An Expectation of Online Privacy

If your data is online, it is not private. Oh, maybe it seems private. Certainly, only you have access to your e-mail. Well, you and your ISP. And the sender's ISP. And any backbone provider who happens to route that mail from the sender to you. And, if you read your personal mail from work, your company. And, if they have taps at the correct points, the NSA and any other sufficiently well-funded government intelligence organization -- domestic and international.

You could encrypt your mail, of course, but few of us do that. Most of us now use webmail. The general problem is that, for the most part, your online data is not under your control. Cloud computing and software as a service exacerbate this problem even more.

Your webmail is less under your control than it would be if you downloaded your mail to your computer. If you use Salesforce.com, you're relying on that company to keep your data private. If you use Google Docs, you're relying on Google. This is why the Electronic Privacy Information Center recently filed a complaint with the Federal Trade Commission: many of us are relying on Google's security, but we don't know what it is.

This is new. Twenty years ago, if someone wanted to look through your correspondence, he had to break into your house. Now, he can just break into your ISP. Ten years ago, your voicemail was on an answering machine in your office; now it's on a computer owned by a telephone company. Your financial accounts are on remote websites protected only by passwords; your credit history is collected, stored, and sold by companies you don't even know exist.

And more data is being generated. Lists of books you buy, as well as the books you look at, are stored in the computers of online booksellers. Your affinity card tells your supermarket what foods you like. What were cash transactions are now credit card transactions. What used to be an anonymous coin tossed into a toll booth is now an EZ Pass record of which highway you were on, and when. What used to be a face-to-face chat is now an e-mail, IM, or SMS conversation -- or maybe a conversation inside Facebook.

Remember when Facebook recently changed its terms of service to take further control over your data? They can do that whenever they want, you know.

We have no choice but to trust these companies with our security and privacy, even though they have little incentive to protect them. Neither ChoicePoint, Lexis Nexis, Bank of America, nor T-Mobile bears the costs of privacy violations or any resultant identity theft.

This loss of control over our data has other effects, too. Our protections against police abuse have been severely watered down. The courts have ruled that the police can search your data without a warrant, as long as others hold that data. If the police want to read the e-mail on your computer, they need a warrant; but they don't need one to read it from the backup tapes at your ISP.

This isn't a technological problem; it's a legal problem. The courts need to recognize that in the information age, virtual privacy and physical privacy don't have the same boundaries. We should be able to control our own data, regardless of where it is stored. We should be able to make decisions about the security and privacy of that data, and have legal recourse should companies fail to honor those decisions. And just as the Supreme Court eventually ruled that tapping a telephone was a Fourth Amendment search, requiring a warrant -- even though it occurred at the phone company switching office and not in the target's home or office -- the Supreme Court must recognize that reading personal e-mail at an ISP is no different.

This essay was originally published on the SearchSecurity.com website, as the second half of a point/counterpoint with Marcus Ranum.

Posted on May 5, 2009 at 6:06 AM • 58 Comments

Comments

BF SkinnerMay 5, 2009 6:26 AM

Motivation is an interesting point here. Andrew McLaughlin left DC after the administration's transition complaining about the way government doesn't adopt "free" consumer services.

One of things he cited was the ToS for Facebook (which only lawyers pay attention to).

Facebook assigns unlimited liability to the user. Should the Federal government accept that liability on behalf of the taxpayer without negotiation? I would hope not.

TheDoctorMay 5, 2009 6:30 AM

In fact the German Federal Court (Bundesverfassungsgericht) ruled recently in exact that way.

(But of course our politicians, at least of the ruling grand coalition, are marching exact inthe opposite direction)

Eric the RedMay 5, 2009 6:33 AM

"We have no choice but to trust these companies with our security and privacy"

Yes we do. We can choose to not use them.

uk visa lawyerMay 5, 2009 6:47 AM

"We have no choice but to trust these companies with our security and privacy"

Yes we do. We can choose to not use them.

... Choosing not to use email or the web is the 21st century of becoming a hermit - it's not a realistic approach.

PeterMay 5, 2009 7:09 AM

@ uk_visa_lawyer: No one's talking about giving up Email or the web. Get GPG and Enigmail, and your Email will be safe (there's even a Firefox plugin to use it with Gmail).
Install Tor, and your web traffic will be made anonymous (within technological reasonable limits).
When registering for some service, give only the least necessary information you think reasonable.
And most importantly: don't just sit back whenever your government silently tries to take away your privacy.

