Forgot your password?
typodupeerror
Privacy Security

The "Hidden" Cost Of Privacy 217

Posted by ScuttleMonkey
from the if-you-can't-handle-it-get-out-of-the-business dept.
Schneier points out an article from a while back in Forbes about the "hidden" cost of privacy and how expensive it can be to comply with all the various overlapping privacy laws that don't necessarily improve anyone's privacy. "What this all means is that protecting individual privacy remains an externality for many companies, and that basic market dynamics won't work to solve the problem. Because the efficient market solution won't work, we're left with inefficient regulatory solutions. So now the question becomes: how do we make regulation as efficient as possible?"
This discussion has been archived. No new comments can be posted.

The "Hidden" Cost Of Privacy

Comments Filter:
  • Here's how: (Score:5, Funny)

    by Ethanol-fueled (1125189) on Monday June 15, 2009 @12:57PM (#28336997) Homepage Journal
    1. Fake own death
    2. ???
    3. Private!
    • by Logical Zebra (1423045) on Monday June 15, 2009 @01:00PM (#28337039)

      1. Fake own death

      Well, it worked for Elvis.

      • Re: (Score:2, Interesting)

        by ShieldW0lf (601553)
        Privacy and transparency are contrary goals. Given the choice, I choose transparency. Privacy should end.
        • Re:Here's how: (Score:5, Insightful)

          by sakdoctor (1087155) on Monday June 15, 2009 @01:11PM (#28337161) Homepage

          Privacy for individuals. Transparency for state.

          • Re:Here's how: (Score:4, Interesting)

            by DragonWriter (970822) on Monday June 15, 2009 @01:21PM (#28337307)

            Privacy for individuals. Transparency for state.

            Except that "the State" is merely an abstract concept for certain actions of individuals, not some concrete thing that exists independently of any individuals.

            • Re:Here's how: (Score:5, Insightful)

              by oneirophrenos (1500619) on Monday June 15, 2009 @01:30PM (#28337401)

              Privacy for individuals. Transparency for state.

              Except that "the State" is merely an abstract concept for certain actions of individuals, not some concrete thing that exists independently of any individuals.

              Those individuals that comprise "the state" should also have the right to privacy, but not in their profession as public servants. Whatever they do in their jobs should be open for anyone to observe, even if their private lives shouldn't.

              • Re:Here's how: (Score:4, Interesting)

                by cayenne8 (626475) on Monday June 15, 2009 @02:01PM (#28337837) Homepage Journal
                Correct!

                And to help simplify things, rather than this hodge-podge of laws. Just make one. Without expressed permission of the individual, none of their personally identifiable information can be transmitted/transferred between companies.

                The information about an individual should be the property of the individual, not the company (or govt. agency) that holds and collects it.

                • Without expressed permission of the individual, none of their personally identifiable information can be transmitted/transferred between companies.

                  What about between people that are not companies?

                  • Without expressed permission of the individual, none of their personally identifiable information can be transmitted/transferred between other people.

                    What about between people that are not companies?

                    There, fixed that for both of you. IANAL, but IIRC companies are people under the law. Also, WTF does "expressed permission" mean? As opposed to ... "impressed permission"? Was that supposed to say "express written permission"?

                    • Re: (Score:3, Interesting)

                      by DragonWriter (970822)

                      There, fixed that for both of you.

                      So no person can mention personally identifiable information about another person to any third person without express consent of the identified person? So a victim of crime who knows their attacker can't give the name to the police without the attacker's consent?

                • Without expressed permission of the individual, none of their personally identifiable information can be transmitted/transferred between companies.

                  The end result will simply be that every business makes you give express permission to do all of that before they will do business with you, which will put us back to square one - either live in the woods and don't do business with anyone or bend over and take it.

                  Personally, I would rather see a reduction of laws and policies that hurt privacy - like the law that prevents you from purchasing pseudofed over the counter without giving up your personal information to the pharmacist who is pretty much free to d

                • Re:Here's how: (Score:4, Insightful)

                  by Ironica (124657) <pixel@NoSPAm.boondock.org> on Monday June 15, 2009 @02:57PM (#28338599) Journal

                  Correct!

                  And to help simplify things, rather than this hodge-podge of laws. Just make one. Without expressed permission of the individual, none of their personally identifiable information can be transmitted/transferred between companies.

                  The information about an individual should be the property of the individual, not the company (or govt. agency) that holds and collects it.

                  That's all well and good, but in general, the greatest harm does not come from personally identifiable information being transferred in the course of normal business. The harm comes from the information being collected and stored, and then compromised by a third party (or possibly someone internal to the company) who uses the information in a way that was not anticipated by the person the info belongs to, and that might damage them (their credit rating, their legal standing, the safety of their family, their eligibility for insurance, etc.)

                  So I think we need to back up a step on the privacy discussion, and make it perfectly clear that, regardless of whether provable harm comes to an individual as a result of private information being shared, an entity that collects and stores personally identifiable information may be financially liable for any breach of that information, regardless of whether they intended to share it or took measures to prevent it. The fines would be higher for certain types of info, like SSN and birthdate (things that are hard or impossible to change and used to identify you), and lower for less "useful" information (like shopping habits)... but would be chargeable for each and every occasion of your information ending up in someone else's hands.

