Sunday, December 31, 2006

The Privacy Year: 2006 sent mixed messages

So, as the year ends, what did 2006 do for privacy?

Well, there was plenty of coverage of security breaches that exposed personal data. According to the good folks at Privacy Rights Clearing House, the approximate minimum total number of PII potentially compromised in 2006: 48,419,936. They have a very interesting breakdown right here.

And this was the worst year ever, right? Wrong, the total for 2005 was 54,843,000. But aren't we getting better at catching the culprits? Well, according to Privacy Rights Clearing House, the number of data-breach identity thieves sentenced in 2006 was, wait for it: 5.

So, not a good year for privacy. But maybe not the worst year ever. Let's see what 2007 brings.

Sunday, December 10, 2006

The Real Meaning of Privacy Invasion

At this time of the year some people like to talk about the real meaning of things. So how about the real meaning of "privacy invasion"? These days people often say "my privacy was invaded" after somebody has exposed private information about them. Journalists write "Lax security leads to huge data breach, privacy invasion."

But what is there about Personally Identifiable Information being exposed that suggests the verb "invade" or the noun "invasion"? When we learn that Google keeps a lot of data about how we use the web, data that can be linked to us individually, what aspect of this suggests "to enter forcefully as an enemy; go into with hostile intent"? You might not like it, but surely the term invasion is wrongly applied in cases such as this.

Indeed, the term "invasion of privacy" started out as a way of describing what today we might characterize as people "putting their stuff in your face." Consider a couple who are arguing in voices so loud that the neighbors can hear. That is an invasion of their nieghbors' privacy, information about other people forcing its way in your world. Here's a real world example. I think my privacy was invaded when I was sitting in an aisle seat on a plane a few years ago and a young woman stood in the aisle, waiting to deplane, with her back to me, wearing a bolero top and low cut jeans, thereby revealing to me--before I had time to avert my eyes--an elaborate tattoo reaching down to her butt crack and featuring the word: Daddy.

This is not something I wanted to see. But I was pretty much forced to see it. My space was invaded. My private world was invaded. This might sound old-fashioned, but that's partly the point. People used to be able to go out in public without too much fear that deeply personal aspects of their fellow citizens would intrude upon them. I'm all for people doing whatever they like in private (as long as it causes no harm to the person or property of others) but I think I have a right not to be forced to know about it. That is one privacy right that is too often overlooked.

Sunday, December 3, 2006

Spam really is getting worse, TEOS to the rescue?

"Between May and the end of 2006, the absolute volume of spam has increased by about 100%, said Michael Osterman, president of Black Diamond, Wash.-based Osterman Research. In fact, some estimates suggest that up to 85% of all email is spam."
No, it is not your imagination. You have been getting more spam this quarter. Check out this great set of links to spam statistics. Despite all the laws, lawsuits, fines, filters, counter-measures, the surges of spam continue to clog the net and waste our time and resources.

Of course, this was fairly predictable. We researched this back in 2001 and developed some potentially effective technical responses that were ready to roll by 2002. By early 2003 we were prepared to offer them to the world as the Trusted Email Open Standard or TEOS. The missing ingredient back then was cooperation between the major email providers. That ingredient is still missing today, which is a pity because between them these companies have the power to impose improved email protocols that would greatly reduce spam. Sadly, they prefer to use spam, or rather anti-spam features, as a product differentiator, a way to attract customers, particularly from the smaller, regional Internet Service Providers.

If ever these companies have a change of heart, TEOS is still there, and is still a wealth of good ideas about how to attack the spam problem more effectively than anything we have seen so far.