There's Privacy, Then There's Practicality

from the now-you-know-i-run-really-slowly dept

We first posted last week about the minor uproar that developed after some security researchers said that the Nike+iPod unit, which lets runners track their workouts, could be used to “track” people. However, as we pointed out, trying to track someone with the device was rather impractical — almost to the point of uselessness. But the story has continued to smolder, and yesterday well-known security blogger Bruce Schneier weighed in with a post slamming Nike and Apple for failing to consider the privacy implications of the product before putting it on the market and calling for a law “requiring companies to add security into these sorts of systems”, which fits nicely with the original researchers’ calls for a body to investigate the privacy implications of every new product. Schneier doesn’t accuse the companies of being evil, just lazy — but what seems more realistic is that they probably did consider the privacy implications of the wireless device, and realized that any information that could be gleaned from it was relatively useless, and that any method of tracking somebody with it would be discouragingly cumbersome. And, if so, they’re right: calling what one could do with this device “tracking” is a stretch. To actually track someone with it, a person would have to place one of the researchers’ $250 readers every 100 feet or so, or follow them within 60 feet, which sort of defeats the point. While all too often companies act with disregard for privacy, practicality has to enter in somewhere, before people start calling for new laws and restrictions. Crying the privacy equivalent of wolf on rather harmless products doesn’t help; if anything, it marginalizes legitimate concerns and complaints and makes them easier to ignore.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “There's Privacy, Then There's Practicality”

Subscribe: RSS Leave a comment
scarper says:

Schneier is right on track with this one. He doesn’t make any broad claims and only points out that companies need to give due consideration to security issues. Techdirt is saying that the security issue is minimal so Schneier shouldn’t have brought it up. I disagree. We shouldn’t wait for disasters waiting to happen to happen before we respond–which is, in part, what Techdirt is suggesting he do. Schneier is bringing up an important issue **before** it has become a real threat.

It is important for Schneier and others to bring this up now to try and headoff the major threats to privacy before they are implemented. RFIDs and other systems which broadcast a unique ID will be serious privacy threats in the very near future. All those who “poo poo” the issue are ignoring the evidence that the temptation to collect as much data as possible on individuals is irresistible to companies and government via the web (Amazon, Google, DoubleClick, etc), and in person (club cards, Fast Pass scanners on freeways to monitor traffic flow, DHS’s ” Automated Targeting System” tracking and scoring **all** travelers for security risks). These companies and governmental organizations hold on to their data as long as possible, so the privacy threat is enormous.

When RFIDs in consumer goods, credit cards, government issued IDs and others are added to the mix along with transaction based scanning, companies and government organizations obtain the ability to track individuals with increasingly precise resolution and invasion of their personal lives–where they go, what they do and buy and, to a large extent, even what they think based on their patterns and preferences. This is happing now and isn’t speculation, the only question is how much worse we are going to let it get.

Criticizing Schneier for showing the lack of security considerations in everyday products isn’t the way to work towards reducing the privacy threat that is in progress.

sceptic says:

Re: Re:

Some people commenting apparently missed the point of this article. The problem here is that Schneier is crying wolf about a product that has little practical danger to one’s privacy. That devalues any of their future arguments regarding security, since it establishes him and others like him as over-reacting critics with little concern for the actual dangers.
Obviously proliferation of numerous tracking (capable) devices is a concern that should be addressed, but pointing finger every which way won’t help it.

As far as slippery slope goes, at 1 mile of tracking distance you can start worrying. Also, you are forgetting about PRACTICALITY. Even with a 1 mile tracking radius, you will need several tracking stations to actually be able to calculate where the person is. And if someone has the time/money to do that, you can bet your hidden-nazi-gold that they will track you down even if there were no RFIDs to speak of.

whargoul says:

Re: (scarper)

…only points out that companies need to give due consideration to security issues…

Then he needs to define what “due consideration” is. “Due consideration” to one company may not be the same to another. If due consideration is defined, the required resources may be too great for smaller companies (such as mine with about 20 people) to compete with larger companies (Apple with 1000+ people).

Anonymous Coward says:

People who are concerned about being “tracked” should probably avoid purchasing devices that monitor their movement, regardless of any range requirements. They should also avoid cell phones or satellite radio. Encryption doesn’t change where the signal is being received.

Also, all aquatic mammals should be killed off, because you COULD stuff a nuke into a humpback whale and blow up the west coast.

Dennis Savage says:

“That devalues any of their future arguments regarding security, since it establishes him and others like him as over-reacting critics with little concern for the actual dangers.”

If you were a real sceptic (as opposed to someone who goes by that name but has his mind already made up) you might consider the implications of your statement.

Here, I’ll help:

This devalues any of your future arguments regarding security, since it establishes you and others like you [such a lovely, weasely turn of phrase!] as over-reacting critics with little concern for the actual dangers.

sceptic says:

Re: Dennis Savage

Hmmm, weaselly way of proving nothing.

Here, I’ll help you too, my generous friend:

You have “turned” the wording on me, yet you didn’t even try to back it up. I’ll chew this for you a little bit more. The metaphor of “crying wolf” has to do with people raising fears for no or very little reason and by the time a real danger comes, people are too tired of hearing it and ignore the finally true cry for wolf. In Nike case, it is most definitely crying wolf over a product that can hardly be practically or usefully used for spying on people.
A better approach instead would be starting with products/devices that are CERTAINLY a danger to privacy and bringing people’s awareness about technology so they could actually understand what the risks are instead of being scared of every toaster they buy from now on. RFIDs in your passport and credit cards are much more dangerous to your privacy than any Nike/Apple product. It quite easily allows institutional spying: any airport has numerous chances to scan for who is moving where and what cards they have with them. And that’s just one example.

One person that was worried about slippery slope should remember that it goes the other way. You can always start with technology that is OBVIOUSLY dangerous to your security/privacy and then expand from there until you arrive to products that are obviously not dangerous privacy.

Dear Dennis, I bet you thought that I am in favor of RFIDs and any other spy techniques, which is why you decided to pointlessly try to quote me against myself. Although I tried showing you what I think is a better approach in the battle to keep our privacy, you are free to misquote and misunderstand me as you wish. I still would like to see your point of view on the matter without lame trolling, that usually helps the debate better. Care to prove that you can do that?

scarper says:

“People who are concerned about being “tracked” should probably avoid purchasing devices that monitor their movement, regardless of any range requirements”

As RFID become cheaper it may become impossible for you to do that except for the very cheapest of items. That is why Schneier’s article is important.

“anyways its much cheaper to track you’re movements via cell phone if someone really wanted to.”

Indeed, it is and the police do do this. However, merchants currently can’t track you this way because they can’t associate your cell phone’s ID, which is transmitted every 30 seconds, with your identifying information. There are both privacy laws and technical limitations which make associating you with your cell phone less than idea. RFID chips, however, can be polled at any time and can be associated with you at time of transaction and RFID chips are not covered by the privacy laws that apply to telecommunications companies.

Although the privacy implications of the Nike+iPod may not set fire to the imaginations of some, they are an important lesson in how our privacy is rapidly eroding due to negligence and apathy. The “no big deal” attitude of the OP and many commenters provides a further example of indignant apathy that could lead to the eventual destruction of the idea of privacy as a right.

D says:

Re: Bluetooth

Then we should all be more concerned about being tracked through the bluetooth headsets that many use. These devices were around long before the Nike+iPod, and they are also not covered by privacy laws which apply to telecommunications companies. If Schneier were truly concerned, he would use the predominant technology as an example instead of a minor gadget with little market penetration.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...