To quote the Universal Declaration of Human Rights, Article 12:
"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."

P.S.: Most interesting: follow the link to the full article with JS enabled, and the site will ask you to "Login or Register". Without JS, it's shown in full, even printer-friendly.

Patrick G.May 5, 2009 7:28 AM

@Eric The Red & @Peter

It's not only about E-Mail security, it's about your whole life.

Banks, Government Agencies, Insurances, Shops and even your family and friends accumulate your data online, even if you decide to use Tor, PGP and unregistered prepaid mobile phones/umts cards.

Your data is out there and you can't control (or even know) where and how it's kept and who has access.
You can slow the accumlation of the data bit by bit with real effort, but it's getting more every minute nonetheless.

And don't try a hermit stunt, your face and name will end up on FOX news or the local newspaper. And your parents won't be proud. ;)

bethanMay 5, 2009 7:47 AM

privacy laws in europe are considerably more stringent and consumer-oriented than they are in the US, so what's happening in Germany is not reflective of what can happen in Idaho.

MarqMay 5, 2009 7:53 AM

Scott Adams (Dilbert Fame) wrote a great couple of books - God's Debris and The Religion War. In the latter book, he describes a building in which all data of everybody flows, and whilst it is all recorded, there is far to much information to ever really be useful. It's an interesting story, worth a read if you get the chance

JohnJohnMay 5, 2009 8:17 AM

Seems like a concern that should be taken up with the Congress, not the Supreme Court.

I bet if there were some large scandal involving some major ISPs, congress would get on the case pronto.

BetaMay 5, 2009 8:24 AM

If I want my email to be secure, I can encrypt it. If my friends don't care much about security then I won't send them confidential email. In my opinion the problem is when the government interferes, as by demanding user information from ISP's -- and passing laws that require ISP's to retain that information -- or supporting a monopoly on some service, such as electronic highway toll collection or RFID passports, or suppressing anonymous banking.

But as Mr. Schneier has often pointed out, technical solutions are no good if people don't use them. It's hard to talk friends into using PGP. Facebook can thrive with no security because most users don't care enough to move to a secure network, so no secure network can get much market share, so I can't do secure social networking.

This may be a naive idea, but what about wrappers? Suppose there were a simple, open-source browser app that acted as a front-end to, say, Gmail, using PGP with a web of trust? If you had it installed but paid no attention to it, it would still encrypt email to destinations in the default keyserver. If, say, Firefox came with this as the default, we cryptonerds could get a lot of incoming mail encrypted without having to convert anybody...

sooth sayerMay 5, 2009 8:35 AM

"It's not a technical problem - it's a legal problem "

Really? legally I doubt anyone would question the right to privacy.

Failure is and has been of technology to recognize the risk early and deploy correct solutions.

In the past 5 years or so, the risk in online transactions has been reduced/minimized/eliminated by technology and not laws or judges.

Pete AustinMay 5, 2009 8:50 AM

@sooth sayer. Re: I doubt anyone would question the right to privacy. Ok, here goes...

When the US Constitution was written, most people shared rooms in small houses, in small towns, and there was very little real privacy. Pretty much anything you did was known by your neighbors and relatives. Any so-called "Right to Privacy" must be judged by that historic standard, not some utopian ideal.

bethanMay 5, 2009 8:56 AM

it is absolutely a legal question, and one we want answered by the supreme court, not with new legislation.

if the supreme court interprets existing law in favor of privacy, you have a much stronger statement for privacy than you do if the legislature passes some new half-baked bill that may or may not cover all the needed bases.

I'm not sure how much legislation you read, but it is rarely effective for addressing the targeted issue, where-as the supreme court has the ability to say that information is owned by the creator unless they specifically sign away the rights to it, in which case a warrant would need to be issued no matter the location of the stored data.

you think the legislature would do that? not so much. even if they could, they very rarely make a clean statement.

and why isn't it a technical question? because if you can make a wall, someone can get around it. you need clearly articulated rights to protect your data, including from the gov't, and you need clearly legislated obligations on the part of any company that stores or transfers your data.

