The Year’s Biggest Winners and Losers in Privacy and Security

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Hands down, the biggest "losers" when it comes to privacy was the general public.

But you were also the biggest loser this year in terms of privacy and security. Ongoing revelations about the NSA’s widespread surveillance have made it clear that the intelligence agency, and its spy partners in the UK and elsewhere, will not rest until they’ve seized or deciphered every bit of your data.
 
Blame for this and a few dozen other issues can be put entirely on our currently dysfunctional SCOTUS imo. It's open season on our privacy and free speech rights only because the internet is currently and errantly classified as an "information service" by this Court, instead of what it actually is: the world's most used and essential common carrier utility. This is the core issue imo, because when the classification is corrected, many if not most of the current rape-based revenue generators (user tracking etc) will no longer be allowed -- just as nobody in our country is allowed to track phone calls or postal mail without a legal reason to do so. I think it must be and will be a very bitter pill to swallow for companies (Google, Facebook etc) that have become accustomed to corporate totalitarianism and rape (respectively) as valid business models, to finally be forced to find legitimate sources of revenue, instead of trampling all over our basic right to privacy in our private communications.
 
Although I have not looked into this in any detail, on the surface of your statement JeffDC I actually agree with you.
 
The key?

Without a legal reason to do so

They make that part up as they go along thus privacy is an illusion.

No need to even address the fact that with the advent of the cell phone everyone takes pictures of everything these days.
 
You can't use the cloud with an expectation of privacy. That's the takeaway everyone should have after 2014. You still have privacy, just keep your stuff on your own hard drive and don't send it on the internet or with your cell phone. They don't have any data you don't transmit.
 
You can't use the cloud with an expectation of privacy. That's the takeaway everyone should have after 2014. You still have privacy, just keep your stuff on your own hard drive and don't send it on the internet or with your cell phone. They don't have any data you don't transmit.
At the risk of stating the obvious, "the cloud" and "the internet" are not interchangeable terms. E.g. email legally is presumed private not public in most cases, and processing of email is absolutely independent of publicly accessible servers, unlike the cloud.
 
JeffDC, Do you find a difference, when it comes to a reasonable expectation of privacy, between an email account that is linked to a paid service, versus an email account that is a free offering from a business in which the user has provided to "real" personal information to substantiate his identity, no address, phone number, credit card number, etc.?

It seems to me that if you put something of yourself that's you, your personally identifiable information, on the line then you have established that the linked communications are in fact yours and you care about and "pay for" an expectation of privacy and that this is in fact, reasonable. In reflection, if you put nothing of yourself on the line and do not pay for a service, that you don't reasonably care enough about it and don't deserve the same level of consideration.

I think that this would be an important step for people to grab onto and take. It sure would make it easier to show what you do or do not expect to be protected and would form a solid foundation for determining what form of internet based communications a person should reasonably expect to be protected and private. If I pay for it, if I put "me" behind it, then as a US citizen I should expect it to be protected unless of course I'm spending a lot of time on KakaoTalk with Kim Jong un :D
 
8knvgncrv
 
At the risk of stating the obvious, "the cloud" and "the internet" are not interchangeable terms. E.g. email legally is presumed private not public in most cases, and processing of email is absolutely independent of publicly accessible servers, unlike the cloud.

I remember in mid-late 1990s people telling me e-mail was like a post-card anyone inbetween could read it and it should be treated as such. I even thought that's why PGP had been around so long.

I just wonder when people started thinking it was private and that keeping their e-mails stored on webmail servers kept it private.
 
I paid nearly $700 for an android phone, of which a key component of its operating functions depend on having a Google account. So, I don't buy the argument that my particular Google account was or is "free", and I believe I should expect some level of privacy associated with it in a just world.
 
Forgot to mention,

Apple took the lead when it announced that the operating system, iOS8, would encrypt nearly all data on iPhones and iPads by default—including text messages, photos and contacts—and that Apple itself would not be able to decrypt it without the user’s passcode.

Doesn't that pretty much destroy the argument that these types of communications are not private? I mean, Congress is so stupid that they believe we are still on analog systems that they seem to equate to a c.b. radio.....which anyone can intercept.

/notice how Google doesn't seem to be following Apple's initiative of employing encryption methods which they themselves won't be able to decrypt because they wont have the key, as true privacy crushes a key component of Google 's business model.
 
I paid nearly $700 for an android phone, of which a key component of its operating functions depend on having a Google account. So, I don't buy the argument that my particular Google account was or is "free", and I believe I should expect some level of privacy associated with it in a just world.

Me too, but I also use Cox as my ISP and they provide me ten email accounts as part of that service which also deserve to be protected. But if I then go to Yahoo and make up an email account to use for those situations where I know I'm going to get spammed and stuff, that to me is a disposable account and if I got a letter saying the Justice Department had accessed that account I might be a little concerned, but only a little because I view it as a throw away, one I created specifically to isolate me from "me" if you see what I mean.
 
