It’s not all about "identity theft"

handshake.jpgThere’s a fascinating conversation going on between Chris and Andy Steingruebl in the comments to Data on Data Breaches. In it, Chris writes:

If what we care about is reducing ID theft, then maybe all this effort about analyzing breach reports is a sideshow, since for all we know 80% of the revealed PII never gets detected as having been revealed.

Data breaches are not meaningful because of identity theft.

They are about honesty about a commitment that an organization has made while collecting data, and a failure to meet that commitment. They’re about people’s privacy, as the Astroglide and Victoria’s Secret cases make clear.

We shouldn’t allow the discussion to center on ID theft. It should center around the meeting of the minds, and the exchange of value.

That was my point of my privacy enhancing technologies talk: that we’ve got to look at these things as privacy issues, not just security issues.

Photo: “Handshake through TFT screen,” by Henkster on

Data on Data Breaches

At the FIRST conference in Seville, Spain, I delivered a presentation about “Data on Data Breaches” that Adam and I put together. The slides, with the notes I made to act as “cue cards” for me, are available as a large PDF file on a slow web server.
The main points I tried to make are:
That with the availability of breach reports direct from states with central reporting, such as New York, it is possible to measure part of our ignorance when we rely solely on published breach reports — even the best available sources (such as Attrition’s DLDOS) undercount breaches dramatically, and are biased toward larger incidents.
That we are still at the leading edge of an explosion of information, and that we should not draw hasty conclusions until more facts are in.
That, as Emil Faber might put it, “Knowledge is Good” and is not that painful to provide.
And finally, primary materials such as breach reports are useful artifacts not only because they tell us dry facts in a standardized format (but that IS nice), but also because the notices themselves are interesting evidence of how firms talk to their customers about a difficult topic.
I’ll be writing more on this subject now that I have received the fourth batch of breach reports from my pals in New York, and my other pals in New Hampshire have made such materials available on-line.

Doctors want more study on overuse of books

(Adds psychiatrist interview, industry comment, paragraphs 4, 7-17)

CHICAGO, June 27 (EmergentChaos)- The American Medical Association called for more research into the public health risks of books and reading on Wednesday but stopped short of declaring them addictive.

The AMA, which recommended a review of the current publishing system, also said it would leave it up to the American Psychiatric Association and other experts to decide whether reading addiction should be designated a mental illness.

“While more study is needed on the addictive potential of books, the AMA remains concerned about the behavioral, health and societal effects of book and library overuse,” said AMA president Dr. Ronald Davis. Davis said research has linked exposure to media violence with increased aggressive behavior.

The AMA’s debate over reading addiction at the group’s annual meeting touched a nerve among doctors, who are not sure what to tell patients and worried parents.

“To the extent that a book is controlling someone’s behaviors and taking over their daily life, then you are talking about a compulsive use, whether you categorize it in a psychiatric manual or not,” Davis told reporters at a news briefing.

Dr. Timothy Fong, a psychiatrist at the University of California at Los Angeles who specializes in addiction, said books could be a problem for some.

“Anything in the world can be addictive if you have that biological vulnerability to develop an addiction,” he said in a telephone interview.

“This is a brain disease for a very small percentage of kids, but not all kids can become addicted to books.”

Fong said there needs to be more empirical research into the effects of books, especially on children.

“Otherwise, we are just spouting out myths and stereotypes,” he said.


Addiction experts strongly opposed a push earlier this week at the AMA’s annual meeting to declare video game addiction a mental illness and recommend its inclusion in the American Psychiatric Association’s Diagnostic and Statistical Manual of Mental Disorders.

Fong said parents should be involved in what their children are playing, because different children experience games differently.

He compared two adolescents he recently saw, one with a games problem. “His grades are suffering. He is trying to hide his game play from his parents,” Fong said.

The other boy plays sports as well as reads and has “a wonderful home life.” “He has other interests,” Fong said. “That is someone who does not have an addiction.”

Ray Bradbury, president of the National Publishers Forum, which represents the $30 billion global publishing industry, said the group understands parents’ concerns.

“Our industry encourages consumers to enjoy books just as they do any other leisure activity: responsibly and in moderation as part of a well-rounded, well-adjusted lifestyle,” he said. “As a science fiction author, I predicted medicalizing childish behaviors decades ago, so it’s not like this is surprise to us.”

Update (27 June): During the transcription of this article, a number of errors were inadvertently introduced. Among them, the words “video game” was accidentally rendered as “book.” Also, the second part of Mr. Bradbury’s quote does not appear in the original article, nor was it Mr. Bradbury who made the comment. Emergent Chaos regrets the error.

My Privacy Enhancing Technologies talk

At the Privacy Enhancing Technologies workshop, there is a ‘rump’ session, designed for work that’s not of sufficient quality to make it into the workshop. (And given that the workshop now has a 20% acceptance rate, there’s some pretty interesting stuff that doesn’t make it in.)

I didn’t use it for that, I used it to share an idea with the attendees. And that is that the loss of control of personal information are being reported on not as privacy stories, but as security stories. I’m hoping that we’ll see more on privacy in these stories, and exhorted people to pay attention to that aspect in “Privacy Enhancing Technologies and Breach Disclosures.”

Maybe things are different (maybe they're the same)

The article to which Adam linked in his post about Dark Side of the Moon mentioned derivative versions of the album as performed by other artists. That got me thinking of memorable covers, such as Senor Coconut’s classic renditions of Kraftwerk tunes (like The Robots and Autobahn).
Ultimately, I just gotta throw in a quick mention of an awesome remake of Brian Eno’s Taking Tiger Mountain by Strategy.
If you like Eno’s album, you’ll like the CD by Doug Hilsinger with Caroleen Beatty.
(Picture via

All That You Buy, Beg, Borrow or Steal

dark-side.jpgLet’s face it. There hasn’t been a better pressing of Dark Side (with the possible exception of the original vinyl, which I haven’t heard) than the Mobile Fidelity gold disk. Which doesn’t prevent EMI from releasing it over and over again. That makes perfect sense, it keeps selling like mad. As bbum points out in “Dark Side of the Moon: The Porn of Audio Media:”

Back when CDs were launched in the early ’80s, Dark Side of the Moon dominated the CD sales charts for years and years. Similarly, it had been one of the hottest selling LPs back in the days when vinyl was king. As of today (6/07), the album has been in the top 100 — typically in the top 5 — for 1,558 weeks. Almost 30 years!!

So, I watched with quite a bit of amusement to see Dark Side of the Moon quickly take and hold the #1 (now #2) position in iTunes Plus. A 350% increase in sales was reached in the week after the launch of iTunes Plus. Thus, iTunes is following the same pattern as other audio oriented media; DSotM dominates sales as soon as a high quality recording is available in that format.

I wonder if DSotM on itunes plus will create or destroy physical media sales?

(Via Josh Gruber’s link blog.)