, because if *everybody* is treated with a single blanket rule or law, then I'm forced to defend criminals as well.
No, I think we could use a little more "innocent until proven guilty" and a little more general consideration of the privacy of individuals.
Of course, at the same time, I don't think it's necessary to get paranoid about *all* your personal information on the Internet. It's quite handy for a site to remember my credit card number, for example.
To a certain degree, I trust the retailer--I don't expect them to be criminal. When they're criminally negligent about my privacy, *then* that's the time to deal with it, unfortunately. Otherwise you're going to treat organizations with the same sort of blanket "everybody's a criminal" attitude that I wouldn't want applied to individuals.
So in brief, I expect normal people to be honest, I expect organizations to be reasonable, and I expect criminals to be stopped.
I would say that in the large, the problem of personal information on the Internet is a problem of the criminal misuse of that information by criminal or negligent *organizations*, not the problem of whether or not I gave them the information in the first place.
And also, the problem is much more a human problem than a technological one.
I see a mixing up of two very different concerns about privacy in your post. One is in regards to security—government snooping—and the other is in regards to proprietary information—corporate snooping.
To me these are a bit different. Google might know a lot about me, but it's going to use that information to try and make a buck off of me. OK, that might be a bit creepy, but who cares? As long as they aren't mishandling the data or letting it get out (cough cough, AOL), I don't really care all that much that they are keeping track of what I am searching for and using that to tailor ads towards me.
Government snooping is different, though. Historically governments have long used surveillance of the population as a sort of legalized extortion—see somebody doing something quasi-legal but innocuous, or just discover something about them that they'd rather not revealed (it's not illegal to have an affair, but you probably wouldn't like it aired publicly, no?), and you can get them to do whatever it is you want them to (rat out similar information on friends, for example). The oversight on organizations that do this kind of snooping (the FBI, the CIA, the NSA, etc.) is known to be limited at best, done in hindsight at worst. The potential for abuse is extremely high, and in fact here is one of the only places that anything like a "right to privacy" is spelled out the constitution: you can't be searched without a warrant, the government can't just go through your things and life without some sort of oversight being exercised (in the form of a judge).
The latter worries me much more than the former. There should be strict privacy laws put into place which would prevent corporations from misusing proprietary information and result in massive fines and punishments if they should do anything like what AOL did (which was a gross infringement of privacy by any measure) or for the release of information like Social Security Numbers (which has happened more than a few times due to bad data practices at companies and universities). Such laws would probably be sufficient to control abuses and negligence by businesses; let them keep the data, let them even sell it (with probably some limitations), whatever, just make sure they only use it for legitimate business.
I wouldn't trust such laws to effect the practices of the aforementioned government agencies, though. They have long taken the position that they consider their particular view of "national security" to give them extra-legal jurisdiction, and they have been occasionally supported in this by pandering politicians and short-sighted courts.
On the technological question, there are some things which are surely technological in nature. UC Berkeley not long ago had a laptop stolen that contained thousands of SSNs on it, stored in the clear. Why were those stored on a laptop? Why were they stored in the clear? These are worries that could have been solved and avoided altogether by better information management practices, by minor technological measures.
Hmmm. This has interesting tie-ins.
People who claim there is no right to privacy must accept that the Roe vs. Wade decision was in error; however, the converse it not true because of another right: the right to life.
privacy shmivacy, can't things just be clearly spelled out?
Here, I sign up for an account and this server knows who I am.
Here, I don't sign up for an account and post from a (supposedly) private place.
Things can almost always be traced. If I really don't want them to be traced, I can go somewhere like a lbirary and wea a big hat so the surveillance cameras don't even see who I am.
Now if someone does something in a library with a big hat, people will google this and suspect it was me. Great.
Anyway, bottom line
Facebook - OBVIOUSLY they have my personal info, so anything I post there is free for everyone to read. How do I knwo I can trust the makers of Application X? How do I know I can trust the makers of myofficialsoundingwebsite.com ?
What facebook should have is a way of doing stuff without loggin in.
Yes I realize anonymity != privacy. But it provides true privacy, unless the details of yoru interactions uniquely identify you.
Who can really guarantee that NO ONE will look at yoru data? come on. That's why Scott McNealy says it's possible.
One of the problems is that there is actually no right to privacy written into the Constitution, in the USA
Sure there is:
"Amendment 9 - Construction of Constitution. Ratified 12/15/1791.
"The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people."
I.e. it is implied and more specifically *not* denied just because it isn't so enumerated.