JeffDC, Do you find a difference, when it comes to a reasonable expectation of privacy, between an email account that is linked to a paid service, versus an email account that is a free offering from a business in which the user has provided to "real" personal information to substantiate his identity, no address, phone number, credit card number, etc.?
The way I understand it, and I'm not a lawyer, privately owned/operated sites in our country are free to set whatever TOS they wish for email. It's why e.g. Facebook was legally allowed to scan user email for links and force advertising based on what it found. But email sent or received outside a single private entity's domain is and should be presumed private, the same as a telephone conversation. Again I believe the Title I/II protections that have served our phone network well (imo) for 80 years will eventually do likewise or better with the internet. Or IOW what possibility exists that AT&T and Verizon could get away with requiring customers to listen to or watch commercials before using a phone?

But imo the larger problem is the ridiculous attempt by companies to be God with our desires. It's a separate issue from legality. Everyone from Amazon to eBay is doing it, ime they miss far more often than they hit, which makes it irritating if not offensive. E.g. 12 years ago someone in my family bought a single marginally LGBT film, and they're still trying to sell us more of them. In most cases companies intentionally provide no way to edit or delete the purchase and browsing history on which this advertising is based. I mention the problem because imo it's one of the few that won't be eliminated or probably even affected by utility protection of internet traffic.

It seems to me that if you put something of yourself that's you, your personally identifiable information, on the line then you have established that the linked communications are in fact yours and you care about and "pay for" an expectation of privacy and that this is in fact, reasonable. In reflection, if you put nothing of yourself on the line and do not pay for a service, that you don't reasonably care enough about it and don't deserve the same level of consideration.
If you're claiming there's no such thing as expectation of privacy unless you pay money for it, thankfully it's not how our Constitution works. E.g do you need to pay the USPS additional money to keep your postal mail from being opened and read?
 
Forgot to mention,



Doesn't that pretty much destroy the argument that these types of communications are not private? I mean, Congress is so stupid that they believe we are still on analog systems that they seem to equate to a c.b. radio.....which anyone can intercept.

/notice how Google doesn't seem to be following Apple's initiative of employing encryption methods which they themselves won't be able to decrypt because they wont have the key, as true privacy crushes a key component of Google 's business model.

I think that although you have a correct view of what our privacy rights should look like in the real world, you have some misunderstandings or incomplete views.

First, IOS8 doesn't mean your data is all secured and can't be gotten to.
http://money.cnn.com/2014/09/18/technology/mobile/apple-ios-8-security/
Face it, the cops or the FBI grab you and your phone and subpoena the contents, you'll end up with two choices, give it to them or be tied up in court and possibly still sitting in jail while they wait you out. Claiming you don't remember a password/pin/key or claiming they can't force you to divulge it won't help because all the court has to do is compel you to "back it up" to a cloud service that they can then access. Apple is playing a game and it's a game that will probably backfire because all it takes is a new law to crush the existing protection.

Think of it this way, the Government has the power to demand the data when the cause is justifiable. Apple engineers a means to avoid compliance. The Government simply makes that engineered solution illegal because the company is no long able to comply with valid government/court demands for data due to an engineered choice.

Apple's choice to do this ignores truly legitimate needs for the government to gain access to data whether the data is of an intelligence or law enforcement nature. The government has been playing nice with Apple so far but sooner or later either Apple will get cornered and have to cave or the government will take the gloves off and knowing how the government sometimes screws shit up, the situation might get far worse again before it ever get's better.
 
The way I understand it, and I'm not a lawyer, privately owned/operated sites in our country are free to set whatever TOS they wish for email. It's why e.g. Facebook was legally allowed to scan user email for links and force advertising based on what it found. But email sent or received outside a single private entity's domain is and should be presumed private, the same as a telephone conversation. Again I believe the Title I/II protections that have served our phone network well (imo) for 80 years will eventually do likewise or better with the internet. Or IOW what possibility exists that AT&T and Verizon could get away with requiring customers to listen to or watch commercials before using a phone?

But imo the larger problem is the ridiculous attempt by companies to be God with our desires. It's a separate issue from legality. Everyone from Amazon to eBay is doing it, ime they miss far more often than they hit, which makes it irritating if not offensive. E.g. 12 years ago someone in my family bought a single marginally LGBT film, and they're still trying to sell us more of them. In most cases companies intentionally provide no way to edit or delete the purchase and browsing history on which this advertising is based. I mention the problem because imo it's one of the few that won't be eliminated or probably even affected by utility protection of internet traffic.

If you're claiming there's no such thing as expectation of privacy unless you pay money for it, thankfully it's not how our Constitution works. E.g do you need to pay the USPS additional money to keep your postal mail from being opened and read?

JeffDC, to the first part of the discussion, having an expectation of privacy is largely dependent on first, have a "right" to privacy to begin with. This isn't even universal to start with. A citizen of Indonesia who lives in Indonesia and creates an email account, paid or free, on a US Businesses' server has no right to privacy here in the US. If this same individual travels to the US on vacation they are still not protected under the constitution or US law from Intelligence Organizations though they may gain some protection from Law Enforcement. If this person get's a job with a US business they then gain protection as a US Person just the same as a US Citizen as long as their status remains this way.

