Holding PTrei accountable.
Make corporations financially liable if they fail to provide a service due to a cyberattack. Their insurance firms will then start to require standards in a much more diverse and flexible way than legislation would. This is similar to how bank vault and safe standards were improved during the last century. Peter Trei I am holding you accountable for everyday you stay with a 'golden shield' Company. You were warned. Companies didn't pull out of apartheid SA till they were held accountable.
RE: Random Privacy
Said Greg Vassie: Right now, the rate of falsification on Web surveys is extremely high, says Dr Ann Coavoukian, the commissioner of information and privacy in Ontario, U.S.A. People are lying and vendors don't know what is false [or what is] accurate, so the information is useless. As a resident of Ontario, Canada, I'm quite surprised to learn that Ontario has been annexed by the United States. .. Heh-heh: the author must be lying. .. Blanc
Re: Random Privacy
On Sat, 21 Sep 2002, R. A. Hettinga wrote: Ontario, California? You will laugh, but some unattentive air travellers sometimes confuse these two :) Of course, California is another country. :-).
Re: Random Privacy
On Saturday, September 21, 2002, at 09:29 AM, Tim May wrote: Not a new idea. Ted Nelson (IIRC) wrote about using coin flips to randomize AIDS poll questions. (Have you engaged in unprotected sex? Flip a coin and XOR it with your actual answer.) I remember talking to Eric Hughes, Phil Salin, and others around 1990-91 about this. (However, IBM is probably busily copyrighting their new invention, just as Intel copyright their recent invention of the anonymous remailer.) I meant patented in both cases. Part of the continuing idiocy of our patent system, when obvious prior art going back more than a decade counts for nothing in the blizzard of patents. --Tim May
Re: Random Privacy
Greg Broiles wrote about randomizing survey answers: That doesn't sound like a solution to me - they haven't provided anything to motivate people to answer honestly, nor do they address the basic problem, which is relying on the good will and good behavior of the marketers - if a website visitor is unwilling to trust a privacy policy which says We'll never use this data to annoy or harm you, they're likely to be unimpressed with a privacy policy which says We'll use fancy math tricks to hide the information you give us from ourselves. That's not going to change unless they move the randomizing behavior off of the marketer's machine and onto the visitor's machine, allowing the visitor to observe and verify the correct operation of the privacy technology .. which is about as likely as a real audit of security-sensitive source code, where that likelihood is tiny now and shrinking rapidly the closer we get to the TCPA/Palladium nirvana. On the contrary, TCPA/Palladium can solve exactly this problem. It allows the marketers to *prove* that they are running a software package that will randomize the data before storing it. And because Palladium works in opposition to their (narrowly defined) interests, they can't defraud the user by claiming to randomize the data while actually storing it for marketing purposes. Ironically, those who like to say that Palladium gives away root on your computer would have to say in this example that the marketers are giving away root to private individuals. In answering their survey questions, you in effect have root privileges on the surveyor's computers, by this simplistic analysis. This further illustrates how misleading is this characterization of Palladium technology in terms of root privileges.
Re: Random Privacy
On Saturday, September 21, 2002, at 09:29 AM, Tim May wrote: On Saturday, September 21, 2002, at 02:16 AM, Blanc wrote: Interesting little article from http://pass.maths.org.uk/issue21/news/random_privacy/index.html: Excerpt: How old are you? How much do you earn? Not a new idea. Ted Nelson (IIRC) wrote about using coin flips to randomize AIDS poll questions. (Have you engaged in unprotected sex? Flip a coin and XOR it with your actual answer.) I remember talking to Eric Hughes, Phil Salin, and others around 1990-91 about this. (BTW, as you probably know or can imagine, there have been crypto methods proposed for safeguarding certain kinds of data collection, e.g., schemes using random coin flip protocols for answering questions like Are you homosexual? (supposedly useful for public health planners trying to deal with HIV/AIDS issues. The idea is that the pollee XORs his answer with a random bit. His answer then doesn't _implicate_ him, but overall statistics can still be deduced from a large enough sample.lawmakers will try to take us down the first path. Cordian correctly points out that merely XORing with a random bit gives the same statistics as the random bit(s). Now that I think about it, I recollect the proposal was something along these lines: Alice is confronted with a question with a yes or no answer. She flips a coin. If the outcome is H, she answers the question honestly. If the outcome is T, she then flips another coin and gives that outcome as her answer. Half the population of pollees is ostensibly answering honestly, the other half is randomizing. No particular person can be linked to an answer. More sophisticated versions, as I recall, had more complicated series of coin tosses (to reduce noise). --Tim May
