A-Rod had a privacy contract, and so did you

urine sample.jpg

In 2003 the deal was simple: The players would submit to anonymous steroid testing, and if more than 5 percent tested positive, real testing with real penalties would begin in 2004.

But in 2003, the tests were going to be (A) anonymous and then (B) destroyed. Those were the rules of engagement, and in any civilized contest, the rules of engagement are critical. Everything has rules of engagement, even something as life-or-death as war. Ever heard of the Geneva Convention? Those are rules of engagement, and it’s something we are expected to follow — even against a war-time enemy we literally want to kill.

Somebody broke the rules of engagement with A-Rod. Baseball and the union were supposed to destroy the tests in 2003. If there was a master list linking each test to a specific player, that list was supposed to be destroyed, too. This was serious stuff, this confidentiality, and only because it was so serious did players like Alex Rodriguez submit to it. (“A-Rod should sue sinister system that snagged him,” CBS Sports)

So there’s an obvious violation of the contract, which may or may not have specified damages. Are there other torts here?

It seems that given the nature of the literally irreparable harms to reputation that privacy invasions can entail, the law may or may not have reasonable remedies here. (Note that I said irreparable, not un-compensatable or even of great magnitude. Even if it turns out that the tests were flawed, A-Rod’s reputation will be permanently sullied by those who remember the initial burst of news.)

There’s also a tie to Facebook’s latest changing and re-changing of their privacy rules.

The idea that your privacy contract is fungible and flexible inhibits the creation of a real market differentiation around privacy. If a company can change the rules at any time, why bother reading what they say today?

What should the law say about this?

Image: StockXpert.

[Update: Dan Solove has very interesting follow-on analysis in " A-Rod, Rihanna, and Confidentiality."]

Three on the Value of Privacy

First, the Economist, “Everybody Does It:”

WHY is a beer better than a woman? Because a beer won’t complain if you buy a second beer. Oops. There go your correspondent’s chances of working for Barack Obama, America’s president-elect.

(Ironically, the Economist’s articles are all anonymous.)

Second, Fraser Speirs, “On the Flickr support in iPhoto ‘09:”

As you may guess, I was a little perturbed at this since I pay my mortgage by selling, er, a Flickr upload plugin for iPhoto.

Fraser looks at his (excellent) product, FlickrExport, and finds that the value is now in privacy and control of what leaves your computer and how.

And finally, a follow-on to an aside in ‘Lessons for security from “Social Networks’,:”

In recent months, American Express has gone far beyond simply checking your credit score and making sure you pay on time. The company has been looking at home prices in your area, the type of mortgage lender you’re using and whether small-business card customers work in an industry under siege. It has also been looking at how you spend your money, searching for patterns or similarities to other customers who have trouble paying their bills.

In some instances, if it didn’t like what it was seeing, the company has cut customer credit lines. It laid out this logic in letters that infuriated many of the cardholders who received them. “Other customers who have used their card at establishments where you recently shopped,” one of those letters said, “have a poor repayment history with American Express.”

It sure sounded as if American Express had developed a blacklist of merchants patronized by troubled cardholders. But late this week, American Express told me that wasn’t the case. The company said it had also decided to stop using what it has called “spending patterns” as a criteria in its credit line reductions. (“A (Very) Watchful Eye on Credit Card Spending,” The New York Times.

Apparently, that was just too creepy, even for American Express, who I’ve commented on in “American Express and Privacy.”

MI5 Head Critiques Government on Liberties

The BBC reports:

A former head of MI5 has accused the government of exploiting the fear of terrorism to restrict civil liberties. Dame Stella Rimington, 73, stood down as the director general of the security service in 1996…”Furthermore it has achieved the opposite effect – there are more and more suicide terrorists finding a greater justification.”

What’s new? It’s gone far enough that even former spy chiefs are speaking out.

Let’s stop the madness, and embrace liberty and the risk that the chaos won’t be all for the good.

Thanks to Nicko for the pointer.

Javelin ID theft survey

Salon reports “Identity theft up, but costs fall sharply:”

In 2008, the number of identity theft cases jumped 22 percent to 9.9 million, according to a study released Monday by Javelin Strategy & Research. The good news is that the cost per incident — including unrecovered losses and legal fees — fell 31 percent to $496.

Javelin, unfortunately, does work with confidential numbers, so we can’t reproduce or analyze their results.

So we can’t tell if this undercuts the idea that breach disclosure laws don’t work. We can tell that the common reporting is wrong, as Kevin Poulsen demonstrates in “Stolen Wallets, Not Hacks, Cause the Most ID Theft? Debunked.”

Via Concurring Opinions
[Update: fixed image url.]

Closing the Collapse Gap

There’s a very interesting annotated presentation at “Closing the ‘Collapse Gap’: the USSR was better prepared for collapse than the US.” In it, Dmitry Orlov lays out his comparison between the USSR and the USA of 2006. Posting this now because a talk he gave at Long Now is getting lots of attention.

In closely related news, Maurizio d’Orlando lays out that U.S. debt approaches insolvency:

In 2007, public debt in the United States was 10.6 trillion dollars, compared to a GDP (gross domestic product) of 13.811 trillion dollars. Public debt in 2007 was therefore 76.75% of GDP. In just one year, direct and indirect public debt have grown to more than 100% of GDP, reaching 176.9% to 184.2%. These percentages exclude the debt guaranteed by policies underwritten by AIG, also nationalized, and liabilities for health spending (Medicaid and Medicare) and pensions (Social Security)[2]. By way of comparison, the Maastricht accords require member states of the European Union (EU) to reduce their public debt to no more than 60% of GDP. Again by way of comparison, in one of the EU countries with the largest public debt, Italy, public debt in 2007 was equal to 104% of GDP.

