SECURITY Protecting Privacy is Good for Business
Published by: Mike Banks Valentine Privacynotes
November 7, 2002 Issue # 033
.....IN THIS DIGEST.....
// -- MODERATOR COMMENT -- //
"Anonymous Privacy Posts" ~ Mike Banks Valentine
// -- NEW DISCUSSION -- //
"Moore's Law Of Law Enforcement" ~ Richard Lucas
"Privacy; Give It Up" ~ Anonymous
// -- PRIVACY NEWS -- //
"The Latest in Privacy Issues"
// -- MODERATOR COMMENT -- //
This week brings us another anonymous comment from a subscriber
and it raises a very interesting issue here at Privacynotes concerning
identifying yourself on the list. Early in our history, just a
few issues after launch of Privacynotes discussion list, I asked
for introductions from subscribers and got precisely zero responses.
I laughed about it in my comments and moved on.
But for two weeks running, we've had anonymous posts discussing
fairly innocuous comments on important privacy issues, but emphasizing
the posters' strong disdain for public statements.
I am a privacy advocate who has over 4 years of history online
that would be all but impossible to erase from public web view
in links, discussion forums, articles, posts to multiple forums
and cached search engine pages. An "Ego Search" on my favorite
search engine, Google.com returns 1220 links for "Mike Banks Valentine".
I have also been the victim of identity theft and one might
argue that I have been too free with my private information.
When does the desire to remain anonymous cross the line into
paranoia? What information should be public and how much should
remain private? Any thoughts from subscribers about allowing anonymous
comments on the list?
// -- NEW DISCUSSION -- //
== > TOPIC: MOORE'S LAW OF LAW ENFORCEMENT
From: Richard Lucas
Greetings from Cracow, Poland
This message touched a raw nerve.
As a pro American Brit living in Eastern Europe, I have a detached
perspective. I am involved in automatic identification technologies,
so I have a technical insight too.
You are quite right to call people who resist CCTV luddite,
but you could illustrate the point very well by pointing out that
cameras a simply a productivity enhancing technology to be used
by people. In the UK the idea of having more police officers on
the street ""bobbies on the beat" is very popular, because it
makes people feel safer, and that the government is doing something
about crime. It is far too expensive to do this but one police
officer can monitor 100s of cameras.
In fact in the UK many of the cameras are private, owned by
shopping malls car park owners and the like. It is striking how
the pictures of the terrorist suspects are almost always captured
on a non police camera (like in the example of the Bulger killers).
If you are in a mall, the owners set it up for the welfare of
those visiting the mall. It is like a gated retirement community
-cleaner, safer, more orderly than the world outside. They have
to not just for commercial reasons but because someone might sue
them for damages if they don't keep it safe.
The distinction that should be drawn, is between
1. private space (in my own home, doing my own thing, keeping
the law). The authorities have to prove to a judge/spook that
there are good grounds to think that you might have bodies in
the cellar before they invade your privacy
2. public space (in the park, on the street) where the authorities
are blamed if something bad happens to you even if it was not
them who did it. Much cheaper, fairer and rational (in my view)
to have a technological version of a cop on every street corner,
so that if/when you are mugged, they get a picture of who did
Every mobile phone will have a camera soon which means that
there will be cameras in every street, and I am sure that people
who see crime will send pictures to the cops. Given that at least
GSM phones have built-in location technology, users will be choosing
not have that much privacy by carrying one.
If privacy in public spaces is on the way out, much better to
have a public debate and democratic control over the way it happens
than head in the sands denial by civil libertarians who prefer
public privacy and streets so dangerous that parents do not let
their children walk to school or play outside their houses unsupervised.
Wealthy people can isolate themselves from danger on the streets.
With private security, large gardens, country clubs and the like
they can be on private property most of the time without taking
a cut in living standards. The streets and public spaces ought
to be safe for the sake of the ordinary citizen.
If when I make a real fortune I shall build a village/town with
safe monitored public spaces. I think people will pay a premium
to live there. I may be wrong (often am).
The government ought to fund pilot projects for communities
that vote in favour of completely monitoring their community with
the aim of crime detection and prevention.
Why should criminals keep law abiding citizens off the streets,
and what does a law abiding citizen have to fear if someone can
watch him going down to the shops on camera rather than in person?
I believe that "normal" street crime in Northern Ireland was
(is?) much lower than in the rest of the UK, because of pervasive
police army paramilitary presence. Why not offer that everywhere
just a few thoughts
regards from Poland
Richard was responding to the lead item in the latest a-clue.com,
"Moore's Law of Law Enforcement."
== > TOPIC: PRIVACY; GIVE IT UP!
Moderator Comment: The following anonymous post was edited for
length and clarity.
There are some interesting concepts raised in the Halloween
edition of Privacynotes. There are several methods of disguising
your privacy, Halloween-disguised as it were, on the net, to safeguard
from Big Brother, who, on the net can be anyone!
But first, Halloween Big Brother can be the Double Click "Unprivacy"
Company or Amazon.com or the harvesters of email addresses and
personal information. Or it can be the Recorders of Deeds, dressed
in casual business attire in the local county recorders office
or the black clad storm trooper swat team from the same county
enforcing a dubious warrant.