#1: If you access the internet, your privacy is compromised. (Unless you have a real fake identity that you use for all computer related activities).
#2: You say privacy is an inherent right? Says who? The US Constitution is one of the very few places, and it is being dismantled daily. You're waking up this now?
Simply, I am not able to resist the seduction to ask you - what about your bosses (clients)? Do they agree with everything you are publishing, here or anywhere else? None of your opinions - you present in public - makes them a little ... angry? Because - as Mr. Blair wrote - "The heretic, the enemy of society,
will always be there, so that he can be defeated and humiliated
over again". Do you think that we can win back our privacy or even our self-respect?
@Max "I think that normal people have every right to expect their personal lives to not be interfered with or published without their explicit consent. And I think that criminals lack the same right. However, sometimes this gets into treating *everybody* as though they were a criminal (such as inspecting the baggage of random airline passengers, or installing devices to scan all email at an ISP for possible illegal activity), and the fact of the matter is that the vast majority of people are *not criminals*, and don't deserve to be treated like one."
Until your thinking changes, neither yourself nor any "criminals" have any privacy.
Have you ever left your home without your wallet? Have you kept silent when a store clerk gave you too much change? Have you ridden a bicycle on a sidewalk? Failed to come to a complete stop at an intersection? You just admitted that you are a criminal. Now, should we allow the police to spy on you, knowing this?
The idea that government should respect your privacy except under certain narrowly defined circumstances is central to the fourth amendment. It means that you are free to hold minority and unpopular views without being spied upon. It means that you are free to disseminate your views without subjecting your non-public writings and communications to snooping.
If there is real evidence of a severe crime, the police can get a search warrant in order to stop or prevent that crime. This subjects law enforcement to outside oversight, which should hopefully prevent most abuses of power.
Our present Soviet-style government snooping must inevitably lead to tyranny unless we quickly put a stop to it.
Google reader is NOT sharing private data!
1. There is a special tag called 'shared'. It defaults to public, but you can change that in tag settings. I don't know about you, but when something says 'public' I assume everyone can see it.
2. Things only get shared when you click the 'share' icon in an item. If you're sharing it, you should expect everyone to be able to see it.
I don't know what part of 'public' those people don't understand.
I sure wouldn't want people to watch me in the bathroom. Isn't that enough of an argument for privacy ? Because it should be.
Sadly,No! just posted a link to this great video which I think is quite relevant: http://video.google.com/videoplay?docid=-461990723502527420
I think it's quite sad, actually -- if you realize they had just finished fighting WWII a year earlier, compared to our haste to throw away the same rights in our current "war"...
Here is a short list of information I want on everyone. If ther aren't doing anything wrong, then they don't have to hide this information.
1. ATM Pin Number.
2. Bank Website Username and Password.
3. List of inventions or creations.
4. Yearly salary.
5. Social security number.
6. Length of penis, in inches.
7. Number of sexual partners, past and present.
8. List of weapons owned, including dinner cutlery.
9. Voting record, past and present.
Speak up Jeff... Speak up
the best question that I have heard about privacy to those who say they have nothing to hide ... Do the close their curtains at home? Not having Digital privacy is like not only not closing your curtains at home but walking down the high street or shopping in the mall naked.
The privacy issue goes beyond just personal privacy but privacy for business ideas, business deals and competition. I can imagine the abuse of the bills like the Patriot Act to look into business. How would you like being a competing oil company in the age of no privacy? Protecting ideas and plans is as important as personal privacy and goes hand in hand with it.
Good post, although I sense a reluctance to take that step fully. You say that privacy is an inalienable right. Perhaps this is so, but why? What is a right, anyway? Why is this concept important and how can it be defended on principle (other than simply saying that it is so)?
See here for an excellent distilled tutorial on the nature of rights:
At the same source, an old but relevant article by Duane at TechCentralStation, on Internet privacy:
What I did there is called "satire." You see, that list is a small example of the things that you wish to remain private, but which are not things considered "wrong." Even you mentioned that having a secret PIN number prevents theft.
Privacy can be considered a subset of Self-Defense. To defend yourself from attacks, such as having the contents of your bank account stolen, you can apply a layer of Privacy which will alleviate the need of you standing in front of the ATM machine with a baseball bat, waiting for the guy who will steal your money to walk up to the machine.
Further more, keeping private the length of your penis, in inches, and the list of your sexual partners, protects you from ridicule by your peers. Also, by keeping it private on digital mediums, keeps you anonymous from illegal distributors of male enhancement drugs.
