Privacy

Privacy needs to be designed from the ground up


A leading privacy researcher has concluded that new technologies should have privacy controls built in up front in order to adequately protect our privacy. The researcher's software, dubbed "Identity Angel," combs through databases, cross references data, and identifies people who are at risk for having their information stolen. The people identified are then contacted and warned abort the potential for mischief. Although identity theft has been in decline since 2002, according to the article...

"The problem grows as technologies explode."

A Little Privacy, Please (Scientific American)

Q&A with Latanya Sweeney (Scientific American)

The utility of the Internet is also its biggest weakness: data about anyone or anything is readily available to just about anyone. This should be a concern of all Web users as even the government is willing to use data that is supposed to be confidential in ways that were not intended, as was the case with U.S. Census data that the government used to round up Japanese-Americans during WWII. There are many options for protecting private data, such as disposable e-mail addresses that can be used to help foil spammers.

Solving the Web security challenge (CNET)

Strong Laws, Smart Tech Can Stop Abusive 'Data Reuse' (Wired)

Top 9 Disposable Email Address Services (about.com)

To me, privacy is a major concern for a couple of reasons. First, I believe that the right to privacy is implied in our constitution, an opinion affirmed by our court system. I also safeguard the privacy rights of students as security administrator of our student information system. I realize that there are security concerns in a post-9/11 world, but I believe that our founding fathers, who faced an enemy far stronger than we do now, would be on the privacy side of this debate. After all, it was Ben Franklin who said:

They who can give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.

How do you protect your privacy? Do you use techniques like "data poisoning," (giving false information) or do you just trust the companies you give your data to? How much data should the government be trusted with, given their history of guaranteeing confidentiality, only to renege on those promises? Join the discussion.

--------------------------------------------------------------------------------

Stay on top of the latest tech news

Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!

17 comments
BALTHOR
BALTHOR

"They who can give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."I think that Ben is trying to say that you can't buy protection.The screen name and password system should be all that anybody needs.How do hackers get into your computer without them?

GreyTech
GreyTech

Some interesting points of discussion on how privacy laws may or may not apply in the USA but the internet is not confined to one country. Different countries have different laws on privacy from the extremes of some governments monitoring and censoring all internet traffic to reasonable democracies allowing us to discuss freely what should or should not be the law. As far as email is concerned I consider it is like sending post cards. Anyone can read it there it cannot be considered private. If I want to make it private then I encrypt it and give the key only to the intended recipient.

Larry the Security Guy
Larry the Security Guy

The internet may be a world wide entity, but each site does lead to some specific location goverened by some national entity. If that national entity happens to be the USA then I as a U.S. citizen can speak out to my government and demand that they consider laws or even a new amendment that protects my private information, over and above what is covered by the 14th amendment. Now, I can't speak as to the rights of citizens of other countries or how they would interact with their governments, or about companies that don't have a presence in one's mother nation, but we should all take whatever precautions and exact whatever guarantees we can to ensure that the personal information we give those Internet sites is protected from theft and abuse. And if we're not comfortable giving someone our private information, we should not give it up.

DanLM
DanLM

Because nowhere will you find two parties that totally agree what is private and what is not. And by individuals stating that certain information should not be shared, which I might want to be shared(its mine, not yours). They are invading on my freedom of choice. Which they constantly blame the goverment doing. They are being hypocrits in how they define peoples rights. One, don't restrict their rights but they can restrict mine by removing possible protections, better opertunities, or what ever I want. Again, hypocrits if they are unwilling to be specific. The same people that claim invasion of privacy are the the ones that will decry such laws as drunk driving check points that save lives. Thousands of lives. I choose to enjoy that additional protection, they choose to let people die if they had their choice. Dan

wmlundine
wmlundine

The case is Ferguson v. City of Charleston, No. 99-936. In the majority opinion, Justice John Paul Stevens dismissed the state's argument that drug testing pregnant women falls under the "special needs" exception of the Fourth Amendment's protection against unreasonable searches and seizures. Furthermore, the Court insisted on the importance of confidentiality in the medical context, noting that "[T]he reasonable expectation of privacy enjoyed by the typical patient undergoing diagnostic tests in a hospital is that the results of those tests will not be shared with nonmedical personnel without her consent." Accordingly, the Court's opinion will shape the growing debate about the need to protect medical information in general in this country

