Follow Slashdot stories on Twitter


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
The Internet

U.S. Lags Behind Europe In Online Privacy 165

blaine writes: "There is an interesting article at CNN regarding the differing policies towards privacy that the United States and most of Europe have. It details some of the disputes between the United States and Europe with respects to the United States not being as strict in enforcing online privacy."
This discussion has been archived. No new comments can be posted.

US Lags Behind Europe In Online Privacy

Comments Filter:
  • Personally, I don't think freedom means Big Brother telling all his little plebs to play nicely with each other.

    Freedom means being able to do anything you're willing to take responsibility for. There are ways to protect your privacy on the internet. So long as the government doesn't take those away, we shouldn't expect them to start forcing replacements on us.

    What exactly in "land of the free and home of the brave" implies massive government regulation of private business to protect the pathetically defenseless masses?
  • Every "Web Surfer" out there needs to know about online privacy. That is, it doesn't exist unless you work really hard for it.

    I doubt many of the readers here actually put valid details into the forms at web sites for "free registration" etc. It's obvious that even if the company does intend to use your details responsibly it's too easy for someone else to get their hands on them. Similar with spam - most people have a throw-away address like mine above for any public uses. For similar reasons I won't use the passport / e-wallet system which are becoming common - my computer can't be trusted with running games properly, let alone my personal details.

    The greatest concern I can see is governments misusing personal details. In my country (Australia) there are always cases of this, from councils selling mailing lists to the electoral roll being used for mailouts. This has nothing to do with the web - similarly for anyone you buy stuff from who needs your home address.

    So why do we need specific "online" privacy laws? Sure, I can be harassed at things I say or do online, but this is hardly different to being yelled at by old ladies or religious nuts for wearing a heavy metal t-shirt (yes, this has happened to me).

    Why don't more people know about on-line privacy? Why don't they realise that e-mail is far easier to intercept than a phone call, and that when you post to a public forum it might be traced back to you? I guess it's the same old story - people don't want to learn, they just want it done for them. You can only try to tell them.

  • Thankfully, the British have our interests at heart. By using their agents at British Telecom, they'll give all sorts of privacy to Americans. Once they enforce their patent on the hyperlink, and kill the web, the average American won't have to worry about online privacy anymore! Thanks, Brits!

    Some annoyed European with moderator status is no doubt going to moderate me down for being a troll.

  • I am French, but I spent a little time working in the US. I was struck by the frequent requests for a driving license or a social security number for things that do not have anything with respect to driving or social security.

    • order a meal with a beer: show your driving license
    • open a bank account: show your SSN!

    Of course, I did not have a SSN. I was then instructed to get one from some obscure agency some thirty miles away. I came back later to the bank, and they told me they after all did not have to take my SSN. Instead they gave me an IRS form that was something like 6 pages of American fiscal legalese! And of course this form threatened me with horrible penalties should I make an error in filling it.

    Friends of mine also get fed up with being asked for an SSN to do just about anything. Ask for a phone line? Give me your SSN.

    In France, I only give my SSN for things having to deal with social security (and employment, because they have to pay for social security). I only show an ID when I cross the border, pay by personal check or attend an university exam.

  • It sure is sad how nine little numbers, originally intended as nothing more than a method of tracking social security benefits decades ago, has developed into a universally consistant method of tracking you from the cradle to the grave.

    It has also made identity theft rediculously easy. All someone needs is your SS# and your birthdate, and they can become you. Then it's up to you to clear your name and credit history. Until recently, the person whose identity was stolen wasn't even considered the victim.

    When Social Security was established, the cards actually said "Not for Identification". Unfortunately, there were no laws to punish anyone who required the number for ID, so we have today's situation.

    In 1998, Arizona passed a law that banned colleges from using SS#s as student ID numbers. We need laws like that on a national scale.

    Another thing- what if you don't have a SS#? What if you are a refugee, an illegal immigrant, or a foreign student? Can you still be denied municipal services for not providing a SS#?

  • I'm a proud user of Netscape 3.04. It plays well with others, and apps can't connect with it like they can with IE. App makers who want to be underhanded know that IE is available to "hijack" if they really want to, but there's no way they can count on an ancient version of Netscape being installed and IE being denied permission to contact the Net. Windows Explorer is completely denied permission to send packets anywhere. I'll get Mozilla when it reaches M17 and switch to that, but for now Netscape 3.04 is entirely adequate. I can't complain about its quick and admirable performance. Its only shortcoming is that pages created sloppily using Style Sheets and Microsoft-extended protocols display oddly, but they still display well enough.

    Who would want to use IE, anyway? :-)
  • by AndrewD ( 202050 ) on Tuesday June 20, 2000 @01:33AM (#991077) Homepage

    Just to pick up a few points, working from the UK implementation of the EU directive, the Data Protection Act 1998:

    1. The Data Protection legislation covers paper records as well as computer records.
    2. It doesn't extend to anything done other than in the course of a business, so your phone numbers stored in your mobile aren't covered. Incidentally, some of mine are, since they're client's numbers.
    3. The data has to be personal data - data from which a person could be identified, however tangentially.
    4. The data has to relate to a "data subject", a term which is defined in the legislation to mean more or less anything capable of passing as human. (Yes, that is flippant. No, it's not inaccurate.)
    5. Sensitive personal data is a subset of personal data, and it's defined by reference to a list of subject matters: race, religion, political afdfiliation, membership of trade union, mental and physical health and sexual orientation being the ones I can remember without making the thirty-yard trek to the shelf where my copy of the Act is.
    6. Sensitive Personal data cannot be collected without the explicit consent of the subject without committing an offence, subject to some tightly-drawn exceptions.
    7. The restrictions on processing personal and sensitive personal data when you get it are governed by the Data Protection Principles. See Schedule 1 to the Act [] for details. Interpretation of the Principles is in Part II to Schedule 1 and further supporting material appears in Schedules 2 and onward.
    8. The Data Protection Registrar has already indicated that "opt-outs" for mailing lists do not amount to fair data processing. That's right, spam just became a criminal offence again. Enforcement is another matter, I shouldn't wonder.
    9. This item deliberately left blank.
    10. Data Controllers (the people who actually carry the can for data processing) have to register as such, disclosing publicly on this register [] what sort of data they collect, from what kind of people and what they do with it.
    11. Part of the registration, which must be renewed annually, is a statement of the security precautions the data controller has taken. They aren't onerous - indeed, I'd regard them as the minimum necessary. However, the actual implementation in practice among my clients - honourable exceptions apart - is woeful at best.

    Essentially, the standards may be set higher over this side of the Atlantic, but the actual performance means that the practical difference for the time being is nil.

    Anyone in the UK with an expertise in basic computer security has a prime opportunity to make some money selling advice to just about every commercial concern on mainland Britain. And, no doubt, the same goes for the rest of the EU.


    Slight disclaimer: don't rely on the above as legal advice for your particular circumstances. I'm only qualified to advise in the UK on English law, and what appears here is only a broad outline statement of that law. In short, relying on comment postings on /. to take business decisions that might cost you money is your own affair and don't come crying to me if it all goes horribly wrong.

  • Yes, US English is more widely used than UK English, but in schools around the world, except in the US, it is still UK English that's being taught, and in official business in Europe, Asia and Africa, when English is required, UK English is used.

    Except in Canada. Here Canadian english is used. Canadian English is rare outside Canada, and most Americans don't even know it exists. But it our official language.

    I do agree on the height of taxes, though... But then again, taxes are what make a welfare state.

    Yes, that is a problem :(

  • The US economy is 1000 times more robust than European economies because we allow people with ideas to exploit them.

    If such things was quantifiable (which it isn't), I really doubt it would be a 1000 ratio... Probably a 1 ratio, because as soon as the dot com bubble burst, the whole US economy will collapse.

    As far as economic studies goes, countries like France, Germany or Finland have higher-productivity, higher computerised economy than US. Go into a Renault car factory and then go to a GM one in US. Notice the difference... It takes more than some SUV driving yuppies creating silly dot coms to make a "robust economy". Get out of your cubicle and visit other countries before crying "USA is da best in the world".
  • Don't forget "Humour, valour, labour, favourite, flavour, etc... Don't know if all those are UK english, but they are Canadian English.
  • Sounds like you already accepted the "inevitable"? Then you already lost! Keep in mind that the people who give up hope lose any chance they might have had. So don't just say it's over already, no, continue the fight. I say it's "inevitable" that individual freedom will win.

    He who says it cannot be done should not interrupt a man doing it.
  • and you are anonymous. What are you afraid of?
  • America lagging behind some other part of the world in an area where reason and intelligence should make better decisions obvious? Imagine that?