                  Then you also need to require companies to disclose how they got your information. Get a random call from Bob's Remodeling? Before you say "We're on the Federal Do Not Call list" and hang up, you say "Where did you obtain this name and number?" and they have to tell you. If you did not opt-in to having your information shared for that purpose (and it would need to say something pretty specific, like "telephone marketing" for example), then the source is again liable.

                  This would lead to companies like Google, who collect info that's mostly useful in the aggregate, to carefully de-identify databases wherever possible, because the reciprocal is that non-personally-identifiable information will NOT incur fines if disclosed. It would also possibly stop your doctor's office, child's school, and everyone else in creation asking for your SSN, because they know that if someone happens to read your SSN off your form and use it for ID theft, they might have to pay $BIGNUM.

                  Computers and the cheapness of disk space make everyone want to save every bit of data they can, and ultimately this is the biggest threat to privacy. That's the behavior we need to change.

                • Re:Here's how: (Score:5, Insightful)

                  by Archfeld (6757) * <treboreel@live.com> on Monday June 15, 2009 @02:59PM (#28338631) Journal

                  I agree in principal but in many areas a single function is made up of several companies or entities. Without the ability to share info, many a business will grind to a halt. What if it is your insurance co. to an emergency ward at the hospital ? Are we going to have to individually authorize every 2 or more entities that actually need to share 'personal' info to conduct business on our behalf ? How is your financial information to be tracked for a credit rating without every company involved getting authorization from you ? What about property ownership and so-called public info that actually contains significant private information ? The fact that I own property at xxx mystreet doesn't insure I live there but it is a good indicator...
                  IMHO there needs to be 2 sets of rules, #1 that applies to entities you are DOING business with that defines and limits the scope of what, when, where, why and how they can share my info, and #2 a set that prohibits entities that I am NOT DOING business with from seeking, receiving or utilizing any of my personal info without first seeking my permission.

              • by Khashishi (775369)

                Should there be transparency in who donates money to politicians? What about corps who donate money?

            • You are wrong. (Score:5, Insightful)

              by Anonymous Coward on Monday June 15, 2009 @01:30PM (#28337403)

              Yes, it is.

              Transparency for the state means transparency on laws as they are prepared, transparency towards regulatory bodies of those laws, etc... It means that the rules that state officials prepare and their work is fully transparent.

              Still, the said officials can retain the full privacy of everything that isn't directly work related (IE. What they do on their time off work, what they do during their lunch breaks, whose photo they have in their wallet and what bodyparts have they pierced...)

              State is indeed some concrete thing, independent from individuals. Ideal situation is that state represents the masses but it never represents the individuals.

              • Re:You are wrong. (Score:5, Interesting)

                by cencithomas (721581) on Monday June 15, 2009 @01:40PM (#28337567)

                Still, the said officials can retain the full privacy of everything that isn't directly work related (IE. What they do on their time off work, what they do during their lunch breaks, whose photo they have in their wallet and what bodyparts have they pierced...)

                but but but!... If public servants' privacy off-hours is strictly defended (and I'm not saying it shouldn't be), how does the public keep politicians from using their 'private' time to cut back-room deals on public legislation? Just trust their say-so on the matter?

                • by T Murphy (1054674)
                  My impression of Congress is they spend their working hours doing nothing, and their leisure hours being wined-and-dined by lobbyists, so I propose we give them privacy when in session and watch their every move everywhere else.
                • by Ironica (124657)

                  Still, the said officials can retain the full privacy of everything that isn't directly work related (IE. What they do on their time off work, what they do during their lunch breaks, whose photo they have in their wallet and what bodyparts have they pierced...)

                  but but but!... If public servants' privacy off-hours is strictly defended (and I'm not saying it shouldn't be), how does the public keep politicians from using their 'private' time to cut back-room deals on public legislation? Just trust their say-so on the matter?

                  If a public official makes their "private time" part of their public office, then that time is part of them doing their job. Most office holders, once you get beyond Podunk City Deputy Councilmember, are not working 9-5:30 punch in/punch out. Their "public" actions and "private" actions are not delineated by what time they occur, but by where and with whom they occur.

                  I think we also need to remember that our officials are people, too, and allow them to hold and even express opinions that are NOT a matter

              • Re:You are wrong. (Score:5, Insightful)

                by DragonWriter (970822) on Monday June 15, 2009 @01:43PM (#28337603)

                Transparency for the state means transparency on laws as they are prepared, transparency towards regulatory bodies of those laws, etc...

                Tranparency on voting on public initiatives and referenda? (That's, after all, part of the process of making laws.) Transparency on voting for public officials (after all, choosing lawmakers is part of making law.)

                It means that the rules that state officials prepare and their work is fully transparent.

                So, no private personnel matters (including health matters) for any public employee?

                And does the rule for "state officials" apply only to public employees, or does it apply to contractors as well?

                State is indeed some concrete thing, independent from individuals.

                No, its not. Its an abstract concept with a fuzzy boundary, and is, in any case, comprised of, not independent from, individuals.

                The idea of "privacy for individuals, transparency for the State" is perhaps a useful starting point in determining how to balance the fundamentally conflicting goals of privacy and transparency, but its just that--a starting point in how to balance conflicting interests--not some kind of clear answer.

                • So, no private personnel matters (including health matters) for any public employee?

                  I don't consider health matters private. Why should I care who knows about my injuries and ailments?

                  • I don't consider health matters private.

