Guilty By Association

dmf writes "News.com is running a little piece about Microsoft's forays into researching aspects of social computing. With AOL Buddy Lists, Yahoo Messenger, Friendster, and other mappable relationship environments, is it possible the information will soon be used against you? Scenarios such as governments tracking private citizens, investigating terrorist links, political groups finding potential donor lists, marketing departments finding affinity groups, and other easily imagined data mining opportunities could open the doors for information abuse and misinterpretation of individual ties. What implications can it bring in the future of the personal life?"

Other mappable relationship environments?

You mean like this? [slashdot.org] Won't be long before /. is mined for this data, regardless of what the robots.txt [slashdot.org] file says about it.

Re:Other mappable relationship environments?

As we progress further and further into the digital age, consumers will have to resort to their own cryptography to ensure that their communication stays private.

PGP was a good start, it is basically an uncrackable form of cryptography based on public keys, that a very brave guy almost spent his life in prison for posting on a BS back ni the day. Click here for info on it. [mit.edu]

Many Slashdot'ers probably are already familiar with this, but hey, you never know. We will all be fighting for privacy in the coming years it seems, best to know what tools are available to you. :)

PGP is available on almost every OS, Windows 95/98/NT/2000, MacOS, AIX, HPUX, Linux, Solaris, and DOS. And can be easily configured to work with most popular email programs as well.

Privacy means that only the intended recipient of a message can read it. By providing the ability to encrypt messages, PGP provides protection against anyone eavesdropping on the network. Even if the information is intercepted, it is completely unreadable to the snooper. Authentication identifies the origin of the information, certainty that it is authentic, and that it has not been altered. Authentication also provides an extremely valuable tool in network security: verification of the identity of an individual. In addition to secure messaging, PGP also provides secure data storage, enabling you to encrypt files stored on your computer. Version 6.5.8 also includes PGPnet - a powerful VPN client which enables secure peer-to-peer IP-based network connections - and Self-Decrypting Archives (SDAs) which allow you to exchange information securely even with those who do not have PGP.

Re:Other mappable relationship environments?

The other idea that popped into my head was this...

Like with mp3's and copy protected music cd's that you cannot burn or rip, you can get programs that simply "record" any sound that is coming out of your system, and then make it into a file type of your choice. So regardless of how protected the file or disc is, you simply play it, and then bam, you have a copy.

So what if they did the same with text communication? So that your machine picked out and reported back to some organization (MS, the Government, whoever) only the actual text on your screen? That is scary, because you could encryp it however you wanted, but when you open it up to read it, bam, the program captures and interprets all that is shown on the screen and that's that. So unless you actually know some secret type of language, or use "key text" cryptography and then write the intended message down on paper when you decrypt it off of your screen, that would be the only way to do it securely.

Does that idea make sense?

Re:Other mappable relationship environments?

What your talking about is radio screen scraping.

Basically, your monitor is a big antennae that's emitting signals in every direction. With the proper equipment people sitting in a van outside your house can pick those signals up and see your screen.
(Personally I'd like to see this demonstrated)

So what are your options.
1. Use and LCD panel and have the video signal from your machine to your monitor be encrypted.
2. Learn morse code and just have all your sensitive stuff outputed to the LED's on your keyboard. (there are programs that'll already do that)
3. Use your computer inside a faraday cage...

Re:Other mappable relationship environments?

I've seen it demonstrated ... maybe.

I worked in the Aerospace industry, in a building that handled classified info, and, not surprisingly, was also a Faraday cage.

Vans would sit in the parking lot and point big antennas at the building. We were informed that these were security audits by "some three letter agency" (which, in this case, would probably be DIA, not NSA, but who knows... coulda been KGB for all I know).

Anyway, on one security day, they did a demo. I mean, really, they could have been playing us a video tape and we wouldn't have known, but it seemed pretty convincing. They pointed the antenna at a nearby unshielded building, and brought up someone's screen (they were doing a powerpoint on department budgets). It was pretty hard to read, but you could do it.