Benjamin WrightMay 5, 2009 9:03 AM

In the field of privacy, contract law is widely misunderstood. Contract law does not enforce only the terms that corporations post. Just as companies can state their terms of service, individuals can asset the legal terms of access to their data. Example: To deter employers from viewing social networking pages, employees might post on their pages legal terms of access under which employers agree by contract to avert their eyes. This idea should not be taken as legal advice for any particular situation, just a topic for public discussion. Detailed argument: http://hack-igations.blogspot.com/2007/11/privacy-advocates-such-as-nyu-professor.html --Ben

sooth sayerMay 5, 2009 9:08 AM

@peter
We aren't talking historics -- the context is your information, not your bedchamber - those issues have been addressed

@Bethan - if you are having sex in public - you can't claim privacy. First build the wall, then ask for privacy.

bethanMay 5, 2009 9:22 AM

@Ben
by accepting employment, an employee agrees to the terms of employment and any codes of conduct, rules, etc. that are established by the employer.

even if there had been a long term understanding that social networking would be tolerated, all it would take is one policy statement, and that 'right' would be gone.

which is as it should be.

with regard to whether or not employers would have legal rights to data created by employees, who are on the clock and using company systems and materials? whether it was for personal reasons or no? that's a different discussion entirely.

bethanMay 5, 2009 9:25 AM

@sooth sayer
facile. having sex ::in public:: pretty much kills any expectation of privacy.

my mom sending me an email from her home computer? very reasonable expectation of privacy.

BenMay 5, 2009 9:51 AM

What I think we're seeing here is a shift from privacy being prevention of intrusion to privacy being about control and authorized use of data. If I post information on Facebook and limit it to "friends only" then there is an implicit control in place authorizing friends to use that within a limited context. If one of those friends takes that information out of that limited context, then there is arguably a case to be made that privacy was violated. I fully expect to see this line of thinking further developed, including in legislation, in the near future.

Robert Baden-PowellMay 5, 2009 10:02 AM

I have to give TechTarget / SearchSecurity all sorts of information about myself (or lie) in order to read Marcus Ranum's side!

nickMay 5, 2009 10:10 AM

There is a firefox addon which adds S/MIME secure email support to Gmail. It's end-to-end, so the NSA, google, and your ISP can't read the content of the message.

You still have to convince your friends to get certificates, but it's really not too hard to use encryption with webmail.

webbnhMay 5, 2009 10:41 AM

"If the police want to read the e-mail on your computer, they need a warrant; but they don't need one to read it from the backup tapes at your ISP."

I would hope that the police need a warrant to access the backup tapes from my ISP! Where's the protection for the ISP??

But, I certainly concede that the terms of the warrant wouldn't include notifying me, even though they arguably should.

ArtMay 5, 2009 11:10 AM

I'm shocked by Marcus Ranum's stance on this. Does he really believe that a normal person who is concerned about data privacy is a member of the tinfoil hat brigade? Wow. Bruce, glad you were the reasoned counterpoint to that.

BobertMay 5, 2009 11:34 AM

Getting everyone I send email to and from to install PGP plugins or other software isn't realistic. Sure my friends that are developers or computer enthusiasts might do it, but what about the thousands of other people, companies, etc etc that I send email to?

The real problem is that protection of privacy isn't legislated. If it were, the ability for users to choose to send secure email, and a reliable automated way to exchange keys, would be a *requirement* for all email providers, not just an option.

Cpt. MoroniMay 5, 2009 11:36 AM

The idea of "data privacy" is almost nonsensical, in a practical sense, the same as "intellectual property". Information is not property. It is not something that you can guard with a shotgun to prevent your neighbor getting at it. And, when your someone does manage to get at it, you are not deprived of its value. Oh - you might be deprived of the economic benefits that you could have derived if you had kept the secret to yourself, but if that was your intention, then why did you share the secret?

You simply can't control the dissemination of information, unless you keep it to yourself. As soon as you tell someone the secret, there is nothing practical that you (or anyone) can do to ensure that he doesn't share it with a third party in a way that you did not intend. Sure, we can build up ever more government to interfere with certain ways of sharing information (think copyright office and FBI), but the only thing these legal frameworks and bureaucracies accomplish in practice is increasing taxation and decreasing our freedom in unintended ways, because those with a desire to trade on the information will find a way to do so, assuming the trade is sufficiently profitable for them.

DavidMay 5, 2009 12:06 PM

@ Bruce: "Neither ChoicePoint, Lexis Nexis, Bank of America, nor T-Mobile bears the costs of privacy violations or any resultant identity theft."

