[Prev][Next][Index]
PRIVACY 101, LECTURE II
- Date: Wed, 14 Sep 1994 04:35:33 -0700
- Subject: PRIVACY 101, LECTURE II
- From: owner-privacy101@c2.org
- Apparently-To: privacy101-outgoing@infinity.c2.org
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PRIVACY 101, LECTURE II
THREAT LEVEL MANAGEMENT--THE CALCULUS OF RISK
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Sender: owner-privacy101@c2.org
Precedence: bulk
When I (Sandy) was in private practice, I had some independent
truckers for clients. Before then, I had thought of legality in
black-and-white terms. Something is either legal or illegal.
Like being pregnant, there's no middle ground--you are or you
aren't. But then I learned about the trucking industry. Theory
met reality, and theory lost.
I went on a couple of runs with one of my clients (I'll call him
"Lance"). Just about everything Lance did violated some ICC rule
or state law. He ran "hot loads" (cargoes he was not permitted to
haul, such as processed foods or manufactured goods), he broke
speed limits, his truck loads were too heavy, he went over-hours,
carried a gun and took "road aspirin." But it wasn't just he, it
was *everybody*. If even only half the truckers in America were
to operate in complete legal compliance, we'd all starve and
freeze to death in the dark.
What Lance *was* very careful to do was comply with the ICC and
state rules concerning *running lights*. If one of his lights
burned out, he promptly replaced it. At the same time, he didn't
even try to comply with the driving hours rules. The reason?
Smokey (Highway Patrolman) can see your lights from his car. He
has to stop you to look at your driver's logbook. Because the
likelihood of getting caught for a lights violation was much
greater than for weight, hours, load, etc., it was "more illegal"
in Lance's way of thinking. I called it "variable illegality,"
but the insight was Lance's.
Without formal education, Lance intuitively understood a concept
that some MBAs have trouble mastering--cost/benefit analysis.
And it's a concept that applies to privacy, freedom and your
life, every bit as much as it does to long-haul trucking or
business planning.
Cost/benefit analysis comes into play in at least a couple of
areas of personal privacy. Sometimes taking steps to protect
your privacy are inconvenient; sometimes they are illegal. We
will freely discuss the "convenience costs" of legal steps we
will advocate in this seminar. For obvious reasons, we will not
advise you to take any actions that will violate the law. We
will, however, try to fairly assess the various "legal risk
costs" that some people have accepted to protect their privacy.
To illustrate, let's analyze a simple example. When you get a
phone line, if you do nothing, your name will be listed in the
telephone directory. There are ways this can be avoided, but for
the sake of this example, let's just say the only way is to pay a
monthly "no listing" fee. Your inconvenience cost is three-fold.
First, you have to take the effort to tell the phone company you
want to be unlisted. Second, you have to pay a monthly ransom to
be unlisted (under $1 in California, I think). Third, you run
the risk of missing some opportunities by not being easy to find.
On the other side of the ledger, you benefit by making it more
difficult for enemies, scam artists, harassers, survey takers and
aluminum siding salesmen to get a hold of you.
What should you do? Well that depends on the subjective weight
you give to each of these costs and benefits. In my experience,
being unlisted has been for more beneficial than costly. Your
mileage may vary. The point is, you should make your decision
based on at least a cursory analysis of costs and benefits. By
doing nothing, you are letting someone else make that decision
for *their* benefit. The chances are very slim that their
interests will coincie with your interests.
As obvious as this may seem, it is counter-intuitive to many
participants in the on-going privacy debate. The opposing
position goes something like this: "I don't to get in trouble.
If I break (or bend) the rules, and I'm caught, I might get in
trouble. Therefore, unless you can guarantee that your privacy
techniques are 100% safe, I won't use them."
The problem with this stance, of course, is that it does not
factor in the risk of *not* breaking the rules. The most telling
example this century, is Nazi Germany. The "undesirables" who
broke the rules and got their money and themselves out, lived.
Most of those who followed the rules, died. Cost/benefit
analysis only helps if *all* costs and benefits are factored in.
If you are looking for an effortless, cost-free, "zero risk" way
to protect your privacy, you can tune out now; this seminar is
not for you. There is no benefit without cost. However, our
experience has convinced us that strong privacy benefits are
possible at *acceptable* costs. Below, Duncan has run some of
the numbers that prove it.
The risk that people most worry about is the risk of legal
punishment -- a criminal conviction and jail time. The traditional
method of analyzing the risk (per crime) of arrest and conviction
is to take the total number of actual prison days "earned" by
convictions in some period of time as punishment for a particular
crime and to divide that number by the number of those sorts of
crimes committed in the jurisdiction during that same period of
time. That gives us a "number of days served per crime" number
that neatly wraps up the risk of getting caught, the risk of
conviction, and the average time served per conviction.
Thus if there are (conservatively) 10,000,000 annual acts of tax
evasion by US citizens/residents and 400 people are annually
sentenced to two years for those crimes, the math looks like this:
10,000,000 crimes
800 person/years (292,000 person/days) "awarded" in total.
42 minutes of prison time served per act of tax evasion.
The odds of serving time are thus .00004 or 4 in 100,000. The
odds of being murdered in the US average 8 to 10 in 100,000.
These risks are the average risks of course. Planning can
further reduce them.
Our next lecture will examine specific risks associated with
identity privacy (or the lack of it).
(c) 1994, Frissell and Sandfort
332 Bleecker St., #F-34
New York, NY 10014 USA
Permission is hereby granted to reproduce and distribute
any or all of "Privacy 101" provided this statement and
the above copyright notice and address are included.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Housekeeping
Privacy 101 is a moderated list. We had a slight technical
error in the be beginning that let some posts slip through but
that has been corrected. The purpose of this list is to allow
Sandy and I to prepare and deliver longer essays on privacy topics.
We are trying to write not just for the moment but for a larger
audience who will read this in the future.
This list will be "slower" than a normal listserve list. We actually
have to think before we type.
We are accepting questions and comments, however. We will use them
to make corrections when we're wrong and to make sure we cover
everything people are interested in. Send us messages and we may
decide to use them.