There are anti-TEMPEST fonts available that, evidently, are much harder to capture using this technique. There are background static programs that render the technique useless, but also give the user a whanging headache...

Re:Other mappable relationship environments?

There is no need to encrypt your video cable. Just buy a good quality cable that is shielded. That will bring the emissions from that source to levels that are to low to intercept. Just using a normal LCD panel will prevent you type of ease dropping your worried about.

Re:Other mappable relationship environments?

If you are using your real identity on the net then you deserved to be mined, and maybe even probed.

Honestly, the only time I use my real name and real information is when I buy something online and if those I buy stuff from give my information away without my consent then they are liable.

- Marcus Tangerine

p.s. If you are the real Marcus Tangerine, sorry.

Re:Other mappable relationship environments?

If you think that's scary, check out the mission of these people [wordofmouthresearch.com].

Re:Other mappable relationship environments?

You know, I'm really not sure WordOfMouthResearch.com is legit..

I received a notice that my personal email address got listed on their site from someone apparently looking for information on me. So, I used my anonymous email address and registered as having information about the person who owns my personal address. So far, my anonymous alter-ego has not been contacted, though BOTH addresses have seen a marked increase of spam. When I started bouncing emails to my personal address from WordOfMouthResearch.com, I received the same "Someone is searching for information on you" message from a different source email address. After about 5 or 6 of these, I bounced the entire domain.

Anyone else have information on these guys? Again, I think they're just harvesting email addresses for spammers under the guise of providing a service (that no one seems to be using - again, if my "alter-ego / evil twin" email is the only address that has information on me, which when I checked last it was, these "people" looking for information on me would have contacted my alternate email by now.

And as far as using AOL IM and Friendster and all that to data mine, I suspect that the spammers will be the first to use this data, since they can't reliably harvest email addresses with web spiders anymore since people are trying to actively avoid them - however, there is a valid email address associated with an AOL IM login, and also with Yahoo IM, and with MSN Messenger, so there's some major sources that the spammers can get email addresses from, and they'll also cross reference the information, and you'll get more, and more targetted spam. Do you like guitars, for example? Here comes spam offering Guitar Strings cheap, along with the 50 others promising natural male enhancement.

Re:Other mappable relationship environments?

Well speaking from experience, I can tell you a little something about the Department of Justice and most will probably say i'll sound like disgruntled employee, or someone antigovernment, or something along those lines, but this is my take on them. Having gone to court against the DOJ for a 'cybercrime', I can tell you that they will try to bring out anything and everything you ever did, or that looks bad. If you showed up late to work, and were written up, they'll look for ways to spin the issue into you being an uncooperative work or something along those lines.

If you can find anyone who has fought for their rights in a court of law against the DOJ just ask them what they do to one pretrial. Past 5-10 year history comes on the table tax records, employee records, hell ex girlfriend/boyfriend records if they can get em. Better hope you don't have someone against you with an axe to grind and I mean it. In order to understand why, you have to understand that it's all about money bottom line. Most of the DA's offices are allocated budgets, and more convictions means the crime rate in your district is up which means, your office needs more money. Aside from that, you'd better hope your case (hopefully you won't/don't have one) is not high profile whereas it will lead to promotion, or an entire new 'crime division' being opened up because of you. Remember cases define the prosecutor. "Well I convicted foo foo foo for foo!" and then the book deal. It's sad, but it's what happens.

In Federal Court in the District of Massachusetts in 1998, the conviction rate was nearly 91.7% This closely follows the national trend in which conviction rates in federal court are around 90%. source [masscriminal-lawyers.com] Some put the rate at like 98% conviction. Either the feds are the best at finding the worse or there are a lot of dirty tricks going on. Now I'll leave it at that and you make your assumptions. I can tell you offhand associations will harm you point blank.

Their gender detection code leaked already!!

#include
#include

void main()
{

if

contacts more then 75 = female;

anything else = male;

}

**any code monkey wish to do this properly it would be more humours :-) **

Re:Their gender detection code leaked already!!

