Denialism Blog

Category: Privacy

  • Age and Privacy

    Media reports teem with stories of young people posting salacious photos online, writing about alcohol-fueled misdeeds on social networking sites, and publicizing other ill-considered escapades that may haunt them in the future. These anecdotes are interpreted as representing a generation-wide shift in attitude toward information privacy. Many commentators therefore claim that young people “are less concerned with maintaining privacy than older people are.” This report is among the first quantitative studies evaluating young adults’ attitudes. It demonstrates that the picture is more nuanced than portrayed in the popular media.

    A UC-Berkeley Law/U. Penn Annenberg team recently commissioned a telephonic (wireline and wireless) survey of internet using Americans (N=1000) on privacy. The findings are presented in How Different are Young Adults from Older Adults When it Comes to Information Privacy Attitudes and Policies?

    The major findings include–

    • Large percentages of young adults (aged 18-24) are in harmony with older Americans regarding concerns about online privacy, norms, and policy suggestions. In several cases, there are no statistically significant differences between young adults and older age categories on these topics.
    • Where there were differences, over half of the young adult-respondents did answer in the direction of older adults. There clearly is social significance in that large numbers of young adults agree with older Americans on issues of information privacy.

    Why does it seem then that young adults behave with such license, particularly on social network sites?

    A gap in privacy knowledge provides one explanation. 42 percent of young Americans answered all of our five online privacy questions incorrectly. 88 percent answered only two or fewer correctly. The problem is even more pronounced when presented with offline privacy issues–post hoc analysis showed that young Americans were more likely to answer no questions correctly than any other age group.

    We conclude then that that young-adult Americans have an aspiration for increased privacy even while they participate in an online reality that is optimized to increase their revelation of personal data.

    Cross-posted at Technology | Academics | Policy

  • Conservatives and the Census

    Naftali Bendavid reports today in the Journal on a problem facing conservatives: how should they assure their supporters, many of whom are suspicious of government activity, to participate in the US Census? After all, the Census sounds suspiciously like something Tiberius would like. But Moses was a fan too. And now Karl Rove is pitching the Census.

    Ron Paul argues:

    “The census should be nothing more than a headcount,” Mr. Paul wrote this month in his weekly column. “It was never intended to serve as a vehicle for gathering personal information on citizens.”

    It should be noted that Paul is factually incorrect. Jefferson and Madison were strong proponents of expanding the enumeration, from the very first Census. But it is also true that privacy concerns have always plagued the Census.

    Congress has an opportunity to address some of these privacy concerns. As I’ve written elsewhere, advances in “reidentification” have made it possible to determine the identities of Census participants. The Census Bureau has known about this problem for a long time, and has engaged in serious, well-respected research into solving it. However, the law has not kept up with the problem. Under 13 USC § 9(a)(2), the Department of Commerce is prohibited from “mak[ing] any publication whereby the [Census] data furnished by any particular establishment or individual under this title can be identified.” Thus, the Census Bureau must protect the identities of those who participate in the enumeration. But this law does not restrain private action. As a result, companies and others are free to try to strip citizens of their anonymity when participating in the Census, and even sell back the data to other government entities.

    Conservatives could take a step towards allaying these concerns by extending Title 13 to prohibit private-sector efforts to reidentify participants of the Census. Germany has already done this. Unless this step is taken, it’s just a matter of time before this government-mandated enumeration results in an enormous transfer of personal information to those unethical enough to reidentify and attempt to profit from it.

    Cross posted at The Berkeley Blog

  • Don't Even Give them Your Zip Code Anymore

    Consumers who have asked me whether they should give their zip code at the register have been getting bad advice! I was under the misimpression that zip-level data was only being collected for demographic research purposes (to determine where stores should be located, and advertising directed, on a mass scale) and thus said that no harm came from revealing the zip. No longer. Here’s a summary of data practices at William Sonoma, according to a recent California case (Pineda v. Williams-Sonoma Stores Inc., Cal. Ct. App., 4th Dist., No. D054355). Giving the zip code allows the store to “enhance” the information they already have about your (your name from the credit card) and determine your home address:

    Jessica Pineda visited a store in California owned by Williams-Sonoma Stores, Inc. (the Store) and selected an item to purchase. She then went to the cashier to pay for the item with her credit card. The cashier asked for her zip code, but did not tell her the consequences if she declined to provide the information. Believing that she was required to provide her zip code to complete the transaction, Pineda provided the information. The cashier recorded it into the electronic cash register and then completed the transaction. At the end of the transaction, the Store had Pineda’s credit card number, name and zip code recorded in its databases.

    After acquiring this information, the Store used customized computer software to perform reverse searches from databases that contain millions of names, e-mail addresses, residential telephone numbers and residential addresses, and are indexed in a manner that resembles a reverse telephone book. The Store’s software then matched Pineda’s now-known name, zip code or other personal information with her previously unknown address, thereby giving the Store access to her name and address.

