There's Privacy, Then There's Practicality
from the now-you-know-i-run-really-slowly dept
We first posted last week about the minor uproar that developed after some security researchers said that the Nike+iPod unit, which lets runners track their workouts, could be used to "track" people. However, as we pointed out, trying to track someone with the device was rather impractical -- almost to the point of uselessness. But the story has continued to smolder, and yesterday well-known security blogger Bruce Schneier weighed in with a post slamming Nike and Apple for failing to consider the privacy implications of the product before putting it on the market and calling for a law "requiring companies to add security into these sorts of systems", which fits nicely with the original researchers' calls for a body to investigate the privacy implications of every new product. Schneier doesn't accuse the companies of being evil, just lazy -- but what seems more realistic is that they probably did consider the privacy implications of the wireless device, and realized that any information that could be gleaned from it was relatively useless, and that any method of tracking somebody with it would be discouragingly cumbersome. And, if so, they're right: calling what one could do with this device "tracking" is a stretch. To actually track someone with it, a person would have to place one of the researchers' $250 readers every 100 feet or so, or follow them within 60 feet, which sort of defeats the point. While all too often companies act with disregard for privacy, practicality has to enter in somewhere, before people start calling for new laws and restrictions. Crying the privacy equivalent of wolf on rather harmless products doesn't help; if anything, it marginalizes legitimate concerns and complaints and makes them easier to ignore.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
How bad laws start
All ideas for bad laws start with "there ought to be a law. . ."
This is then compounded by the fact that some lawmaker listens but doesn't understand.
[ link to this | view in chronology ]
welll..
[ link to this | view in chronology ]
It is important for Schneier and others to bring this up now to try and headoff the major threats to privacy before they are implemented. RFIDs and other systems which broadcast a unique ID will be serious privacy threats in the very near future. All those who "poo poo" the issue are ignoring the evidence that the temptation to collect as much data as possible on individuals is irresistible to companies and government via the web (Amazon, Google, DoubleClick, etc), and in person (club cards, Fast Pass scanners on freeways to monitor traffic flow, DHS's " Automated Targeting System" tracking and scoring **all** travelers for security risks). These companies and governmental organizations hold on to their data as long as possible, so the privacy threat is enormous.
When RFIDs in consumer goods, credit cards, government issued IDs and others are added to the mix along with transaction based scanning, companies and government organizations obtain the ability to track individuals with increasingly precise resolution and invasion of their personal lives--where they go, what they do and buy and, to a large extent, even what they think based on their patterns and preferences. This is happing now and isn't speculation, the only question is how much worse we are going to let it get.
Criticizing Schneier for showing the lack of security considerations in everyday products isn't the way to work towards reducing the privacy threat that is in progress.
[ link to this | view in chronology ]
Re:
Obviously proliferation of numerous tracking (capable) devices is a concern that should be addressed, but pointing finger every which way won't help it.
As far as slippery slope goes, at 1 mile of tracking distance you can start worrying. Also, you are forgetting about PRACTICALITY. Even with a 1 mile tracking radius, you will need several tracking stations to actually be able to calculate where the person is. And if someone has the time/money to do that, you can bet your hidden-nazi-gold that they will track you down even if there were no RFIDs to speak of.
[ link to this | view in chronology ]
Re: (scarper)
Then he needs to define what "due consideration" is. "Due consideration" to one company may not be the same to another. If due consideration is defined, the required resources may be too great for smaller companies (such as mine with about 20 people) to compete with larger companies (Apple with 1000+ people).
[ link to this | view in chronology ]
no.
then you know that after she left the store... she was away from the car for 2 hours... before she came home.
it doesn't tell you where she stopped, but you know she stopped somewhere.
[ link to this | view in chronology ]
while yes the threshold is a sticky topic, one must also realize that you willingly buy this product(and use/not use it also).
anyways its much cheaper to track you're movements via cell phone if someone really wanted to.
[ link to this | view in chronology ]
Also, all aquatic mammals should be killed off, because you COULD stuff a nuke into a humpback whale and blow up the west coast.
[ link to this | view in chronology ]
ITS TRUE! IVE SEEN IT!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
If you were a real sceptic (as opposed to someone who goes by that name but has his mind already made up) you might consider the implications of your statement.
Here, I'll help:
This devalues any of your future arguments regarding security, since it establishes you and others like you [such a lovely, weasely turn of phrase!] as over-reacting critics with little concern for the actual dangers.
[ link to this | view in chronology ]
Re: Dennis Savage
Here, I'll help you too, my generous friend:
You have "turned" the wording on me, yet you didn't even try to back it up. I'll chew this for you a little bit more. The metaphor of "crying wolf" has to do with people raising fears for no or very little reason and by the time a real danger comes, people are too tired of hearing it and ignore the finally true cry for wolf. In Nike case, it is most definitely crying wolf over a product that can hardly be practically or usefully used for spying on people.
A better approach instead would be starting with products/devices that are CERTAINLY a danger to privacy and bringing people's awareness about technology so they could actually understand what the risks are instead of being scared of every toaster they buy from now on. RFIDs in your passport and credit cards are much more dangerous to your privacy than any Nike/Apple product. It quite easily allows institutional spying: any airport has numerous chances to scan for who is moving where and what cards they have with them. And that's just one example.
One person that was worried about slippery slope should remember that it goes the other way. You can always start with technology that is OBVIOUSLY dangerous to your security/privacy and then expand from there until you arrive to products that are obviously not dangerous privacy.
Dear Dennis, I bet you thought that I am in favor of RFIDs and any other spy techniques, which is why you decided to pointlessly try to quote me against myself. Although I tried showing you what I think is a better approach in the battle to keep our privacy, you are free to misquote and misunderstand me as you wish. I still would like to see your point of view on the matter without lame trolling, that usually helps the debate better. Care to prove that you can do that?
[ link to this | view in chronology ]
It kinda makes sense to mention this...
This isn't big enough to be the next "hot button" issue but I think it is worth talking about.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
As RFID become cheaper it may become impossible for you to do that except for the very cheapest of items. That is why Schneier's article is important.
"anyways its much cheaper to track you're movements via cell phone if someone really wanted to."
Indeed, it is and the police do do this. However, merchants currently can't track you this way because they can't associate your cell phone's ID, which is transmitted every 30 seconds, with your identifying information. There are both privacy laws and technical limitations which make associating you with your cell phone less than idea. RFID chips, however, can be polled at any time and can be associated with you at time of transaction and RFID chips are not covered by the privacy laws that apply to telecommunications companies.
Although the privacy implications of the Nike+iPod may not set fire to the imaginations of some, they are an important lesson in how our privacy is rapidly eroding due to negligence and apathy. The "no big deal" attitude of the OP and many commenters provides a further example of indignant apathy that could lead to the eventual destruction of the idea of privacy as a right.
[ link to this | view in chronology ]
Bluetooth
[ link to this | view in chronology ]
privacy
[ link to this | view in chronology ]
That is just absolute balderdash. Total lack of regulation != privacy !!!!
[ link to this | view in chronology ]
Why every 100 ft?
Retreive it at a later date and see where they've been?
[ link to this | view in chronology ]