Privacy under attack, but does anybody care?

[Eugen Leitl]

http://www.msnbc.msn.com/id/15221095/

Privacy under attack, but does anybody care?
It's vanishing, but there's no consensus on what it is or what should be done
By Bob Sullivan
Technology correspondent
MSNBC

Updated: 11:47 a.m. ET Oct. 16, 2006

Someday a stranger will read your e-mail, rummage through your instant
messages without your permission or scan the Web sites youbve visited b
maybe even find out that you read this story.

You might be spied in a lingerie store by a secret camera or traced using a
computer chip in your car, your clothes or your skin.

Perhaps someone will casually glance through your credit card purchases or
cell phone bills, or a political consultant might select you for special
attention based on personal data purchased from a vendor.

In fact, itbs likely some of these things have already happened to you.

Who would watch you without your permission?  It might be a spouse, a
girlfriend, a marketing company, a boss, a cop or a criminal. Whoever it is,
they will see you in a way you never intended to be seen b the 21st century
equivalent of being caught naked.

Psychologists tell us boundaries are healthy, that itbs important to reveal
yourself to friends, family and lovers in stages, at appropriate times. But
few boundaries remain. The digital bread crumbs you leave everywhere make it
easy for strangers to reconstruct who you are, where you are and what you
like. In some cases, a simple Google search can reveal what you think. Like it
or not, increasingly we live in a world where you simply cannot keep a
secret.

The key question is: Does that matter?

For many Americans, the answer apparently is b
no.b


When pollsters ask Americans about privacy, most say they are concerned about
losing it. An MSNBC.com survey, which will be covered in detail on Tuesday,
found an overwhelming pessimism about privacy, with 60 percent of respondents
saying they feel their privacy is b
slipping away, and that bothers me.b


People do and don't care
But people say one thing and do another.

Only a tiny fraction of Americans b 7 percent, according to a recent survey
by The Ponemon Institute b change any behaviors in an effort to preserve
their privacy. Few people turn down a discount at toll booths to avoid using
the EZ-Pass system that can track automobile movements.

And few turn down supermarket loyalty cards. Carnegie Mellon privacy economist
Alessandro Acquisti has run a series of tests that reveal people will
surrender personal information like Social Security numbers just to get their
hands on a measly 50-cents-off coupon.

But woe to the organization that loses a laptop computer containing personal
information.

When the Veterans Administration lost a laptop with 26.5 million Social
Security numbers on it, the agency felt the lash of righteous indignation from
the public and lawmakers alike. So, too, did ChoicePoint, LexisNexis, Bank of
America, and other firms that reported in the preceding months that millions
of identities had been placed at risk by the loss or theft of personal data

So privacy does matter b at least sometimes. But itbs like health: When
you have it, you donbt notice it. Only when itbs gone do you wish youbd
done more to protect it.

But protect what?  Privacy is an elusive concept. One personbs privacy is
another personbs suppression of free speech and another personbs attack on
free enterprise and marketing b distinctions we will explore in detail on
Wednesday, when comparing privacy in Europe and the United States.

Still, privacy is much more than an academic free speech debate. The word does
not appear in the U.S. Constitution, yet the topic spawns endless
constitutional arguments. And it is a wide-ranging subject, as much about
terrorism as it is about junk mail. Consider the recent headlines that have
dealt with just a few of its many aspects:
# Hewlett Packard executives hiring private investigators to spy on employees
and journalists.
# Rep. Mark Foley sending innuendo-laden instant messages b a reminder that
digital communication lasts forever and that anonymous sources can be unmasked
by clever bloggers from just a few electronic clues.
# The federal government allegedly compiling a database of telephone numbers
dialed by Americans, and eavesdropping on U.S. callers dialing international
calls without obtaining court orders.

Privacy will remain in the headlines in the months to come, as states
implement the federal governmentbs Real ID Act, which will effectively
create a national identification program by requiring new high-tech standards
for driverbs licenses and ID cards. We'll examine the implications of this
new technological  pressure point on privacy on Thursday.