That code is so bloated! Here is a more optimized Slashdot gender detection routine:

#include <Slashdot.h>

char* gender;

char* main(){
gender = "male";
return gender;
}

Security

All I can say is that if you transmit private information over an insecure channel, you should not be surprised at the results.

Good thing I post as AC

Now I don't have to worry about browsing slashdot, and nobody can associate me with all the terrorists and mexican drug lords among the slashdot community.

RMS wrote about this recently

http://www.gnu.org/philosophy/my_doom.html [gnu.org]

Friends of Friends on orkut bad enough

It's bad enough getting friends of friends contacting me on orkut. For some reason the religious right people think it's fair game to email me with all kinds of links to support their causes.

A swift "fuck off" does the job there, but you can't do that with an auto bot that then goes and pumps your details into Yet Another Mass Marketing Tool

No problem

That is why you don't put REAL personal info in your $CHAT_PROGRAM profile. As long as it thinks that I was born on 1/1/1900 and live on 123 main st. Beverly Hills 90210, I'm not worried about data mining. :)

Re:No problem

Oh, and what happens when sites that you *had* to put real info into (say, eBay or PayPal) changes their privacy policy and opens you up to associative data mining, based on your eBay purchases and PayPal records?

This is a specific, simple and very frightening example, because we've seen companies change privacy policies on a whim (Yahoo! for example)

You can't lie online forever. Think about mailing lists with public archives. What if you sign your real name, with a munged email address? Sure, they can't SPAM you but they can still extract your name and cross-reference it, which just might uniquely identify you. Especially if the cross-references are smart enough to stick to the subject of the mailing list.

I use disposable email addresses, try to hide my online identity whenever possible, but I can still punch my favorite online alias or my full name into Google and gets hits back for ME. If Google has my name in it, I'm sure there are other databases with it in there too.

Re:No problem

Except that you just provided a link... so everybody that shares your profile will be tied to you ;)

You shoulda posted that AC. Anybody seen my foil?

Makes me wonder about casual aquaintences

My AIM (err iChat) buddy list has a decent sized section of casual aquaintences. They're people who I game with, used to work with or met at conventions. If one of them does something nasty are the Feds going to come knocking on my door asking questions?

I know my chats are fully logged already and never discuss anything even semi-private over IM. But the concept of guilt by association on an electronic level is simply frightening.

-Rusty the paranoid

Paranoid people fuel the government

How? Paranoid people are always evaluating things, especially technology and speculating how the government may be using stuff to spy on/track their every movement. They also usually develope these conspiracy theories and broadcast them to the world.

Here's what I think, YOUR HELPING THE PEOPLE (GOVNT) YOU ACCUSE OF INVADING YOUR PRIVACY! Your doing the hard work for them which is thinking up of ways that you can spy on people. I'm sure some government researcher is sitting back in his cubicle reading slashdot thinking to himself.. Damn thats a good idea, we'll have to do it!

Easy Solution

have everyone add 'Link' to their buddy list... now everyone is everyone's 'second cousin' through link.

if you can beat em, flood them with false data.

Guilty by Association?

Absolutely.

Motion Picture Association of America

Recording Industry Association of America

Feel free to contribute...

ACHTUNG!!!

OSAMA BIN LADEN wants to MURDER the PRESIDENT OF THE UNITED STATES OF AMERICA, a certain chap named GEORGE W BUSH by hitting him repeatedly over the head with a ROCKET PROPELLED GRENADE LAUNCHER shaped sausage while dreaming of using TACTICAL NUCLEAR WEAPONS and drive his fave Type-R sport ZSU-23 SHILKA with BIOLOGICAL, CHEMICAL and NUCLEAR AAA rounds.

There, Eris knows wether US intelligence is tracking this or not but if they are, this is sure to mess up someone's day, hehehe... Ooo, look at that pretty black helicopter!

By Association

I post on Slashdot

Trolls post on slashdot

Trolls watch TV

George W. Bush watches TV

In Soviet Russian, TV watches YOU!