                    I would submit that many people who would state "privacy for individuals" as an important goal would see health matters as a particularly important part of that.

                    But, certainly, that particular one of the many issues raised by the "privacy for individuals, transparency for government" idea becomes easier if you just simply decide that, even for individuals, health privacy isn't important.

                  • What if you have disease foo? Do you want everyone to know? What if there's a social stigma or something?? What if you're not a slashdotter and actually have lots of friends and you don't want them to know about disease foo???

                  • Re:You are wrong. (Score:5, Insightful)

                    by mccrew (62494) on Monday June 15, 2009 @03:13PM (#28338909)

                    Can't tell if you are being serious or not, so I'll assume you are.

                    Next time you are doing well in a job interview, preferably with a small company, mention that you have some chronic condition that is really expensive to manage. Do this regardless whether you actually have the condition or not.

                    What do you think your chances are that you'll be getting an offer as compared to if you'd not mentioned it at all? Does your opinion change?

                  • by Ironica (124657)

                    I don't consider health matters private. Why should I care who knows about my injuries and ailments?

                    You may not care, personally. Here are reasons why many people do care:

                    1) Certain health issues may be highly correlated with certain traits or lifestyle decisions which are highly sensitive topics. If you picked up gonorrhea 15 years ago because "There's a time and a place for everything, and it's called college", do you want your current prospective employer deciding whether to hire you based on whether they expect you to sleep around with the staff?

                    2) Some people specifically don't want the sympathy or

          • by interkin3tic (1469267) on Monday June 15, 2009 @01:22PM (#28337323)

            Privacy for individuals. Transparency for state.

            Also glass windows. Windows should definitely be transparent. If they aren't, you need some windex. Otherwise you'll run into hidden costs, like maybe there's a hundred dollars outside your house and you didn't see it because the window was too dirty and it blew away.

          • Privacy for individuals. Transparency for state.

            Recipe for conspiracy. Just add bastards. For that reason I won't support it or respect it, regardless of any threats made by the state.
            • Re: (Score:3, Insightful)

              by spun (1352)

              Privacy is a stopgap measure for preventing oppression. When some people have greater access to information and ability to act on it than others, they have an unfair advantage. The right to privacy is an attempt to combat this unfairness. If everyone had equal access to information, privacy would be unnecessary, because no on could use information against you unfairly without the attempt being known. The real problem with the notion of privacy is that it requires people to give up their natural ability to

        • Re:Here's how: (Score:4, Insightful)

          by flaming error (1041742) on Monday June 15, 2009 @01:11PM (#28337167) Journal

          Agreed - the government should be transparent, and its dealings should be public and open.

          Private lives, however, literally require privacy.

        • Privacy for whom? Are you talking about the individual, corporations or government? Transparency for corporations and the government are very important. We don't need laws or regulations to get it we need the people to turn off the TV and start demanding it.

          • Re:Here's how: (Score:4, Insightful)

            by StreetStealth (980200) on Monday June 15, 2009 @01:43PM (#28337611) Journal

            It's a pretty simple equation, really:

            As power increases, so should transparency.

            The more people to whom you are accountable, the more transparent your organization should be. Of course there are occasions upon which certain, highly-accountable things need to be temporarily withheld from disclosure, but they should be explicitly reasoned and have a timeline for their eventual dissemination to those holding them accountable.

        • 1. Fake own death

          Well, it worked for Elvis.

          Privacy and transparency are contrary goals. Given the choice, I choose transparency. Privacy should end.

          Obviously privacy didn't work for Elvis, but are you saying that Elvis is now fully transparent... as in, he's a ghost?

        • Re: (Score:3, Interesting)

          by shentino (1139071)

          Unfortunately, this is an evil bit problem.

          There are greedy assholes that will exploit the situation no matter what the trade off point is.

      • by mcgrew (92797)

        It didn't work for Earl.

      • by Piranhaa (672441)

        and it worked for 2Pac as well..

        plus, he's STILL making music!

  • I looked at the title and read it "The 'Hidden' Cost of Piracy." Indicative of the type of articles I expect to see on /. these days?
    • I looked at the title and read it "The 'Hidden' Cost of Piracy." Indicative of the type of articles I expect to see on /. these days?

      It would have to have been "The 'Hidden' Benefits of Piracy" if it was going to ever make it through the editors.

  • by Anonymous Coward

    Reframe this debate into the cost of doing business in a democracy.

    Ubiquitous networks capture data from home address to everyday transactions in detail. Private informations accumulate. Markets function on personal information. The expectation of privacy, its protection and concommitant personal security relying upon privacy regulation is a straw man standing in-place of an individual right.

    Simply raising the strawman argument that your right to privacy is political, denigrates its consititutional status

    • by mcgrew (92797) on Monday June 15, 2009 @01:24PM (#28337347) Homepage Journal

      Unfortunately, not all of us live in a Democracy. We Americans, for example, live an a Plutocratic Republic that pretends to be a Democracy.

      Go ahead, Ferengi, mod me down for expressing an honest opinion that happens to be true. When the Corporation can "donate" a thousand bucks to the Republican and another grand to the Democrat, it doesn't matter which candidate loses, the corporation wins.

  • Ferengi (Score:4, Insightful)

    by mcgrew (92797) on Monday June 15, 2009 @01:18PM (#28337247) Homepage Journal

    "What this all means is that protecting individual privacy remains an externality for many companies, and that basic market dynamics won't work to solve the problem.