What is privacy?
Most Americans struggle when asked to define privacy. More than 6,500 MSNBC
readers tried to do it in our survey. The nearest thing to consensus was this
sentiment, appropriately offered by an anonymous reader: b
Privacy is to be
left alone.b


The phrase echoes a famous line penned in 1890 by soon-to-be Supreme Court
Justice William Brandeis, the father of the American privacy movement and
author of b
The Right to Privacy.b
 At the time, however, Brandeisb
concern was tabloid journalism rather than Internet cookies, surveillance
cameras, no-fly lists and Amazon book suggestions.

As privacy threats multiply, defending this right to be left alone becomes
more challenging. How do you know when you are left alone enough? How do you
say when itbs been taken?  How do you measure whatbs lost? What is the
real cost to a person whose Social Security number is in a data-storage device
left in the back seat of a taxi?

Perhaps a more important question, Acquisti says, is how do consumers measure
the consequences of their privacy choices?

In a standard business transaction, consumers trade money for goods or
services. The costs and the benefits are clear. But add privacy to the
transaction, and there is really no way to perform a cost-benefit analysis.

If a company offers $1 off a gallon of milk in exchange for a name, address,
and phone number, how is the privacy equation calculated? The benefit of
surrendering the data is clear, but what is the cost?  It might be nothing. It
might be an increase in junk mail. It might be identity theft if a hacker
steals the data. Or it might end up being the turning point in a divorce case.
Did you buy milk for your lactose-intolerant child? Perhaps youbre an unfit
mother or father.

Unassessable costs
b
People can't make intelligent (privacy) choices,b
 Acquisti said.
b
People realize there could be future costs, but they decide not to focus on
those costs.

The simple act of  surrendering a telephone number to a store clerk may seem
innocuous b so much so that many consumers do it with no questions asked.
Yet that one action can set in motion a cascade of silent events, as that data
point is acquired, analyzed, categorized, stored and sold over and over again.
Future attacks on your privacy may come from anywhere, from anyone with money
to purchase that phone number you surrendered.

If you doubt the multiplier effect, consider your e-mail inbox. If it's loaded
with spam, it's undoubtedly because at some point in time you unknowingly
surrendered your e-mail to the wrong Web site.

Do you think your telephone number or address are handled differently? A
cottage industry of small companies with names you've probably never heard of
b like Acxiom  or Merlin b buy and sell your personal information the way
other commodities like corn or cattle futures are bartered.

You may think your cell phone is unlisted, but if you've ever ordered a pizza,
it might not be.  Merlin is one of many commercial data brokers that
advertises sale of unlisted phone numbers compiled from various sources --
including pizza delivery companies.

These unintended, unpredictable consequences that flow from simple actions
make privacy issues difficult to grasp, and grapple with.

Privacybs nebulous nature is never more evident than when Congress attempts
to legislate solutions to various perceived problems.

Marc Rotenberg, who runs the Electronic Privacy Information Center and is
called to testify whenever the House or Senate debates privacy legislation, is
often cast as a liberal attacking free markets and free marketing and standing
opposite data collection capitalists like ChoicePoint or the security experts
at the Department of Homeland Security. He once whimsically referred to
privacy advocates like himself as a b
data huggers.b


Yet the b
right to be left aloneb
 is a decidedly conservative -- even
Libertarian -- principle.  Many Americans would argue their right to be left
alone while holding a gun on their doorstep.

In a larger sense, privacy also is often cast as a tale of b
Big Brotherb

-- the government is watching you or a big corporation is watching you. But
privacy issues donbt necessarily involve large faceless institutions: A
spouse takes a casual glance at her husbandbs Blackberry, a co-worker looks
at e-mail over your shoulder or a friend glances at a cell phone text message
from the next seat on the bus.

bNothing to hideb
While very little of this is news to anyone b people are now well aware
there are video cameras and Internet cookies everywhere b there is abundant
evidence that people live their lives ignorant of the monitoring, assuming a
mythical level of privacy.  People write e-mails and type instant messages
they never expect anyone to see.  Just ask Mark Foley or even Bill Gates,
whose e-mails were a cornerstone of the Justice Departmentbs antitrust case
against Microsoft.