Also, by keeping my name to a short, "Bill," and providing no other information about myself on this forum, I minimize the out-lash from others who read this blog. Giving up my email address would almost certainly invite a large amount of unwanted emails.
There's an old saying that goes "Good Fences Make Good Neighbors."
I think another argument for privacy is innovation. Privacy allows a safe environment to fail or be imperfect. Imagine learning to sing in front of a continuous audience. I personally find my typing speed plumments when someone is looking over my shoulder. If all of Thomas Edison's failures were offered up for public scrutiny, would he have felt as free to try odd experiments, some of which led to his 1000+ patents?
Is a proposal for a new identity credential standard, based on open source software, offering a similar level of hardness to current-generation modern passports, but will full protection for your privacy: a transaction like renting a car will not reveal your name without a court order.
Give it a look, you may find it a very interesting direction for development.
It gets worse when privacy/data issues are combined with incompetence. Google "uk government data cockup" for examples.
We are living in the last age whose people will understand privacy as anything more than an antiquated notion of how the world ought to work.
The argument "If you are not doing anything wrong then you have nothing to hide" is simply a blatant attempt to justify what the "hunter" is actually doing: "Your personal info has monetary value to me and I intend to realize that value!"
But all too many people, especially young people, seem to value convenience over some abstraction like "liberty" and "freedom", so this particular river will keep on flowing...
the guy who mentioned the keychain card you get to get discount groceries has a point. What it is i donno, but i guess I don't see how privacy is a right.
But who can afford to do their daily business covertly? Privacy is damn expensive. that's what it is, it's not something you give out for free. What do you think?
Nobody mentioned credit reports and tax returns. You can pay for a credit report, just put dollars in the right hands, and you can get tax returns too.
The internet is one huge audit trail. When you come to terms with this fact you will act accordingly.
Google is of course at the top of the list. You should not use Gmail, and if you do, you should not be logged in when you use Google Search.
For an interesting counterpoint to this blog post, read this essay by sci-fi author David Brin:
He believes that the technology for snooping will become so cheap and ubiquitous that society will only have 2 choices:
1) To become a police state where ONLY the government can spy on its citizens.
2) To become a "transparent society" where EVERYONE spies on EVERYONE else. According to Brin, this is the only way we will avoid living in a totalitarian nightmare. One of the side-effects, or concessions, is that we'll all have to become more tolerant of everyone else's hobbies (which will be public knowledge).
Keep in mind the essay was written in 1998, before cell-phone cameras become ubiquitous, and before the rise of MySpace and Facebook. Sure, people were putting their private lives on the Internet back then (think GeoCities), but "true" social networking didn't exist at the time (and wasn't popular amongst the masses).
Can't say I totally subscribe to the Transparent Society idea, but it sure looks like the whole "ubiquitous surveillance" prediction is coming true.
Maybe in 50 years, both privacy and "intellectual property" will be seen as antiquated, outmoded concepts. Whether these are good or bad outcomes may depend on your perspective. Most Slashdot readers would probably love it if IP were abolished, but privacy protected. And most corporations and governments would have no problem if privacy were dead, but IP firmly entrenched.
"U.S. Official Urges Americans to Reconsider Privacy"
"Protecting anonymity isn't a fight that can be won. Anyone that's typed in their name on Google understands that," said Kerr [Principal Deputy Director of National Intelligence.]
Jeff - you brought up some good points. Definetly worth mulling over. Thanks.
Bill - you're an idiot,a troll or didn't understand the point. Certain items of information like the ATM Pin is to prevent people from theft. Most people are honest but can be swayed by temptation.
Like a person walking down a busy street, one's identity can be determined but it's difficult. Well, used to be.
With the collection of data into databases it makes it easier to be identified. Taking the example of a person walking down a street - if they're wearing a sign with their name it makes it real easy to identify.
With systems that don't forget ones steps can be traced.
It's not wrong to walk down the street without a sign identifying who you are.
In all my life nobody has ever asked me if I had anything to hide.
However, if they did I would tell them that information was classified.
I am so pleased with your post. The "what'ya got to hide?" argument has left me weary for many a year now.
My electric eel fetish, and what I store in my sigmoid colon is none of their business!