According to the SOX and GLBA, not only are they legally liable, there are fines and punishments listed in that piece of legislation. Not only are there fines and punishments for the company, but also for the C?Os and the Board of Directors. These companies also spend millions of dollars complying with SOX and GLBA.

The problem is that NOBODY has actually enforced the existing law, particularly with regards to SOX.

Why didn't TJX get fined? Why didn't the execs get fined? Why didn't RBS Worldpay get fined? Why didnt' the execs get fined? Why didn't Hannaford get fined?
The execs (CIO) of Hannaford admitted that they will now spend millions of dollars complying with SOX that they didn't do previously despite the law. Why wasn't he personally fined, which is a provision in the law?

M.May 5, 2009 12:35 PM

@ Cpt. Moroni

Try living life in a first world country without disclosing your Social Security Number or equivalent to anyone.

The governments created an insecure system whereby we must use Social Security Numbers or equivalents - and other insecure documents - to prove our identities. And the governments have a responsibility to fix that problem.

Because people can't afford to be responsible for having their identities stolen just because their governments are incompetent.

Mortal's chiefest enemyMay 5, 2009 12:39 PM

The right to privacy was not of great concern to the Founding Fathers; Thomas Jefferson does not seem to have felt threated by the odd sketch artist popping out from behind a tree with his oils and easel to snap him doing 15mph in his horse and cart around Monticello.

The threat of the camera became a big issue in about 1895, causing one of the greatest (and most liberal - at least in my inexpert opinion) of US jurists Justice Brandeis to write his Right to Privacy article.

And what did he worry about? Cameras were being used to look at the upper class of Boston, causing him to write: [It is] "A terrible threat that people walking down the street or being in their back garden could be taken pictures of by these cameras". His conclusion: we needed to have legal protections for privacy.

He named it the "The Right of Privacy", a concept he later called "the most precious of rights, the right to be let alone!"

It's not the person who invades my privacy I want to be protected from, it's the corporation (and corporate state). Remember the definition of Identity Theft; "The removal of information about you from one organization who wish to exploit it by another organization who wish to exploit it."

Mortal's chiefest enemyMay 5, 2009 12:41 PM

and for "threated" read "threatened".

I must remember to proof read
I must remember to proof read
I must remember to proof read
I must remember to proof read
....

MackenzieMay 5, 2009 1:05 PM

Peter:
FireGPG encrypts when you send, not while you edit. Given that GMail saves snapshots of drafts as you type the email, FireGPG is really inadequate for keeping the cleartext email off of GMail's servers. For that, you have to type and encrypt locally, then paste in.

winwarMay 5, 2009 1:29 PM

@Mackenzie:

As others have noted or implied, encryption only stops easedropping while in transit. Any email (or even letter) that you send is not private in practice because you can't control what the recipient will do with the information.

ChazMay 5, 2009 1:30 PM

I did get a few friends to use S/MIME for email encryption. The biggest benefit is spam prevention--I can pick out exactly which emails are from friends and are free of spam. My friends feel a tiny bit safer emailing their political views, but to me the privacy part is less important than the gain in efficiency. We never have an email refused by some server because it has an attachment of some undesirable type, either--any attachments are hidden by the encryption.

Everyone should encrypt email. The spammers would be somewhat frustrated, and the tinfoil hatters wouldn't feel lonely.

Perhaps we should encrypt web traffic too--I haven't considered the issues there.

BF SkinnerMay 5, 2009 2:11 PM

I was doing a paper on why business and government don't understand the way each other handles information and I came accross this source book at the Library of Congress. It contains the legislative record including debate of when the Privacy Act of 1974 was passed.

http://www.loc.gov/rr/frd/Military_Law/LH_privacy_act-1974.html

Maybe somethings never change but the concerns and circumstances sound quite modern.

AndrewMay 5, 2009 2:15 PM

@Mortal's chiefest enemy

>> "The right to privacy was not of great concern to the Founding Fathers;"

The Fourth begs to differ: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated . . ." and also see the article on Wikipedia.

Your analogy to the sketch artist smacks of claims that the 2nd Amendment only applies to black powder small arms.

I am anxious to protect my privacy from many persons: my friends, my family, my employer, my neighbors, passers-by on the street, the media, politicians, judges, a jury of my peers, data collection agencies such as the so-called credit bureaus, and not incidentally, people like you.