    Things like this never cease to amaze me for some reason. I love America, I was born and raised here, but I can't fucking stand Americans anymore. Our politics are dominated by a bunch of assholes who present their favorite assholes to a bunch of sheep that vote for whoever they are told to by their respective church/party/employer and then we end up with crap like this.

    It just pisses me off. The US has more freedom, money, and resources than any other country on Earth, and people continue to fuck it up endlessly with unyeilding stupidity.

    I think I've fallen in love with the concept of America, and grown to hate the execution. I don't know where the hell this country is going, but I'm going to save up for the next couple years and move my pasty geek ass to Spain. Sure they have plenty of morons there, too, but at least I'll be pissy in a country thats a bit more laid back.
  • I'm not clear on why
    [companies] should have less [rights than people].
    While it may be reasonable to assume that most people will react with a sense of morality, one can not assume that in the case of companies. They are not immoral, but many of them are amoral, their main (or even only) goal is to maximize profit.
    How do you propose to deny rights to corporations without denying rights to the individuals who comprise the corporation?
    By allowing certain rights only when exercized as a private person.
    I wouldn't care if you would have cockroaches in your kitchen at home, yet I would mind if you had them in your restaurant kitchen.
    I wouldn't mind if you (as a private person) would store my e-mail address and send me an e-mail. I do care if you (as a company) would do it: I don't like spam.
  • I think I better speak up here: the RIP Bill is currently just that, a Bill. That is, a proposal for legislation that may or may not make it through parliament.

    The proposals in it that cause all the alarm are:

    1. The requirement on ISPs to install monitoring kit in their routers and servers and so on to make internet wiretapping possible.
    2. The provisions making it a criminal offence to refuse to divulge the means of decrypting encrypted data seized pursuant to a properly-obtained search warrant.
    3. The provision that basically makes it lawful for the police to install bugs and wiretaps without a judicial warrant. (it's a grey area at the moment, with the weight of judicial opinion against it)

    Of the above, the second isn't too bad. It's no worse than the police being entitled to use an angle-grinder to open a safe full of seized evidence. The problems lie in the fact that as drawn it makes forgetting your password potentially a criminal offence, it isn't subject to judicial scrutiny beyond the original warrant, and there are tipping-off offences (you aren't even allowed to tell your lawyer about it outside certain limits) included.

    The other two are horror stories on their own, though. The regulation of bugs and taps has been taken the wrong way (it should have been resolved in favour of protection of privacy) and the ISPs are defecating in rage at the amount the means-of-interception provision will cost them if it is ever implemented.

    On the sunny side, we've already beaten this lot once (it was originally in the Electronic Communications Bill, which became the Electronic Communications Act 2000 earlier this month) and no doubt we'll do it again.

    And just to help anyone who wants to make a fuss about this, complaints, comments and suggestions about what ought to be done with the Bill (like, for example, binning it and starting again, not "sticking it where the sun don't shine", sore though the temptation may be) should be directed to our esteemed Secretary of State for the Home Department, the right honourable Jack Straw, MP. Whose constituency office is just around the corner from where I sit and type this, and I may well pay him a visit and see if I can bore him into submission...


  • Don't I know it, too . . .

    Last month, while I was crashed at work under my desk (it was one of those long days followed by a longer night), my laptop bag was stolen. What was in it? Well, aside from $900 in cash, software, some laptop related hardware, personal effects (no laptop, since that was plugged in and on my desk!), there was the following list. And before anyone talks about how dumb I was to have all this stuff out in the open, keep in mind that this was a day before our entire building's occupants was moving to a campus in another city and that I had dumped everything in this bag for safe keeping and ease of transport. Also, it was less than three feet away from me when it was stolen, but I was asleep. Finally, I was in the second floor of a completely empty, huge building and the only people ever to venture through were the night security guards, which wandered through once or twice until morning.

    Anyway, the list:

    • Social Security Card
    • State ID Card
    • HMO Card
    • Medical documents
    • SecureID's (encryption card for online access of our VPN -- one for each company division that I work with).
    • Badges with my photos and employee numbers on them that allow me entry into every building on the campus.
    • Two CD-Rs with every email and ICQ message ever sent or received by me, including many personal documents from medical information to intimate items between a (now ex) girlfriend of mine.
    Thankfully, the data contained on the CD-R's were encrypted with two types of high-level algorithms and, additionally, archived in ZIP files with a 50 character password.

    But, as the police officer stated as soon as I filed the report, "Looks like someone has enough info to completely steal your identity..."

  • It's been a couple of weeks since I checked back on the progress of the RIP bill, but the last note I took of it was that Straw* had moved an amendment for an administrative provision allowing a Commissioner to delegate authorisations to his staff and Ann Widdecombe** had moved a few of her own prior to it going to the Lords:

    1. adding an element of intent to the offence of forgetting one's password - which is what the Clause 49 offence actually is -and generally made it slightly less objectionable (in the sense that dogshit in the gutter is slightly less objectionable than dogshit on your bedroom carpet),
    2. adding a requirement that the ISPs be represented on the technical approvals board for the built-in wiretaps;
    3. Gathering together all of the various Commissioners for Spooks and Bugging as a single "Investigatory Powers Commission" (a dead letter. The Interception of Communications Commission has heard four complaints in fifteen years, and resolved them all against the complainant); and
    4. requiring the government to state annually in parliament what it has spent on grants toward maintaining interception facilities with the post office, ISPs and telecoms providers generally

    The Lib Dem's have had their own crack at emasculating the decryption warrant offences, but for the life of me I can't tell what their draft clause is actually driving at.

    As for the Govt railroading the bill through (using the Parliament Acts 1911 and 1949 to pass it into law notwithstanding it having failed in the Lords) I don't think this is a serious possibility. Constitutional issues aren't my specialty (IMBALBIANACL) but I seem to recall that they can only do this on the second try at getting the bill through parliament. There'll have been a general election by then, so who knows. Generally, the government can only really get away with a Parliament Act steamroller if it's needed to deliver on a manifesto pledge, but that's convention rather than settled law.

    Andrew D

    *Straw: the Right Honourable Jack Straw MP PC, Secretary of State for the Home Department and Government Minister responsible for defecation on UK subjects liberties and rights from a great height

    **Ann Widdecombe: Holder of the rare distinction of being the UK's ugliest politician, also known as "Doris Karloff". She's the shadow Home Secretary - basically HM's Loyal Opposition's spokesthing on matters falling within Straw's brief.

  • I'm a pretty good bot though. first time someone notices.

    //rdj the anthropomorph

  • >Who do you want to keep track of you: Business or government?

    That's indeed the question. I just wanted to make a point the other way. People cannot influence companies or the persons in charge of a company, whereas a government is chosen (keeping to the US and EU). Personally I would sooner trust a government than a company. At least governments are supposed to look out for their people, where companies only look out for themselves.

  • Well done, friend! I think you are exactly right. Remember that CNN (the "Clinton News Network") has strong leftist leanings, and is much more willing to criticize big business and their crimes than it is to criticize big government and its crimes.

    I think both government and business collaborate and compete for our privacy. The government is allowed to use force to achieve its goals. Of course, that does not make the evil actions of big business less evil.

    I'd moderate your post up, but I lost my moderator status yesterday. ;)

  • I saw a program on PBS not 5 minutes ago where a Symantec spokesperson was saying that online privace is really basically the responsibility of the users :)

    True, very true. Who else would have the responsibility? The government? Remember, the internet is an international entity, and as such can not logically be held to be under the domain of any one particular government. Sure, you can say that servers in the US are under the domain of the US government, but what about a server in, say, [small country of your choice]? It is inevitable that you will eventually run across a server that is not covered by any reasonable rules of privacy (or whatever other subject you want to discuss).

    What this means is that even though governments may say that they have author-i-tah(tm) over what goes on in the servers based in their country, the final responsibiltiy rests with the end user.

  • by bgs006 ( 182777 ) on Monday June 19, 2000 @06:16PM (#991092)
    If only they made new Popeye cartoons in these modern times:

    "I'll gladly give up my online privacy on Tuesday for a bitchin' credit card offer today."
    "Oh Popeye! Save me! I keep getting spammed by United States pyramid marketing schemes!"
    "Don't worry, Olive, I'll moves ya' to Europe where online privacy is more valued."
    "I'm strong to's do Finnish, because they eat's their private spinach, 'cause I'm Popeye the sailor man."

    They can't all be winners, folks.

    LostBrain []

    Wait a second, this isn't Ain't-It-Cool-News []

  • But wouldnt it be even better if we could develop applications and network protocols that would garantee privacy?