The problem is that we are in a class war, whether we join the battle or not. Most of us don't even know who the most powerful people are, their fortunes don't get published in Forbes. Do you really think Bill Gates is worth more than the heir to the Rothschild dynasty, David DeRothschild? They stay out of the press for a reason. There is a war on us declared by the elite, in tiny paragraphs in clandestine documents, but it is a Queit War.
The Energy Barons, the Banking Cartels, these are the people who want to horde the privacy and collect data on you, so you can never rise against their power monopoly. Your privacy is the first step in the rebellion against a rising technocratic dictatorship
Facebook CIA ties:
Whoo boy, I get fired up about this topic. But I am not feeling particularly cogent, pre-coffee, this morning. Great blog, and thank you for writing this very important piece.
It seems that Bill is mostly correct, but does not understand "Good Fences Make Good Neighbors".
Good fences make for good neightbors because they have to work together to repair the fence. Where this phrase was popular, that was a yearly job for farmers, every spring before planting time.
I think you've misunderstood McNealy's comments. He's not being glib; he's just not in denial. The privacy war wrapped up decades ago and you lost it before you even knew you could fight it. Your only hope at this point is a sweeping radical change of attitude among legislators followed by an agreessive enforcement effort including high-publicity raids on the corporate headquarters of many Fortune 1000 companies. Forget about it.
The only person I know of who has any significant level of privacy is a woman who used to have male sex organs and now lives in an area where her life would be in danger if this aspect of her history got out to her local community. She exerted a boggling amount of effort to make sure it would be very difficult to encounter this information. For almost nobody else could that effort be justified, and it's not even clear it would be possible today.
The bottom line on privacy vis-a-vis the Internet is pretty basic:
If you provide data about yourself (sign up for a credit card, join some program or website, etc.) you must accept the risk that the data will be misused at some point and your supposed "privacy rights" violated -- either through subterfuge, impropriety, or crookery.
Legislation and even enforcement will not fix this as it is built in to the human psyche. You can only make educated decisions about what, when, where and how to provide data about yourself, be vigilant, and hope for the best.
Welcome to the age of the dog. The dog wants to know everything, sticks its nose into every thing and is happy to allow you to as well.
There's an example of "transparent society". In that kind of society there is a top dog and underdog and everyone stays in their place or it's up to their betters to cow them into submission. Theres not much chance for advancement, might makes right, and the best stuff goes to the biggest strongest and meanest. As for loyalty, well it can at least temporarily be bought with a pork chop. Until someone comes along with a handful of bacon. But dogs are such loyal happy creatures always looking to serve, please and kiss up quite literally to the top dog so what are we worried about? If we were all more like those lovable darn hounds then all our problems would clear right up!
Wait a minute! We already have that sort of society now, don't we?
When we were young we were fed all kinds of erroneous ideas like "life is NOT a popularity contest", and "it doesn't matter what other people think", and "you'll go blind" ( well OK for a second or two you do but-) oh and the funniest one is one I often see popping up on home pages here and there "It is better to be hated for what you are than loved for what you are not" Please! Who can't see the holes in that one?
Even with all kinds of supposed checks balances and safeguards "mistakes" happen - well sometimes not mistakes, ask anyone trying to recover from identity theft.
Most people here believe they are being spied on, and it has not made them better people, but sneakier, yes.
I know people for whom new laws must be passed because they are constantly finding ways to abuse the current ones, which means we now all must face stricter laws.
I find the most nosy people are also involved with crime, they will go on about TRUTH but if truth were really known they would be spending time in the joint.
I find most people looking for info are also looking for ways to misuse it. KNOWING YOUR DAILY SCHEDULE can make all those "random events" much easier to orchestrate, which is why its so handy to have everyone you are trying to control in standard hourly employment or in school.
I find that people who speak of the "burden of materialism" who urge you to let them help you "lighten your load" are really trying to get you to help them rip you off.
I find that while we hope other people are sane, and have some sense of fairness and decency, this is just hilarious talk to lots of people online and off! OF COURSE NOT SILLY!
I find that with the right information you can make almost anyone look like a "criminal" if you are so inclined.I have seen this done to the most harmless people.
We hope that people having access to our information are at least of average intellect and "common sense", DREAM ON BUDDY!
What I am saying is I have seen the "future" - darn it. :(
True horror story. I don't easily give out private info and when I do it's usually altered in some way, but even this doesn't always help your cause.
One day I came in to a local haunt and everyone was treating me differently, in subtle and not so subtle ways. Then as I was commenting on the change to a friend, a person I didn't know piped up "I googled you, we know you are really (age) your mothers name is (name) and you have been arrested for (crime) (number of times). You served (time period) , Blah blah...
