Re: Privacy qua privacy (Was: Photographer Arrested For Taking Pictures...)

[Bill Stewart]

At 09:49 AM 12/31/2002 -0800, Kevin Elliott wrote:

Interesting point on grocery cards...  Why do they have your name at all?


Remember when people used checks and had check cashing cards
at grocery stores?  Some grocery store chains used courtesy cards
to replace that function.  More importantly, early in the game,
they collected as much information as they could,
hoping they could use it somehow for marketing reasons,
though in practice they can do almost as well without it,
so they don't care too much; they'd rather give you a card
with fake information than not give you a card,
even if it means that when their clerks are trying to
present the image of friendliness and personal relationships
by saying "Thanks, Mr. Myxpklkqws" they can't pronounce it.

Some of the stores do try to build more brand loyalty by
giving you things if your spending totals are high enough,
though the store I used to go to would reward you with a
ham at Christmas; perhaps that sort of thing appeals to
carnivorous goyim

Meanwhile, the most important uses are correlating
purchases of different types of items, so they know whether
advertising chicken will bring in customers who also buy
barbecue sauce or chardonnay or tortilla chips.

Re: Privacy qua privacy (Was: Photographer Arrested For Taking Pictures...)

[Adam Shostack]

On Tue, Dec 31, 2002 at 09:49:28AM -0800, Kevin Elliott wrote:
| At 12:12 -0500  on  12/31/02, Adam Shostack wrote:
| >Rummaging through my wallet...a grocery card in the name of Hughes, a
| >credit card with the name Shostack, and an expired membership card in
| >the name Doe.
| 
| Interesting point on grocery cards... Why do they have your name at 
| all?  Every grocery card I've ever gotten they've said "here's your 
| card and application, please fill out the application and mail it 
| in".  I say "thank you ma'am", walk out the door and toss the 
| "application" in the trash.  Not exactly strong (or any) name 
| linkage...

Pollution.   Cards without names can be purged, cards with names
confuse them.  Is that the same Mr. Hughes with Richard Nixon's SSN
who seems to shop vegitarian in San Jose, but buys pork in large
quantities in Oakland?  And look, Mr. Clinton here lives at the same
address...

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
   -Hume

Re: Privacy qua privacy (Was: Photographer Arrested For Taking Pictures...)

[Kevin Elliott]

At 12:58 -0500  on  12/31/02, Adam Shostack wrote:

On Tue, Dec 31, 2002 at 09:49:28AM -0800, Kevin Elliott wrote:
| At 12:12 -0500  on  12/31/02, Adam Shostack wrote:
| >Rummaging through my wallet...a grocery card in the name of Hughes, a
| >credit card with the name Shostack, and an expired membership card in
| >the name Doe.
|
| Interesting point on grocery cards... Why do they have your name at
| all?  Every grocery card I've ever gotten they've said "here's your
| card and application, please fill out the application and mail it
| in".  I say "thank you ma'am", walk out the door and toss the
| "application" in the trash.  Not exactly strong (or any) name
| linkage...

Pollution.   Cards without names can be purged, cards with names
confuse them.  Is that the same Mr. Hughes with Richard Nixon's SSN
who seems to shop vegitarian in San Jose, but buys pork in large
quantities in Oakland?  And look, Mr. Clinton here lives at the same
address...


I see.  I guess I'll have to fill out the damn form the next time I 
get a card.  I don't actually visit the store now that safeway.com 
delivers .
--
___
Kevin Elliott   
ICQ#23758827   AIM ID: teargo
___

Re: Privacy qua privacy (Was: Photographer Arrested For Taking Pictures...)

[Kevin Elliott]

At 12:12 -0500  on  12/31/02, Adam Shostack wrote:

Rummaging through my wallet...a grocery card in the name of Hughes, a
credit card with the name Shostack, and an expired membership card in
the name Doe.


Interesting point on grocery cards... Why do they have your name at 
all?  Every grocery card I've ever gotten they've said "here's your 
card and application, please fill out the application and mail it 
in".  I say "thank you ma'am", walk out the door and toss the 
"application" in the trash.  Not exactly strong (or any) name 
linkage...
--
___
Kevin Elliott   
ICQ#23758827   AIM ID: teargo
___

Re: Privacy qua privacy (Was: Photographer Arrested For Taking Pictures...)

[Adam Shostack]

On Tue, Dec 31, 2002 at 01:21:52AM -0800, Bill Stewart wrote:
| At 03:57 PM 12/19/2002 -0500, Adam Shostack wrote:
| >On Mon, Dec 16, 2002 at 04:56:12PM -0500, John Kelsey wrote:
| >| I think this would help, but I also think technology is driving a lot of
| >| this.  You don't have to give a lot more information to stores today than
| >| you did twenty years ago for them to be much more able to track what you
| >| buy and when you buy it and how you pay, just because the available
| >| information technology is so much better.  Surveilance cameras, DNA
| >| testing, identification by iris codes, electronic payment mechanisms that
| >| are much more convenient than cash most of the time, all these contribute
| >| to the loss of privacy in ways that are only partly subject to any kind 
| >of
| >| government action (or inaction) or law.
| 
| But you *do* have to provide a lot more information to your bank
| than you used to, and to your mailbox company, and to the government-run
| post-offices that can bully private mailbox companies around,
| and to hotels, and to driver-safety-and-car-taxation enforcers,
| and to airlines, because governments either require them to collect more,
| or encourage them to collect more data, and to collect it in forms that
| are easier to correlate than they have been in the past,

What's information, Mr. Smith?  If I walk in and say my name's John
Doe, here's my cash, and there isn't any government ID, who can
question me?

| >Yep.  A lot of it, however, freeloads on the government certification
| >of identity.  Without the legal threats, it would be much harder to
| >assemble the data.  (Other things, like credit, also become much
| >harder. That may become less of an issue as id theft makes credit
| >visibly a two-edged sword.
| 
| While some of it is freeloading on the identity certification,
| much of it is done because it's so cheap to do so they might as well,
| and it's cheap because of the government regulations
| as well as because computation keeps getting radically cheaper.

