Whose LUDs?

So the guys and I are standing in line at the Subway waiting for the tatooed slackers behind the counter to be done with the sandwich-making for the 3 people who have been in front of us for 15 minutes. The subject turns to the NSA in the news today. I fall back on a couple old saws.

Back in the Bubble days, we went through all this privacy crisis about cookies and who knew what about your websurfing habits. So since I was a sales guy I had to put the whole thing in terms of money and risk - things I figured my audience would understand. So I repeat them today, bottom line, the government doesn't want to invade your privacy half as much as you think they do, and you couldn't stop them if they did want to. The question lies primarily in understanding what your value is as a target of investigation.

So the cookies, credit cards and fear objection to shopping online went a little something like this (recall that this was when Orbitz was a startup). Your travel agent (that almost extinct creature) has all kinds of information about you. Multiple credit card numbers, what kind or rental car you like, what kind of food you like on the plane, what hotels you prefer, your home address and all that. If you're a business traveller, you'll spend thousands and thousands of dollars with this person that you will never see in your life. Now admit it, have you ever in life met your travel agent? So the question was, how much do you think companies pay to get information out of your travel agent? The answer is basically nothing. You volunteer up all that information for something called 'frequent flyer miles'. You (your company) basically has to spend about $20,000 for you to get something worth about $500. That's a real economy.

So my killer question was, how much do you think anybody is going to spend to find out information about you if you're just spending $300 a year online at Barnes & Noble? Very little.  You're not worth it. If anybody is going to cheat you out of your cretid card info, it's going to be that pissed off waiter getting paid minimum wage who watches you wolf down that gourmet meal at the restaurant when you under tip.

The other thing I pull out of my hat was my experience with Safeway. Now this was several years ago so I think I can break the silence. But basically they told us that all of that shopping cart data that was attached to your personal ID was collected, but it was too damned expensive to process. They had terabytes and terabytes of data but all the compute time it took to mine it for potential savings based upon the gathered information was so expensive in terms of expertise that it wasn't worth it to try and process it. They told us to shutup about it because they wanted their competitors to believe that they actually were doing it so that the competitors would buy the same huge Sun servers and Oracle software that didn't work for them. They just sat on top of the data and squirreled it away in hopes that someday data mining techniques and supercomputing would get cheap enough to do it.  Safeway basically should have done what Walmart did, just forget marketbasket analysis and customer profiling and deal with basic supply and demand for the purposes of smarter pricing. Profiling is a much more difficult problem.

It might surprise you to know that there about an average of 16 thousand murders every year in the US. And I think it's reasonable to believe that NYC's clearance rate of about 2/3rds is probably typical. Considering the massive amount of resources America's largest city has to offer it is probably parallel to the federal effort at anti-terrorism. So here is another factor to deal with. If there are about 5000 unsolved murders in the US every year what can be predicted about the amount of terrorism we might foil, and given that we don't pre-empt them, how many terrorists will get away with murder? For the sake of argument, imagine that the Department of Homeland Security is twice as good at their job as the NYPD. That means we could expect that 17% of all terrorists will escape.

Anybody who watches Law & Order knows about LUDs. Anytime somebody is murdered, the first thing the detectives do is go to the phone company and get the records of who the last person was that the deceased talked to. They don't have the content of those conversations, just what number, who that person is who owns the number (but not any proof that the owner was the one talking) and how long the call was. According to what I've seen, a warrant isn't required in real life. And yet even with this tool, a maximum of about 70% of murder investigations are solved.

I would add one more talking point to this discussion which is obvious. The telephone companies already have this information. What rights do they have to it? What contract might have been breached in selling or giving away that information about your phone calls? What is the dollar value of that transfer of information and how much is it worth it to mine data about you?

Long ago when online banking first came to us, I envisioned a new kind of entity. I assumed that people would trust banks to be trustees for their digital deposits. I thought there might be a such thing as a digital safe deposit box in which you might secure your bits. It hasn't happened. The technology appropriate for that has been decentralized and you can do it yourself. However there isn't much protection easily applicable to your phone and other communications. What I think is needed is some kind of attorney-client privilege shield, the kind that hasn't been broken often, for such matters. One presumes that Google might have done well by the expectation of privacy geeks online, that may or may not be. But what is clear is that people have not been willing to pay for security in a way that might sustain such a bank as I envisioned, and it is unlikely to become a recognizeable business any time soon. It will just be something that geeks know for the benefit of geeks but won't be successfully commercialized. At some point it could be, but how much would you pay?

To be snarky about it, I should ask what protections those people whining most loudly about their privacy concerns have taken to safeguard themselves. I ask those who bleat in fear of global warming why they haven't moved north to Canada. In the end, despite their complaints, they realize it's just not warm enough yet, besides moving would be too expensive. I say likewise the NSA isn't invasive enough and there's no money in it.