You breath air

Terrorists breath air

Terrorists see the stars at night

Posting on Slashdot can be associated to Astronomy. Cool!

Not to mention unraveling the military hierarchy

I began to get concerned about things like this when I realized how easy it would be for someone to start piecing together parts of the U.S. military hierarchy from classmates.com's "who did X serve with?" information collection.

I can't wait until 10 (or 2) years from now these companies start buying each other and consolidating the network information, along with everything available publicly from, say, livejournal.

this is the reason

that in the future, more and more people will rely on anonymous handles for their online identities. This is already happening to some extent, for my own purposes, I used bogus information for the yahoo registration when creating my anti-war page... not because I seriously fear repercussions today, but 20, 30 years from now, who knows, we may be living in a very different world, and an anonymous identity (as far as it goes) is the best way to protect yourself.

of course, for true anonymity you need the right tools.

Re:Live, go to jail!

This is, of course, the optimal state for things. If everybody is a criminal, the police can arrest anybody, because they can always find a law the person has broken. Even now it is getting that way. There are over 3,000,000 federal laws, not to mention state laws and local laws. Are you SURE you havn't broken any?

For example, purchaced a sex toy of some form? They're available everywhere, but it is illegal to sell them. The fact that the law isn't regularly enforced doesn't change the fact that you can go to jail for working in an adult store. Then there are the crazy state and city laws like "You can't kiss on Sundays" and "You cannot sell yo-yo's on Sundays" and "No more than 3 women can live under the same roof" and "It is illegal to drink a beer immediatly after having sex." and "A husband cannot have sex with his wife if he has eaten garlic or anchovis. If she requests it, he is legally obligated to brush his teeth"

Bin Laden is no buddy

"...governments tracking private citizens, investigating terrorist links..."

So, you're saying that I should take Osama off of my buddy list if I don't want trouble from the feds?

What about

Services like AOL? I don't know how MSN or anouther online service works, but AOL stores your 'Buddy List' on their servers.

They can also keep track of what sites you're visiting when you browse the WWW. How long do you think it'll be till spam is custom fitted to groups?

Spammer A: This kid here goes to these freaky anime sites, and so do half of the people on his Buddy List. Let's send them all SPAM on learning Japanese and Freaky Bukake Sites!

Think about it.

If you're...

one of the idiots who bother to fill in your phone number, birth date, street address and SSN in your AIM profile you get what you deserve.

New McCarthyism?

I would not be so worried about the government collecting such information if it were not for the knowledge that they have tried to collect [upenn.edu] it in the past and used it in less than ethical ways [schoolnet.co.uk].

Is it any wonder people are paranoid about them doing it again [progressive.org] in the future or the people who defend some of the governments actions [amazon.com]?

Isn't this a bit late..

.. when credit cards and clubcards are already so heavily used. A credit card shows where you've been and where you've spent money - for example, someone only need look for a pub that you use your card at regularly to track you down. And the FBI has already shown its willingness to get information from ISPs regards even the vaguest suspicion of a crime - is there any real anonymity left? I doubt it.

Ohhh

Kevin Bacon [virginia.edu] is surely going to be in a lot of trouble.

big brother is watching.

I used to have a room mate who worked for the Anti-Terrorist Task Force here in New York City. The horror stories he'd tell me were gut wrenching. The truth is... privacy isn't real. Everything you do is tracked.

All of the data mining companies end up selling their information to the government...

He told me that the government had dummy corporations who purchased the data and it was all centralized.

Everything from your NYC Metrocards, to the discount cards you get at the local grocery store. Everything from your Email accounts, to your cell phone habits. I didn't believe it until he proved it.

He was able to take someones first and last name, approximate age, and in return give me their home address, childrens names, home mortgage amount, bank used, cell number, parents address, university, major, where he went on vacation, how long he was gone, spending habits, etc. etc. It was scary stuff. Scary.

1984 in 2004.

Re:I call B.S.