    It's a knotty issue. On one side, I'd certainly agree with it - it's personally disturbing to me to see more and more free speech on the Internet being censored by those with the money. A good case in point in DeCSS - completely legal, but the MPAA goes out and starts sending threatening letters to every site that hosts it around the world, and most of them pull it. That's why a truly anonymous file sharing system like Freenet will a godsend to free speech on the Internet.

    On the other hand, the Internet does need some kind of more set user identification, if only to find the origin of all those spammers. ;-)

  • astonishes me that America of all places has the worst privacy, even worse then Europe. Wasn't the American revolution desgined to give us FREEDOM of speech, LOW taxes, RIGHT to not have your house searched without a warrant!

    I believe 21st century America will be the next pre-victorian british empire, where instead of a corrupt king that has all power over human rights, we have kinglets (corporations)that are the new government and we serve them and not have government serve us.

    The loyalists fought for the king in the revolution because they believe everyone should work for the king or the lords under him and in return they will take care of us and decide for us. Instead we have pro-capitalists believing corporations should rule and we follow because they give us jobs. Many are ignorant that our government is for sale and they lose rights like free speech (US encrption, Dmca act, patents), high taxes (breast cancer research bill that included pork barreling spending that killed McCain's election), privacy (darion project where the ciaa montiors all calls without anyones consent, credit card companies giving out purchasing information to anyone so your boss can find out your spending habits). I can't believe Canada and Europe are freeier. :-(

    IF linux is killed by patents and corrupt laws paid by microsoft, then lets create our own revolution. Whos in!
  • I sure hope for your sake you're being sarcastic there

    Yes, I'm being sarcastic. Sheesh.
  • poor people around the world travel to the US if they can. they choose the US over Europe. Which is all good, because we take large numbers of poor people from the third world, unlike Europe which treats nth generation "dark" people as non citizens. So much for your "statistics".

    Name the exciting European companies in high tech. That didn't take long, did it.

  • economics is not artificial any more than physics is. it is the science used to describe trade, trade which occurs anywhere people live side by side. And the rest of your post was nonsense too.
  • saying that something is "1000 times more" is an idiom that means "a lot". It is a standard English idiom that any competent speaker would know. It's not my fault that you don't know it. I've also visited far more of the world than you imagine, and far more than you have. France, Germany, and Finland do not have higher productivity, nor do they have high productivity growth which is a more important number. They have high automation because labor is artificially priced higher than capital, but that's an economic argument, something you wouldn't understand.
  • Also, I believe that it is only illegal to export strong crypto programs, not encrypted material itself. Therefore, it's almost a moot point, as strong crypto does exist outside the US, but our wonderful Government (TM) apparently doesn't think so. PGP exists worldwide, so if you encrypt your mail with PGP you're pretty much safe (as long as you use a large keylength).

    Disclaimer: I am not a crypto expert, nor am I a lawyer. Don't take my words as absolute truth, or it will probably come back to bite you in the ass.
    Scott Jones
    Newscast Director / ABC19 WKPT
    Commodore 64 Democoder
  • I was referring to high unemployment rates which prevail across all of Europe even though the economies are so different. That high unemployment is directly due to higher government intervention in the economy than in the US. Nobody with half a brain would argue that point.

    Privacy regulations lead to a smaller economy. Companies are willing to pay for information about consumers because it has economic value. Banning these transactions slows the economy down.

    You could reasonably say that you think the tradeoff is worth it. But you are stupid if you say that what I say is not true, and you did, so that makes you ... yes, you guessed it, stupid.

  • Well, first, there are a lot of times it *is* desirable to not be uniquely identified (I'm sure those people in the early fourties who got tattoed their "GUID" on the forearm would agree. And that very same period would teach you how quickly a rather democratic (even if crippled) government can turn into one of the worst dictatorships mankind has ever known).

    However, you can be almost uniquely identified by better than your SSN: {Name, Surname, Date and Place of Birth} gives you an almost unique combination. Better, there is enough room here for typos, which will hamper a database's ability to reliably collate data, but not a human's : this way, if someone really needs to ID you, it's possible, if it's just some greedy megacorp, they can.

    I'm glad I live in a country where the SSN is protected (for how long ? Now the taxes can cross their tables with the (overdeveloped) welfare system :-( )...
  • I was referring to high unemployment rates which prevail across all of Europe even though the economies are so different. That high unemployment is directly due to higher government intervention in the economy than in the US. Nobody with half a brain would argue that point.

    Well, I could argue that the most regulated economies (let's take the German Democratic Republic) had an unemployment rate of nil. Granted, that the five year plan concept didn't really provide for a successful economy.

    Still, my point stands: You make an absolute statement which is unfunded. Example: People eating baby food turn into convicts. Proof ? 98% of all convicts ate baby food.
    On a more serious level there's the argument of the zero tolerance crowd, that smoking marijuana leads to heroin. True, a lot of junkies did smoke marijuana before turning to the needle. But even more smoked cigarettes or drank booze. Or ate baby food for that matter.

    Privacy regulations lead to a smaller economy. Companies are willing to pay for information about consumers because it has economic value. Banning these transactions slows the economy down.

    You might be right here. But, who profits from that economic value ? Is it for the common good or is it to stuff the pockets of those that already have ? Mind you, I don't believe in the concept of a socialized economy. But there's a trade off between corporate interests and the rights of an individual. If in doubt I vouch for the individual.

    But you are stupid if you say that what I say is not true, and you did, so that makes you ... yes, you guessed it, stupid.

    What I say, is that you're throwing around figures on a completely unfunded basis (sheesh: 1000 times more robust...). See, I'd argue the same point with Europeans that tell me that Americans are fat, undereducated stupid fucks from the mid-west that dress badly. There are fat, undereducated stupid fucks from the mid-west in America, possibly a lot of them. But all my American friends (and there are quite a few) are quite insightful, cultivated and intelligent people, who dress smart and enjoy fine wines and food. What I do resent is brushing something, anything with a broad brush especially if it's based on totally unfunded data...

  • What do you mean? beacuse I don't think like you?
  • Actually, the better version of the joke is:

    What do you call someone who speaks 2 languages? bilingual
    What do you call someone who speaks 1 language? English
    What do you call somone who speaks no language? American.

    Oh well, looks like another day of hard work done. Back to the beer.
  • but on the other hand, about 22% of kids in the USA is growing up in poverty, worst among ALL industrialised nations except mexico. sweden OTOH lets only 2 % grow up in poverty. (tidbit taken from time magazine)
    so maybe european countries doesnt boom as much as the usa (unemployment has and still is falling in EU), but obviously a lot of people are much better off with the "schelorsis" than what is going on here.


  • I addressed the bit about the "1000 times" in several other posts [see the thread] so I didn't bother to say it to you, but you missed it so, "1000 times" is a standard English idiom meaing "a lot". Any first grader in the US would know it, I'm sorry if it confused you.

    Please, don't waste my time using the former East Germany as an example economy.

    But, if you understand free market pricing, the money that companies make from selling consumer information comes back to the consumer in the form of lower prices if there is competition. Since the companies profit from the data, they can afford lower profit margins. It's standard economic theory.

    My original statements and argument were made on a completely sound economic basis.

  • I am always amazed by the amount of (apparant) hostility that US citizens seem to display to their Government. Is this because they feel it's not their government at all?

    There's something in that, but Americans also have a long history of feeling hostile towards any sort of government at all. Sort of an anarchistic streak.

  • by Oblio ( 1102 ) on Tuesday June 20, 2000 @03:13AM (#991108)

    "US lags behind Europe in privacy"

    "Corrupt politician found to be taking bribes"

    "Insurrection fails, Castro still in power"

    Or from the Onion: "Model decides to give acting 'a shot'".

    (Though I have to admit to enjoying much of the stuff people post on these stories...)

  • We can't let a pesky thing like PRIVACY come in the way of profit....Can WE???
  • Is this surprising, considering the USA is the state that brought you the Clipper Chip?

  • by cperciva ( 102828 ) on Monday June 19, 2000 @05:46PM (#991111) Homepage
    After all, *my brain* contains detailed personal information on people who have not explicitly given my permission to carry that information into another country.

    Seriously, what is the difference between transporting information across borders on a palm pilot and transporting it inside someone's head, apart from the fact that people have much more memory than palm pilots?
  • Yeah right, I'm sure Europe is so much better than the US in regards to privacy. If they really are so intent on protecting privacy then why don't they allow someone to patent it? A patent on privacy would protect it from everyone for the next 20 years, and here in the good ol' U.S. of A. you can do so.
  • I run an "internal firewall" called Zone Alarm which allows me to forbid any but permitted apps from sending packets.

    Great. So an app starts an instance of IE and uses DDE to communicate with it. Zone Alarm is completely bypassed.