To the extent that I choose to compromise my privacy, for example by engaging in public discourse, that is my right to choose. But this should not be an on-off switch.

I don't worry about acronymic agencies engaged in sinister snooping. I worry about being unlawfully discriminated against by people who have power to affect my future based on criteria I have no control over, and no defense against. Despite the mythos of individual freedom and choice, I don't really have the power to choose which billing company my health insurance carrier selects, nor change jobs because I don't like the privacy policies of my dental HMO.

martinrMay 5, 2009 2:33 PM

In Germany, Police definitely needs a warrant to access Email that is still stored in your Webmail account at your ISP.

The federal constitutional court of Germany is actually investigating whether a regular search warrent, such as one for your appartment and the computer in your appartment is sufficient, or whether stronger requirements must be met (as for wiretaps). The decision is pending since 2006 (and currently has the status of a preliminary injunction that the data provided by the ISP may not be further analyzed).

http://www.hrr-strafrecht.de/hrr/bverfg/06/2-bvr-902-06.php

http://www.bverfg.de/entscheidungen/rk20081113_2bvr090206.html

Mimi YinMay 5, 2009 3:27 PM

If our previous expectations of privacy were defined by physical boundaries (your person, your car, your home, a telephone booth), it seems we need to develop a new understanding of privacy around something that's virtual, conceptual, the notion of our identity.

In a word, that seems hard. In addition to legal changes, humans need to evolve to grasp purely conceptual boundaries for privacy and technology must evolve to help that along.

What does it mean for me to "control" and "own" my data if I am neither in physical possession of it nor control it (it's stored on far-flung servers controlled by far-flung administrators) *and* it is infinitely duplicable and distributable?

Even what we mean by "expectation of privacy" will need to change. If I keep good-old fashioned snail mail correspondence in my desk under lock and key, it is truly private. Even the sender of that letter doesn't have access to it.

If I send an email from my Gmail account, I have it, the recipient has it, Google has it and anyone the recipient chooses to forward the email to can have it too.

When I post this comment on this post, I will no longer have it (unless I save a copy of it on my computer), Bruce Schneier has it, whoever hosts the blog has it, any blog aggregator can get it too.

I made a "public comment" on a "public blog", but for all I know, the words I write will appear on some random website next to a lewd, blinking advertisement, forming a subconscious association that I never intended.

True, once you release something into the public sphere, you can't expect to control where it ends up or how it's used. But never before has it been so easy to re-mix and collate and take things out of context. As the consequences of all this new technology become clear, it will surely make people think and behave differently about what they make available to the public at large.

http://blog.myplaceinthecrowd.org/2009/05/04/yahoo-or-google-as-a-datatrust-but-will-facebook-play/

Kerry ThompsonMay 5, 2009 4:44 PM

"This is new"

... no it isn't. This is just a new spin on the much older bureau computing idea. Back in the '60s and '70s there were computing bureaus with mainframes and punched card readers - users would need to send their decks of cards away to be processed in someone else's machine with the same risks. This isn't new at all.

ZianMay 5, 2009 4:44 PM

@Mimi:
Those are some excellent points. Along the lines of people having to evolve, our culture also has to evolve. We look down on people who go around sharing private letters with other people but no one seems to blink an eye when they get a forwarded e-mail, often with a complete set of headers from the original sender.

Stephan EMay 5, 2009 4:48 PM

You write

"This isn't a technological problem; it's a legal problem."

Hmm .. politely, you thereby make it an unsolvable problem. If you viewed the problem as lack of technical pseudonymisation in the root, the legal problem would be much simpler.

MozMay 5, 2009 5:50 PM

One problem you're missing is that the US doesn't make law for the whole world, nor does it have any way to enforce its laws on the whole world. The instant your data crosses an international border things get tricky, and when it passes through several countries it gets even more so. People in the US should be familiar with this, as much data is routed through the US for exactly this reason.

So your "right to privacy" insofar as it exists inside the US, dies the instant your data leaves your country. Those servers in Poland, Mexico and India don't have even the illusory protection the ones in the US have.

Making privacy dependent on the whims of others is to make it nonexistent. If I send someone unencrypted email because they can't or won't install decryption software, that's their choice but it does remove any responsibility on my part to keep the contents secret. I have an unsafe account specifically for that purpose...