Because of all these variables you are incorrect to view the issue from any point of view other then "who the person is, and what their status is", when you address the person's right to privacy. Now if a person does in fact have a right to privacy, then you can begin looking at reasonable expectations. But you must determine a right to privacy first, that's why blanket protects like Apple's attempt with IOS8 to universally protect all customers regardless of who they are is a fools' errand and the harder they fight along this tact the worse the legislation will be when the law makers come out to break them.

Your second issue is not an issue, I was not making a universal claim and my question to you was specific. If I create an email account and use a bogus name, bogus address, and there is no personally identifiable information of mine associated with the account, when someone access that account who has been hurt? If you don't put anything of yourself into it, how can you claim to expect that it be treated as yours?
 
Your second issue is not an issue, I was not making a universal claim and my question to you was specific. If I create an email account and use a bogus name, bogus address, and there is no personally identifiable information of mine associated with the account, when someone access that account who has been hurt? If you don't put anything of yourself into it, how can you claim to expect that it be treated as yours?
My answer to you was also specific. Does the USPS require proof of citizenship before allowing people to mail letters? Do they maintain two sets of privacy standards depending on this status? Do phone companies require proof of citizenship when someone uses a telephone, and do they maintain two sets of privacy standards for U.S. citizens and non-citizens?

The carriers of internet traffic not only should be completely blind to the question, they are always blind in all cases, whether they wish to admit it or not. Nobody is ever really sure who sits behind any given keyboard, verified or not. Often today there's no human being at all behind the keyboard.
 
Why do you ask this question in relationship to what USPS and Phone Companies do, neither are Law Enforcement or an intelligence Service.

Do you know how mail is treated that enters the country for a foreign destination other then an APO?

Do you understand that for over 60 years every overseas phone call was intercepted and recorded even if a US Person was on one end of the call?

Under Privacy Laws related to the US Mail, they are covered under 18 US Code and 5 U.S. Code.
This should be very telling for you.
http://www.law.cornell.edu/uscode/text/5/552a

(a) Definitions.— For purposes of this section—
(1) the term “agency” means agency as defined in section 552 (e) [1] of this title;
(2) the term “individual” means a citizen of the United States or an alien lawfully admitted for permanent residence;

If you browse through this document you begin to see that all statements of Protections reference "Individuals" and that the definition of who is an Individual is not as broad as one might think.
 
Why do you ask this question in relationship to what USPS and Phone Companies do, neither are Law Enforcement or an intelligence Service.
Both are common carrier utilities, as is the internet. The latter simply hasn't yet been legally recognized as such.

Do you know how mail is treated that enters the country for a foreign destination other then an APO?

Do you understand that for over 60 years every overseas phone call was intercepted and recorded even if a US Person was on one end of the call?

Under Privacy Laws related to the US Mail, they are covered under 18 US Code and 5 U.S. Code.
This should be very telling for you.
http://www.law.cornell.edu/uscode/text/5/552a
These are straw men arguments, since obviously I'm talking about domestic U.S. traffic. Regulation of traffic beyond our borders is neither claimed nor possible.
 
But the utilities are not the ones who ensure your privacy or who will, when justified, over ride it. Primarily your rights to privacy are defined in your relationship with our government, protections to what the government can and can't do. Not so much as to what citizens and businesses do, the lines get fuzzy and strength is diluted when the Government isn't in the equation. Of course USPS is a government entity whereas the phone carriers are not so they are not treated the same.

These are straw men arguments, since obviously I'm talking about domestic U.S. traffic. Regulation of traffic beyond our borders is neither claimed nor possible.

No they are not, because you are missing or forgetting the distinction I pointed out above, it's not about 'What", it's about "who". Who has protections, not what is protected, who is sending, talking, storing, not what is being stored or how they are doing it.

As long as you look at these issues and what the government does, and how reporters report, without focusing on Who then you'll be looking at it from the wrong angle.

So snagging email is wrong, unless it's email belonging to a non-US Person.
Warrant-less wiretapping is wrong, unless it's a non-US Person's phone.
Examining/opening someone's letters and packages is wrong, unless it is sent from a non-US Person or enters the US from outside the country, (other then an APO).

When these reporters neglect to specify in their articles these distinctions and leave it up to the readers to infer on their own, they are doing it by design because they want you to have the wrong impression. You can't address these issues by blindly assuming everything is only about US Persons because that is simply not reality.

Who, not what or when or even why, only who.
 
But the utilities are not the ones who ensure your privacy
Depends what you mean by ensure. The legal protection comes from our government, implementation of it is by public and private utilities. If you haven't already, read the history of why the Communications Act of 1934 (the Title I/II protections being considered for internet traffic) was proposed and passed. We have the same situation today except with a different utility, and in 80 years nobody has ever found a third alternative to protecting a utility from decay and eventual destruction by the corporate profit motive.
 
Back
Top