There's Privacy, Then There's Practicality

from the now-you-know-i-run-really-slowly dept

We first posted last week about the minor uproar that developed after some security researchers said that the Nike+iPod unit, which lets runners track their workouts, could be used to "track" people. However, as we pointed out, trying to track someone with the device was rather impractical -- almost to the point of uselessness. But the story has continued to smolder, and yesterday well-known security blogger Bruce Schneier weighed in with a post slamming Nike and Apple for failing to consider the privacy implications of the product before putting it on the market and calling for a law "requiring companies to add security into these sorts of systems", which fits nicely with the original researchers' calls for a body to investigate the privacy implications of every new product. Schneier doesn't accuse the companies of being evil, just lazy -- but what seems more realistic is that they probably did consider the privacy implications of the wireless device, and realized that any information that could be gleaned from it was relatively useless, and that any method of tracking somebody with it would be discouragingly cumbersome. And, if so, they're right: calling what one could do with this device "tracking" is a stretch. To actually track someone with it, a person would have to place one of the researchers' $250 readers every 100 feet or so, or follow them within 60 feet, which sort of defeats the point. While all too often companies act with disregard for privacy, practicality has to enter in somewhere, before people start calling for new laws and restrictions. Crying the privacy equivalent of wolf on rather harmless products doesn't help; if anything, it marginalizes legitimate concerns and complaints and makes them easier to ignore.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    First Post, 14 Dec 2006 @ 10:12am

    How bad laws start

    theory:

    All ideas for bad laws start with "there ought to be a law. . ."

    This is then compounded by the fact that some lawmaker listens but doesn't understand.

    link to this | view in thread ]

  2. identicon
    ChrisO, 14 Dec 2006 @ 10:17am

    welll..

    The only concern I have is basically the slippery slope arguement - if the tracking devices needed to be every 300ft, is that ok? Every 1000ft? Every mile? every 10miles? What is the exact threshold where you say it is ok?

    link to this | view in thread ]

  3. identicon
    scarper, 14 Dec 2006 @ 10:34am

    Schneier is right on track with this one. He doesn't make any broad claims and only points out that companies need to give due consideration to security issues. Techdirt is saying that the security issue is minimal so Schneier shouldn't have brought it up. I disagree. We shouldn't wait for disasters waiting to happen to happen before we respond--which is, in part, what Techdirt is suggesting he do. Schneier is bringing up an important issue **before** it has become a real threat.

    It is important for Schneier and others to bring this up now to try and headoff the major threats to privacy before they are implemented. RFIDs and other systems which broadcast a unique ID will be serious privacy threats in the very near future. All those who "poo poo" the issue are ignoring the evidence that the temptation to collect as much data as possible on individuals is irresistible to companies and government via the web (Amazon, Google, DoubleClick, etc), and in person (club cards, Fast Pass scanners on freeways to monitor traffic flow, DHS's " Automated Targeting System" tracking and scoring **all** travelers for security risks). These companies and governmental organizations hold on to their data as long as possible, so the privacy threat is enormous.

    When RFIDs in consumer goods, credit cards, government issued IDs and others are added to the mix along with transaction based scanning, companies and government organizations obtain the ability to track individuals with increasingly precise resolution and invasion of their personal lives--where they go, what they do and buy and, to a large extent, even what they think based on their patterns and preferences. This is happing now and isn't speculation, the only question is how much worse we are going to let it get.

    Criticizing Schneier for showing the lack of security considerations in everyday products isn't the way to work towards reducing the privacy threat that is in progress.

    link to this | view in thread ]

  4. identicon
    Ryan, 14 Dec 2006 @ 10:43am

    no.

    haven't you seen the law and order episode? All you need to do is put a sensor on your door, your wife's work, her car, grocery store, etc...

    then you know that after she left the store... she was away from the car for 2 hours... before she came home.

    it doesn't tell you where she stopped, but you know she stopped somewhere.

    link to this | view in thread ]

  5. identicon
    hoeppner, 14 Dec 2006 @ 10:45am

    chuck the batteries out if you're affraid.

    while yes the threshold is a sticky topic, one must also realize that you willingly buy this product(and use/not use it also).

    anyways its much cheaper to track you're movements via cell phone if someone really wanted to.

    link to this | view in thread ]

  6. identicon
    sceptic, 14 Dec 2006 @ 10:48am

    Re:

    Some people commenting apparently missed the point of this article. The problem here is that Schneier is crying wolf about a product that has little practical danger to one's privacy. That devalues any of their future arguments regarding security, since it establishes him and others like him as over-reacting critics with little concern for the actual dangers.
    Obviously proliferation of numerous tracking (capable) devices is a concern that should be addressed, but pointing finger every which way won't help it.

    As far as slippery slope goes, at 1 mile of tracking distance you can start worrying. Also, you are forgetting about PRACTICALITY. Even with a 1 mile tracking radius, you will need several tracking stations to actually be able to calculate where the person is. And if someone has the time/money to do that, you can bet your hidden-nazi-gold that they will track you down even if there were no RFIDs to speak of.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 14 Dec 2006 @ 10:51am

    People who are concerned about being "tracked" should probably avoid purchasing devices that monitor their movement, regardless of any range requirements. They should also avoid cell phones or satellite radio. Encryption doesn't change where the signal is being received.

    Also, all aquatic mammals should be killed off, because you COULD stuff a nuke into a humpback whale and blow up the west coast.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 14 Dec 2006 @ 10:59am

    "Also, all aquatic mammals should be killed off, because you COULD stuff a nuke into a humpback whale and blow up the west coast."

    ITS TRUE! IVE SEEN IT!

    link to this | view in thread ]

  9. identicon
    Dennis Savage, 14 Dec 2006 @ 11:27am

    "That devalues any of their future arguments regarding security, since it establishes him and others like him as over-reacting critics with little concern for the actual dangers."

