Posts Tagged ‘Privacy’

« Older Entries

Scary pizza

Tuesday, June 17th, 2008

My friend sent this to me recently. Created by the ACLU for its campaign against the National ID program, it’s a mash-up of all our worst surveillance fears. It starts with a guy calling his local pizzeria for a couple of double meat pizzas, while you see the computer screen the girl at the pizza place is looking at as she rings up his order. She surprises him first by knowing his name, his home address, and his place of work from the moment his call comes in, but it gets rapidly worse, from a $20 health surcharge for meat pizza because of his high cholesterol and blood pressure to her snide comments about his waist size and his ability to pay for the pizzas, based on what she knows of his purchase history, including airplane tickets to Hawaii.

It’s entertaining, but also frustrating for a couple of reasons. First, there are very good reasons for me to be concerned about private companies’ data collection and their potential for collusion in U.S. government surveillance, but this video doesn’t explain how the National ID program would lead to the pizzeria having my health records. By focusing only on the sensational horror of the pizza girl knowing the customer bought a bunch of condoms, it forgets to tell us the pizzeria might literally be giving their customers’ names, phone numbers, and addresses to government officials. (The ACLU does have this report providing a more detailed argument about the dangers of private-public surveillance, but there was no direct link to it from the pizza video.)

Second, in terms of data collection and its dangers in general, the video ends up feeling sort of hysterical. It obscures, rather than clarifies, what’s really at stake.

We do live in a world where data collection is happening on an unprecedented level. But for me, what’s scary is not the mere possibility that all this data could get linked together. It’s about control. Do I get to decide who has my information? Do I get to control how it’s disseminated and analyzed?

Right now, we definitely don’t and that’s a problem. But the solution may not be to stop data collection altogether and segregate all the information out there so no linkage can happen ever.

I might not want the pizza girl at my local pizzeria to know about my health problems, but I might not mind if, as I ordered food online, the program allowed me to review my choices and build a more a nutritious meal specific to my needs, without disclosing my specific preferences to each restaurant. I might not want the government to be able to access my purchase history, but I might want to be able to securely track and access my purchases and my financial accounts at the same time so I can better determine how well I’m meeting my budget. I might even want to share certain information, securely and anonymously, if I thought it would lead to beneficial research by scientists, economists, and policymakers.

Of course, I wouldn’t sign up for anything if I thought my personal information could get leaked to the government or anyone else without my consent. It would make for a somewhat less dramatic video, but this is what the Common Datatrust Foundation is interested in addressing—how can we turn our capacity for data collection and sharing into something that is a public good, rather than a scary fear?

Tags: , , ,
Posted in Protecting Privacy in Meaningful Ways, Public Policy | No Comments »

Microsoft’s acquisition of Credentica–will it make my sister care about privacy?

Friday, June 6th, 2008

It’s somewhat old news, but still interesting: Microsoft’s acquisition a few months ago of Credentica, a start-up with an encryption-and-authentication system that “allows users to disclose the absolute minimum to complete digital transactions — and to do so in a way that ensures the information they need to reveal has no shelf life whatsoever.”

One of the most interesting issues in privacy to me is the gap between those who live and breathe privacy and security day to day and those who don’t. Having gone from the latter group to the former only recently, I know how wide that gap is. Those who care about privacy discuss and analyze various solutions with passion and intensity, while people like my sister dispose of broken laptops by placing them in NYC trashcans. (True story—the laptop was mine, and she was sincerely puzzled when I threw a fit.) All the news coverage of data leaks has led many people to have a vague sense of dread about their privacy rights, but understand nothing more. So even if interesting solutions are proposed for protecting personal information, the question of who will care enough to adopt them is as important as whether the proposals actually work.

It seems this issue played out in the development of the U Prove technology, which had been proposed before. It just wasn’t very marketable when it was pitched to individual consumers. One thing Stefan Brands and Credentica did differently was marketing it to software developers. That strategy seems to have proven successful, given that Microsoft has now bought the company.

But will Microsoft’s investment in Credentica pay off with users who have only vague concerns about their privacy? (I love the way the Wired article says, “Brands and Thompson tend to refer to the math behind U-Prove as ‘magic’ rather than going too deep into the details.”) Will Microsoft be able to overcome its image as a big bad company and persuade consumers they are really invested in protecting privacy? It’s a difficult problem. Privacy concerns need to be addressed now, before the public cares enough to demand it, but solutions proposed by major companies may not satisfy uneasy consumers.