PC.TechMay 5, 2009 9:12 PM

So, in order to read the "originally published" -or- "read Marcus's half", I have to give away my legit e-mail addy again... which can be harvested at that site, or this one too, for that matter. Hmmm...

What's wrong with this picture?

Evan ProdromouMay 5, 2009 9:29 PM

"Most of us now use webmail." I find that hard to believe; numbers I can find put the count of users of major Web email services around 600M, much fewer than the 1.4G people on the Internet, even if you consider all those addresses unique. (I, for one, have an @hotmail, @yahoo, and @gmail account, but I don't use any of them for my primary email interface.)

Also, "We have no choice but to trust these companies with our security and privacy"? Of course we do! Nobody's under any obligation to use someone else's servers for their email. Email is awesome that way: a federated, distributed protocol that lets you interact with people in other organizations using heterogeneous networks and services. Now, compare that to social networking sites like Facebook...

There are great Webmail interfaces that you can run on your own email server, too -- I like using RoundCube (http://roundcube.net/) when I'm away from my personal computer.

The functionality provided by many Web services is replicated in a number of Open Source projects. If people don't respect their own autonomy enough to choose to use them, that's a failure of their own judgment and of those who could have informed them.

JonMay 5, 2009 10:16 PM

"that's a failure of their own judgment and of those who could have informed them."

Sure. But it's an unrecoverable error.

If I eat at McDonalds for a year, then realise I'm killing myself, I can change my diet and recover.

If I lose my privacy, be it though ignorance or carelessness, it's gone and it ain't coming back. Once upon a time I could move cities, states, or countries - or simply lie low for some period of time - to reacquire some measure of privacy privacy, but that is no longer the case. Databases are everywhere, and they don't forget.

(Impractical exception: Hermit mode)

AntonMay 5, 2009 11:11 PM

A basic problem is that when we deal with government or corporations, they make sure the technology is in place to authenticate who we are (albeit in some cases just with name acc number and birthday) but we have no way of holding them to account in a binding fashion.

The upshot is that we are forced more into a reactionary modus where we have to follow the rythm of what capitalism dictates, rather than having an effective means of keeping government and corporations within ethical and moral bounds.

In the old paper world, one could distinguish between notes written on a scratch pad and official papers that were signed and communicated. Unfortunately electronic mail has erased much of that distinction.

The boundaries between thought, words and actions are now being blurred to such an extent, most of the time it is better not to divulge the latter too freely and when you do, to make sure you leave no tracks.

RogerMay 6, 2009 3:23 AM

Hmm, let's see:

* I don't use Google Docs, precisely because of the privacy issue. I've told them I'll start using it when they add client-side encryption;

* ditto Salesforce;

* I research books on-line, anonymously, but get them ordered in by my local book store for a small cash deposit. It works out to only about 5% dearer, which I think is worth it for my privacy (and supporting my local community instead of an unethical multi-national);

* I don't use store "loyalty cards" -- quite apart from the privacy issue, my national consumer rights organisation did a study which showed they are basically worthless anyway. (Back when I was a student I sometimes used one, but it was filled out in a false name and shared among several people);

* On the rare occasions I need to use an EZ-Pass tollway, I am using a company car (yes, the company logs who has it booked --but does so on a whiteboard that is periodically erased). I'll admit that I am worried that these tollways are proliferating to the degree I might soon need to use them in my own car, but there is also a strong campaign to legislate tollway privacy rights here;

* about three or four times a year I find myself short of cash and use EFTPOS. Apart from that, all my bank knows from EFTPOS / ATM records is that my favourite machine is the only one from my own bank that is in my suburb, which I suspect they could have guessed anyway.

* Facebook -- yech!!

* contrary to the US situation, I do *not* need to give my "social security number or equivalent" to numerous organisations. The only remotely equivalent datum in Australia is the Tax File Number. You need to submit this to government officials in any transaction involving tax, and that includes to private institutions which collect tax on the behalf of the government (e.g. banks, who collect various "duties".) However, those organisations are forbidden from using the TFN to link records, and all other organisations are legally prohibited from even asking. (Actually, you can even refuse to give it to the banks etc., although then you'll be taxed at the highest rate.) Most people use their TFN so rarely that they need to look it up from last year's tax return in order to fill in this year's; pretty well no-one memorises it.

