alt Hacker NewsMy "importance of privacy" story:
I get my gas and electricity from Scottish Power. Recently a rival company, Ovo Energy made a clerical error and sent me a bill, leading to a dispute. The front line of defence against this kind of dispute is that the bills give the serial numbers of the meters. The bill from Scottish Power gives the same meter serial numbers that are embossed on the front of my meters, and is therefore valid. The bill from Ovo Energy gives different serial numbers and is therefore in error.
Picture though the internal processes in Ovo Energy. A second clerk is tasked with attending to the problem. He has a choice. He can change the address to agree with the meter serial numbers, correcting the error. Or he can change the meter serial numbers to those for my address, compounding the error.
Since the meter serial numbers are confidential, to me and Scottish Power, Ovo Energy does not have the second option; they do not know the serial numbers (which are long, like a credit card number, not just 1,2,3,...). Thus the clerical error gets corrected, or just left, but not compounded.
My guess is that confidential information, (such as meter serial numbers, credit card numbers, and account numbers), are the front like of defence against both clerical error and fraud based on impersonation. It is a rather weak defence, but it is light weight, and seems to how much of billing and billing disputes work.
We all have lots to hide: the confidential information that the system needs us to keep confidential to stop clerical errors from compounding.
Replies
Where is your contract with Ovo Energy? Companies cannot just go charge random people willy-nilly like that.
telco guy comes in at point x in past, takes a pic of your meters while you don't attend. privacy fucked. but obscuring stuff like that behind temper proof (mwemphasis on proof) the glitter?
This is a valid story and I’m sorry to hear that you went through this. However, it’s a strawman for the current argument from the blog post, which is that living life in the open and acting normal is setting things up for failure, and I don’t believe that it is.
Having nothing to hide is fine. Nothing to hide and doing nothing wrong is least likely to cause trouble.
The blog post’s argument that someone would be more likely to get watched if they start hiding after not hiding is not valid. ALL encrypted and unencrypted communication is a valid target for analysis, but ANY encrypted traffic is obviously more of a concern, just like one person walking into a store brandishing a gun is as alarming as 5 brandishing guns, and it doesn’t matter whether they used to not carry guns into the store.