    If you were a real sceptic (as opposed to someone who goes by that name but has his mind already made up) you might consider the implications of your statement.

    Here, I'll help:

    This devalues any of your future arguments regarding security, since it establishes you and others like you [such a lovely, weasely turn of phrase!] as over-reacting critics with little concern for the actual dangers.

    link to this | view in thread ]

  10. identicon
    whargoul, 14 Dec 2006 @ 11:46am

    Re: (scarper)

    ...only points out that companies need to give due consideration to security issues...

    Then he needs to define what "due consideration" is. "Due consideration" to one company may not be the same to another. If due consideration is defined, the required resources may be too great for smaller companies (such as mine with about 20 people) to compete with larger companies (Apple with 1000+ people).

    link to this | view in thread ]

  11. identicon
    Sanguine Dream, 14 Dec 2006 @ 11:59am

    It kinda makes sense to mention this...

    simply because the threat to privacy is real even if it is somewhat unlikely. Is worth a massive uproar and the addition of a law that would ultimately be ineffective? No.

    This isn't big enough to be the next "hot button" issue but I think it is worth talking about.

    link to this | view in thread ]

  12. identicon
    Koz, 14 Dec 2006 @ 12:07pm

    You seem to assume that any tracking needs to be continuous to violate security in a practical way, but if you think about it you just need to "track" key points in the training route(s) to reveal a lot. And you may not be interested in just one target - you could track a lot of people !.

    link to this | view in thread ]

  13. identicon
    scarper, 14 Dec 2006 @ 12:24pm

    "People who are concerned about being "tracked" should probably avoid purchasing devices that monitor their movement, regardless of any range requirements"

    As RFID become cheaper it may become impossible for you to do that except for the very cheapest of items. That is why Schneier's article is important.

    "anyways its much cheaper to track you're movements via cell phone if someone really wanted to."

    Indeed, it is and the police do do this. However, merchants currently can't track you this way because they can't associate your cell phone's ID, which is transmitted every 30 seconds, with your identifying information. There are both privacy laws and technical limitations which make associating you with your cell phone less than idea. RFID chips, however, can be polled at any time and can be associated with you at time of transaction and RFID chips are not covered by the privacy laws that apply to telecommunications companies.

    Although the privacy implications of the Nike+iPod may not set fire to the imaginations of some, they are an important lesson in how our privacy is rapidly eroding due to negligence and apathy. The "no big deal" attitude of the OP and many commenters provides a further example of indignant apathy that could lead to the eventual destruction of the idea of privacy as a right.

    link to this | view in thread ]

  14. identicon
    D, 14 Dec 2006 @ 12:35pm

    Bluetooth

    Then we should all be more concerned about being tracked through the bluetooth headsets that many use. These devices were around long before the Nike+iPod, and they are also not covered by privacy laws which apply to telecommunications companies. If Schneier were truly concerned, he would use the predominant technology as an example instead of a minor gadget with little market penetration.

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 14 Dec 2006 @ 12:55pm

    Re:

    You're apparently confused. AFAIK no whale ever tried to blow up the west coast, but I seem to recall the west coast attempting to blow up a whale once...

    link to this | view in thread ]

  16. identicon
    KuanYin, 14 Dec 2006 @ 1:07pm

    privacy

    I agree with you in regards to the practicality. But let me add just one thing to that, we really don't need any more of those silly laws governing every tiny part of our lives. The more laws, the more the government gets involved, the less freedom or privacy you will have.

    link to this | view in thread ]

  17. identicon
    sceptic, 14 Dec 2006 @ 1:19pm

    Re: Dennis Savage

    Hmmm, weaselly way of proving nothing.

    Here, I'll help you too, my generous friend:

    You have "turned" the wording on me, yet you didn't even try to back it up. I'll chew this for you a little bit more. The metaphor of "crying wolf" has to do with people raising fears for no or very little reason and by the time a real danger comes, people are too tired of hearing it and ignore the finally true cry for wolf. In Nike case, it is most definitely crying wolf over a product that can hardly be practically or usefully used for spying on people.
    A better approach instead would be starting with products/devices that are CERTAINLY a danger to privacy and bringing people's awareness about technology so they could actually understand what the risks are instead of being scared of every toaster they buy from now on. RFIDs in your passport and credit cards are much more dangerous to your privacy than any Nike/Apple product. It quite easily allows institutional spying: any airport has numerous chances to scan for who is moving where and what cards they have with them. And that's just one example.

    One person that was worried about slippery slope should remember that it goes the other way. You can always start with technology that is OBVIOUSLY dangerous to your security/privacy and then expand from there until you arrive to products that are obviously not dangerous privacy.

    Dear Dennis, I bet you thought that I am in favor of RFIDs and any other spy techniques, which is why you decided to pointlessly try to quote me against myself. Although I tried showing you what I think is a better approach in the battle to keep our privacy, you are free to misquote and misunderstand me as you wish. I still would like to see your point of view on the matter without lame trolling, that usually helps the debate better. Care to prove that you can do that?

    link to this | view in thread ]

  18. identicon
    scarper, 14 Dec 2006 @ 4:54pm

    "The more laws, the more the government gets involved, the less freedom or privacy you will have."

    That is just absolute balderdash. Total lack of regulation != privacy !!!!

    link to this | view in thread ]

  19. identicon
    gehang, 6 Feb 2007 @ 7:18pm

    Why every 100 ft?

    Why would you have to put a reciver every 100 ft? Couldn't you just get a transmitter and an ipod, taple them together, and toss them in the trunk of someones car?

    Retreive it at a later date and see where they've been?

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.