* credit cards are of course by far the most dangerous threat to privacy. They are still largely avoidable in this country, although in the last 15 years they have gone from somewhat dodgy (i.e proffering a credit card for groceries suggested a person who can't manage his / her money) to perfectly respectable. However hotels have now started the American custom of requiring a credit card by default and becoming suspicious if you prefer to pay in cash. I admit this is a disturbing trend, but has not yet convinced me to get one of the wretched things.

* email is an issue. 15 years ago my most of my email contacts were geeks and 75% used PGP. Today 90% of my email contacts don't know what PGP is, and refuse to do anything so complicated when it's explained. Even amongst geeks, use of email security seems to actually be declining!! I am not sure how to reverse this disturbing trend. Perhaps Thunderbird should by default set up and publish a GPG key when setting up your POP details?


In short, Cpt. Moroni is largely correct: most of these issues are actually avoidable with only a little effort. There are some worrying trends, and undoubtedly the worst of them is credit card usage, but the fight isn't even half lost.

PiotrekMay 6, 2009 3:40 AM

@Moz

"Those servers in Poland, Mexico and India don't have even the illusory protection the ones in the US have."

I can't speak for Mexico and India, but you may want to learn a bit before you start commenting on things you obviously have no idea about.

With all due respect, but in particular case of personal data, I'm very glad that US doesn't make law for the whole world.

BF SkinnerMay 6, 2009 6:19 AM

I've posted these url's before,

Rambam talking at the last hope
http://whatisnoise.com/2008/08/featured-speaker-steven-rambam.html

"You're very handy, I can tell. I bet you like to read a lot, too."
"Privacy is Dead"
"Oh, that's very fascinating to me. I read a lot myself. Some people think I'm too intellectual but I think it's a fabulous way to spend your spare time. I also play raquetball. Do you have any hobbies? "
"I collect spores, molds, and fungus. "

HogieMay 6, 2009 10:10 AM

Is that Bruce Schneier or the reincarnated Peter Norton? I can’t tell from the book cover.
So going as far as stating the obvious is great – I could get a sports announcer to tell me most of what’s being said here- if you swing and miss that’s a strike – duh…..
Also, to assume all on-line sites are only protected by just a password is sensationalizing and hyping up an already nervous on-line world. Yes, you do have to wonder if the on-line entities that house our information are really secure and care about the end user, but that also goes to the simple and mundane point of don’t touch the stove if it’s hot. Don’t store critical data (Salesforce the exception) where others can get to it – whenever possible. Download e-mails to a PST’s and password protect it, only use secure encrypted SSL websites for business transactions and webmail. I think the problem is more one of user education for the new online world, than expecting privacy in an open and un-fettered internet.

otropogoMay 7, 2009 9:25 AM

@sooth sayer

"In the past 5 years or so, the risk in online transactions has been reduced/minimized/eliminated by technology and not laws or judges...."

Over the past several years North American banks, and especially their charge card divisions, have dumbed down their security, while striving to transfer the liability to the client.

Online passwords have been compromised by the addition of backup question/answer "passwords" that are available to bank staff and, in some cases, are fully displayed on the customer's monitor when entered.

Credit cards are mailed to customers' postal boxes by ordinary post, and may arrive there (or, by accident, in an adjacent box) at the same time as the "separate" mailing containing the unrequested and unwanted PIN.

Some credit card issuers even mail personalized cheques in the same envelope with the PIN, and then invite the client to change the PIN by filling out a form and mailing it back.

The latest trick here in Canada is to force the customer to accept a new "smart" card which requires the client to use a PIN and deprives him or her of the antifraud security of the signed register receipt.

And, while maintaining the public mantra that the client will never be held responsible for any fraudulent charges, the so-called card "agreement", which can be modified at any time by the bank without any meaningful assurance of notice to the client, forces the client to "agree" that any fraudulent use of the PIN could only have occurred through the negligent behaviour of the client.

ruf959May 7, 2009 9:57 AM

No such thing as online privacy. The only private information is something you know and never told anyone!

Information about you isn't private, never *was* (may have been harder to get) and likely never will be!

Simple test: Do a mind map of all the biz, com, edu, org etc that you have dealt with during your life and the personal attributes that you have provided (Schools, Banks Loans, Tax Forms, Credit Card Applications, Loyalty cards, etc)

It wont take you long to realize the extent of personally identifying information about you out there.