    Most problems, even when you're talking about business, cannot be solved by the free market. Privacy problems could be solved by legislation and/or regulation, but unfortunately governments care even less about your privacy than the corporate Ferengi do.

    "Free market" is an oxymoron. Anyone who believes it can solve all the world's problems is just a moron.

    • Re:Ferengi (Score:5, Insightful)

      by radtea (464814) on Monday June 15, 2009 @02:03PM (#28337855)

      "Free market" is an oxymoron. Anyone who believes it can solve all the world's problems is just a moron.

      On the other hand, a well-designed market is one of the most effective machines for achieving as close to Pareto-optimal results as anyone has ever found. Well-designed markets are actually able to achieve the state that socialist managers of the economy should be aiming for, and they do it much more reliably and cheaply than socialist managers have ever been able to achieve. And they do this despite having right-wing nitwits on one side who think that any regulatory or legal oversight is somehow a violation of their god-given right to screw people over, and left-wing nitwits on the other side who believe that markets are somehow the agents of satan, rather than just a particularly good social management tool.

      It's unfortunate that so many on the left take the right-wing nutjob view of markets seriously, because if you adopt the view of markets as just an ordinary tool of neo-socialist economic management you can find a whole lot of ways to deploy them usefully to achieve efficient allocation of limited resources across the whole economy. Well-designed markets can't solve all the world's problems, but neither can anything else, and markets have a long history of solving problems more effectively than most of the alternatives.

      • Re: (Score:3, Informative)

        by TubeSteak (669689)

        Well-designed markets can't solve all the world's problems, but neither can anything else, and markets have a long history of solving problems more effectively than most of the alternatives.

        You fail to explain what "well-designed" means.
        Is "well-designed" code for "well regulated"?

        Without regulation, you end up with markets that are less 'free'.
        (See: 19th America & the trust busting that followed)

    • "Free market" is an oxymoron.

      I'm not sure what you mean here, but I think it's true that many people have it wrong. They believe that "free market" indicates zero governmental involvement, which isn't really a good way of thinking of things. Worse yet, they sometimes don't see governmental involvement as a violation of the free market, so long as the governmental involvement comes in the form of subsidies rather than regulation.

      A real free market is one in which both the sellers and purchasers are given free and open choices, and "m

  • by tjstork (137384) <todd.bandrowskyNO@SPAMgmail.com> on Monday June 15, 2009 @01:18PM (#28337255) Homepage Journal

    It's funny that one could look at this and say the markets don't work. The markets ARE working and that most people don't actually care about privacy.

    If people -cared- about privacy, they would be willing to pay for the extra care it takes to ensure that their data is private. But, we live in a world where most people really don't care so much if everyone else knows what they are doing, so long as they are not confronted with it, or misuse the information.

    Like, if you told someone at a grocery store that, to get their "club card" savings, the store would know exactly what they bought, they would say, they probably didn't care. Now, if they got a letter from the grocery store saying, "hey, since you like strawberries, you might like our sale on blueberries", they might dig that too. And, if they got junk mail from blueberry and strawberry growers, even that might be ok. But, if they got an email saying, "hey, you are killing humanity because you are eating strawberries and your preference for red fruit makes you some kind of a communist", then they would be pissed off.

    Bottom line is, people don't care about privacy, but they do care about having their personal information being used to hurt them. It's pretty much the 5th amendment proposition, writ large and writ everywhere. Nothing is really private, but, you can't have your personal information be used to attack you, and that is what the market reflects.

    • Re: (Score:3, Insightful)

      by jellomizer (103300)

      However your worst case scenario would have a backlash effect. People would avoid using that that store to prevent institution. So the store will either face closing down, or be more particular to who they give information too.

      We actually have a lot more privacy shopping now then we ever did. Back in them old days you go to the mom and pop store they know who you are and are often hubs of gossip. So the entire community would know what stuff you are buying and make guesses on why you are buying such things.

    • by OzPeter (195038) on Monday June 15, 2009 @01:43PM (#28337599)

      It's funny that one could look at this and say the markets don't work. The markets ARE working and that most people don't actually care about privacy.

      The problem with your statement is that markets only work when there is freely available knowledge. In the case of privacy, I would say that the markets are "working" not because people don't care, but rather that they don't know. So it is not really a free market scenario that they are entering into.

      If I offered you a service and didn't mention the punch in the head I would also give you, then are you taking up that service because you don't care about being punched in the head?

      • by tjstork (137384)

        The problem with your statement is that markets only work when there is freely available knowledge.

        Most people assume that they are being monitored or tracked anyway, just because computerization is so pervasive. I think some opinions to the contrary might be more their projection on people, than any reality. "If they only knew..." has a tinge of fanaticism to it that most people don't have.

        If I offered you a service and didn't mention the punch in the head I would also give you, then are you taking up tha

        • by OzPeter (195038)
          I still believe that most people are ignorant of being tracked, rather than assuming they are and being powerless to stop it. I think this because people in general have little comprehension of anything that is not in their immediate world - for example manually setting a VCR time. Technically a simple system to set up but seemingly beyond a lot of people. So how do you explain to them about the extent and possibilities of tracking systems which are hugely more complex in operation?