  • You can memorise a lot. With a week of practicing all day, i wouldn't be surprised if you could memorise 1000-10000 lines of text, and that can be a lot of information. And then there's photographic memory :)
  • by Anonymous Coward
    Anybody else find irony in the fact that he didn't post this anonymously? Why do I have the sudden urge to cross reference his icq info with every resource at my disposal?
  • Freedom of speech and "Privacy rights" don't work together. You can have one, or you can have the other. But not both. The word "Privacy" doesn't appear in the constitution, not once (you have the right to be secure in your papers, etc).

    As much as you have a "right" not to have the government search your home without a warrant, big corps have a right to record the information that is generated when people use there servers. If you don't want someone to know you look at porn, don't go to their porn server.

    "Privacy" and "Freedom" are two different things. Was it Thomas Jefferson or Ben Franklin who said "Those who give up Freedom for a little security end up with neither."
  • I had the good fortune to attend a taping earlier today of a roundtable discussion on this topic that included Mark Rotenberg (EPIC), Bob Pitofsky (FTC chair), and Lance Cottrel (Pres. of, Inc.). This very issue came up, and it was pointed out that the "superior" European protections only applied to information collection by *private companies*, not the government. US citizens have a much higher level of protection from their own government (e.g., nothing more than the sig of a managing police officer needed for a wiretap in France). That said, it may not be much, but it's worth pointing out in the face of those thinking the European approach is the best thing going.
  • It's a bit of a generalisation anyway, e.g. France is just about doing away with privacy altogether by requiring anyone building websites/posting to BBSs to publish their name and address (see here for more []) on their homepage from the 28th. . .

    and here of course we have the RIP bill, Ireland could be doing pretty well though, think they have made it illegal to spy on emails and other privacy invasive things.

  • or stick at 32meg memory stick in your palm and record 500,000 lines of text. The brain is no mach for a computer.

    And there's also a big diffrence between "a wek of practicing all day" and 'one button hotsynch'...
  • Yup, and we all know how secure intelectual property is on the 'net...
  • and of course given a name I can find the address/phone # [] of most people in the UK...
  • OK, Mr. Dutch Smart-Ass, I speak more languages than you (Czech, English, Italian, French, German AND Dutch). US English is easier and far more widely used than UK English. As a Dutch person you should know that. Or maybe you're just one of those few Dutch people who wants to be English. We Americans may occasionally sound silly abroad, but people understand us. We also don't go around saying "oi" and throwing deckchairs and bottles at crowds of police and non-UK soccer fans (viz- Belgium this past weekend). Our wrists don't scrape the ground either. As for on-line privacy- HAH! Try dealing with any European govt. bureaucracy and see how personal info they ask for. The Europeans are also further behind the US in Internet use and technologies (the average Joost pays 17.5% sales tax on PCs, etc.), hence less to protect. Laws mean very little on this Continent.
  • privacy is _more_ than just your private correspondence. using cryptography is only one way to ensure your privacy on the net. what cryptography cannot help is what the person/company on the other end of the wire is doing with the info you are prviding. what the europan laws are saying is that whatever you send a company of information so that they can send and bill you for some goods, is _your_ property and you give it to them _only_ for the purpose to facilitate the transaction, and they _cannot_ make a database of user which they can sell to others.

    allowing free cryptography is one step to help privacy on the net, but it is naive to believe that all problems with privacy is solved with the use of it.

  • It's not just the dot commers that have bought in to the SUV craze: ordinary folk have become brain washed too []. I prefer to call them Urban Assault Vehicles, anyway.
  • i live quite comfortably thankyouverymuch.
    Holland is clean,has good public services,ppl dont carry guns,and there are no children on deathrow here....
    from my viewpoint even so called liberal American politicians only seem to fall slightly to the left of Atilla the Hun...
    Why so many Americans seem to believe that others would want to follow their example escapes me..
    and if i would want to be childish about it,i believe America has a national debt (ok, so we could argue about that),so i could say...
    We Europeans ownz you foolz :P
    over and out..
  • Personally I would sooner trust a government than a company. At least governments are supposed to look out for their people, where companies only look out for themselves.

    Supposed? By whom? AFAIK, governments are supposed to care about holding onto their power, period.

    Look at history, say, XX century European history. Are you sure you want me to trust a government?

    I am not saying that corporations are inherently trustworthy, but if push comes to shove I'll take an entity that wants money over an entity that wants power. Besides, I'd much rather be poor than be in jail or hunted for subversive activities.

  • Don't think of it as the US "lagging behind Europe in Privacy Standards," think of it as the US "leading Europe in Government Non-Intervention."

    I have a "Zero Policy" tolerance.

  • How moronic. I swear slashdot has degenerated into some sort of platform for non-fact based rhetoric.

    The GOVERNMENT wants to limit encryption so you cannot have any secrets (how much money you have, for starters) from them.

    Private companies sell software to encrypt your data and push for a easing of anti-encryption laws imposed by the GOVERNMENT.

    Now, turn off your computer, stop spouting BS and start thinking for a change. Maybe there is something else you are better at than thought, like knitting..

  • wow, that was a really well argued point. You sure convinced me!
  • The revision of 1986's "Liberty of Communication" bill of law will be voted on June 28th.

    This law project defines the rights and dutys of audiovisual communications companies, and include an internet chapter. The 43-6-4 sub-amendment, which has been proposed without public debate, frames the citizens' freedom of expression on the internet, with a beforehands obligation of identification.

    Each citizen, willing to publish on the web, or to post in a mailing-list, a discussion's forum or a newsgroup, will have to publish his surname, first name and address on his homepage, or to give it to his provider.

    Such a law, regulating public expression, must be debated on a wide and public range, especially , as it is the case, when it goes against the actual rules and practices concerning citizen's privacy.

    We ask the sub-amendment 43-6-4 to be withdrawn by the government and the examination of such clauses to be postponed until the coming law relative to information society, which will be proposed during the next fall Parliament's session by M. Christian Pierret, french Minister of Industry.

    We urge every citizen who feel concerned by the defense of civil liberties to join this appeal.

  • by mindstrm ( 20013 ) on Monday June 19, 2000 @06:52PM (#991131)
    It's not about the internet. It's about commerce and privacy.

    Europe has laws that prevent your personal information (ie: what you bought with your visa and when, etc) from becoming a comoddity unto itself, bought and sold by companies.
    In other words, Visa is allowed to know this, but only so they can bill you. They can't sell it. Same for any other vendor.

    This is important in online transactions moreso than with meatspace transactions because, in meatspace, in a great many cases, nobody needs to know your name or where you live to sell you something, wheras with online purchases, they indeed to in order to collect payment and/or deliver goods.

  • "economics" is not a natural things, it is an artificial thing that we impose upon ourselves in order to allow our society to function according to a certain ideology.
    Same with capitalism. It is just an ideology.

    So.. when it comes to privacy, YES, we should regulate who can give what kind of info to whom. Commerce IS regulated, even in the goldl O'l US of A. Hey. what abou the Federal Reserve and it's interest rate changes? How dare they change this!
    (but hey.. it's not federal and not a reserve..)

    What you can do with your knowledge? no.. but the law CAN and SHOULD guarantee consumers certain rights with regards to commerce, as it already does.
    Things like: personal information collected to complete a transaction shall not be sold or otherwise given away or used for any purpose other than to do the transaction in question unless specifically agreed to by the person giving such information.

    In other words, businesses can amass whatever kinds of databases they want abou tyou.. they just have to ask you for your permission first.
  • At least to the casual user. How do you equip a part time internet user with the tools to protect themselves? You can't make people download and configure Junkbuster, PGP, high encryption patches for Windows and Netscape, etc... They don't have the time or the knowledge that these tools are even there. And even if they did, I'm sure most people don't appreciate just how much monitoring of our online use there is, and so see the need for them.

    The UK is requiring every ISP allow the security agencies to monitor what websites are being viewed by everybody. International tools like Eshilon (sp?) monitoring our emails and who knows what other online chats...

    My beloved Australian government just passed an ammendment bill [] that allows one of our security organisations (ASIO) to hack into our computers, copy, modify, delete any data they think is relivant to national security. I can only hope that the computers have to be in Australia. They're also allowed to disable any encryption or logon device that prevents further monitoring as well. And btw, if somebody could explain why /. thought this story wasn't important enough to the online community to run, please let me know.

    It's my opinion that the governments of the world will legistate the internet into becoming just another form of media. This is inevitable I think. The net isn't the last frontier anymore - it's been beaten down so that the powers that be can control it.

    Which is sad, but had to happen. They monitor us by our use of credit cards and other financial records, and the internet will be made to work for them in the same manner.

  • Do you really want others to "Enforce" anti-murder laws? If it has to be strong-armed, do we really want to live?