I’m biased, of course, because we at the Common Datatrust Foundation are working on a different model, that privacy and security should be entrusted to a trusted third-party that would administer and monitor exchanges of information between individuals, institutions, agencies, and businesses. But I’d be happy to see progress by Microsoft or any other company or organization in proposing privacy and security systems that truly returns control over personal information back to individuals without requiring everyone to understand all this privacy stuff.

I’m curious to know what others think. If we believe the privacy of even those who don’t care should be protected, where should the push for change come from?

Tags: , ,
Posted in Protecting Privacy in Meaningful Ways | No Comments »

Frequently Asked Question #1: Why is Google offering Google Health?

Wednesday, May 21st, 2008

Everyone must be wondering the same thing I am, as the number one question on the FAQ’s about Google Health is: “Why is Google offering this product?” Related, of course, is Question #6: “If it’s free, how does Google make money off Google Health?”

Unfortunately, the answers aren’t very satisfying.

“It’s what we do. Our corporate mission is to organize the world’s information and make it universally accessible and useful. Health information is very fragmented today, and we think we can help. Google believes the Internet can help users get access to their health information and help people make more empowered and informed health decisions. People already come to Google to search for health information, so we are a natural starting point. In addition, we have a lot of experience storing and managing large amounts of data and developing consumer products that offer a positive and simple user experience.”

I thought their mission, as a corporation, was to maximize profits for their shareholders.

The answer to Question #6 is even worse:

“Much like other Google products we offer, Google Health is free to anyone who uses it. There are no ads in Google Health. Our primary focus is providing a good user experience and meeting our users’ needs.”

But we all know that “other Google products” that are free make money through advertising. And there are “no ads in Google Health”?

In launching Google Health, Google has clearly acknowledged that health information is even more sensitive than the personal information the company has been assiduously collecting up to this point. Although it glosses over the differences between its other applications and Google Health, promising to “conduct our health service with the same privacy, security, and integrity users have come to expect in all our services,” the mere fact that it doesn’t have advertising trumpets that Google is trying to differentiate Google Health from something like Gmail.

But the harder Google tries to assure me that there is no advertising and that the service is free, the harder it is for me to believe there are truly no costs to me. Clearly, there is a real value to providing secure online access to personal health records. Medical records, for the appropriate people, should be accessible, transferable, and plain legible, as anyone who has tried to read a doctor’s handwriting can attest. So why would someone give me something for nothing?

According to the Wall Street Journal, Google is not ruling out advertising in the future, and in the meantime, it hopes Google Health will simply drive more users to Google in general. Perhaps Google itself doesn’t quite know where Google Health will go. But given how easy it is to imagine nightmare scenarios of what can happen with this kind of information, I want the company who’s collecting it and storing it to have a better story about why it’s doing this.

Tags: , , ,
Posted in Interesting Uses of Data, Protecting Privacy in Meaningful Ways | 2 Comments »

Proposed legislation that gives people access to their own data

Tuesday, March 25th, 2008

I totally missed this.

Even thought I thought this New York Times article on data collection wasn’t very informative, a New York legislator was sufficiently moved to propose this legislation.

Michael Zimmer has some interesting comments about the proposed bill and some of its weaknesses, as well as a strength:

“The bill is strongest, however, in relation to a demand I have long made on Web search providers: let me see the data you have collected about my actions. The bill states:

17. Business entities shall provide consumers with reasonable access to personally identifiable information and other information that is associated with personally identifiable information retained by the third party entity for online preference marketing uses.

The press seems to have missed the importance of this section. If passed, the law would require Google, Facebook, DoubleClick, etc to provide me access to the personally identifiable information ‘and other information that is associated’ with my user account stored in their databases.

This is a vital right for consumers to be able to protect their data privacy: having access to view your data is the first step towards regaining some control over the collection of the data in the first place.”

The challenge–and it’s a worthy one–is how could this information be provided to us in a way that makes it useful and relevant? I’d like to see a law providing access to my own data that is more meaningful to me than HIPAA feels when I’m faced with a sheaf of waivers to sign at my doctor’s office.

Tags: , ,
Posted in Protecting Privacy in Meaningful Ways, Public Policy | No Comments »

Yet another data breach

Thursday, March 20th, 2008

A major grocery chain, Hannaford, recently announced that due to a security breach, up to four million credit cards may be vulnerable to access by criminals. So add another to the list of 2008 security breaches, and it’s only March.

As Flowing Data points out, when you look at a timeline of big data breaches from Attrition.org, data breaches have occurred with more frequency, not less, the closer we get to the present. Yet data breaches seem to be getting less coverage than they used to. When I looked at the full list of breaches catalogued by Attrition.org, I saw some that I’d heard of and many I hadn’t. And with this recent breach, I haven’t seen as much coverage as I would have expected. Plenty of specialized blog reactions and local news coverage, but not much national attention. Are people just getting used to this? Or is it that they think they have no alternatives?