[Update: I'd meant to include both Bruce Sterling, "2009 Will Be a Year of Panic" and Rob Sama, "
The Federal Government Has Jumped The Shark

AOL Search Documentary

Lernert Engelberts and Sander Plug have taken the AOL search data which AOL released “anonymously,” and made a movie with the searchs of user #711391.

i love alaska.jpg

I Love Alaska, via Guerrilla Innovation.

Worth checking out, but be warned, it’s a little on the languid side, using pacing and the voice to build the story.

Also, note that the movie says the release was accidental. Engleberts and Plug regret the error.

Previously: “AOL search records ‘research’,” “AOL data release fallout,” “Researchers Two-Faced over Facebook Data Release,” and “Wendy Richmond’s Surreptitious Cellphone

Let’s Fix Paste!


Okay, this is a rant.

Cut and paste is broken in most apps today. More specifically, it is paste that is broken. There are two choices in just about every application: “Paste” and “Paste correctly.” Sometimes the latter one is labeled “Paste and Match Style” (Apple) and sometimes “Paste Special” (Microsoft).

However, they have it backwards. Usually, what you want to do is the latter one, which is why I called it “paste correctly.” It is the exception that you want to preserve the fonts, formatting etc. Usually, you want to just paste the damned text in.

I mean, Jesus Hussein Christ, how hard is it to understand that when I go to a web page and copy something and then paste it into my document that I want to use MY fonts, formatting, color, and so on? Even if I do want to preserve those, I ESPECIALLY do not want you to leave my cursor sitting at the end of the paste switched out of whatever my setting I’m using. In the rare occasion that I want paste as it is done today, the keys I type are:

modifier-V              ! Paste (modifier is either (ironically) command or control)
start typing            ! Continue on my merry way
modifier-Z              ! Oh, crap, I'm no longer in my font,
modifier-Z              ! I'm in Web2.0Nerd Grotesque 10 light-grey
! undo the typing and the paste
space, back-arrow       ! Get some room
modifier-V              ! Paste
forward-arrow           ! Get back to my formatting
(delete)                ! Optionally delete the space
start typing again      ! Now where was I? Oh, yeah....

Note the extra flourish at the end because pasting is so helpful.

The usual sequence I type is:

modifier-V              ! Paste
modifier-Z              ! %$#@*!
search Edit menu        ! Gawd, where is it, what do they call it?
select Paste Correctly  ! Oh, there
start typing again      ! Now where was I? Oh, yeah....

This is much simpler, but has its own headaches. First of all, Microsoft binds their “Paste Special” to control-alt-V and brings up a modal dialog because there are lots of options you could conceivably want, and just wanting to paste the %$#@&* text is so, so special. Apple (whose devos must long for the Knight keyboard) binds it to command-option-shift-V, but at least doesn’t make me deal with Clippy’s dumber cousin. They put “Paste Style” on command-option-V, which pastes into place only the formatting. Oh, yeah, like I do that so often I need a keyboard shortcut.

The upshot is that the user experience here is so bad that the stupid blog editor I’m using here that actually makes me type in my own <p> tags is a more predictable editing experience. I can actually achieve flow while I’m writing.

Most tellingly, the most even, consistent, out-of-my way editing experience is getting to be LaTeX! Yeah, I have to type accents by hand, but at least I don’t lose my train of thought every time I paste.

The solution is simple. Make modifier-V be paste. Just plain old paste. Put paste-with-frosting on control-meta-cokebottle-V and give it a helpful dialog box. Please?

Photo by adam.coulombe.

Daily Show on Privacy

(h/t to Concurring Opinions)

Why Didn’t SOX Catch The Bank Failures?

Iang recently indicted the entire audit industry with “Two Scary Words: Sarbanes-Oxley”. I’ve excerpted several chunks below:

Let’s check the record: did any audit since Sarbanes-Oxley pick up any of the problems seen in the last 18 months to do with the financial crisis?
No. Not one, not even a single one!
Yet, the basic failures in the financial crisis are so blatant that surely, even by accident at least one audit should have picked up at least one pending failure, and fixed it? No, not one, known to date. At least, as far as I know, and we should probably wait a few years before writing the final judgment.


Can we pronounce the financial audit as bankrupt by its own measures? In theory, the audit should have picked up these failures, all of them. Consider this case-in-point, to prove that the theory works: the enhanced audit required on public listing did in fact pick up the Refco fraud that led quickly to its failure, and the near-failure of Bawag, a big bank in Austria that participated in the fraud. (The sorry fool who found the fraud was fired for his troubles, and only later did his reports filter out and cause questions that ultimately forced the fatal result.)
The audit theory works, then, in some sense or other. Manifestly, audits didn’t work for the financial crisis. And, they so didn’t work after that so-huge rewrite called Sarbanes-Oxley, that we can conclude that mere improvement is completely off the agenda

The thing about SOX is that while it is hugely in-depth as audit requirements go, it is also incredibly narrow in it’s breath in terms of how it is implemented by companies and how it is audited. Auditors are so busy ensuring that someone isn’t cooking the books that they don’t look for people deluding themselves or who don’t understand their own inputs or whether or not the source data for the models was reasonable. This is why Refco was identified and the bank failures were not. And if there this is an actual failure of SOX this is it. Not that it didn’t catch the bank failures but that it was never designed to do so in the first place. If all you are worried about is nails, all you look for is hammers.