Astounded I wondered aloud why on earth would you say such a thing about me? Not one thing was true!
"But I found your police record."
"OH well there's the problem, I have no police record."
"Everybody has a police record."
"But I do not."
"Your mother is not (name)?"
"You aren't really (age)?"
"Not even close."
My friend backed me up, luckily.
Crestfallen, and still not entirely convinced " You don't live at (address)?"
"But you are (name)?"
"Yes, did you try it with a 't' at the end like lots of people do?"
There were people who were still not convinced and the the next week another person came up with an equally false set of data, right name wrong age.
" Why are you googling me anyway? I don't even know you!"
" Just heard your name and wondered."
"I google everyone."
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
Like weapons of mass destruction? OOPs, I never said that!
Is it not a choice between complete privacy and the protection of society. Recently a man in our area was convicted of peddling live porn of his daughter. If we forced that everything was 'private' and his rights to do this privately the police would have no way to id him and convict him. Only through the searching through records and ips could they find this scumbag. I would gladly give up my 'location' on a minute by minute basis to ensure that things like that never happen to defenseless people. Put an rfid on me, I have nothing to hide about where I go, then I can always prove that it wasn't me who went to jail, went to the pron store, robbed that guy at knife point. Let 'them' know that I didn't go to church on Sunday I don't care. I don't understand the cry of privacy when the information that is divulged doesn't harm me. I don't want you to know my pin, password or other financial information because people out there abuse it.
Privacy is not a right. If you want privacy you must work at it. You build fences, buy drapes and install locks. But what you do outside of your four walls is public. That is a fundamental thing you need to understand.
OK OK I see 3 fingers, no 2, no, how many do I see?"
You misspelled the word hodgepodge.
"...may have worked by default in the hodepodge, sporadically digital worlds..."
I don't necessarily have an issue with a person being allowed to constantly monitor themselves, in the digital sense. I should certainly hope that people would take enough interest in being able to defend themselves this way, in case the need should ever arise.
However, it's the public monitoring of people that's a problem. Put aside the analogy of curtains and locked doors for a moment. Privacy is a self-defense Right against corruption. I may someday want to run for a political office, or want to get a promotion to a management position. My entire personal history being up for scrutiny, including that one strip-club I went into when I was younger, or how many bottles of beer I've purchased since I turned 21, would certainly present a problem.
As is, a potential employer can easily do a Google search on someone, and even get the wrong name as D suggested, and have it lead to a prejudice against someone. Something like that is unfortunate, but imagine if this data were available from a government source, and were very comprehensive. Imagine a health-insurance company denying your claims because of "existing conditions" that extend way back into your early childhood.
Jeff this time you did it. You made my all time greats list of blog posts. I am linking to this article perminantly on my website.
We are entering an age when protecting privacy is becoming something we need to do individually in order to preserve a collective value that has escaped our hands. Privacy is a collective good value because it allows us to maintain personal differences amicably. Lack of privacy kills freedom, makes a mockery of personal values, and steals the soul of the individual. Privacy is the only means to ensure that power and control remain in the hands of individuals. Where privacy is not required, power brokers can and will invade that personal space and create an economic or social reality that quickly goes from a convenient possibility to a compelling requirement. I for one think a bit and bridle are good for a horse, but not for a human being. We have far to much control in our society already. If you disagree, simply sit down with your parents or other adults, and ask them how much things have changed. I did it and I was shocked to realize how many things I assumed were 'right' and 'good' were political innovations that have come along in my lifetime. Most of them have not stood the test of time, and yet we are building a superstructure of regulation and control over all of our lives based on their assumptions. When we discover the emperor has no clothes, he will still be the emperor because we will have allowed no alternative.
So much about the arguments as to what privacy you should be entitled to, what you are or are not hiding, and so on.
Just see the recent stories in the UK press about our government and civil service agencies making a real mess of privacy and security.
Millions of records have 'gone missing' on CDs that were put 'in the post'. Others have been 'mislaid' with numerous excuses.
When signing-up to commercial services, there is generally an 'opt-out' clause (well, there should be - and it really ought to be an 'opt-in' to be at all honest). That means you may give your permission for that organisation to sell on your details for whatever nefarious means they put forward.
I don't recall seeing anything of this sort on government agency web sites and paper forms. However, some of these agencies DO sell on their information about individuals. Makes you forget that they are there to serve us.