DanLM
DanLM

[i]Most of us have very little choice when it comes to corporate or government edicts. [b][u]Rebuttal 1[/u]The monopolistic natures of the entities prevents diversity.[/b] [b][u]Rebuttal 2[/u]When we are presented an agreement, we accept that agreement or we do without (or we may be coerced, e.g., as with taxation or with many contracts). [/b]Doing without some form of electronic communication in today's world is feasible, but it locks us out of much of what is happening around us and severely reduces our opportunities to better ourselves. Most of us will choose blind acceptance over doing without.[/i] Rebuttal 1. I have multiple choices for Internet access. Some small companies, and some large. Both the small and large reserve the right to protect their property. That is their right. Do you wish to infringe on others rights to protect their property? Do you wish to penalize these companies for making the right investment choices? Having the inspiration to get into the right market at the right time? By your statement, you wish to penalize these companies for making good business decisions. So much for me wanting to go into business, statements such as yours will cause me to be penalized for every right decision I make as far as a business. Rebuttal 2. Service agreements are the only protection a business has. Both small and large. That's crap for you to make that statement. Internet access is not a freakin right. Just like people that never bought the paper and survived when there was nothing else. They will survive without Internet access. I am all for making it as easy as possible for people to have access to the Internet. But you better realize that these same people will have abuses thrust on them(spam, zombie bots, zombie web sites) which will make their experience much less then enjoyable unless ISP's have the right to protect their own property. So, what is it? Do you let the ISP's monitor for abuses so that everyone(both poor and rich) can have as much of a abuse free experience? Or do you allow the body of victims to get higher because of you do not think a business has a right to protect their property. Not yours. Just because you paid a fee to use something, does this give you the right to make decisions for it? Gee, take a cab lately? Do you now have the right to tell that business owner how to run his company? Have you bought a cheese burger lately? Are you now part owner of that burger stand? Can you now tell them what to do? I own a burger stand. I see you dealing drugs in my establishment. I was monitoring MY establishment, not yours. But by YOUR logic, I can not do squat about it. So now I lose good paying customers who see the same thing and leave. By your logic, I just went out of business. Thank you for everything you have done for both me and my customers. Dan

DanLM
DanLM

As long as people are going to break your golden rule to kill, main, and steal. Joe blow and his buddies who felt snubbed by the students of snobs are us university want to go on a shooting spree to even the score. They have been making plans via email to do this. Someone looks over the sholder of joe blow and see's something that raise's this persons suspicion. They tell the authorities. The authorities can't do squat because privacy advocates feel this was enough information to read joe blows emails. Talk to the dead student family's. Ask them what they think of protection of privacy. If medical privacy was not in affect, most likely there would be 32 individuals still alive in West Virginia. Ask the friends and family of those dead West Virginia University Students and facility. Ask them if they think this student's medical records should have been available to the authorities when he bought the guns? What do you think? I can find a very good example's of killed, raped, or sexually abused individuals that could have been saved if the privacy advocates wouldn't have been unreadable in their arguments. Their common response is, their privacy is more important. I do not agree with that when the case's rise to the thousands, hundred of thousands, and millions. Nobody is more important then that. NOBODY. And if you think you are, then you should be put in the position of being killed, raped, or sexually abused where it could be prevented by the authorities having more access to information. And if you still think your privacy is still more important, then you should get what you deserved. Just like your actions have done to countless other thousand of individuals. You notice that I only use examples that occur daily, now don't you. Children being sexualy abused because privacy advocates do not think that the police should be allowed to monitor children chat rooms. I consider the number of children that could be saved by these actions much more important than some scum bag's right to privacy with regard to what he says in a youth chat room. People are idiots that feel otherwise. It should be their children that are abused if they think otherwise. The case posted by the author of this article to backup his point about privacy when I challenged him was about email and someone that was in court for fraud. Damn, wonder how many people lost their life savings to this scum bag. And you all would protect what he said in emails because of privacy? Thats crap also. His privacy is more important then the pain and suffering he did to his victims? You people have a warped sense of what is right and wrong. Again, privacy advocates do not care about who is hurt by what they are protecting. That to me shows no consideration for other human beings. People of this type of characteristic should not be allowed to influence laws. Because their influence is nothing but making it harder and harder to protect the innocent, and making it easier and easier for the guilty to go free. Dan

sosborne17@cox.net
sosborne17@cox.net

Most of us have very little choice when it comes to corporate or government edicts. The monopolistic natures of the entities prevents diversity. When we are presented an agreement, we accept that agreement or we do without (or we may be coerced, e.g., as with taxation or with many contracts). Doing without some form of electronic communication in today's world is feasible, but it locks us out of much of what is happening around us and severely reduces our opportunities to better ourselves. Most of us will choose blind acceptance over doing without. Blind acceptance, of course, provides innumerable opportunities for abuse. If abuse can occur, it will. While I grant anyone the right to monitor their personal property for purposes of protecting that property, I see no reason any public entity -- governmental or corporate -- has any RIGHT to perform such monitoring. Unfortunately, the monitoring is LAWFUL. There is often a vast difference between what is RIGHT and what is LEGAL. As for reliance on the courts, I wish we could. While the courts have made valiant efforts to maintain neutrality, executive and legislative endeavors have consistently worked to reduce the courts' objectivity. Again, we are trapped between what is RIGHT and JUST and what is LEGAL. Privacy is, perhaps, defined best by the Golden Rule: "Do unto others as you would have them do unto you" or, paraphrased, treat everyone the way you want them to treat you. We would be much, much less intrusive if we followed this standard. We do not need millions of laws and court decisions.