          To add onto my "pu

          • by tjstork (137384)

            Technically a simple system to set up but seemingly beyond a lot of people

            Not really, I mean, the question with VCR times is, why bother doing it. The only reason you needed a VCR to have the right time in it would be if you used the time shifting features it had, but most people bought VCRs to watch movies with, not record them. They only wanted to know that they could record... a fact since born out by knowing that DVD players outsell time shifting things like TIVO by a fairly wide margin.

        • Re: (Score:3, Insightful)

          by twidarkling (1537077)

          I would assume that if I went to buy a cup of soup from you, and you punched me in the head, that I probably would not buy soup from you any more.
          Therefor, if people are getting punched in the head, they don't care.

          But what if the punch is delivered 3 days later, by someone not affiliated with me at all? In fact, the only thing I did was tell them that you bought soup from me. And then they come up and punch you in the head. It's directly because you bought soup from me, but you've no way of knowing without a lot of effort, even if you have a clue on where to start on figuring it out.

          That's how corporate privacy invasion works. You give data to a few people in some manner, then they give it to someone else, who then u

          • by tjstork (137384)

            In fact, the only thing I did was tell them that you bought soup from me. And then they come up and punch you in the head. It's directly because you bought soup from me, but you've no way of knowing without a lot of effort, even if you have a clue on where to start on figuring it out.

            Boy uh, that's a stretch.

            That's how corporate privacy invasion works. You give data to a few people in some manner, then they give it to someone else, who then uses it in some way to screw you over in some fashion.

            What's the pu

            • How about selling the knowledge that you like gay goat porn? American cars is one thing, a proclivity for watching a goat cornhole a dude would probably not reflect well on you if people knew.

              • by tjstork (137384)

                American cars is one thing, a proclivity for watching a goat cornhole a dude would probably not reflect well on you if people knew.

                Your post was so damned funny that you defeated the purpose of your argument. If someone got a goat to cornhole him, he'd probably be a giant star on youtube for a couple of days. I remember like in the early 1990s there was some girl out there that blew a horse, and that video was definitely popular.

            • Re: (Score:3, Interesting)

              by Qzukk (229616)

              Boy uh, that's a stretch.

              Sadly, it's not even close to a stretch at all (aside from the silliness of receiving a punch). I just got a check last week from the FTC claiming that waaaaay back in 1998 a bank apparently sold a list of 3 million credit card numbers for the purpose of "scrubbing" internet transactions. They sold the numbers of other banks' members [bankrate.com], so "not doing business with them" would not have gotten you off the list.

              Needless to say, some porn company purchased the list and used it to fraudu [cnet.com]

    • by Jawn98685 (687784)
      Bullshit.

      People do care about privacy. Your example is lame in that it excuses (ignores) the deliberately obfuscated consequences of "agreeing" to the terms attached to the club card "deal". If the supermarket told their customers, right up front, something like "...and in addition to using it for our own marketing purposes, we will be selling the information we collect about you and your shopping habits to as many takers as we can scare up, and there are plenty of them.", I'd hazard that far fewer custom
      • Re: (Score:3, Informative)

        by tjstork (137384)

        . Your example is lame in that it excuses (ignores)

        Dude, I've stood in supermarket lines and asked people if they care. They don't. Why do you always have to assume that people are stupid when they are not?

    • Nothing is really private, but, you can't have your personal information be used to attack you, and that is what the market reflects.

      Unfortunately, the only way to enforce this type of scheme is through court cases after the fact... "don't ask, don't tell" is far more efficient.

    • by shentino (1139071)

      Having your privacy invaded is so profitable to the ne'er do wells that you can't pay them enough not to do it.

      Letting the market sort things out neglects the fact that people who are powerful enough can, will, and even do lie, cheat, and steal.

      Since everyone does it, there's really not much benefit to switching, since you likely gain little.

      Case in point: CBS's subsidiary getting snookered into passing off private information through CBS only for it to be dumped into the hands of the RIAA.

      And by the time

      • Re: (Score:3, Interesting)

        by tjstork (137384)

        Letting the market sort things out neglects the fact fact that people who are powerful enough can, will, and even do lie, cheat, and steal.

        And how does the government change that? You trade a prince of a corporation for a despot of the government. I could choose to not shop at Acme but I am a US Citizen always.

    • Re: (Score:2, Interesting)

      by copponex (13876)

      You are right that most people don't care about their privacy, but then again, if you ask people if they want to pay 20% less for a car if it had no airbags or seatbelts or anti-lock brakes, they may have no problem with it. However, the cost to society in the form of radically more serious injuries makes sense for the market to have these rules in the long run.

      The costs and benefits of privacy regulation can certainly be debated. But without regulations, markets don't function well, since they are not self

      • Re: (Score:3, Informative)

        by tjstork (137384)

        However, the cost to society in the form of radically more serious injuries makes sense for the market to have these rules in the long run.

        Does it? The fact of the matter is that all of the safety devices on cars have probably doubled the price of cars, and yet, the greatest thing that has lowered the fatalities has been better driver education, not any of the tech goodies. If you had a car without any safety devices whatsoever, you would have car payments 1/2 of what they are today, allowing for people to

        • Re: (Score:3, Interesting)

          by copponex (13876)

          Let me list your extraordinary claims, and then you can provide the citations:

          1) Safety devices have doubled the price of cars
          2) Driver education is more effective at saving lives than seatbelts and airbags
          3) The government never does it's job
          4) Government is less transparent than a corporation
          5) Government is somehow not accountable

          For instance, the FDA issues rules on food safety for restaurants, available here [fda.gov]. You know when you to go a restaurant, and they have those little papers that allow you to see

  • Simple solution (Score:5, Insightful)

    by PPH (736903) on Monday June 15, 2009 @01:20PM (#28337293)

    Define the ownership of personal data to include the person whom the data applies to.