Also surprising to recall that in the UK we have a Data Protection Act, which these agencies do not even choose to comply with!
Privacy, security, what's that then?
I'm with McNealy. Get over it. "The real choice is liberty versus control". This article reasons from the basis of fear: they /might/ do something to me, based on what they know about me. Nothing has happened yet, but what if.... scary!! Whereas if you reason from the basis of liberty you wouldn't care one bit about the illusion of "privacy". If you're truly free you can do whatever you like and the whole wide world may watch, if they're really interested. So, get over it! The best medicine against this fear based fudd is to make your life as public as possible.
What is "right to privacy"?
Seriously, everybody has a different definition.
Consider; when you hop in your car, do you require a license? Who verifies that license? Who verifies the verifier?
Somebody, somewhere has access to all your personal information and since you don't know who they are you cannot possibly judge how safe you are... UNLESS you consider that your safety is not based on what somebody KNOWS.
That's the key.
The right to privacy is a fallacy. It can easily be divided into 2 important categories:
1. The right to not be seen.
2. The right to be left alone.
"The right to not be seen" is a very modern idea - logistically it can't work and fighting for it only means you're blind to something else. Yet much of Western society seems infatuated with this.
"The right to be left alone" was first covered, in essence, in the Magna Carte early 13th century and was wildly popular. The idea that no agency has the right to destroy you without peer review and that you should not be harassed by anyone without due cause. Americans have lost this right - "extraordinary rendition" means nobody is held accountable, nobody checks the facts, nobody knows your gone. You can be destroyed without trial or process. Privacy? Very private.
What's more important to you?
Google also made orkut (google's social networking site) profiles being listed to ``friends'' in their search pages by default.
Number one I'd like to say that I love Coding Horror; it's the highlight of my day to read while at work. Secondly, I love how you talk about privacy and yet offer a way to post anonymously to this site. And for what it's worth; I understand that you will have an IP address that I posted this from. Be that as it may, this brings me to my third point; there are certainly things that really do make our lives better that do exploit our privacy. Things like, for example, Best Buy's Reward Zone. I love the fact that when I buy something; I know eventually (after I've spent my entire paycheck ;)) that I will get some coupons for X amount off.
There is of course the downside to this where the company sells your information to another company for them to spam you with marketing crap. This, at least imho as a network security professional, I believe is the thing that I think should not be allowed. If you provide information to a company, they should be required by law to keep that information private between you and them only. It should be mutually exclusive between those two parties and no one else. And yes, I believe that goes with the government as well.
Using the previous example that Jeff gave, if I buy porn on the internet; I don't want the entire world knowing that I did it. If I buy "Barely 18", I don't want the government to look at it and say "well that's a potential pedophile." I'm of course not stating that I watch porn, this is a single example. Let me continue with another example that has been played out as well.
If a College Exchange Student from India comes over to the US and is working on a research paper that deals with Nuclear weapons. Then that student is at risk of being watched by the government. With this pressure the student may not do the research fearing some action by the government and thus might fail the paper. (Of course I'm probably going to get a phone call from the government in a few days for including these words in my statement, but you get the point.)
My point is that there should be no fear about sharing private information with companies, even online. But it should be only available to the person the information originally belonged too and the company that the person shared it with. There are exceptions to this, like the fact that a sexual predator must register and this information is available to everyone. But regardless, I thank you for your time.
The incentive for collecting private information would be diminished if any such data could not be used for trade between parties. Taking out the profit incentive will go a long way to solve the problem.
So Steve you don't mind being monitored 24-7 in that case I will sell the track of your movements to a direct marketing company so they can send you "relevant" mail that arrives when you are at home
And I'll make sure the local burglars know when you are not at home as well
Monitoring to prove you innocent does not work, do you really think criminals could not fake it? "Those witnesses must have been mistaken my RFID tag said I was 20 miles away at the time"
Universal monitoring is only for the good if the data is kept private, and as we have seen recently no-one can be trusted to keep even that data they have already safe.
Every time you tell someone any information ask yourself two questions, do I trust these people enough to tell them this, and who would benefit from this information?
@Max Kanat-Alexander: "I think that normal people have every right to expect their personal lives to not be interfered with or published without their explicit consent. And I think that criminals lack the same right. However, sometimes this gets into treating *everybody* as though they were a criminal..."
The reason this often (not just 'sometimes') gets into treating *everybody* the same is that there is no true distinction between 'normal people' and 'criminal.'