They are all the same, all intent on control and all intent
on obtaining as much information about you as they possibly can,
with or without your consent and many times statutorily aided.
However, back to the disguising of privacy. There are so many
programs available, many for free, that will effectively disguise
who you are while you surf or send email.
Citizens are apathetic to the notion of privacy on the net and
of privacy in general.
In the current issue, the Moderator has raised "tracking devices"
and at the same time, a post follows on with this point about
"recognition devices". These tracking devices and recognition
devices will be forced on a population, willingly or unwillingly.
Ronni Rhodes has a point about "this recognition policy getting
out of hand".
All these tracking and recognition devices will in the end be
added by "stealth", slipped into general use and accepted by the
vast majority of the population.
And that will include the implant chip, folks, which, for the
"good of the children", will eventually be mandated to be implanted
in all new borns. This concept at the moment is overwhelming or
Orwellian to most people; that moment will pass, like all the
other moments when privacy has been surrendered.
This anonymous poster followed all the links in the current
issue and found it hilarious that Norman Willox, who wrote one
of the linked stories, is chairman of the National Fraud Center.
He is also chief officer for privacy! industry and regulatory
affairs at LexisNexis.
Using the anonymous browser, this poster had a look at the LexisNexis
Site and subsequently asks, since when has LexisNexis been interested
// -- PRIVACY NEWS -- //
Moderator note: There are two ways to access previously listed
privacy news stories. One is to visit Privacynotes archives, the
other (simpler) way is to visit
where I also keep a privacy news archive.
HP's wireless keyboards can transmit data to other computers
in faraway buildings. No this is not a feature but an astonishing
security flaw, discovered by two neighbours in Stavanger, southern
The Virginia Supreme Court ruled against America Online in its
efforts to protect the identity of one of its 35 million subscribers
by asking the court to quash a subpoena calling for the member's
name in an issue that goes to the heart of the anonymity of the
Internet. The ruling against the world's largest Internet service
provider, based in Dulles, Virginia, was the latest in the evolution
of privacy laws as they pertain to the Internet and identities
of Web surfers, privacy experts said. "The law is very unsettled
and still being written. Any decision by the highest court of
any state -- particularly the one where AOL resides -- is significant,"
said David Sobel, general counsel at Electronic Privacy Information
An error at Bank of the West has caused thousands of customer
e-mail addresses to be disclosed, raising privacy concerns. The
glitch occurred Monday when the San Francisco bank needed to notify
certain customers by e-mail about a coming service outage Saturday.
Rather than ``mask'' the list of addressees, a bank employee mistakenly
sent out the e-mails in a way that recipients could see all their
fellow customers' e-mail addresses. Some customers said they were
outraged -- and concerned the bank could have poor security controls
overall. ``If they can't protect my e-mail address, how are they
going to protect my financial information?''
Two senior security staff at Finish telco Sonera have been remanded
in custody, charged with breaching customer privacy by allegedly
riffling through private telephone records in an attempt to identify
an internal mole. Helsingin Sanomat, Finland's biggest daily newspaper,
reports today that the Helsinki District Court ordered the pair
to be held in custody amid fears that they would interfere with
an investigation by Finland's National Bureau of Investigation
into suspected violations of communications privacy by Sonera.
People in the central Chinese province of Jiangxi who use cybercafes
are having their online activities monitored by police. Anyone
who wants to use a cybercafe must now carry an Internet identity
card containing personal details including their name and address.
These details are then logged onto a police database. Each time
someone visits a cybercafe in Jiangxi their card is swiped enabling
authorities to see who is online and what sites they're accessing.
Do you know that your FBI profile resides in a database where
employers -- or anyone willing to pay the fee -- may review it?
That database, and others like it, contains your social security
number, credit profile, employment history, travel records, court
records, personal interests, and serious health conditions? (2)
That information brokers regularly sell such data to identity
thieves? (3) These attention-grabbing messages appear with increasing
frequency in the news. But while they make the stuff of a good
legal thriller, they reek of inaccuracies and distorted facts.
Rather than informing about what personal information exists online,
how it gets there, and who has access to it, some would have you
believe that your life is an open book for all to read.
According to reports last week, some customers of mobile phone
operator O2 noticed an unusual phone number on their bills they
didn't recognise and a call charge associated with the number.
When they tried to call the number they heard a recorded message
telling them they couldn't use the number. After further investigation,
though, it was revealed that the number belonged to the German
secret service. The number was showing up on people's bills because
they were being bugged - and paying for it. Understandably, German
police and the secret service were not too chuffed with this.
A privacy strategy is no longer just an option-it's a requirement.
Online toy retailer ToySmart.com filed and went bankrupt after
including its customer database on a list of assets to be sold.
Internet advertising company DoubleClick Inc. was accused of compiling
and selling customer information without proper disclosures --
and later became the subject of a class-action lawsuit and complaints
to the Federal Trade Commission (FTC). Pharmaceutical company
Eli Lilly blamed a "programming error" when it publicly displayed
the email addresses of approximately 600 Prozac users. These are
only a few examples of recent high-profile privacy debacles. Throw
in the vast amount of new privacy legislation on the horizon,
not to mention lawsuits pending against many online retailers,
and the message is clear: Privacy is no longer a choice or a concept.
It's a reality - part of the cycle that affects a company's brand
and shareholder value.