Actually, it's not a centralized automated database, but most of this data can now be obtained about an individual by the government without judicial oversite (ie no court order).

Bought anything with a bank card, credit card, or check? Your bank records are available for investigation. This yields your address, phone number, probably a cell number, Social Security Number, date of birth, and anyone you've ever paid by check or using a bank card (Visa Check card or ATM). Under the same statute, everyone you paid by check or bank card can also have their records for you examined. Library records are also open for scrutiny. I'm not positive, but I also believe that phone records (who you called and when as opposed to actual transcripts of conversations) are also covered under this. Oh, and all of the places that have their records checked are under a gag order so you won't know about it.

Doesn't sound so far fetched now, does it?

If it can be used at all, ...

information always will be used against you when convenient.

That's why there should be privacy laws saying that information is non-usable unless explicitly permitted. Right now, it's bass-ackwards.

Microsoft doesn't get it!

Hasn't Microsoft learned from the lessons of Outlook, why should contact information be tied to the File System? It is not enough that personal information can be harvested in a variety of ways now, lets create a new one! So the next generation of worms will not only look at your contact list in your favorite e-mail client, but the file system for anything that could be missed!

And what kind of security controls are going to be placed on this "feature", hopefully it is Mandatory Access Control (yeah, I'm dreaming but what the Hell, it's Friday)!!

*Caselaw* is needed, not tinfoil hats

I think you need to have some faith that the Judicial branch will see through a charge built on "Guilt by Assocation". There is excellent case law that shows how unsuccessful a prosecutor will be in building a case in this manner.

The bigger question is, should the government be allowed to mine this data to look for individuals to put under surveillance. What are the criteria here?

The only historical model we have of this type of thing is landline phone taps. Again, the Judicial system had to get involved -- in the form of a judge or grand jury. Today, the scope of opportunity is so much greater than just telephone lines.

I personally think we need more policymaking and caselaw in the area of government-commercial database relationships. It will come, but only after the government oversteps its bounds a few times and gets its foot chopped off by a successful lawsuit.

This is easy enough

Simple! Just jack Kevin Bacon into the Matrix and you'll have a link to everyone!

SSH and VPNs

That's why a lot of us are using SSH tunnels or VPNs with our own IM protocols, DNS and mail servers. There's a whole phantom internet out there and a lot of people don't even realize it.

Personally, I've been using ssh and Jabber to IM with all my friends. The only thing that's required is that I give them a custom configured ssh client, .ssh/config file and point them to a Jabber client. It's worked well, and no one else has access to the Jabber server other than the people who I've allowed in. Same with e-mail. Sure, I still have to interact with the outside world, but most of my friends and family are pointed to my mail server and use SSH tunnels to communicate with me. They don't see it as an inconvenience because to them, they just double click the "Connect to the T4D Network" icon on their desktop and then use their mail/IM/web clients like they would any other time. When they're done, they just click the "X" in the upper right corner of the CMD window that has a nice friendly message in it that says, "Close this window to disconnect from the T4D network".

I can only imagine that this will become more commonplace as these technologies get easier to use. Tunnels and VPN are sure to be the next "big thing" once they are really simple enough to install. So far my installation experiences with people who want to access the T4D network have just been to email them a zip file and tell them where to put the extracted files. But a double click wizard would be nicer... Can't code in Windows though because I don't have the money to waste on a compiler.

Problems with recylcing addresses

A co-worker of mine has an MSN messenger account that he keeps getting IM's in Arabic. Aparently someone else had the account and it expired and just by chance he picked the same name. He also is on some kind of Islam mailing list getting Koran verses in his mail every day. I hope that they do some research on this idea before they start handcuffing people.

Just look at my slashdot history.

You can find out almost everything about me. Since I've posted 1900+ comments, I've ranted about everything under the sun.

It wouldn't be too hard to profile me.

The question remains: How can the cat be put back in the bag? Answer: It can't.

The only reasonable solution I see is to not let *anyone* slip through the net of info (yes, I'm talking about you high ranking government officials, and corporate bigwigs...is that redundant?) and making it freely available to all.

