September 19, 2018

Archives for February 2003

Another Attempted Suppression of Security Research

Researchers at Cambridge University published information on a flaw in banks’ procedures that rogue bank employees may have been using to learn the PINs from many customers’ ATM cards. It has always been easy to forge ATM cards, so knowing the PIN allows criminals to steal money easily from customers’ accounts. Now some banks are apparently trying to suppress the research.

Kuro5hin has the details.

The interesting twist here is that the banks sometimes bring legal actions against customers who they accuse of overdrawing their accounts by making excessive ATM withdrawals. The customers’ defense is often that they didn’t make the withdrawals. The banks argue that their security mechanisms prevent fraud, so if the withdrawals were made, it must have been the customers who made them. Because of this, the security of the banks’ systems and procedures are a central issue in such cases, and the availability of evidence on such issues is important to ensure that the accused customers can mount a proper defense.

"Accidental Privacy Spills"

Don’t miss James Grimmelmann’s essay of that title over at LawMeme. The essay tells the story of how an email that journalist Laurie Garrett sent to a few friends leaked out gradually onto the Internet, and reflects on the implications of this kind of leak.

Free Storage

Dan Gillmor’s Sunday column points out that hard-disk data storage now costs less than one dollar per gigabyte. Thanks to Moore’s law, the cost of storage is asymptotically approaching zero. It’s interesting to stop and think about what happens as storage becomes essentially free.

Traditionally, storing data has been expensive, so we spent time sorting through our stored data to see what we could discard. We only kept something if we really needed it.

If storage is nearly free, though, the traditional cost equation inverts – it becomes much cheaper to keep information than to worry about whether to delete it. Why go to the trouble and expense to sort through your old stuff, when instead you can just keep it forever?

If storage is free, then the only reason to delete a record is because it might embarrass you, or because it might put you in a bad legal position somehow. In such a world, the very fact that you deleted something would arouse suspicion.

The same logic applies to information that you’re not recording now. If it’s free to store information, then you might as well record it, just in case it turns out to be useful. Even if you’re not sure how it might be useful, the cheap and easy course will be to record everything. You don’t have to be a conspiracy theorist to see why it might occasionally be useful to store, say, photographs of everybody you meet, or a continuous video recording of the street outside your house.

All of this has serious implications for privacy. People will avoid excessive recording of their own activities, but the temptation to record others, just in case the recording might be useful, will be strong. If cost is no longer a barrier to surveillance by our neighbors, some new barrier has to arise. What will it be?