There's not two separate races subject to surveillance and at risk of intrusion into their privacy, there's just 'people.' People that haven't committed crimes aren't necessarily never going to, people who have committed crimes may never have been caught and punished, people have been caught and punished aren't necessarily going to commit crimes again.
If you start with a falsehood, you end up with absurd conclusions.
Suroot wrote: "There is of course the downside to this where the company sells your information to another company for them to spam you with marketing crap. This, at least imho as a network security professional, I believe is the thing that I think should not be allowed. If you provide information to a company, they should be required by law to keep that information private between you and them only. It should be mutually exclusive between those two parties and no one else. And yes, I believe that goes with the government as well."
This is a really nice idea, but it's unenforceable, and there are significant loopholes. What happens when a company goes bankrupt and has its assets purchased? What about companies which are active in many fields? (e.g. Marketing, banking, online shopping). Can you prevent a company from sharing information between subsidiaries? For example, can you force PayPal to keep its records separate from its parent company, eBay? I doubt it.
For example, a couple of years back in Canada, there was a minor scandal over information-sharing between 2 government departments. Apparently some people were denied (un)employment insurance payments because records had shown they'd made short trips to the United States (e.g. for shopping) when they were supposed to be looking for a job. There was a minor outcry over the fact that the border crossing data was not supposed to be shared with the employment insurance department. I'm sure the net result will be the government will continue to share data between agencies, but simply make it less obvious.
Every great cause needs a champion. Maybe we should persuade Hillary Clinton to be our champion in Washington fighting for our right to online privacy. She is a public official but still manages to keep a lot of secrets from us. And if she can keep hers I should be able to keep mine.
Privacy is the wrong frame. Privacy only comes into play after anonymity has already been thrown over the side.
The comments about rfid tags made me think about an old SF story, I think by A E Van Vogt, where the state could mark you for execution by causing an implanted device to start inducing severe pain until you came in to be executed just to escape it (the pain). And the state in this case was a somewhat mercurial dictator who might just decide he didn't like you.
I'm not too bothered about some of this stuff, but I do know someone who was chased out of his home town because there was a credit card transaction in his name against the bank account of some very nasty scumbags. The police just arrested him and slandered him. All he'd done was download some normal, consenting-adult style pron but these people also dealt in stuff we'd all find abhorrent, including my friend. Didn't stop my friend being hounded. Guilty until copping for a very minor offence to get them off his back.
Once you are the subject of an investigation the investigators will try their hardest to get you for *something* to justify the cost of the investigation and their salaries. Far better never to get on their radar.
I think you have a good point, Jeff.
It is hard to maintain dignity without privacy. If your house was like a jail cell and had a plexiglass wall that allowed everyone to see inside no matter what you were doing (especially using the bathroom), like jail, that would be a bad thing... whether or not you have something to hide.
The argument that "I'd do that to get the bad guys and abusers" falls short here because in civil society, that just goes too far (as do many measures).
I don't believe for one minute that we're in a police state (or devolving) like many posters do. That is nothing more than hyper-partisan political hysteria. Germany around 1943 was a police state.
There is a difference between the government having access to your "private" information and anyone else, though. The government can use it to lock you away.
I suppose the lesson here is to be careful and put up some drapes.
Yeah, absolutely true, Facebook joke probably the most valuable example. And i'm wondering that some respectable services ... but they do the same thing ... nice article .. thanks alot ;)
Hey Now Jeff,
Great post, I don't think publishes his physical address with his phone number. There are many people who don't place pix publicly. Should there be pix of any every one on the internet along with sensitive personal identifiable information? (I think not)
Coding Horror Fan,
I concur, you have atoned for the "goating" article with this one, I nearly left then, but decided to give you another chance. Now put the two together: Lack of privacy and people who just can't resist pulling little "harmless" jokes every time someones guard is down and "Coding Horror" earns it's name!
Horror stories have been written about these types of scenarios and here's another thought: I know what kind of scum I have met online (present company excepted of course)and the only comfort I have when confronted by them is relative anonymity.
As long as no one takes an interest in you, you don't have much to worry about, but what if someone does?
There are people who take offense for the darndest things, others who just like to feel the power of intimidation and yet others who party too darn much and have very little grasp on reality who might just decide they don't like the look of your font. And some who are just plain crazy and off their meds.
And that's before we get to the actual criminal types whose job it is to out think all existing limits, rules and safeguards because its how they make a living.
And someone tells me to just get over it? Now I have to say you are the naive one, just because you THINK you have nothing to hide does not mean someone can't alter existing facts to suit their own purposes.