    If I enter into a business relationship with someone else, all the information I provide should be considered to be co-owned by both of us. Any subsequent sharing of that information with a third party should involve both the consent of both of us as well as sharing the proceeds of that subsequent exchange. When the costs of managing such transactions are factored in, far fewer of them would occur.

    The idea that anyone complains about the costs of complying with such regulations puzzles me. I mean, I could start a business stealing cars and then complain that the costs of complying with auto theft laws were onerous and harming the profitability of my enterprise. Tough sh*t. Its all based on fundamental property rights. Just because someone has developed a business model based upon a legal oversight doesn't legitimize their complaint when the law catches up and plugs the loophole.

    • Re: (Score:3, Insightful)

      I don't think adding another class of "Intellectual Property" will make things more efficient. Just the opposite. And all the usual complaints against Intellectual Property would apply to this "ownership of private information", too. Some problems that come to mind:

      1. It would be difficult to define and easy to use such laws to sue to an over-reaching extent.
      2. As with many laws, it favors the rich and powerful (people or corporate) because they have the means to sue exhaustively.
      3. Corporations are c
      • Re:Simple solution (Score:4, Insightful)

        by PPH (736903) on Monday June 15, 2009 @02:06PM (#28337913)

        1. It would be difficult to define and easy to use such laws to sue to an over-reaching extent.
        2. As with many laws, it favors the rich and powerful (people or corporate) because they have the means to sue exhaustively.

        Not really. Using current property law removes the issue of civil suits. Following my obligatory bad car analogy, stealing a poor person's old beater earns the thief the same penalties as stealing a rich guy's Beemer.

        3. Corporations are considered legal "persons" in some ways. If such a law applied to corporate information, this could be disastrous.

        Time to fix this loophole. If a corporation is a person, then why can't it go to prison for a felony? Why is there no corporate death penalty? A corporation is a creation of the state. As such, it shouldn't have powers that the state does not possess. I have some rights to be secure in my property and papers from aqusition by the state without due process. So why is the state running around creating entities not bound by these same restrictions? If a corporation wants to define itself as a person, then it should lose the shield of limited liability, just like a sole proprietor.

        4. The rich and powerful (e.g. politicians) would use this to block transparency and get away with more than they already do.
        5. Much of public knowledge would become illegal, or at least regulated.

        Quite the opposite. We (the public) own that information. If politicians (entrusted with managing our property) choose to distribute it selectively, then the rest of us should be compensated for such an uneven distribution. Want to keep publicly funded research out of the hands of the public? Its going to cost you extra.

        6. Transaction costs for any customer interaction would increase dramatically, since even information like a name or address would seem to be implicated.

        Which transaction? The data exchanged between myself and a business as a part of some transaction would proceed as it does now. What would (and should) 'cost more', is the subsequent exchange of that information with some third party. Its like me putting money in a bank. Its still my money. I'm just entrusting that bank with its safekeeping. When they turn around and use it for their own benefit (making loans), the result to me is that I receive interest on my deposit. Why shouldn't information be treated the same way? In fact, the company has already profited once from that exchange of data (when we did business). And if all of that is too much for them to handle, there's always the option of an anonymous sale. Once the deal is done (with the possibility of transaction being managed by some trusted third party), I walk away with the product and they walk away with the cash and no data.

    • by Locke2005 (849178)
      No one is forcing you to share CORRECT information with the people you enter into a business relationship with. The only reliable data they have on you is the record of what you have actually purchased from them, along with the delivery and billing info. Your name, age, and address should have no market value at all, since they are available for free for every registered voter.

      I agree with you, though -- I should get a cut of any profits made by selling my information.
    • by mcgrew (92797)

      If I enter into a business relationship with someone else, all the information I provide should be considered to be co-owned by both of us

      I can't agree. I'm not giving that information away, I'm allowing him to use it. After all, if I buy a CD I don't own the song, now do I? No information I provide while doing business should be provided any thord party unless I explicitly allow it, and when my business relationship ends, any info I provided should be destroyed.

  • by CodeBuster (516420) on Monday June 15, 2009 @01:28PM (#28337391)
    There are even more direct costs for consumers who wish to maintain their privacy these days. For example, how many of you have signed up for the discount card at the supermarket or the "rewards card" at any number of other businesses? Unless you have taken other steps which also cost money, such as arranging a mail drop or renting a PO Box, you have essentially "sold" your privacy in exchange for a discount on purchases. Those of us who value our privacy and wish to maintain it are frequently compelled to forgo such discounts or else pay, in time, money or effort, to set up specialized fronts to protect our "true" identities (i.e. the mail drop, aliases, corporate credit card, etc). Perhaps privacy was less expensive in the distant past, but in modern society preserving it effectively is becoming ever more labor intensive and expensive. In fact, the invasion of our privacy is now so pervasive that people give strange looks to those of us who decline to be part of "rewards", club cards, and other privacy invasive schemes in exchange for discounts; as if they cannot understand why someone wouldn't fill out a card with their real name, address, SSN, and mother's maiden name in exchange for a $5 discount.
    • by WMD_88 (843388)

      I don't own any credit cards, and pay for almost everything with cash, to avoid the stuff you write about. But I have a Borders Rewards card.