    Some things are worth fighting for. Most of the rights we have in America (or are supposed to have), we have because a lot of people died fighting for them.

    Most people will take advantage of others, given the chance. Without the threat of "strong-arming" (in the form of imprisonment, fines, or an ass-kicking) those with power would walk all over the rest of us.

    My mom is not a Karma whore!

  • I agree with many of your points. In fact, since you've had so much trouble, I can see why you might take this maybe a WEE bit too far. There's definetly a problem with all these people wanting all your information, and I sympathise. But I feel the need to point out a few things, so don't take offense :)

    About the DMV asking for your social insurance number, signature, and finger-print, there's a very good reason for this.

    In the past, it was ridiculously easy to get a license. I, a Canadian, actually got a license, by mail, from Michigan. Of course it was illegal, but they still sent it to me. Pretty easy, eh? Think of all the things I can do with a valid U.S. license(don't worry, I didn't do any of them, I was just proving a point to a friend). I can get alcohol. I can claim to be a U.S. citizen. I can buy a gun. Can you believe that? I could buy a bloody gun! (By the way, I was 17 at the time)

    So it's not really bad that they take all these things, so long as they don't show up on your driver's license(except maybe for your signature). They need to know who you are, even if it's just for a State ID... Who knows, the person they're happily handing a piece of plastic could be a killer. I'd much rather have all my personal information available to anyone who wants it rather than know that I caused someone to be murdered.

    As far as the swab wiping off the scanner, the clerk could have just been cleaning it :) Mind you, they could have been collecting DNA, just in case, but I bet it was just for cleaning.

    And for the private companies who were asking for you SIN, they can go blow it out the ***. That's absurd.

  • "I have no respect for a man who can only spell a word one way."
    --- Mark Twain

    Fawking Trolls! []
  • It's the fact that he bundled the paperwork together and took that along with the swab into the back room that fuels a conspiracy theory.
    That's because you pissed them off, and so they will clone you and abuse your clone with all sorts of invasion of privacy, physical and otherwise...

    Here's my mirror []

  • I really have a hard time believing that Europe protects online privacy better than the US, considering what I read on yesterday:

    http://www.CNN. com/2000/WORLD/europe/06/19/ t/ []

    To summarize, most of the EU nations want to trade private citizens' income information (specifically, income from savings accounts). Of course, not only do they want to just trade this info amongst themselves, some of the EU governments want to hammer out agreements with 3rd party nations (read: US and Canada) so they can do the same with them. Frankly, I'm a US citizen, and I don't believe France, Germany, or even Luxembourg should have any access to any of my income information if none of my income was in their country. I really do not think a group so gung-ho about having access to private citizens' (of other countries) personal information is really that concerned with privacy at all!
  • "If my personal data were legally considered to be my property, then every time I gave my personal information to someone, I could insist that they only use it in certain ways, not share it with others, delete it at a certain time, and even that they pay me for it."

    It's funny that you mention this. Property rights are the same excuse employers are using in order to fire someone who sends an unappreciated amount or type of e-mail using their system. As a firewall administrator for a large corporation, I can tell you that companies live by this rule. It appears that the courts are agreeing with its corporate partners []. While it may be true that employers cannot listen to private conversations on a telephone [], it appears that the laws do not apply to e-mail. I strike that one up to the technologically inept government some of us share.

    I am currently trying to fight this rule inside my workplace. I know it's a losing battle because of the court cases but when a disclaimer is added to an e-mail that states something to the effect of this message is meant only for the person sending and the person addressed but we're still monitoring that same message, I find this quite misleading and to me seems grounds for a lawsuit.

    I tend to view slashdot readers as anti-corporate but in this case, you're right about your concerns. Hopefully the privacy laws will change but it doesn't appear it'll happen anytime soon.
  • true, I'd be just as pissed off if I wasn't allowed to enter my homepage URL (well if I had one, web designer for about 5 years and still not got round to it) as if I was obliged too, or if A/C was the only posting option.

    actually the people I don't want to have my details is %^"$^% Equifax.

  • What if everyone believed that law-abiding citizens should use postcards for their mail? If a nonconformist tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he's hiding. Fortunately, we don't live in that kind of world, because everyone protects most of their mail with envelopes. So no one draws suspicion by asserting their privacy with an envelope. There's safety in numbers. Analogously, it would be nice if everyone routinely used encryption for all their email, innocent or not, so that no one drew suspicion by asserting their email privacy with encryption. Think of it as a form of solidarity.

    ---From "An Introduction to Cryptography" by Phil Zimmermann, the programmer of PGP himself.

    This is an analogy I remind myself each time one of my friends at high school ridicules me for being a paranoid "conspiracy nut". It concerns me greatly that most of the general public of my country, Australia seems to take a laissez-faire approach to their online Internet rights. For example, Australians have already lost their right to unmonitored and uncensored (but not yet implemented) Internet usage and our intelligence agency, ASIO now has the legal right to actually crack our computers and monitor communications without a warrant all for the sake of so-called "national security".

    What is just as worrying is that the general population accepts the face value of our politicians. The government in power, the conservative Liberals claim that they are acting in the best national security and moral interests of the silent majority, but to me, it would seem like they acting to silence the majority. The general public needs to be made aware of how insecure the Internet really is, and how governments are seeking to gain a legal right to infringe upon their basic human rights to freedom of expression and press. There seems to be an accepted dogma by the public here that the online world is different and that their human rights are automatically guaranteed by the nation's law instead of being restricted in reality.

    Even my own high school, Sydney Technical High was planning student email access; a proposal to ban students using encryption to circumvent monitoring was considered. The majority of the student seemed unconcerned with this, except for a few others and myself as we saw this as a blatant attempt to impose the school's authority upon us while they were claiming legal responsibility over our moral wellbeing! The school told me that this email service was to be a "privilege and not a right" and thus if I was upset, I should use my own email. I was mainly concerned with those without access to encryption outside of school having their civil liberties breached. Luckily the school abandoned this scheme altogether after discovering free email services provided by services such as Hotmail. However, the mere fact that the school was willing to impose such draconian measures upon its students is a sad reflection of Australia's stance towards online civil liberties.

    I am dismayed when my friends exclaim that the CIA will never read my email, because I am not important, nor have I done anything wrong or have something to hide. I wish that they could see that if they we don't start fighting for our rights online now, such as the right to uncensored access, encryption, and online self-security then a time will come when it will be too late for everyone to start voicing their opinions without fear from those seeking to impose their wills upon us.

  • Ah, then let me throw in my knowledge of Latin, Greek and Klingon *grin*.

    Yes, US English is more widely used than UK English, but in schools around the world, except in the US, it is still UK English that's being taught, and in official business in Europe, Asia and Africa, when English is required, UK English is used.

    Privacy? That coming from a country with THREE three-letter agencies that are world-renowned for their unmatched database size, detail and accuracy about people all over the world, including but definitely not limited to citizens of the United States of America? Comments on occasional soccer-related violence from a country with so much drug- and crime-related violence?

    I do agree on the height of taxes, though... But then again, taxes are what make a welfare state.

    the Gods have a sense of humour,
  • Do you really want others to leave you alone, and don't enforce your right not to be killed/robbed? Fine. Next time a couple of big hairy doodz with shotguns come over to you to borrow some cash, follow you comment and don't ask others e.g. police to protect you. Grab a golf club and good luck excercising your freedom fully.

    In my opinion, in this digital age my private information is valuable property. The data-mining companies seem to agree, judging from the vigorous speed of profiling everyone and their pet. I'm aware of some simple technics to fool the data collectors, but these technics're laughable if collectors get serious. To sum it up, I don't want to protect my privacy with a club when the big hairy corporations go around on tanks. I want the government to finally do the job it's paid for and enforce some order.
  • This is a guy who puts his dreams [], resume, and personal stories up on his website. How concerned can he really be about privacy?
  • why bother? his resume is on his website, his address is in the whois record (previous one maybe, but hey 1 quick phone call)

    If you want to be anonymous you have to be pretty careful, used the same nick in 2 places? written about the same subject with the same speech pattern?. . . even now my ISP could be logging this, no https at slashdot.

    Ok I know a bit OTT, but even so if you want privavcy you have to be aware of where you are losing it

  • There is a difference between volunteering information and being forced by a government agency or business to provide it.

    There is a further distinction between divulging one's own chosen material and the divulging of finger prints, medical history, SSN and other very private information. Nobody ever had their identify stolen from reading a dream, but they've had it stolen from acquiring an social security number and a little prior history.