It took barely a day for a blogger to track down the identity of the
congressional page at the center of the Foley controversy. The blogger
didnbt just find the pagebs name and e-mail address; he found a series of
photographs of the page that had been left online.

Nor do college students heed warnings that their MySpace pages laden with
fraternity party photos might one day cost them a job. The roster of people
who canbt be Googled shrinks every day.

And polls and studies have repeatedly shown that Americans are indifferent to
privacy concerns.

The general defense for such indifference is summed up a single phrase: b
I
have nothing to hide.b
  If you have nothing to hide, why shouldnbt the
government be able to peek at your phone records, your wife see your e-mail or
a company send you junk mail?  Itbs a powerful argument, one that privacy
advocates spend considerable time discussing and strategizing over.

It is hard to deny, however, that people behave different when theybre being
watched. And it is also impossible to deny that Americans are now being
watched more than at any time in history.

Thatbs not necessarily a bad thing. Without an instant message evidence
trail, would anyone believe a congressional page accusing Rep. Foley of making
online advances? And perhaps cameras really do cut down on crime.

No place to hide
But cameras accidentally catch innocents, too. Virginia Shelton, 46, her
daughter, Shirley, 16; and a friend, Jennifer Starkey, 17, were all arrested
and charged with murder in 2003 because of an out-of-synch ATM camera.  Their
pictures were flashed in front of a national audience and they spent three
weeks in a Maryland jail before it was discovered that the camera was set to
the wrong time.

b
Better 10 guilty persons escape than one innocent person sufferb
 is a
phrase made famous by British jurist William Blackstone, whose work is often
cited as the base of U.S. common law, and is invoked by the U.S. Supreme Court
when it wants to discuss a legal point that predates the Constitution.

It is not clear how the world of high-tech surveillance squares with
Blackstonebs ratio.   What would he say about a government that mines
databases of telephone calls for evidence that someone might be about to
commit a crime? What would an acceptable error rate be?

Rather than having b
nothing to hide,b
 author Robert ObHarrow declared
two years ago that Americans have b
No Place to Hideb
 in his book of the
same name.

b
More than ever before, the details about our lives are no longer our
own,b
 ObHarrow wrote. b
They belong to the companies that collect them,
and the government agencies that buy or demand them in the name of keeping us
safe.b


That may be a trade-off we are willing, even wise, to make. It would be,
ObHarrow said, b
crazy not to use tech to keep us safer.b
 The terrorists
who flew planes into the World Trade Center were on government watch lists,
and their attack was successful only because technology wasnbt used
efficiently.

Time to talk about it
But there is another point in the discussion about which there is little
disagreement: The debate over how much privacy we are willing to give up never
occurred. When did consumers consent to give their entire bill-paying
histories to credit bureaus, their address histories to a company like
ChoicePoint, or their face, flying habits and telephone records to the federal
government? It seems our privacy has been slipping away -- 1s and 0s at a time
-- while we were busy doing other things.

Our intent in this week-long series is to invite readers into such a debate.

Some might consider the invitation posthumous, delivered only after our
privacy has died. Sunbs founder and CEO Scott McNealy famously said in 1999
that people b
have no privacy b get over it.b
  But privacy is not a
currency. It is much more like health or dignity or well-being; a source of
anxiety when weak and a source of quiet satisfaction when strong.

Perhaps itbs naC/ve in these dangerous times to believe you can keep secrets
anymore b your travels, your e-mail, your purchasing history us readily
available to law enforcement officials and others. But everyone has secrets
they donbt want everyone else to know, and itbs never too late to begin a
discussion about how Americansb right to privacy can be protected.

B) 2006 MSNBC Interactive

URL: http://www.msnbc.msn.com/id/15221095/

--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]