Then, at least, the illusion of privacy is lifted, and everyone can get on with their lives, knowing that everything is open.

Apparently, the only ones with privacy are terrorists. Hell, we can't find a guy on a kidney machine in a desert? (I'm thinking of starting a pool for how close to the election good ol' Osama will pop up. Place your bets!)

Just goes to prove that technology in the hands of people will always be misused. We can't handle the responsibillity.

The sincerest form of flattery....

Guilty By Association

dmf writes ".... With AOL Buddy Lists, Yahoo Messenger, Friendster, and other mappable relationship environments, is it possible the information will soon be used against you? Scenarios such as governments tracking private citizens, investigating terrorist links, ...could open the doors for information abuse and misinterpretation of individual ties. What implications can it bring in the future of the personal life?"

Wasn't there a front page post about bloggers plaigarizing other bloggers [slashdot.org] today?

This sounds so familiar.

It reminds me of this post [slashdot.org]:

Since the whole point of this is to build

social-connection-webs, it's ideal for government crackdown via the guilt by association angle: not only can you find everybody who is emailing to dump.ashcroft@new.american.revolution.org, you can also find -- and investigate -- all the friends of the dissenter, too.

And for anyone who isn't worried that the FBI occasionally oversteps it bounds in investigating dissent, just consider that the social affinity networks of p2p traders could also be subpoenaed: we know Joe uploads mp3s, let's subpoena his email "buddy list" and investigate all those people too.

And this post [slashdot.org]

Yeah, but I'd consider a high-level analysis of my email headers (either sent or received) to be a violation of my privacy. Whether or not I'm mailing to kinky@alterate.life.styles.com, fringe.politcal.groups.require@free.speech.too.org , unpopular.opinions@free.thinkers.net, or falun.gong@is.banned.by.my.dictator.org, it should be nobody's business but my own.

Someone will undoubtedly argue that since headers are sent in the clear anyway, it shouldn't matter, but keeping a database of who mails what to whom only makes abuse -- by freelance busybodies or government spies and censors -- that much the easier.

And this one too: [slashdot.org]

Having any central server aware of all file trading gives whoever controls -- or can subvert the security of -- that central server a far too broad window into the demographics, politics, proclivities, and beliefs of anyone trading files. While this would be a boon to marketeers, governments, and anyone else whose goal is manipulation and control, it must be anathema to anyone who values privacy and liberty -- from left wing "hippie" to right wing "gun-nut", from closted homosexual to crypto-Christian.

Here's a real life example:

Child pornography rings.

They busted a guy here at work who was doing it. By they, I mean the FBI and Customs officers. By doing it, I mean trading child pornography.

Investigators have said Jeffs and two mid-Michigan men were members of an Internet club that produced child pornographic photographs, videos and live broadcasts and shared the images with other group members on their buddy lists.

Some of the "buddies" face charges that they performed sex acts with minors. Many of the victims are the suspects' own children.

What happens is, they bust one guy by meeting up with him in real life, posing as a young child. Once they've got him, they can go on his computer and see who he's got on his buddy lists, address books, they just get everyone else.

Big Brother is coming BB is coming... BB....

couiple of points:

1. If you wish to truly be anonymous, only use cash, post only from libraries, or use open wireless connections with spoofed MACs.
2. If you want to live in the real world and be anonymous, use credit cards for normal stuff, use your home PC/broadband for normal stuff, use #1 for anything you don't want tracked.
3. Or, have so much sporadic activity by allowing free access from your own wireless AP, have large groups of friends share logins, etc, and obfuscate the entire tracking system via multiple simultaneous logins. Note - AIM already allows multiple logins (I've had 3 simultaneous logins at once, the only downside is that only your received messages get sent to all 3

So, that's a real brief primer on anonymity, and the fact that you have little or no anonymity. If you don't like the way the country's going, get out and vote in the next election.

Tell me if this is the wrong attitude....