    So, when they ask for your zip code, say no, or to have fun, give them the zip code of the White House: 20500.

  • Google's Leadership on Privacy

    For some time, I’ve been trying to better understand Google’s worldview on privacy issues. The culture of companies fosters different privacy values and sensitivities, and the signals sent by those at the top shape how the organization itself conceives of and addresses privacy issues. In wrestling with this, I read every article discussing Google and privacy in the New York Times and the Wall Street Journal, resulting in a paper titled, Beyond Google and Evil, How policy makers, journalists and consumers should talk differently about Google and privacy.

    In last week’s New Yorker, which is doing the rounds, Ken Auletta writes (subscribers only) about the growing pains the company has. But it also includes this strange discussion of privacy. Auletta writes:

    At the same time, Brin and Page can seem indifferent to users’ anxieties. In 2007, at Google’s annual Zeitgeist conference, a gathering of Google business partners, public intellectuals, traditional-media executives, and technologists, Brin declared that “the No. 1 privacy issue we deal with is that there is some information about someone on the Web . . . sometimes it’s not true and people just publish stuff.” The No. 2 privacy issue, he said, was “various things where people get their machine hijacked or somebody . . . breaks into various accounts of theirs.” Concern about the information collected on cookies he dismissed as “sort of Big Brother-type fears”–in other words, paranoia. Page agreed: “Sergey is just saying there are practical privacy issues that are different from the ones debated.”

    If the corporate culture is shaped by how principals frame and discuss issues, how reassured should we be about Google’s privacy worldview? Why do we trust this company with our documents, communications, etc, if concerns about massive data collection are conceived of as mere paranoia?

    Let me put this a different way: if it were your job to design privacy into Google products and policy, how much support would you feel that you had from the top? What priorities are expressed by that statement, and how would it shape your response?

  • Americans on Tailored Advertising: DO NOT WANT

    I’m delighted to announce the results of our first national telephonic survey of US internet-using adults on consumer privacy! The Times has coverage and the full report (Americans Reject Tailored Advertising and Three Activities that Enable It is available here. Here’s a summary:

    This nationally representative telephone (wireline and cell phone) survey explores Americans’ opinions about behavioral targeting by marketers, a controversial issue currently before government policymakers. Behavioral targeting involves two types of activities: following users’ actions and then tailoring advertisements for the users based on those actions. While privacy advocates have lambasted behavioral targeting for tracking and labeling people in ways they do not know or understand, marketers have defended the practice by insisting it gives Americans what they want: advertisements and other forms of content that are as relevant to their lives as possible.

    Contrary to what many marketers claim, most adult Americans (66%) do not want marketers to tailor advertisements to their interests. Moreover, when Americans are informed of three common ways that marketers gather data about people in order to tailor ads, even higher percentages– between 73% and 86%–say they would not want such advertising. Even among young adults, whom advertisers often portray as caring little about information privacy, more than half (55%) of 18-24 year-olds do not want tailored advertising. And contrary to consistent assertions of marketers, young adults have as strong an aversion to being followed across websites and offline (for example, in stores) as do older adults.

    This survey finds that Americans want openness with marketers. If marketers want to continue to use various forms of behavioral targeting in their interactions with Americans, they must work with policymakers to open up the process so that individuals can learn exactly how their information is being collected and used, and then exercise control over their data. We offer specific proposals in this direction. An overarching one is for marketers to implement a regime of information respect toward the public rather than to treat them as objects from which they can take information in order to optimally persuade them.

  • On Speech On "Skanks"

    My civil libertarian friends are “worried” about the precedent set in the recent Liskula Cohen case. In the case, a formerly anonymous blogger said some nasty things about Cohen. So nasty that Cohen sued to unmask the blogger’s identity and was successful in doing so. The blogger is now suing Google alleging that the company owed her a fiduciary duty and should not have revealed her identity.

    Critics of the Cohen case tend to focus on the fact that the blogger called Cohen a “skank.” They argue that the word is mere hyperbole and not an objective fact. But the blogger said and did much more than that. From the opinion (PDF):

    i-eeb593d2d566f74831207202efbf6bfb-cohen.jpg

    I think the civil libertarians are wrong on this case. Privacy is not an unlimited right. Cohen pierced the blogger’s veil of anonymity, but to do so she had to go to court and prove some merits of the case. Maligning another as promiscuous has always been defamatory, and the First Amendment has always allowed punishing such expression. This type of speech carries with it serious harm to women, especially those who rely upon their reputation in their work.

  • Free: R.I.P.

    Wow! In a strange turn of events, Chris Anderson got it all wrong, while Malcolm Gladwell got it right. What’s that? Free. Chris Anderson thinks it is the future of price; that companies should give their products away free and find other, magical ways to generate revenue. Gladwell roundly criticizes this idea; it’s worth reading his review because his critique is effective on several levels.