The cheap to do is freeloading.  If you take all the government issued
ID out of your wallet, how much of what's left has the same name on
it?

Rummaging through my wallet...a grocery card in the name of Hughes, a
credit card with the name Shostack, and an expired membership card in
the name Doe.

If I pull out all three, the cost of doing it shoots way up, and I pay
in cash.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
   -Hume

Re: Privacy qua privacy (Was: Photographer Arrested For Taking Pictures...)

[Adam Shostack]

On Mon, Dec 16, 2002 at 04:56:12PM -0500, John Kelsey wrote:
| At 12:53 PM 12/15/02 -0500, Adam Shostack wrote:
| ...
| >I think that a law which re-affirmed the rights to be anonymous, to
| >call yourself what you will, to be left alone, to not carry or show ID
| >would transform the debate about privacy into terms in which the issue
| >could be solved.  (At least as it affects private companies.)
| >Companies would be able to do what they want with your data as long as
| >you had a meaningful and non-coercive choice about handing it over.
| 
| I think this would help, but I also think technology is driving a lot of 
| this.  You don't have to give a lot more information to stores today than 
| you did twenty years ago for them to be much more able to track what you 
| buy and when you buy it and how you pay, just because the available 
| information technology is so much better.  Surveilance cameras, DNA 
| testing, identification by iris codes, electronic payment mechanisms that 
| are much more convenient than cash most of the time, all these contribute 
| to the loss of privacy in ways that are only partly subject to any kind of 
| government action (or inaction) or law.
| 
| The records are being created and kept by both government and private 
| entities.  The question is whether to try to regulate their use (with huge 
| potential free-speech issues, and the possibility of companies being able 
| to, say, silence criticism of their products or services) or leave them 
| alone (with the certainty that databases will grow and continue to be 
| linked, creating pretty comprehensive profiles of almost everyone's 
| reading, musical, spending, and travel patterns, and with anyone who takes 
| serious measures to avoid being profiled having obvious gaps in their 
| profiles to indicate their wish for privacy in some area).

Yep.  A lot of it, however, freeloads on the government certification
of identity.  Without the legal threats, it would be much harder to
assemble the data.  (Other things, like credit, also become much
harder. That may become less of an issue as id theft makes credit
visibly a two-edged sword.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
   -Hume

RE: Privacy qua privacy (Was: Photographer Arrested For Taking Pictures...)

[Vincent Penquerc'h]

Title: RE: Privacy qua privacy (Was: Photographer Arrested For Taking Pictures...)





> anyone who takes 
> serious measures to avoid being profiled having obvious gaps in their 
> profiles to indicate their wish for privacy in some area).


Oh yes, so true. I'm always paying in cash, but everytime I do so,
I'm wondering what stupid nut will spot that in a database, label
me a terrorist, and send probes in other databases, just because
I think pretty much everything banks give you is laughable from a
security standpoint (I don't care whether they take the cost of
fraud or not, it's just laughable - you have a secret code supplied
with your card and banks routinely accept payments from a card
without the code - and it's a 4 digit code for fuck's sake, it's
not like it was a high entropy private key or something!)
But some would say I'm a ranting paranoid. Which I probably am.


-- 
Vincent Penquerc'h 

Re: Privacy qua privacy (Was: Photographer Arrested For Taking Pictures...)

[John Kelsey]

At 12:53 PM 12/15/02 -0500, Adam Shostack wrote:
...

I think that a law which re-affirmed the rights to be anonymous, to
call yourself what you will, to be left alone, to not carry or show ID
would transform the debate about privacy into terms in which the issue
could be solved.  (At least as it affects private companies.)
Companies would be able to do what they want with your data as long as
you had a meaningful and non-coercive choice about handing it over.


I think this would help, but I also think technology is driving a lot of 
this.  You don't have to give a lot more information to stores today than 
you did twenty years ago for them to be much more able to track what you 
buy and when you buy it and how you pay, just because the available 
information technology is so much better.  Surveilance cameras, DNA 
testing, identification by iris codes, electronic payment mechanisms that 
are much more convenient than cash most of the time, all these contribute 
to the loss of privacy in ways that are only partly subject to any kind of 
government action (or inaction) or law.

The records are being created and kept by both government and private 
entities.  The question is whether to try to regulate their use (with huge 
potential free-speech issues, and the possibility of companies being able 
to, say, silence criticism of their products or services) or leave them 
alone (with the certainty that databases will grow and continue to be 
linked, creating pretty comprehensive profiles of almost everyone's 
reading, musical, spending, and travel patterns, and with anyone who takes 
serious measures to avoid being profiled having obvious gaps in their 
profiles to indicate their wish for privacy in some area).

Some kinds of privacy are, IMO, in the process of all but 
disappearing.  Other kinds are being made possible by technology, which 
would never have even been possible before, but it's not at all clear 
they'll really come into being for many people.  (How many people are sure 
their machines are secure against the best spyware the feds can come up 
with?)

...
Adam


--John Kelsey, [EMAIL PROTECTED]