    People need to understand that privacy does not suggest non-existance or reclusiveness; walking in the shadows and avoiding attention. Privacy is the ability to choose what, when, how and to whom you reveal information that is legally and/or rightfully yours. If someone posts personal stories or dreams about you online, or puts them in a magazine, that is an invasion of your privacy. Doing so yourself is not, as it is a choice you have made.

    Likewise, being required to offer a fingerprint and SSN for an identification card or having to pay someone not to publish your information (such as your phone number in a phone book, which sounds like a degree of extortion to me, however minimalistic) is to have that afforded privacy brutally treaded upon.

  • by Seumas ( 6865 ) on Monday June 19, 2000 @07:29PM (#991150)
    I'll raise you one further, in that not only do you have to be aware of wher eyou are losing privacy, to have it, but you must also have the choice to assert your wish for privacy.

    Personally, I could care less if someone knows my name, mailing address, email address, ICQ number, website, what I ate for lunch, who I'm fucking... In fact, if I choose to reveal those things, so be it. But those are concsious choices. Many people also believe in the right to carry a firearm, yet own none. Many people believe in the right to practice your prefered religion, yet have no religion of their own. Many people also have the means to remain in complete anonymity, yet choose not to.

    Choice and autonomy is the fundamental element in freedom, privacy, anonymity and every other concern over a basic human right.

  • by muldrake ( 171275 ) on Monday June 19, 2000 @09:03PM (#991151) Homepage Journal

    He did spell it correctly, at least as far as non-US usage goes.

    All spelling flames must include a blatant spelling error.

    All grammar flames must include flagrantly bad grammar. Furthermore, at least half of all grammar flames have to spell it 'grammer.'

  • Then why are several governmets restricting the use of cryptography. If it's up to the user to take care of their privacy, the we should be allowed to have the tools for it.

    Fire Your Boss!
  • Freedom means being able to do anything you're willing to take responsibility for. There are ways to protect your privacy on the internet. So long as the government doesn't take those away, we shouldn't expect them to start forcing replacements on us.

    Because, of course, there isn't ever a chance that a private corportation could try to take away your privacy or your ways to protect it. No sir!!! That's something that only the government could ever think of doing.
  • A government is supposed to look out for the country, and rather than their own power they are aimed at the country's power. And a democratic system gives some control over who's in government. It may be important to note that I'm mainly speaking for a dutch perspective: There are many political parties to choose from, including (but not limited to) liberals, democrats, republicans, corporate flunkies, religious nuts, racists and treehuggers.

  • t's cultural, and an anglo-saxon/celtic trait which can be traced all the way back to the magna-carta.

    The main idea is that anyone can expect to accummulate as much wealth/power possible, even if it is endangering the welfare of others. So, naturally, any government that steps in to protect people from abuse is bound to be branded as "intrusive" by those most powerful and wealthiest elements of society.

    Witness big media and hollywood that has been hammering "government is bad" into the head of the people for decades, to the point that they will actively vote for scaling down the government, even it it means misery and hardship for them...

    Here's my mirror []

  • I have to take issue with a couple items here.

    First, a fingerprint serves no purpose to prove my identity for acquiring an identification card. As there are no other existing thumb-prints (of mine) on record, there is absolutely no use for them.

    Second, requiring a social security number proves nothing. Social Security cards have no check-bit number that can identify patently false or incorrect number combinations, so anyone can simply make one up (or, using a birth certificate, apply for a new social security card from the state).

    As far as the cotton-swab thing, I would not have even pondered the situation further, had he thrown the swab directly into a trash bin or onto the counter. It's the fact that he bundled the paperwork together and took that along with the swab into the back room that fuels a conspiracy theory (yes, I'm being decidedly facetious here).

    It sure is sad how nine little numbers, originally intended as nothing more than a method of tracking social security benefits decades ago, has developed into a universally consistant method of tracking you from the cradle to the grave.

  • Exactly where in that article does it talk about the "US lagging behind Europe in privacy standards"? Doesn't it ever occur to the Slashdot crew that their may be reasons to have a less regulated Internet?

    I'm not saying I agree one way or the other, only that editorializing in the headline is kind of irritating to this Slashdot reader. I can make up my own mind, thank you.


  • I saw a program on PBS not 5 minutes ago where a Symantec spokesperson was saying that online privace is really basically the responsibility of the users :)

    ...Oh, and we just happen to have a product for that...
  • by Black Parrot ( 19622 ) on Monday June 19, 2000 @05:53PM (#991175)
    I'm really sick of all the US {hype, vaporware} about "land of the free and home of the brave", "of/by/for the people", etc, when it actually ranks behind so many other nations in so many important ways, and our elected officials are always doing their darndest to set us further behind.

    Whatever happened to the spirit behind the Bill of Rights?

  • hey, I'm a privacy nut so don't get me wrong. I enhance my privacy by not participating in all sorts of things that might benefit me. But the flip side of privacy is the freedom to gather information. Do you thing other people should control information that you accumulate? Should they be able to tell you what you can do with your knowledge? The US economy is 1000 times more robust than European economies because we allow people with ideas to exploit them.

    So, while I'd like to see more privacy here in the US, I'd definitely not like to see more European economic schlerosis.

    And don't think they have much privacy there either. Norway, for example, makes your income tax return public. Sure, companies can't use it, but they print it in the newspaper if it is interesting. I'm not kidding.

  • You know, speaking of cotton-swabs, though, the Stasi used to build massive scent archives of citizens, by taking small squares of cloth and wrapping foil over them and the area from which they're absorbing the scent. Then they put it in an air-tight jar for use... whenever.

    I assume the idea was so that they could use dogs to track down or identifiy specific people based on these databased scents, but there were probably even more sinister uses intended, I'm guessing (not that this wasn't sinister enough, but after all -- the Stasi were the ones who had a whole nation of people spying on each other).

  • Even from the standpoint of the government, an SSN has to be a horrible choice, wraught with problems.

    For starters, it is only nine digits. That means that we'll run out of numbers just shy of the billionth record.

    An SSN also has no check-bit. That is, VINs on an automobile have seventeen digits, but the seventeenth is used to verify the accuracy and legitimacy of the other sixteen. Without such an additional number in an SSN, it's very easy to just make up a number. Also, since numbers are not given out in specific birth order, there is no rhyme or reason to say "This person is 40 years old, but their SSN number's range suggests they should only be 25".

    It's too bad the SSN has become such a massively unique identify -- but such a poor one. On one hand, I have a name. I'm not just some record in a database's table somewhere. But then again, I am. And sometimes I wonder if perhaps we should all just say "fuck it" and let people and governments document, track and video-tape us to death.

  • According to things I've recently been reading, some 50% (and more) of all credit reports on individuals have detrimentally inaccurate information and, although you have the right to contest and correct these errors or omissions, they are rarely followed through.

    One of the best examples is from the book, Database Nation. It seems that Equifax (as well as the other two major credit rating companies) will occasionally correct your report, only to buy "new" reports from other agencies and companies to keep their own records "up to date". But the reports they buy from the other companies have yet to be updated, so they end up reintroducing the originally false data again. The vicious circle repeats.

    It's no wonder some of these middle aged suburban dudes end up shooting up fast food joints...

  • Seriously, for all the (understandable) bluster about privacy, we have not yet gotten to the point that online privacy isn't easy to have. Just like I don't want anyone to hack or flood my box, therefore I run a firewall (Black Ice), I don't want applications uploading info about me so I run an "internal firewall" called Zone Alarm which allows me to forbid any but permitted apps from sending packets. I don't want advertisers to track me with cookies, so I set cookie permissions through Junkbuster Proxy and have the added benefit of blocking ads altogether, plus quashing the "refer" and "user-agent" headers. I protect my "real" e-mail from spammers by having throw-away addresses for USENET and other public posts. If any website I visit demands a home address, and actually checks the validity of the address I enter, I pick a random name and address from an online directory (underhanded but it works)--otherwise I just write "fuck you" on every line of the form.

    At first look that seems like it might be a lot of work, but it isn't. All of those applications are set up with a few clicks (even Junkbuster, text-based, has pre-made blockfiles available), and no detailed info is necessary--there is zero learning curve for the average Windows user. The trick is convincing the average windows user to install a few privacy-safeguarding firewall apps, to not accept or delete cookies from all but sites they want to give info to, and to submit false information to anyone who wants their address online. If people could be convinced to take similar safeguarding actions, then companies would cease to bother gathering such data in the first place. As I said, the trick is educating the public--the actual safeguarding of online privacy is quite easy, even for an average Win user.

    The threat comes when even such simple safeguards as installing some software and not giving a real address can no longer work. Right now it takes minimal efforts to protect privacy, but it's foreseeable that companies will create ways of locking us in. If there's ever infrastructure to connect data about the ISP used by a particular address, for example, to visitors' IPs, it would make it more difficult to simply give false information to websites which demand addresses. Likewise, if every site demanded cookies and malfunctioned without them, it would be a bit more difficult to keep private although you could still keep cookies persisten on a per-session basis.