    Moving on…I want to make some crazy predictions here. Free is dead. It’s a Ponzi scheme, and we’re all invested in it. We all love free, but it has a price. We all think advertising will pay for everything, but in the end, something has to pay for advertising, and that something is in a recession.

    Subscription was the model for media for a long time. In the last century, advertising subsidized subscription, and in some markets, subsumed it. In the 21st century, we’re going to have to start paying for things again.

    Would you be willing to pay for sites such as the New York Times (as many people, myself include, do for the top-tier reporting of the Journal)? Would the tradeoff be worthwhile if there were less advertisements? What if, assuming that websites are wealth maximizing, these sites charge subscription fees, continue to advertise, and continue to sell users’ information? Would you be willing to demand more from publications if you actually paid for them?

    The next crazy prediction: free is going to create a backlash similar to the anti-Wal-Mart movement.

  • Financial Data & Prescription Records Use Limited

    If you are a resident of California, rejoice, because the Supreme Court let stand a decision in the 9th Circuit finding that SB 1 (California’s Financial Information Privacy Act) was not preempted by the Fair Credit Reporting Act. In plain English, this means that California residents can opt-out of “affiliate sharing” among banks. Thus, if you have an account at Bank of America, you can ask the bank not to share information about your account with the company’s 2,000 affiliates! This sets the stage for other states to limit affiliate sharing, and in all likelihood, it means that some banks will simply stop affiliate sharing without direction from the consumer. Why is this important? Say that you are in charge of buying drinks for office parties, and that you regularly purchase large amounts of beer on your credit card for that purpose. Later, you apply for life insurance at Traveler’s. These entities are jointly owned, and they can make inferences from your purchase history information.

    The Supreme Court also refused to review an important case from the 1st Circuit, involving the use of prescription records. In IMS Health, marketers challenged a prescription confidentiality law, which prohibited the sale of prescriber-identified prescription records. The 1st Circuit upheld the law, holding that it did not violate the free speech rights of prescription drug marketing companies. The 1st Circuit decision is important in particular because the court viewed the sale of records as mere conduct, rather than expression. If the sale of personal information is viewed in this way, marketing companies will have great difficulty framing privacy laws as restrictions on free speech. It also will mean that marketers will no longer see what drugs are prescribed on a per-physician basis in New Hampshire. Will this lower drug prices? Stay tuned!

  • Is Government Health Care Unconstitutional?

    David Rivkin and Lee Casey consider this question in today’s Journal, explaining that the Supreme Court’s abortion jurisprudence limits the government’s power to unduly burden choices about healthcare:

    It is, of course, difficult to imagine choices more “central to personal dignity and autonomy” than measures to be taken for the prevention and treatment of disease — measures that may be essential to preserve or extend life itself. Indeed, when the overwhelming moral issues that surround the abortion question are stripped away, what is left is a medical procedure determined to be “necessary” by an expectant mother and her physician.

    If the government cannot proscribe — or even “unduly burden,” to use another of the Supreme Court’s analytical frameworks — access to abortion, how can it proscribe access to other medical procedures, including transplants, corrective or restorative surgeries, chemotherapy treatments, or a myriad of other health services that individuals may need or desire?

    If only the right to privacy had so much influence in government decisionmaking!

    I don’t even know where to start with Rivkin and Casey’s argument, except to say that privacy is not going to stop government-supported (or even government-dominated) healthcare. But it is fun to see the conservatives get all libertarian on you once they’re out of power. We’ll be hearing “privacy this” and “my rights that” a lot. Where were those rights during the warrantless wiretapping and FISA debates, by the way?

  • Iran Likes DPI Too

    Christoper Rhoads and Loretta Chao report in today’s Journal:

    …the Iranian government appears to be engaging in a practice often called deep packet inspection, which enables authorities to not only block communication but to monitor it to gather information about individuals, as well as alter it for disinformation purposes, according to these experts.

    The monitoring capability was provided, at least in part, by a joint venture of Siemens AG, the German conglomerate, and Nokia Corp., the Finnish cellphone company, in the second half of 2008, Ben Roome, a spokesman for the joint venture, confirmed.

    The article later clarifies that the actual creator of Iran’s deep packet inspection (DPI) technology is not certain. But I blog for a different point. A group of companies, including ISPs and new advertising firms have proposed DPI for advertising purposes. The idea is that if you were to allow your internet tracking to be analyzed and used for targeted advertising, this could offset the cost of providing internet access. The proposals have largely failed in the US, because of legal, privacy, and business problems with the plan.

    The holy grail advertising technologies are the same types of tools that governments would like to use for norm setting, criminal enforcement, and terrorism prevention. It’s interesting to see how advertisers and governments are interested in similar technologies.