Re: Random Privacy
At 12:32 PM -0400 on 9/21/02, Adam Shostack wrote: | Ontario, U.S.A. People are lying and vendors don't know what is false [or | what is] accurate, so the information is useless. | | As a resident of Ontario, Canada, I'm quite surprised to learn that | Ontario has been annexed by the United States. Randomized geography. :) Ontario, California? Of course, California is another country. :-). Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: All your canadians are belong to us
On Sat, 21 Sep 2002, Major Variola (ret) wrote: At 11:08 AM 9/21/02 -0400, Greg Vassie wrote: says Dr Ann Coavoukian, the commissioner of information and privacy in Ontario, U.S.A. People are lying and vendors don't know what is false [or As a resident of Ontario, Canada, I'm quite surprised to learn that Ontario has been annexed by the United States. Ontario, California? No, Ontario, Canada: http://www.ipc.on.ca/ http://www.cfp2002.org/advisoryboard/cavoukian.shtml -MW-
Re: Random Privacy
On Sat, Sep 21, 2002 at 10:29:16AM -0700, Tim May wrote: | On Saturday, September 21, 2002, at 09:29 AM, Tim May wrote: | | Not a new idea. Ted Nelson (IIRC) wrote about using coin flips to | randomize AIDS poll questions. (Have you engaged in unprotected sex? | Flip a coin and XOR it with your actual answer.) I remember talking to | Eric Hughes, Phil Salin, and others around 1990-91 about this. | | (However, IBM is probably busily copyrighting their new invention, | just as Intel copyright their recent invention of the anonymous | remailer.) | | I meant patented in both cases. | | Part of the continuing idiocy of our patent system, when obvious prior | art going back more than a decade counts for nothing in the blizzard of | patents. Worse, patent attorneys tell me that pointing out prior art while a patent is being 'prosecuted' tends to weaken your case against it later if the patent examiner doesn't reject the thing whole cloth, because now the prior art has been considered. The one obvious part of the answer is to raise the cost of getting patents such that its worth the time of regular filers to consider if they want the patent, and such that patent examiners are paid well enough that they don't all leave in 3 years. (I say regular filers because there may be a good argument that small inventors should not be shut out of the system. Of course, they already are, because its close to impossible, even for an experienced practitioner to avoid any mistakes these days, which is why you often see half a dozen closely related patents on the same invention.) For example, IBM is granted something on the order of 1000 patents per year. The cost to them? A few million dollars. If the cost on the 50th patent was a million bucks, then perhaps they'd abuse the system less. I don't think Edison ever got 50 patents in a year, and lord knows he was more inventive than all of IBM. :) Adam -- It is seldom that liberty of any kind is lost all at once. -Hume
All your canadians are belong to us
At 11:08 AM 9/21/02 -0400, Greg Vassie wrote: says Dr Ann Coavoukian, the commissioner of information and privacy in Ontario, U.S.A. People are lying and vendors don't know what is false [or As a resident of Ontario, Canada, I'm quite surprised to learn that Ontario has been annexed by the United States. Ontario, California?
Re: Random Privacy
On Sat, Sep 21, 2002 at 11:08:54AM -0400, Greg Vassie wrote: | Interesting little article from | http://pass.maths.org.uk/issue21/news/random_privacy/index.html: | | Excerpt: | Right now, the rate of falsification on Web surveys is extremely high, | says Dr Ann Coavoukian, the commissioner of information and privacy in | Ontario, U.S.A. People are lying and vendors don't know what is false [or | what is] accurate, so the information is useless. | | As a resident of Ontario, Canada, I'm quite surprised to learn that | Ontario has been annexed by the United States. Randomized geography. :) Adam -- It is seldom that liberty of any kind is lost all at once. -Hume
Re: Random Privacy
Tim wrote: Not a new idea. Ted Nelson (IIRC) wrote about using coin flips to randomize AIDS poll questions. (Have you engaged in unprotected sex? Flip a coin and XOR it with your actual answer.) I remember talking to Eric Hughes, Phil Salin, and others around 1990-91 about this. [snip] The idea is that the pollee XORs his answer with a random bit. His answer then doesn't _implicate_ him, but overall statistics can still be deduced from a large enough sample. Uh, excuse me?! I can see how such an idea works if you add a random variable with a known mean to the data. A researcher could do this before storing the data, in order to protect the confidentiality of individual respondents, and still be able to compute aggregate statistics. However, if you XOR a bit with a random bit, you have something equally likely to be in either state. Even a large collection of yes/no responses XORed with random bits is indistinguishable from random data. So I am afraid I must give the prior message my coveted Silliest Thing Said On the Internet This Week award. Chortle -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division Do What Thou Wilt Shall Be The Whole Of The Law
CATO's true colors.