    People are so pissed off about online companies trading information about consumers. But the real answer is educating consumers not to give up personal information in the first place, because then there's nothing for companies to trade. Doubleclick knows nothing about my online habits and never will.

    The real threat is offline privacy, not online. Credit companies are evil, with intimate details of your buying habits available to them through non-Internet sources. Few people understand that when they sign up for a "club card" at a grocery store, every item they buy with it is recorded for posterity, from food to drugs to hygeine products. Few people realize that if they ever fail to pay a bill on time, even a magazine subscription or something else small it can linger in the files of credit bureaus for all time and fuck with their credit ten years down the line. Few people realize that their banks are required to report all sorts of sensitive financial data to the government thanks to laws purportedly designed to make it easier to force payments from deadbeat dads, but which apply to everyone with a bank account. Few people realize that the FBI knows exactly how many guns you own and what type (unless you bought them in a private sale), not for the public's protection but so that whenever the type of gun you own is outlawed they can knock on your door to collect it.

    In short, worry more about privacy off-line than on-line. There are steps you can take online, but off-line you're fucked.
  • by efuseekay ( 138418 ) on Monday June 19, 2000 @06:00PM (#991204)
    while EU is multiple governments.

    The problem with the US is that privacy laws are often dictated by big mega corporations (via their lobbies to your local congresspeople). Of course, the more the megacorps have info over your lives, the better!

    In EU, it's harder for megacorps to exert such control because they have multiple govs to "lobby" (if even possible). So the privacy laws (or any laws) are often formed by consensus between govs, which is usually more pro-consumer (democratic govs have little to gain from knowing what the public fav. channels are...) than pro-business.

  • by Seumas ( 6865 ) on Monday June 19, 2000 @06:01PM (#991205)
    I'm going to plug the book Database Nation [] again, because it is something I just picked up and have not been able to put down. It's fascinating how many ways we're being taped, catalogued, archived, indexed, cross-referenced...

    It isn't just online, either. Let me review the most recent events that have really irritated me in this regard:

    I've recently moved and PG&E wanted my social security number, to turn on the electricity. I debated it and they very nearly refused to work with me, only giving in at the very end when I threatened to contact the utilities commission.

    Pacific Bell required my social security number to initiate phone service. I refused and, only after speaking with a manager, was allowed to decline. In addition, they required a fee for not publishing my name in the phonebook. And, to add further insult, asked if I would be willing to sign up for junkmail from them and their co-operative companies which "might be of interest". In other words, they want to sell my name and address and phone number to every dick trying to make a quick buck.

    California DMV
    The DMV was the worst experience. I wasn't even getting a license, but only a State ID. First, they required my social security number. It was my understanding that this could not be required of me. In fact, there are only very few agencies (all of them government agencies, other than your employer) who can require this. In fact, most government agencies are supposedly not allowed to require or request this information of you.

    Not only did the DMV require it (the manager and supervisors told me I could leave if I refused to provide it and said that there was absolutely no possibility of ever getting an ID or license without this information -- which I'm not sure serves any honorable purpose other than just gathering data).

    Second, they required that I sign my name with a stylus on a digital pad. I usually sign my name with a flared hash mark across the entire last name. The person manning this stylus told me the computer would not accept such overlapping signatures and that it would not be valid; do it again.

    "Not valid?!" I asked, shocked, "How can it not be valid? That's how I sign my name!"

    "Well, it won't accept it. Sorry," was the reply.

    "Then the signature on my StateID will be invalid, because it isn't the signature I use everywhere else. Doesn't that invalidate the whole thing?"

    Besides, since most people verify your signature by comparing it to the one on your ID card or license, this means that your real signature is no longer valid, thanks to the DMV!

    Further, the digitized signature that was sent on my ID card six weeks later (another gripe, considering in Oregon, I can go in and have my card or license in my hand when I walk out fifteene minutes later), was nothing like my real signature, even without consideration of the flared hash that it should have had across it. It looked like some etch-a-sketch hack by a two year-old Pablo Picasso.

    The final straw was just before I went to have my picture taken at the other end of the DMV office. They thumb-printed me. With a little digital scanner. I couldn't believe this was legal! What happens next year, they require a pinky print? Then an index finger? How in the hell is it that the police department isn't allowed to just require everyone in the world to provide prints, but the DMV can? And to say "well, don't get a license or an ID card" is rediculous. You can't cash a check, work anyone, or rent a video without ID.

    And, last of all -- after providing a print, the guy behind the counter took a small one inch square cotton-like swab, wrapped cleaned off the scanner, and took the swab into the back of the office with my paper work.

    Okay, I'm not a conspiracy theorist and I'm not the avid ArtBell listener or anything, but this struck me as at least a bit odd. In one visit, you are basically giving them your address, work information, birth certificate, social security number, mother's maiden name, photograph, signature (that invalidates your real one?!), a thumb-print and DNA?

    I'm probably crazy. My mind must have been overly imaginative that day. I mean, would my own government be hording all this information, including prints and DNA off in a massive archive somewhere? Surely, not.... *cough*

  • by goingware ( 85213 ) on Monday June 19, 2000 @06:06PM (#991211) Homepage
    Please read my page Why You Should Use Encryption []. This explains why ordinary people, even your mother and your kids, ought to be using secure encryption.

    Also read my note Secure Email Download with SSH [] on the Be Tip Server. While the tip is BeOS specific, the basic ideas work fine on other operating systems.

    Of course, to download your mail via SSH, you'll need a hosting service that provides it at their end, which is why I recommend Seagull Networks. [] Note that if you upload content to your website with FTP, you're exposing your password to network sniffers. Seagull Networks allows you to use secure copy (scp) for this so your password remains secure.

    Finally, I use the Linux Encrypting Kernel [] under Linux and PGPDisk [] under Windows to keep important personal info like my Quicken checkbook, and confidential business information like the source code I'm writing for my clients encrypted on my laptop so the theives won't have them if my computer is stolen.

    With either one you can create a big file that when mounted with a passphrase is accessible like any ordinary filesystem. I have even found that I can run MPEG movies off a PGPDisks with no loss in playback quality on my laptop [] which has a 450 MHz Pentium III.

    Finally read the Forum on Risks to the Public in Computers and Related Systems for significant discussions on privacy issues. It is available as comp.risks [comp.risks] on the Usenet News and on the web at [].

    Do you think Microsoft takes care to protect your privacy when designing its products? Guess again.

    I recently received a legal document as part of a personal negotiation that I am doing. The document was e-mailed to me in MSWord format. As I was showing it to my lawyer (who happens to be my wife), we decided to put our thoughts inline using the track changes feature of word. After selecting Tools, and Track Changes, we clicked on "Highlight changes in document" and voila, suddenly a whole bunch of red appeared on the screen. We looked at it closely and realized that everything in red represented changes in the document that my counterpart's lawyer had written. We got a good look at the previous version of the contract, as well as a bunch of comments and justifications that the lawyer wrote to his client. It was an eye opening experience.

    It appears that instead of selecting "Accept all changes" before sending it to me, the other party to the contract simply turned off the highlighting to the track changes feature.

    This is obviously a case of an unsophisticated person misusing a feature. However, it is very dangerous. Lawyers send word documents around all the time, and many of them do not really understand all the features that they use, nor should they have to. I imagine that I was not the first person to see some behind the scenes conversation in an important word document, that I was never intended to see.

  • Do you really want others to "Enforce" your privacy?
    If it has to be strong-armed, do we really want it?

    Ever notice how fast Windows runs? Neither did I!
  • I like your post, really. Each time I have posted a somewhat not-pro-American comment, I got flamed to death, which hurts since I do belileve not all Americans are bad. Heck, I'm a European and I still consider most people on this planet are dumber than a bag of hair. The thing is Europeans usually don't try to take all the credit for everything *good* that's done on this small globe surfing around a medium star on the East side of the galaxy.

    As to the privacy issue, it all depends on *how* your personal information is used. Recently, I was living and working in Finland (boy this country is wired, even wirelessly) and for everything they ask for your Social Security number, even for subscribing to magazines! Basically, half of the country has access to your record, at least parts of it. Now, I don't know what they actually do with all this, but they haven't tried to bother me for anything, nor they have to any of my Finnish friends.

    I now live in Switzerland, where we had a huge scandal some 10 years ago about the Federal government filing nasty info about most citizens, like their political beliefs. Even though the system is no longer, officially, in use there are remnants of it coming to the surface every now and then. But then again, I have never been bothered even though I used to piss in parked police cars.