... Sure there are both extremes in ways of thinking with this.

But am I wrong to think that

1)anything i do online *may* be subject to monitoring, storing or somehow intercepted by one or more individuals or agencies that i don't intend?

2) therefore make sure that i don't discuss my cc numbers or that multiple homicide i pulled off last summer freely amongst people

3) consider exactly what it would take in forms of hardware, computing and people resources to collect, organize, interpret and investigate the amount of raw data that would be generated in server-side logs, on a service that is (for all intensive purposes) provided for little to no cost.

4) consider that in the logs above (or email archives, or...) that about 99.9% is going to be completely useless and/or boring drivel about tons of other people you don't know or care about.

???

I dunno.. shoot. I see the whole "invasion of privacy" and "do this today, and here's what it will lead to" argument, and it makes sense, but then i consider the points above and it all seems blown out of proportion.

What do slashbots think?

I'm sure...

...Al Qaeda is registered on terrorister.com somewhere. To be honest, I'm not so paranoid about my information being gathered. I expect it, and in a wired society, where money is falling out of use, and being replaced by electronic transactions the only difference between an 'honest' corporation and an 'dishonest' one is who admits they're selling your information and one who lies about it. When you pay for that porn DVD with your ATM card, it's inevitable, despite any legal safeguard, privacy policy, or semantic assurance this information will be leaked, stolen, or sold.

What do I do mind, however, is that this information would be used against me in a legal or civil manner. In the world we live, we have to accept that we're going to have collotoral damage on our privacy, but we DO NOT have to accept it's use against us.

Should "accidentally" gathered information should not be admissible in a court of law. Companies that violate stated privacy policies on their own websites should be financially liable for these transgressions.

Our Constitution provides us with some of these protections, but not all. Take this matter seriously, and ask the person you vote for, before you vote, what they think.

Freedom of Association

Isn't this why freedom of association is important?
If you can't communicate freely, you have no freedom.

Being watched is inevitable

Being watched and tracked (and having "privacy" essentially disappear) is pretty near inevitable, for the same reasons that patents (both hard and soft) are increasingly a bad idea, and open-source software is inevitable.

Technology has marched on, and the world has changed (again).

All the trends in technology over the last 10 years say that privacy as we have known it, is headed for extinction. Cameras that get smaller and smaller, remote controlled robots, hacking into wireless LANs, PLUS all the electronic interactions (like RFID) that are coming, PLUS computers getting cheaper by the day... This all adds up to privacy basically being impossible.

Proprietary software is doomed, because the Internet made the level of interactivity that open-source software needs possible. For exactly the same reasons that the medieval guilds (with their proprietary methods for things like ironsmithing and glassblowing) were doomed once the movable-type printing press was invented, proprietary software cannot compete. In the near term (5-10 years), it will still have a solid space in niche markets, but I'm not even sure that will last. It certainly isn't going to last in mainstream software arenas like OSes and databases.

But that same increase in processing power and decrease in communication delay means that doing things like examining every electronic transaction that someone performs (and building a detailed profile of their life from it), is not only beginning to be possible, it's very nearly inevitable. Even the most paranoid of you out there (and on Slashdot, the percentage of paranoids is a good bit higher than average) would not want the sort of draconian methods that would be required to prevent it. (No computers and no networks, for instance.)

The proper solution, I think, is to change our culture, so that it doesn't matter that someone knows the kinks in my soul.

I am mostly connected to reality, so I'm not holding my breath on this cultural shift, but I really only see three possibilities:

We turn Luddite and roll back the clock technologically. (Not likely to happen voluntarily by most of this audience, but some of the non-technical types turning Luddite IS all too possible.)

Privacy gets moved to the same status as apprenticeship - it's something that existed historically, and it's occasionally useful for analogies, but it's not part of anybody's life anymore. This could either go the Japanese route (I believe the usual phrase is something like "Nakedness is frequently seen and never noticed." In other words, commenting on someone's quirks is far more shameful than having said quirks to begin with.), or simply an open acceptance that other people do things differently than you.