Cato: You Missed A Spot This wasn't mentioned in the latest bit, but I also noticed that the graphics at the top display different text relevant to the various sections of the page when you put your mouse cursor over them. The text includes sentences like: See how much you could benefit from privatization What does privatization mean for women in America? The working poor could be the biggest beneficiaries of privatization . and of course... How will Social Security privatization affect the economy? It looks like they've tried to scrub all of the privatization references on the site in a hurry, and just changed the body text. Does that make them lazy liars? Chris Dear MWO: Looking at the Cato Institute's webpage on the Project on Social Security Choice, the page title isn't' the only place where the dreaded P word surfaces. On the left side of the page is a link to a page called FAQs About Privatization. On that page, there are links to other Cato Institute articles with the following titles: In Us We Trust: Take the System Private Dismantling the Pyramid: The Why and How of Privatizing Social Security The Working Poor and Social Security Privatization Privatizing Social Security: A Big Boost for the Poor Empowering Workers: The Privatization of Social Security in Chile Privatizing Social Security: the $10 Trillion Opportunity Social Security: Partial Privatization is Not Enough A Plan for Privatizing Social Security The Benefits of Social Security Privatization for Women Union Workers Should Support Social Security Privatization Social Security Privatization and Economic Growth Looks like their website managers have some more cleaning to do. Todd Tennis Lansing, MI Readers Expose Still More Cato Privates Dear MWO, The Cato Institute further reveals its sorry, repugnant attempt at hiding its doublespeak along the left column of the social security privatization website (http://socialsecurity.org/about.html). Notice the link to :FAQs About Privatization. Oops. Fool me... can't get fooled again. Your news website is among the best, and I enjoy reading it (as much as observing the collapse of America can be). Keep up the good work! R Galant MWO, Not just the title of the page, but the 'keywords' section of the HTML has the following phrases: social security privatization privatize privatizing and the bizarre: counterintelligence Bruce Lokeinsky Programmer, hack thyself. John Walker, 'The Hacker's Diet' Here a great page with a news letter called The Cato Project on Social Security Privatization Lead Article: Dismantling the Pyramid: The Why and How of Privatizing Social Security http://socialsecurity.org/pubs/ssps/ssp1es.html This has got to be doubleplusungood for the Cato Institute. Patrick Murdock From: arentschler To: [EMAIL PROTECTED] Subject: privatization I thought I'd let you know that even though you changed the title of your privatization page, the header on the top of my browser still says the word privatization. you definitely want to change both the headline and the header, or it might seem really obvious that you're trying to cover something up. We wouldn't want those stupid libruls to actually figure out what we're doing over here! Karl rove would be very disappointed if he knew about this. A Rentschler Cato's Meta Tags Where's Social Security Choice? From SocialSecurity.org's html: meta name=keywords content=social security reform, pension investments, retirement, old age benefits, entitlements, investment, social security privatization, pyramid benefits, OASI, SSA, payroll taxes, pensions, trust fund, taxes, financial calculator, Congressional testimony, Cato Institute, policy analysis, government studies, personal retirement accounts, freedom, think-tank, Fiscal Analysis, Economic Liberty, monetary, privatize, Cato Journal, Regulation magazine, publications library, political intelligence, counterintelligence, Capitol Hill, politics, federal budget, briefing papers, balanced budget, tax reform, legislative proposals, privatizing, SSI program, OASDI, José Piñera, Michael Tanner, The Economist, actuarial estimates, Public Opinion Strategies, Senate Budget Committee, retirees, global pension crisis, Cato's Social Security Privatization Project, Libertarian, US Government, United States, Internal Revenue Service, IRS, Medicare, money meta name=description content=By 2012, Social Security will pay out more in
Re: Random Privacy
On Sat, Sep 21, 2002 at 01:15:18PM -0700, AARG!Anonymous wrote: | Greg Broiles wrote about randomizing survey answers: | | That doesn't sound like a solution to me - they haven't provided anything | to motivate people to answer honestly, nor do they address the basic | problem, which is relying on the good will and good behavior of the | marketers - if a website visitor is unwilling to trust a privacy policy | which says We'll never use this data to annoy or harm you, they're | likely to be unimpressed with a privacy policy which says We'll use | fancy math tricks to hide the information you give us from ourselves. | | That's not going to change unless they move the randomizing behavior | off of the marketer's machine and onto the visitor's machine, | allowing the visitor to observe and verify the correct operation of | the privacy technology .. which is about as likely as a real audit of | security-sensitive source code, where that likelihood is tiny now and | shrinking rapidly the closer we get to the TCPA/Palladium nirvana. | | | On the contrary, TCPA/Palladium can solve exactly this problem. It allows | the marketers to *prove* that they are running a software package that | will randomize the data before storing it. And because Palladium works | in opposition to their (narrowly defined) interests, they can't defraud | the user by claiming to randomize the data while actually storing it | for marketing purposes. No, it allows security geeks to talk about proof. My mom stil won't get it. Pd doesn't allow you to prove that there's no sniffer doing other things with the data, that nothing is logged at the wrong time, etc If you really want to randomize the data, do it close to me. Or better yet, run some software from Credentica and accept a proof of whatever data is in question. But the reality is that people hand over most of their data now. So why would I invest in this expensive technology? (Mike Freedman, Joan Feigenbaum, Tomas Sander and I did a paper which touches on the power imbalance between the companies that offer DRM technology and their customers...same analysis applies here... http://www.homeport.org/~adam/privacyeng-wspdrm01.pdf ) Adam -- It is seldom that liberty of any kind is lost all at once. -Hume