DanLM
DanLM

It can be stated that the Hippocratic Oath always covered this, which is like a service agreement that you sign. There was a precedence for this ruling based on every ones understanding of this oath that is older then you or I. But, as I was questioning all along. The owning of property, the leasing of said property under a service agreement, the signing of understanding of that agreement, and the enforcement of that agreement by monitoring the usage. That is not an invasion of privacy. You can't control your health, but you can damn well control how you use my property. If my service agreement states that if my monitoring indicates illegal use of my property and that I will turn over all records and information to legal authorities. I will, and you have nothing to say about it. Or you shouldn't anyway. Because you made the choice, you signed that agreement, and if you don't like it afterwards, you can always terminate the service. Extreme differences here. Dan

Andy Moon
Andy Moon

...for a Google search for Constitution court privacy. http://abcnews.go.com/TheLaw/story?id=3295247&page=1

DanLM
DanLM

[i]2. No government has any need to hold any information about any person UNLESS that person has been convicted of a violent criminal act.[/i] So much for the IRS in that definition. They do hold what some individuals consider private information about you. Name, address, social security number, wages, number of Dependants... And so on. [i]In the final analysis, I respect and desire freedom more than I need law and order. Life is risky and I am willing to accept the risks. I do not wish to surrender my privacy nor do I wish to delve into the private lives of others, except by invitation. Thus, privacy is defined -- in my opinion. This definition may not be complete and I do reserve the right to modify it to suit my PRIVATE needs.[/i] With that said, you are providing authorities no guidelines to work with. A definition as specified within a court system is required for proper law enforcement to properly occur. Otherwise, you and others will set your own definition of privacy as you see fit when ever you are challenged on any given law. I will fully agree to anything that has been defined by the supreme court or any final appeal within a court system when it regards to what is and is not private. But I will not agree to just a personal opinion such as yours. By your definition, I can communicate a plan via a conversation in my car with another individual. Because I consider this conversation private, anyone that overhears this conversation can not use it against me. By your statement of: [i]This definition may not be complete and I do reserve the right to modify it to suit my PRIVATE needs.[/i] Even though I may not have considered previous conversations overheard in the same environment as private, I do consider this a private conversation and thus. It is an invasion of my privacy under my current definition. Sorry, don't wash. It's either defined as private or it isn't. Also, as my second post asked. Does an ISP/government entity have the right to use what is considered normal network monitoring information as occurs in any network administrators job function. Have the right to use this same information to identify possible illegal activities? If not, why? Then network administrators are daily breaking the law. I say the isp's do have this right to protect their property from illegal activities.. I also say the government has the right to ask for this information without court orders because it is not private information. If they need to monitor closer then this, then yes... A court order should be required. I also have the right, as a citizen, to monitor all trafic that occurs on the machines that reside within my house. If the bill is in my name, then any activity that may occur on the service I am paying for is subject to my monitoring. I should be able to both collect, monitor, and read any and all information collected from this. My house, my service, and my liability if something illegal occurs. With that said... If you don't like my terms of service within my house. don't use it. Also, if an ISP writes their terms of service in the same manner. If you don't like their terms of service, don't use them. It's their property you are using. They have every right to protect that property, and you have every right to refuse their terms of service. Otherwise, you are subject to those terms as agree upon. Dan

sosborne17@cox.net
sosborne17@cox.net

The following is presented as an opinion in response to your quest for a definition of privacy: 1. It is true the Constitution does not specifically state the word "privacy." That is so partly because those who developed the Constitution could not imagine anyone wanting to invade privacy to the extent we experience today. Partly, also, although privacy is not explicitly mentioned, it is implicitly guaranteed by the entire structure of the Constitution, especially the Bill of Rights. To my knowledge, this case has never been brought before the courts. 2. No government has any need to hold any information about any person UNLESS that person has been convicted of a violent criminal act. 3. No private individual, corporation, agent, or other entity is entitled to hold any information about me unless I have willingly and of my own accord consented for them to have that information. As a responsible member of society, I am (or should be) self-constrained from making public any information I may have gleaned about others from whatever sources. 4. If I discover that anyone or any agency has recorded information about me to which I did not willfully and freely consent, I should be able to ask that the information be destroyed and expect that my request would be honored expeditiously. In the final analysis, I respect and desire freedom more than I need law and order. Life is risky and I am willing to accept the risks. I do not wish to surrender my privacy nor do I wish to delve into the private lives of others, except by invitation. Thus, privacy is defined -- in my opinion. This definition may not be complete and I do reserve the right to modify it to suit my PRIVATE needs.