    I have lived in France for 20 years (my whole childhood), and have discovered the French Army had a pretty thick pile of info about me (I happen to be a French citizen by mistake). Don't ask me *how* I knew about this, but I *do* know. Still, France has a powerful agency (with the set of laws that goes with it) that keeps checking if your personal info isn't misused. Legally, you can access your data and deny the spreading of it at any time. Pretty ironic when you know France is the least connected country in Europe.

    As for my various European experiences, I have never been bothered by government agencies. I have travelled outside of Europe and found, for instance, that citizens of the USA actually have much less freedom than us 'poor Europeans'. Indeed, as some /. poster pointed out, 98% of Europeans have the right to grow up outside of poverty, violence and other things that plague 22% of young Americans. IMHO, this is one of the things that will guarantee your most fundamental freedom, your right to think freely with the educational background that will let you make a mind of your own.

    In Europe, we might not enjoy the same economics burst the USA enjoy, but there are much less "fractures" in the society. Therefore, I suppose (I can be wrong here) our social-democrat model works better than the almighty American liberal system. The richest people are American, but the poorest ones are *also* American. I'd rather have a bit less money and be able to make my own sound opinions thanks to a rich educational background than being filthy rich and still be a moron à la Bill Gates who doesn't respect anybody.

    Americans are, IMHO, stupidly nationalist by refusing to see that anything good can be made East of New York Fuckin'City and West of the L.A. warzone. In Europe, we take longer to do things but at least we try to make those things a bit more accessible to the common good.

    You can now switch the flamethrower on.


  • Government data privacy laws are a mixed bag at best.
    Not only is it hard to figure out what privacy means in a way that enhances your
    privacy without ripping off mine,
    but there's an inherent contradiction between the agencies in government who might benefit from
    providing protection laws and most other agencies who are doing data collection,
    which will resist any regulation that interferes with them requiring businesses and individuals
    to use Social Security Numbers, Taxpayer ID numbers, and other centralized identifiers and databases that
    the agencies need or want. The economics of computers and communication (cheap and getting massively
    cheaper all the time) make private data correlation valuable and easy already, and with mandatory
    use of common database keys (SSNs are great, but even telephone numbers or name+address work surprisingly well),
    there's minimal incentive for businesses to structure their databases in ways that are hard to correlate.

    European data privacy laws don't just control big annoying corporations in ways that
    don't affect you - they also let governments into everybody's computers,
    including yours and including corporations that have records on you.
    In some countries, they make it illegal to keep databases of any kind of personal information online
    unless you register them with the government.

    • Have you registered your online address book with them?

    • Or the email from your girlfriend with her phone number?

    • Or the mailing list for your anti-nuclear group

    • or your church

    • or your football team

    • or your anarchist literature-and-beer-drinking society?

    There's a good article on
    Swedish network regulations []
    - the early ones banned computer conferencing systems [],
    because they were on computers, and might have discussions including the names of
    participants, or their religious or political views, etc.
    They've calmed down a bit, but not enough.

    In some countries, including Sweden and the US, it's safer if you're a journalist,
    because there are press freedom laws protecting the privacy of journalists' work.
    Of course, in Cyberspace, everybody can be a journalist.
    You've probably got Journalistic Works In Progress, which have special legal protection, on your home computer, haven't you?
    ......... No? Well, then go write some!
    However, it's not safe []
    to be a journalist everywhere.

    On the bright side, if European Data Protection Laws don't let you keep personal records, your anonymous remailer really can't go keeping logs, can it?

    (Most of this rant is on my web pages. [])

    David Brin [] has written a lot of stuff about privacy, particularly
    The Transparent Society, about how the economics of surveillance, cheap cameras, and databases are unstoppable, so give up and focus on the important issue, which is making sure the public can watch the government so it behaves itself. I don't agree with it all, but he makes a lot of good points.

  • The US is not a single government. It's a bunch of agencies and individual politicians with different agendas, different constitutencies, and different long-term and short-term activies. There are clues about lots of things scattered throughout the government - but very few people there have lots of clues, and some of them use the good clues as warnings about things that will interfere with their own plans. Some examples:

    • Bureaucracies always want more information because it makes their jobs easier.
    • Bureaucracies don't mind telling other people what to do - even if they're well-intentioned, this gives them more power and control. Other bureaucracies are better at avoiding being regulated than the general public is. So agencies like the Federal Trade Commission are happy to produce Privacy Law regulations that apply to corporations, even though most of the rest of the government wants to collect data for government use.
    • Computers make it very cheap and easy to correlate information, especially if there are common identifiers like SSNs, but even name+address works pretty well. So corporate data mining can always piggyback on government-mandated information collection, and short-term convenience to the bureaucrats is more important than long-term privacy protection, so piggybacking can always win.
    • Tax agencies want everybody to use highly traceable identification in everything they do, so they want SSNs or other taxpayer IDs in everything. Particularly, they want employer s to have SSNs for all their employees, which makes it convenient for employers to use those to track employee records, and use these with medical care providers.
    • Government-paid Medical Care need all the data collection it can get, partly to provide better care for individual patients, but primarily to prevent the system from being massively ripped off by medical service providers. Private medical insurance companies have the same problem. So everybody you deal with in the medical business has to use SSNs for dealing with Medicare, and the insurance companies need to use them for correlating with Medicare, so they basically require them for everything.
    • Medical privacy protection advocates in the Federal government aren't going to get rid of pervasive SSN use or coordination of information collection - it's too valuable to the providers. Everything else they can do is nice, but it's pretty much window dressing.
    • "Law Enforcement" usually lobbies for more laws to give them more things to enforce.
    • Some laws have victims who will complain to the police if they're violated - but many laws, such as victimless crimes and tax evasion, require privacy invasion to enforce them, because the participants have no desire to tell the police about them. Some of us think those laws are mostly bad (:-), but police are constantly encouraging the creation of laws and regulations that reduce privacy so they can do their jobs.
    • Motor Vehicle Departments are inherently privacy-invasive - and to the extent that they perform a useful function of keeping bad drivers off the road, there's a high incentive for bad drivers to evade them, so they've got a high need to collect more information and correlate it with each other, so again they want National IDs like SSNs.
    • Because the right to travel is critical to everybody, motor vehicle licensing is a convenient handle for politicians to hang their own agendas on - like harassing Deadbeat Dads and immigrants. So DMVs in places like California sometimes insist on citizenship papers, because everybody knows that you can't drive safely while speaking Spanish. (That doesn't mean other government agencies don't require them to print materials in Spanish and Chinese, but it's who the laws are written for.)
    • Traffic flow cameras - big cities like New York and San Francisco and LA have horrendous traffic problems, and cheap cameras make it easier to manage. When San Francisco was planning to shut down the Central Freeway a couple years ago, they used the traffic cams to take pictures of license plates of cars entering the road, looked up the license plates of the cars, and sent postcards to the owners asking them to take a different route. Worked pretty well. They didn't use fancy OCR technology, since it didn't need to be done in real-time - they just had a bunch of cheap labor read the videos of the plates. Prisoners used to make license plates, now they read them....
    • National Security and Terrorism - Sure, the right way to prevent terrorism is to have foreign policies that don't piss off people in small countries, and "terrorism" is mainly used as an excuse for increased power for various government agencies, who tend to cooperate in getting resources. But suppose for argument's sake you think about the job seriously for a minute, from the perspective of a well-intentioned government employee who wants to try to prevent people who are already pissed off from doing Bad Things. It's a scary, difficult problem, and the main things you can do about it are maximize the amount of privacy-invading technology you've got available when you need it, maximize the amount of data collection you've got to track potential threats, like foreigners from little countries, before they do things, keep the population in a state of mild fear so they'll always show their papers at airports and let you search their bags, and so dumber Bad Guys will decide they can't get away with things - you can't stop smarter Bad Guys, but if you discourage most of the dumb ones it's easier to catch the few dumb ones who try. And you'd multiply your resources by getting airlines to collect information and track people for you,
  • Exactly where in that article does it talk about the "US lagging behind Europe in privacy standards"?

    Oh, I don't know...maybe here?

    "Unlike the United States, in Europe, each of the European countries has a very comprehensive set of protections for the privacy of its citizens," says Fordham University law professor Joel Reidenberg.

    While you might think the European approach inplies all sorts of onerous bureaucracy and government interference, I read the relative indifference of the U.S. government as a sign that the government I help to pay for is not looking out for my interests. I'd rather see the taxes I'm going to pay anyway look out for me, rather than fund corporate welfare for some organization I'll never own stock in.

    Something to think about...

Wasn't there something about a PASCAL programmer knowing the value of everything and the Wirth of nothing?