Tags: ,
Posted in Protecting Privacy in Meaningful Ways | No Comments »

A nonprofit wants to share its mailing list with some economists–would that bother you?

Thursday, March 13th, 2008

There’s a fascinating article in the New York Times Sunday Magazine on an economists’ study of what makes people donate by an interesting liberal-conservative pair, Dean Karlan and John List. They wanted to do an empirical study of fundraising strategies, to find out what kind of solicitations are the most successful. As the article points out, lab experiments of economic choices aren’t particularly realistic: “If you put a college sophomore in a room, gave her $20 to spend and presented her with a series of pitches from hypothetical charities, she might behave very differently than when sitting on her sofa sorting through letters from actual organizations.”

So Karlan and List found an opportunity for a field experiment, a partnership with an actual, unnamed nonprofit that allowed them to try different solicitation strategies and map the outcomes. They wrote solicitation letters that were similar, except some didn’t mention a matching gift, some mentioned a 1-to-1 match, some a 2-to-1, and some a 3-to-1. In the end, if a matching gift was mentioned, it increased the likelihood of a donation, but the size of the matching gift did not. As the author, David Leonhardt, notes, their findings and the findings of other economists in this area are significant to many people, from the nonprofits trying to be better fundraisers to economists studying human behavior, even to those who want to make tax policy more effective and efficient.

The article, however, didn’t mention whether the donors to the nonprofit had consented to their responses being shared with anyone other than the nonprofit. I’m not that concerned about whether donors’ privacy may have been egregiously violated. (I’m also not sure what’s required of nonprofits in this area.) I’m just curious to know, if they had been given the choice, would they have agreed to their information being shared with the economists? Obviously, the study wouldn’t have worked if potential donors had been told they would be sent different solicitation letters to measure their responses, but I think if most people on a nonprofit’s mailing list were asked if they would explicitly allow their information to be used in academic studies, they would consent. They might want assurances that their individual identities would be protected—that no one would know Mr. So-And-So had given zero dollars to a cause he publicly champions. But they might very well be willing to help the nonprofit figure out how to be more effective and be a part of an academic study that could shape public policy. They might even be curious to know how their giving measures compares to other donors in their income brackets or geographic areas.

Most people, myself included, have a knee-jerk antipathy to having their personal information shared with anybody other than the organization or company they give it to. But maybe we would feel differently if we were actually given some choices, if our personal identities could be protected, if sharing information could lead to more than just targeted advertising or more junk mail.

Tags: , , , , ,
Posted in Interesting Uses of Data | No Comments »

Ohmigod, companies are tracking what we look at online!

Monday, March 10th, 2008

Breaking news from the New York Times.

What’s truly interesting about this article, though, isn’t that the New York Times is announcing as “news” something that’s been going on for a very long time. Rather, the New York Times, even while devoting space on its front page, doesn’t really seem to have a point.

The article tries to distinguish itself from vague alarms raised by privacy advocates with data, the results of a study done with comCast measuring “data collection events,” each time “consumer data was zapped back to the Web companies’ servers.” (Even though the New York Times has produced some of the prettiest data graphics in recent memory, this one looks like something created on Excel and conveys little more than a flurry of numbers.) But the overwhelming impression left by the article is that companies are trying to target advertising, and some might do it better than others, rather than that extensive personal information is being collected. So then it isn’t surprising that several of the comments in response to the Bits blog post are about how they never click on ads, or how stupid these companies are in sending them ads for things they’re not interested in, or how they’ve blocked pop-up ads on their browser.

After all, the article mentions only briefly what kind of information is being collected: “the person’s zip code, a search for anything from vacation information, or a purchase of prescription drugs or other intimate items.” The article cites Jules Polonetsky, chief privacy officer for AOL, “[who] cautions that not all the data at every company is used together. Much of it is stored separate,” yet the author doesn’t explain the significance of that statement. The article doesn’t mention that even if consumer data is stripped of “identifiers” like a user name, individual identification could happen easily through the combination of datasets.

I would love to see an article by a mainstream publication that addresses this issue in a truly comprehensive and thoughtful way. What’s missing in the conversation started by this article is not only a fuller analysis of how personal information is being collected and what dangers there are for individual privacy, but also a nuanced discussion of that information’s value and what it means for “a handful of big players” to hold most of it. The article ends citing a study of California adults, 85% of whom thought sites should not be allowed to track their behavior around the Web to show them ads. But does that statistic really capture what’s at stake?