DanLM
DanLM

For my purpose's. I'm looking for something that identifies what rights a service provider/government has in monitoring electronic traffic. I know they can not read the contents of the traffic. That is stated clearly in your example. But, can an isp monitor in and outgoing traffic as a network admin does normally in the course of his job. And use patterns of use to forward possible criminal action to the law authorities. Ie: High incoming bandwidth over known P2P ports. The packet headers, are they allowed to look at them? As normal firewalls do(looking for spoofed address's). That could also can be used in identifying illegal activities. That is normal network monitoring activity. A firewall will do that looking to block spoofed ip's. Looking for fragmented packets. Can that same type of monitoring be used by an isp to contact a law enforcement official. Dan

DanLM
DanLM

That was as of june 20th. You have not allowed for the appeal process. Provide more please, one that has withstood an appeal process. Your siz million hits includes other nations. Germany does not represent the united states constitution. Neither does any other nation. Again, you haven't proven your case. 1). Did your example withstand an appeal process. 2). Was your example reviewed by the supreme court? And yes, I understand that not all case's are reviewed by the supreme court. They have ducked this issue more then once. But, again. Please show me something that stood up to review by more then one jurisdiction. Just as some of this administrations practice's been ruled illegal, some of those decisions were overturned by an appeal process or went further to the supreme court. From your article: [i]But lawyers told ABC News that the ruling could have a wide-ranging impact and that it raised a constitutional issue that could eventually find its way to the Supreme Court. [/i] Which it should. [i]ederal wiretapping laws restrict the government's ability to read e-mails as they are being sent. But, the 1986 federal Stored Communications Act allowed investigators to obtain e-mails that have been stored for more than 180 days by a service provider if the e-mails are relevant to an ongoing criminal investigation ? a standard, criminal lawyers said, that makes it easy for the government to read personal e-mails.[/i] It overturned a previous court rulering. So, another reason this should go before an appeals process or the supreme court. Wish the hell I knew what this one meant. [i]But, the Sixth Circuit said Monday that the Constitution granted Internet users greater privacy protections ? requiring investigators to either get a warrant, give the e-mail user the chance to contest the search or [b]show that the Internet service provider agreement gave e-mail users no expectation of privacy.[/b][/i] Is the bold part saying that if the service agreement states that email is not considered private, that the relevance of this decision doesn't mean squat? Dan

DanLM
DanLM

You will not find the word privacy anywhere in either the constitution or in any amendment. Also, nowhere has the supreme court stated that the right to privacy is a guaranteed right as stated by the constitution. Show me wrong, specifically in a court case that specifies what privacy you are guaranteed. Again, nowhere is privacy mentioned in the constitution. And to cary that further. What is private to me may not be private to you and vice verse. So tell me how you can protect both our rights to this freedom of choice. You may not agree with my position on this. But you will not be able to find the word privacy in any of the documents I mentioned. And all you will find in court case's is their vague interpretation to a certain degree of privacy. And I would like you to show me specifically what privacy they are talking about. Should the monitoring of bandwidth over specific ports entail an invasion of privacy by your understanding. Does me hearing you talking about banging your wife on your cell phone in the car that has the window only slightly cracked entail an invasion of privacy by your understanding. And if you don't consider that an invasion of privacy, why do you consider the same conversation in a different medium that may be interpeted as private? Be specific, and back it up with proven court case's. Because nobody has clarified what is private and what is not. And for the flame idiots. Do not flame me because I do not consider the same things as you do as private. And yes, I do consider some things private. But my defination is different then yours. So, back off. Dan

Andy Moon
Andy Moon

How do you safeguard the privacy of your clients, employer, and family? What measures do you have in place to keep confidential data secret? Do you think there should be more regulations to guard our privacy or is it "every man for himself?"

jackintheback
jackintheback

I have a cellphone that can perform a number of operations unintentially from my pocket. many factors contribute to this phenomenon, yet I still have to pay for additional, unauthorised services. we all make mistakes, and reap the rewards of those mistakes. no amount of beurocratic intervention will prevent us from making mistakes. the question is "How do we punish individuals that are victims of their own mistakes?" Its harder when property damage is involved, but it still ends up, "every man for himself" or "every person for themself". The laws are enforced by those that invade privacy

Editor's Picks