The third possibility is the one that worries me. That's a totalitarian society (probably theocratic) that uses this information to control people to a degree that has heretofore been unbelievable. I don't think such a state would last very long at all, but the creation and destruction of it would get really, really ugly.

The US is the only culture I have extensive first-hand experience with. I would strongly prefer to see us go to option 2B (taking the attitude that you can live your life any way you want as long as you don't hurt me).

That fits wonderfully with our stated national beliefs. It's an absolutely lousy fit with what our behavior says we believe. The behavior (IMO) says we urgently want #3.

That's the big reason the 3rd option worries me. I can very easily see a theocratic state as an intermediate step to the live-and-let-live one. If anyone has any practical, pragmatic suggestions for how to create such a cultural shift (one suitable for a total absence of privacy), speak up now, because the situation could get critical within 10 years, and is almost guaranteed to get critcal in 20.

Unique Identifiers

Everyone in a country with country-wide citizen identification numbers, such as America (social security number) and Australia (tax file number), should be aware that these can and are used to link much of your life already. In Australia's case, all the various government, semi-government, and quango databases are resynched on tax file number once a year, and the result is available to various government agencies.
This occurs despite explicit promises to the electorate when the tax file number was introduced, that it would NEVER be used for this sort of purpose.

Add to this the ability to track online activity by merging on:

• IP number
• Cookie
• embedded user-id in files (e.g. Microsoft's GID in every single MSOffice file)
• Credit Card number
• , etc. etc.

"Privacy" guarantees are torn down at the merest suggestion of higher purposes, and data is then freely shared. This can have excellent results: attacking paedophile rings. But it can also have wider, less salubrious results, when blind application of some new hysteria and a couple of incidental "hits" on the database scan sucks innocents into a nightmare.

Disk is cheap too. A startling amount of on-line activity is routinely recorded. The very first internet sourced "crack" can still be viewed, keystroke for keystroke...

In a world where paediatricians have been attacked by mobs and hospitalised following newspaper campaigns against paedophiles, where 20 year olds are exposed in "underage drinking scandals", where unfair or incorrect criminal convictions occur, where a data-entry glitch can destroy an innocent person's credit record with no timely hope of appeal against suddenly foreclosed mortgage, where a country parson on holiday is interred as a terrorist suspect based on rigorous computer screening, where political correctness is a moving feast and the witch hunt du jour dominates reasoned thought: it's perhaps a good idea to keep as much off the computer as possible, let alone the wider internet.

--
Sal

Writings: saltation.blogspot.com [blogspot.com]
Wravings: go-blog-go.blogspot.com [blogspot.com]

Die Bart Die!

Just be careful what you write and always assume all on-line content is available for government mining operations. This isn't hard, folks.

It's really simple folks...

Treat communications you make over the public internet as though they were publicly recorded statements. Why, because for all intensive purposes, that's what your communications over IM and friendster like channels really is. The only problem here is people getting the mistaken impression that such communications are completely anonymous and not traceable. Correct people's mistaken images, the technology isn't the problem.

-There are no easy engineering fixes to social problems.

Welcome to the global village...

Looks like we finally have the global village everyone was raving about twenty years ago. Welcome to our little town, where everyone knows your name....and your age, and your birthdate, and your favorite foods, and your last girlfriend, and why she dumped you, and all your weird little habits, ad nauseum.

It's just like living in East Jesus, North Dakota, pop. 450...except now you have a chance to be famous for fifteen minutes.

What's the big deal? The more things change, the more they stay the same...

The research community is well aware of this

One of the major topics at SIGKDD [acm.org] this year will be privacy preserving data mining (it has been a hot topic for a couple of years now). The current research is quit promising for anything in which all we need is a statistical aggregate. So preference mining, such as what Amazon does, can certainly be done while preserving a high degree of privacy.

No one knows how to do link-mining (find a terrorist cell in a group of people), while preserving privacy, however. Personally, I am not convinced that that type of stuff is possible.