      I hate myself. :(

      (On the other hand, the Borders near my house closed, so I don't have a convenient place to use it anymore.)

    • by kent_eh (543303)
      Nothing says the information you put on the form has to be entirely accurate or complete.
      For instance, my dear departed mother-in-law still buys a lot of things at Safeway. At least as far as they know.

      That said, I skew my purchasing towards places that have less invasive [wikipedia.org] "loyalty" programs.
  • by kenp2002 (545495) on Monday June 15, 2009 @01:31PM (#28337423) Homepage Journal

    You have:

    SOX, CISP, GLBA, HIPPA as the most expensive for corporations. I can speak to CISP and HIPPA from a professional standpoint. The others I cannot.

    CISP compliance has a serious impact in that test environments cannot use raw customer data for testing for banks. Sanitized data must be used in test environments normally. In the event of a product fix that needs to be testing back in a test environment offshore resources for instance cannot have access to those environments and the data must be documented and exist only for a limited time. Pulling 20,000 records for testing for instance may take 4-6 hours pre-CISP but post CISP the sanitization process may push that out to 5-10 hours. If you are attempting to do that process in the evening, with only a 6 to 8 hour window CISP meant that many had to beef up their systems to ensure the process was complete within the window. For smaller banks the costs must have been harsh. Updating software, policies and procedures can easily rack up a 6000 labor hours in the first year.

    On average CISP complaince can double the turn around time of a production fix (say 20-60 hours of labor) into 40-80 hours for turn around. YOu have an entire chain of events that fire off and kicking out certain staff due to the existence of customer information takes time with SAPs, VPN connectivity, etc... Great for the customer, I cannot argue it, but expensive.

    HIPPA I can speak to growing up in hospitals and clinics as well as painting in those locations part time. Part of the requirement that I see directly is, if I have to paint a clinic or office the clinic staff (not I the painter) has to go through and ensure that ANY AND ALL patient documentation is out of sight prior to me starting. HIPPA has too many "reasonable" language mistakes in it as who defines "reasonable"? The judge? Lawyers? JACO? Who? So paranoia is high with patient data (as it should be.) But getting staff to lock all that up prior to maintenance adds time.

    Another hidden factor is space. A clinic now has to try and keep other patients out of ear shot pushing the lobby out farther.

    Further segragation of roles and even something as simple as those privacy screens add up. In a typical hospital with 200 computers in it let us say, means at $10 bucks a screen you have $2000 in new expenses.

    I've seen a few locations require the inter-office mail couriers to have locked boxes while moving around the facility. Those have to cost at least $350 bucks a box for those.

    Now all those HIPPA forms are going to double if not triple the amount of paper you are ordering. Liability and insured communications also increase costs and add delays. More cerified mail goes out now as far as I can see since HIPPA also.

    One thing to keep in mind is that ANY GOVERMENT COMPLIANCE that exists is disporotionally expensive to smaller organizations. SOX killed a lot of smaller corporations due to the cost of compliance. The smallest get exemptions, the largest can afford it, it's the mid-size businesses that get crushed.

    • SOX killed a lot of smaller corporations due to the cost of compliance.

      [citation needed]

      • by kenp2002 (545495)

        SOX killed a lot of smaller corporations due to the cost of compliance.

        [citation needed]

        http://www.forbes.com/forbes/2008/1222/028.html [forbes.com] and the other million plus hits your lazy smug ass could find if you just went to google. You could also pay attention when SOX went live and MSNBC, CBS, CNN, and about 20 other news networks cover the nationwide bitch fest for 2 years.

        Thank you for sleeping through that part of history. Get off your lazy ass and google it and wipe the smug shit eating grin off your face you brat.

        • I paid attention, you twit.

          I've done my homework, while you apparently have just heard what you wanted to hear, without actually reading any of the facts.

          The link you provided? Guess what -- it doesn't refer to small companies at all. It refers to large companies.

          As a matter of fact, the cost of SOx compliance for smaller public companies (less than $75 mil in revenues) is less than $80,000 per year -- far less than 1% on average. If $80,000 a year is driving your public company out of business... wel
  • Well at least it is hidden, that's what the privacy advocates wanted right?

  • Efficiency (Score:2, Insightful)

    by tnmc (446963)

    "Because the efficient market solution won't work, we're left with inefficient regulatory solutions."

    What a load of clap-trap...read this and ignored the rest of the article as it's obvious they don't understand economics.

    • Re:Efficiency (Score:4, Interesting)

      by mcgrew (92797) on Monday June 15, 2009 @02:18PM (#28338061) Homepage Journal

      What a load of clap-trap...read this and ignored the rest of the article as it's obvious they don't understand economics

      I don't think economists understand economics. If they did, why did they let the world's economy melt down?

      I'm reminded of a Dilbert cartoon from last month, "the MBA vs the crazy old witch. MBA and COW are in PHB's office, and PHB says "well, spreadsheets don't lie... but neither does bat excrement. Tell me again, who ruined the economy? Was it witches?"