P.S. Is AOL’s innocent penguin happy or merely surprised that anchovy ads are being sent to him?

Tags: , ,
Posted in Protecting Privacy in Meaningful Ways | 2 Comments »

Property Shark and “Contextual Integrity”: Where real estate obsession and privacy academia intersect

Tuesday, March 4th, 2008

Recently, I was having dinner with some friends when the topic of Property Shark came up. My friends, being homeowners, were disturbed that someone could simply go online, type in their address, and find out who the owners were and precisely what they had paid for it. One friend exclaimed, “I don’t want people to know how much money I have!” When I pointed out that the information was public record, and that before Property Shark, anyone could have gone down to City Hall and found the same information, he didn’t care. It still bothered him.

For all our talk of “privacy,” of how it’s being violated all over the place, of how it’s already lost, it’s not even clear what we mean when we say “privacy.” We, as a society, might have agreed that it is good public policy for real estate records to be public so that potential buyers can make sure sellers actually own the property they’re selling. Capitalism can’t thrive if you can’t be sure you own what you own. But when we theoretically made this agreement, we certainly didn’t imagine a world where “public” means available to anyone, anywhere, at any time. Professor Helen Nissenbaum, who recently presented at the DIMACS Data Privacy Workshop, has proposed that we think about “contextual integrity” rather than “privacy.” She argues that it’s more useful to consider what’s appropriate in each context rather than assuming there is a blanket “privacy” standard applicable to all situations.

That makes sense to me. My friend wasn’t arguing that the information shouldn’t be public record. Rather, he wasn’t comfortable with that information being accessed so easily online.

Personally, in the universe of privacy breaches, Property Shark doesn’t seem so problematic, but it’s certainly helpful as the Common Datatrust Foundation works on privacy problems to remember that “privacy” doesn’t have a singular meaning. One of CDTF’s goals for this year is to create some privacy standards for companies and other data collectors that acknowledge that information flow can’t just have a on/off, public/private spigot. It’s obvious that our world and our needs are more complex than that. After all, sometimes it’s hard to know even what we want when we clamor for more privacy. Even my friend, when pressed, admitted that the next time he was looking to buy a house, the first thing he would do is go to Property Shark.

Tags: , , , ,
Posted in Interesting Uses of Data, Protecting Privacy in Meaningful Ways, Public Policy | 2 Comments »

Yahoo! Private Domain Debacle Part II: Can’t Keep a Secret

Tuesday, February 26th, 2008

Many months ago I wrote a long rant about my experiences trying to transfer a domain that Yahoo!I had registered with Yahoo!’s Private Domain Registration service to another registrar. The short story is that I was unable to transfer the domain without making my WHOIS contact details public. The long story is long.

There’s another “feature” of Yahoo!’s Private Domain Registration service though that I just learned about: it doesn’t clean up after itself.

So I created a site with the Yahoo! Small Business hosting service, part of which is a somewhat opaque domain registration service for which there is no separate charge. (This is actually quite a good user experience, as I imagine most user’s don’t want to have to understand about registrars, they just want to pay to have a working web site.) I did check the box to use the private domain registration feature to keep my contact information private.

The web site was for an event, and when the event was over, I no longer had any use for the site or the domain, so I logged back in to Yahoo! Small Business and canceled the service. This was a relatively simply process that took me through a number of the-sky-is-falling-bold-red-letter steps, warning me repeatedly that my site would be deleted, and was I really sure I wanted to do this? Yes, I was sure. Cancelled, done, gone. It seemed gone anyway - the site was unavailable.

About one year later, I get an email from the friendly registrar that Yahoo! uses, a cast member in my last rant, Melbourne IT.

From: whoisreminders@whoisupdate.com
To: <xxxxxxx@xxxxx.com>
Sent: Tuesday, December 11, 2007 3:13 PM
Subject: WHOIS Data Reminder

Dear Valued Customer,

In accordance with ICANN (Internet Corporation of Assigned Names and
Numbers) Whois Data Reminder Policy (WDRP) resolution 03.41, this message is a reminder to help you keep the public WHOIS contact data associated with your domain name registration up-to-date. Our records include the following information as of 14-Nov-07:

Domain Name: My domain name
Registration Date: 6-Jun-06
Expiration Date: 6-Jun-08

Registrant Contact Details
Name: My name here
Email: My email address here
Address: My address here
Address: (null)
City: My city here
State/Province: My state here
Post code: My zip
Country: My country

Administration Contact Details
Name: My name here
Email: My email address here
Address: My address here
Address: (null)
City: My city here
State/Province: My state here
Post code: My zip
Country: My country
Phone: and finally My phone number
Fax: (null)