Now how many of these organizations have any idea how to protect the information you have provided them (regardless of what there privacy statements say)? Even the most diligent don't as ultimately for the information to be useful to the organization it needs to be processed/transferred/shared. How many internal applications/databases do you think this information is in? What sort of controls do you think surround them?

I'd suggest that Banks or Military have the highest level of security *purely based on fact of spending money/resources* trying to secure this information.

Now lets look at how successful have they been? Check dataloss db. Rem that is only the stuff that gets reported How many breaches do you think have occurred internally and were never reported (or worse never even detected)?

Forget online privacy - you don't have any control over it. Better just be prepared for case when it's compromised.

What can do?

1. Try to limit amount of personal information you give away. Unless you legally required (form will usually indicate when) to provide correct information then why not just supply wrong/false information on forms? If you believe the information isn't really required (why does a loyalty program need to know my birthday)? Don't leave blank will only lead to more work trying to explain why don't believe you need to provide - to which most people will say you can't have whatever it is your signing up for unless you provide correct information. If it's filled in but wrong (how can they verify) will avoid questions all together.

2. When providing real information i.e home/business address etc can encode slight but unique variations e.g. Add A1, B1, G1 to identify the organisation - then if it's misused you will be able to identify the source (work out where the junk mail comes from) Can also do the same with email aliases - I.e. create unique email address per organization. When you start getting spammed on that address drop the alias

3. Maintain contacts for all key organisations you deal with for event things go wrong - check your credit history

4. Try to use one computer (or virtual machines) for general internet browsing / mailing and a another for secure access Internet Banking.

5. Maintain Antivirus/Firewalls/Software updates

6. Use Mac as currently safer than Windows (purely as less deployed hence less likely target)

7. Make formal compliant whenever you asked to *authenticate* with yourself with D.O.B, Mothers maiden name etc Organizations will only stop this practice when enough people complain.

8. Google Tips Avoid Identity Theft

9. Give up rat race and go live in the woods

I'll stop there cuz I don't like top 10 lists :)

AlexMay 11, 2009 8:08 AM

Of course, if you want to use pgp with Gmail, you can always hook up an e-mail client to Google's IMAP server, which also means you can suck all the e-mail out to a local hard disk if you need to.

rossthebossMay 12, 2009 1:47 PM

I am learning some valuable things from this discussion... here is something that got trampled into the dust a long time ago - just because we CAN do something does not mean we SHOULD do it... our society has abandoned this historic understanding of morality and casually continued on its merry way to a total lack of standards to which we should all be held accountable... our governments, police, etc. are only dealing with us as we have asked them to... privacy? security?... what a joke!

ystAugust 20, 2009 8:39 PM

Unfortunately, the impresssion that the situation is safer if you just store things on your own computer may not be supported by facts.
- laptops get stolen.
- backup disks get lost or thrown in the bin without properly destroying them.
- botnets, malware, trojans, keyloggers etc. are all too easily distributed and used on large numbers of "home administered" PC's.
- teenage kids. How many "answers" sites have "My dad blocked me from installing software and now I cannot get ... working. Where can I download a proggie to read his password?".

A concept that relies on "security" as being increased when you do not put information on servers over the internet may easily ignore that the assumed security of PC's is much lower in practice then one might expect or realistically hope for.

I would applaud it if these privacy discussions also mentioned the dangers of information stored on clients, rather than just discussing the risks of servers.

robertMarch 25, 2010 6:50 PM

I am learning some valuable things from this discussion... here is something that got trampled into the dust a long time ago - just because we CAN do something does not mean we SHOULD do it... our society has abandoned this historic understanding of morality and casually continued on its merry way to a total lack of standards to which we should all be held accountable... our governments, police, etc. are only dealing with us as we have asked them to... privacy? security?... what a joke!

http://www.elittravestiler.com

travestiApril 23, 2010 6:27 PM

In short, Cpt. Moroni is largely correct: most of these issues are actually avoidable with only a little effort. There are some worrying trends, and undoubtedly the worst of them is credit card usage, but the fight isn't even half lost.

travestiJuly 18, 2010 4:22 AM

"It's not a technical problem - it's a legal problem "

Really? legally I doubt anyone would question the right to privacy.

Failure is and has been of technology to recognize the risk early and deploy correct solutions.

In the past 5 years or so, the risk in online transactions has been reduced/minimized/eliminated by technology and not laws or judges.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..