  • by noidentity (188756) on Monday June 15, 2009 @01:40PM (#28337569)
    If a company wants to reduce its costs for protecting private information, stop collecting the damn stuff in the first place. As a recent example, why do I need to register at a website just to listen to a few bird call recordings? Or give my (fictitious) name and address just to read an article?
  • If it is online, it is not secure in todays world.
    Take all records off line. Require a photo be placed in the file at the home/main office you visit most. You must present a photo ID and signature for any transaction, and it must match what is in the profile, or the transaction/whatever will not be processed.
    This is highly inconvienent to everyone involved, but will reduce security issues.
    If it is online, it is not secure in todays world.
    An individual, up to a government backed hack group, can break in
  • As long as we allow the financial ( including Federal Taxes ) and medical industries to store and or retrieve our information at off-shore facilities ( like India and others ) we can not have any privacy. In fact, we are opening ourselves up to a greater risk of identity theft.

    The rate of security breaches have not slowed down, we are just not hearing about them in the headlines. You have to search for them.

  • you need to protect it yourself. of course, this makes living your life something of a hassle. yes, privacy has a cost

    but i never understood the concept that you would trust the protection of your privacy to a government entity or a corporation. no matter how well-intentioned these entities might even be, doesn't it seem like a logical conflict to you?

    if you put it out there, its out there. period, end of story. so if you want privacy DON'T PUT IT OUT THERE. no matter what safeguards, real or imagined, phys

  • Pure bullshit (Score:5, Interesting)

    by Runaway1956 (1322357) on Monday June 15, 2009 @02:03PM (#28337877) Homepage Journal

    I see rationalization for government and business intrusion into private lives. 90% of the information requested and/or demanded by any given government agency or business is totally unnecessary. It is none of my phone company's business how many people live in the house, or might use the phone. It is none of my ISP's business how many computers I own, or how many of them might connect through the gateway, or even HOW they might connect. The government's preoccupation with the precise identification leads to requirements for fingerprints, DNA samples, and more. I once ordered a pizza, in person, with cash in hand, and the cashier insisted that she needed my phone number and address!! The stupid broad doesn't even need to know my NAME to trade a pizza for a twenty dollar bill!

    In the article, a baker was entrusted with financial information of her clients. HOW FREAKING BOGUS!! To bake a wedding cake does NOT require storing my credit card information, or any other personal details.

    Totally unnecessary information is harvested for the most trivial dealings. And, it's WRONG.

    No government agency, and no business should request information that is not absolutely essential to perform the business at hand. Nor should they request any more information than they are willing and capable of storing in a SECURE manner. It is their RESPONSIBILITY to safeguard that information, it isn't some "expense", or an "option", it shouldn't be considered a "burden". If and when safeguarding information becomes an "expense", then it should be obvious that they are collecting unnecessary and trivial information.

    TFA is bogus rationalization, and an attempt to get people to sympathize with some perceived need to dump privacy laws. Forbes and Lee Gomes should be slapped silly for even writing and printing the article.

    • My ex-fiancee was a wedding planner. Typically those that make wedding cakes have to plan things out months in advance. Even if you cancel a couple weeks in advance, they are unlikely to fill that slot on the roster on short notice and incur an opportunity loss. If the wedding gets cancelled a few days before, well, the cake is usually already made. Or there is always the problem of not getting paid after the event because the bride/groom racked up a bigger bill than they really could afford.

      That's why

      • No problem with paying in advance. I wouldn't mind at all. But, putting my financial data into a computer which can't reasonably be secured is out of the question. Any information put into the data base that isn't essential for planning purposes is out of the question. That data should include my name, where the cake is going, and the date, along with price, and whether it is paid for or not. There shouldn't even be a need to save my credit card number with that data - if I charge it, it is charged, an

    • by davecb (6526) *

      The article "begs the question": in the process of asking it, they insert their conclusions, and then ask us to accept that in our answer.

      The classic example is "Have you stopped beating your wife?"

      Whe you see one of these, be aware the author is up to something...

      --dave

  • Simple solution! (Score:3, Insightful)

    by Brandybuck (704397) on Monday June 15, 2009 @02:05PM (#28337899) Homepage Journal

    The problem is that we don't have enough regulations. If one regulation isn't working, slap another on top of it. Keep piling them up until the problem goes away. Remember, the government is our friend, and only sociopaths would object to more government involvement in their lives. ... but seriously folks...

    The core problem is that the property rights around privacy are ill defined. Who owns the information? Regulations can be minimized while being more effective, if they addressed the property rights involved. While I don't think the information itself can be owned, the media upon which it resides can be. Your diary, your server, etc. For example, you don't own your address information, and cannot legitimately stop someone from disseminating that information ("Bob lives at 123 Main Street"), but that letter is your private property, and you should be able to sue the crap off anyone who opens it and reads the contents. Mail servers are typically the property of the ISP, but you are renting its use so your emails are as much your property as your clothes hanging in a closet of a rental apartment.

  • If someone tries to design their site from day one with privacy in mind,
    a user is likely to have pretty good privacy. Any single law will not help.

  • a) Get rid of all existing private regulations across all industries
    b) Pass a new law that says privacy is assumed absolute across all matters unless permission is otherwise given
    c) ... nothing else?

    Seriously, I don't know why anything should be otherwise. No one in any industry should be allowed to share my information with anyone else unless I gave them permission.

    I realize that is not how it is now, but it is how it SHOULD BE.

Wernher von Braun settled for a V-2 when he coulda had a V-8.

Working...