Technical Contact Details
Name: YahooDomains TechContact
Email: domain.tech@YAHOO-INC.COM
Address: 701 First Ave.
Address: (null)
City: Sunnyvale
State/Province: CA
Post code: 94089
Country: UNITED STATES
Phone: 1.61988131
Fax: (null)

Registrar Name: Melbourne IT
Name server Details
yns1.yahoo.com
yns2.yahoo.com

If any of the information above is inaccurate, you must correct it by contacting your domain name supplier, hosting company or web services provider by either calling them or visiting their web site. If your review indicates that all of the information above is accurate, you do not need to take any action. Please remember that under the terms of your registration agreement, the provision of false WHOIS information can be grounds for cancellation of your domain name registration.

***************************************************************
**** Please do not reply directly to this WHOIS reminder email as your
****
**** request will not be attended to.
****
***************************************************************

Thank you for your attention.
Best regards,
Your hosting services provider
—————————————————————————
This email was sent by your current Registrar, at request by ICANN to
xxxxxx@xxxxxx.com

—————————————————————————

Yes, believe it or not, all of the billing information I had given to Yahoo! for billing my website had been dumped into the WHOIS database.

I don’t have the energy to follow-up with Yahoo! customer service given my past experience, and its possible that the experience has improved in the last year, but with my anecdotal evidence, here’s what I think happened to me:

  1. User pays to host a website with a “private” domain name with Yahoo!
  2. Yahoo! registers the domain with MelbourneIT for two years using the anonymized contact information (For those who didn’t read the first rant, contact@myprivateregistration.com, Emeryville P.O. Box and 510-595-2002)
  3. User cancels hosting service and website with Yahoo!
  4. Yahoo! updates domain registration contact information with the billing information provided to them for the hosting service, exposing it to the world.

This is broken. In my mind there are two more appropriate alternatives to the above given that all of the registration process was hidden from my user experience.

  1. Ideally, I would think Yahoo! should cancel the domain registration with MelbourneIT, never exposing the contact information. There are certainly enough warnings in the site deletion process such that as the end user I didn’t have any expectation that any part of the web site would remain.
  2. If there’s some sort of legal catch-22 that prevents true demolition of the domain, those users who paid extra to have the “private” domain registration service should be provided the option to update registration contact information to details of their own choosing.

Given the amount of traffic that my last post on this issue got, this whole mess is a big concern that lots of people are running into. I keep expecting someone from Yahoo! Domain Registration to find these blog posts and respond, but so far, nary an email or a comment. YahooDomains? Anyone listening out there?

Tags: , , ,
Posted in For Nerds and Geeks, Protecting Privacy in Meaningful Ways | 4 Comments »

Facebook: The Only Hotel California?

Thursday, February 14th, 2008

As the subject of recent splashy news on privacy and personal data collection, Facebook is starting to seem a little scary. In the words of one former user, Nipon Das, “It’s like the Hotel California. You can check out anytime you like, but you can never leave.” We’ve heard how difficult it is to remove yourself from Facebook.

We’ve seen how Facebook initially chose to launch Beacon, a advertising tool that told your friends about your activities on other websites, such as a purchase on eBay, without an easy opt-out mechanism, until outrage and a petition organized by MoveOn.org forced Facebook to change its policy.

Facebook employees are even poking around private user profiles for personal entertainment.

But although Facebook is at the forefront of a new kind of marketing, it’s not the only company with discomforting privacy policies and terms of use. Facebook’s statement that its terms are subject to change at any time is standard boilerplate. Its disclosure that it may share your information with third parties to provide you service is also pretty standard. After all, it’s certified by TRUSTe, the leading privacy certifier for online businesses. In fact, Facebook is arguably more explicit than most companies about what it’s doing because by its very nature, it’s more obvious that users’ personal information is being collected.

You could argue that the users do have a choice. They could choose not to use Facebook. But how did it turn out that in the big world of the internet, we have only two choices: 1) provide your personal information on the company’s terms; or 2) don’t use the service?

So far, it’s not clear that the controversy around Facebook has led to increased public concern about other companies and their personal data collection. It doesn’t even seem to have spilled over to all the programs that run on Facebook’s platform. No one seems perturbed that the creator of some random new application for feeding virtual fish now has access to his or her profile.

But there clearly is growing public unease, an increasing sense that our Google searches or our online purchases may be available to people we don’t know and can’t trust. Perhaps Facebook will end up providing an invaluable public service, albeit inadvertently, in making more people wonder, “What exactly did I agree to?”

Tags: , , ,
Posted in Protecting Privacy in Meaningful Ways | No Comments »

« Older Entries