Remember there is a difference between what YOU consider "harmless" and what's "PC" at any given moment! And when you take into account different values all around the globe you see how a "transparent" society might end up looking like something out of "Demolition Man" (not my favorite film but it had a point.)
You know in earlier days when this "Internet" was not there, people used to sit within the four walls of their homes and the only
outside contact they had was "TV". Now, this TV is a kind of passive entertainment thing. Read Only. You cannot respond. Just shut up
and listen. (But these days it is trying to become more interactive using internet, you know, "visit www.cnn.com/myviews" kind of stuff)
These days "internet" is a kind of spy-satellite sitting in everyone's home. Remember it is not "ReadOnly". It is quite interactive or "ReadWrite". The moment you login, you start transferring "101000111000001..." to the outside world. Imagine everybody around you is doing this! Now, it seems
internet is not controlled by anybody but that fact also seems to be wrong. So, we are public now.
In the nut shell, The public is public now!!
I used to work for one of those companies. We had 3 main lines of business. First, we did real estate planning and placement. We would get hired by a company to locate new places for their stores. They would provide us with all their customer data. This was data from credit card sales, surveys, checks... anything they had except for cash sales. We would would then build statistical models using that data to find areas in the US that has similar profiles of people.
The second line of business was helping communities locate business to attract to their areas. We would use whatever customer data we could along with some segmentation data about the dmeographics of the area and look for anything that would be a good fit. (kinda the reverse of #1)
The final thing was Direct Mail/Direct marketing. Company A wants to send out 1000 fliers to people matching the companies key market segments, so we would build a simple model and figure out the top 1000 names.
I found myself in several of our customer databases, and the information was complete with my name, address, Card #, etc... Pretty scary when you think about it.
Now, I work for a gov't contract that is using data mining to locate Fraud, Waste, and Abuse... it's amazing what you can find with the right data...
Cash transactins won't be helping for long. In the EU there are plans (however advanced and realistic) to have RFIDs in the bank notes, and anyway, sooner or later you will overlook some RFID tag in your clothing.
: "so they can send you 'relevant' mail that arrives when you are at home"
Is there a problem?
: "And I'll make sure the local burglars know when you are not at home as well"
Because of course there's no other way they'll know. Meanwhile, you make yourself accessory. Inventing laws to combat 'crime in potentia' is a very dangerous game - it tends to involve losing a lot of liberties.
: "Those witnesses must have been mistaken my RFID tag said I was 20 miles away at the time"
What happens if you are pulled over by a Police Officer and when you hand him your license he sticks it in his pocket then arrests you for not having a license? You can live in fear or...
: "Universal monitoring is only for the good if the data is kept private, and as we have seen recently no-one can be trusted."
Funny, the first part of that sentence specifically contradicts the second. Knowledge, aka data, that no-one has access to, isn't data - it's nothing. Thus, somebody, somewhere has access. Knowledge is power. Power corrupts.
The fewer people that have access to specific information the more corruption there is. Simple equation.
I did a quick search off the comments and couldn't find links to these sites, so here they are...
Electronic Frontier Foundation | Defending Freedom in the Digital World
Electronic Privacy Information Center
Privacy.org - The Source for News, Information, and Action
Get involved! Contact your appropriate government official.
A couple things you can do to muddy the waters in this global panopticon:
1. Pay with cash.
2. Lie. (I was going to say something clever like "spread disinformation" or "add noise to the signal" but it's really not that complicated. My approach to dealing with nosy retailers or websites is to just make sh*t up. What's my zip code? 90210. My Address? 1600 Pennsylvania Ave. Borders Rewards knows me as "George Orwell" and my local grocer thinks I'm "Bucky Goldstein" - or something similar, I forget. I have multiple email accounts, some that I only use from certain computers/domains. I'll admit that this strategy is probably a bit naive, especially regarding online commerce, search histories, etc. and I can't recommend it for dealing with the government. But it does provide a certain creative release and it keeps me in the habit of questioning such requests.)
I know of some people with public bebo profiles with their phone numbers and email addresses posted for all to see. But those are young, naive people. There may indeed be a generation growing now with a completely different cultural outlook on privacy from my own, but just as there are swings and roundabouts in politics and economics I believe there will be a turnaround in privacy in the future. This may be purely cultural or have some technological component.
My biggest privacy concern? That someone will dig up my last.fm profile and realize just how bad my taste in music is. :-]