November 2007
A Bad Week for Privacy (12 November 2007
Attempted Credit Card Fraud? (16 November 2007
The FBI Denies Tracking Ethnic Foods (27 November 2007

A Bad Week for Privacy

12 November 2007

It's been a bad week for privacy. Several major parties — Facebook, TiVo, MySpace, and a U.S. government official — made some rather ominous moves and statements.

Let's start with the social networking sites. These have always been potential privacy risks: they've been gathering an immense amount of demographic data, personal data, friendship patterns, and more. My assumption has always been that they were going to use this for targeted marketing. This has now happened.

MySpace moved first. They announced that many major advertisers are using their "HyperTargeting" program, which examines user profiles and selects ads to display based on them. This isn't new — news sites have done this for a long time — but MySpace's data is probably more accurate, since users presumably feel more compunction about lying to their friends than to some media conglomerate. Besides, the MySpace demographic skews young, which is more valuable to at least some advertisers.

Facebook is taking a more unusual tack. Rather than using demographic data, they're going to exploit friendship patterns. When a user buys something from a Facebook affiliate, that fact is sent to the user's online friends, along with the purchaser's picture. In other words, users are being told "your friend bought this; wouldn't you like to as well?" (Ironically, the Facebook scheme may run afoul of a New York state law prohibiting use of people's names and photos for commercial purposes without their explicit consent — and that was was enacted after the plaintiff lost in one of the first lawsuits about privacy for precisely that action by an advertiser.)

Commendably, Facebook gives the "advertisers" the ability to opt out, though recipients can't decline to see such ads. Indeed, Facebook's privacy policy is better than most, though far from perfect.

TiVo is engaging in more conventional data gathering, though with much finer granularity. They're now providing advertisers with detailed information on the age, marital status, ethnicitiy, etc., of who watches various ads instead of skipping them. Fortunately, it's an opt-in program. Still, the existence of that sort of data is troubling. TiVo has always known who watches what; what's new is the addition of demographic data to the mix.

As always, the government's actions are the most worrisome. Leaving out their alleged effort to watch who's eating ethnic foods, Donald Kerr (the principal deputy director of national intelligence) was quoted as saying, "Too often, privacy has been equated with anonymity. But in our interconnected and wireless world, anonymity — or the appearance of anonymity — is quickly becoming a thing of the past." His actual comments are rather more nuanced; some of his attitudes are indeed scary, while others reflect changing reality.

When Kerr notes that

Anonymity results from a lack of identifying features. Nowadays, when so much correlated data is collected and available — and I'm just talking about profiles on MySpace, Facebook, YouTube here — the set of identifiable features has grown beyond where most of us can comprehend. We need to move beyond the construct that equates anonymity with privacy and focus more on how we can protect essential privacy in this interconnected environment.

Protecting anonymity isn't a fight that can be won. Anyone that's typed in their name on Google understands that.

he's being realistic. No amount of anonymous networking, digital cash, etc., will safeguard the privacy of people who voluntarily post intimate details about themselves on social networking sites or web pages. Where Kerr is dangerously wrong is when he says "privacy, I would offer, is a system of laws, rules, and customs with an infrastructure of Inspectors General, oversight committees, and privacy boards on which our intelligence community commitment is based and measured." It just doesn't work, if for no other reason than that the checks and balances are insufficient. Right now, for example, the CIA is investigating its Inspector General. Similarly, oversight committees (and courts) are being told that they lack the necessary clearances to see some of the salient details.

What Kerr is saying boils down to "trust us with the same data you're voluntarily giving someone else". Unfortunately, the track record of various government agencies isn't good, ranging from COINTELPRO to abuses of National Security Letters. (Admittedly, in that last case it was an Insepctor General who found the abuses.) Yes, people are giving away data to various web site, but with some intuitive understanding of how it will be used and what the guarantees are. When sites change their behavior, users rebel.

To be sure, there are sometimes explicit guarantees. Facebook, for example, promises

Facebook helps you share information with your friends and people around you. You choose what information you put in your profile, including contact and personal information, pictures, interests and groups you join. And you control the users with whom you share that information through the privacy settings on the My Privacy page.
and has committed to independent review:
Facebook is a licensee of the TRUSTe Privacy Program. TRUSTe is an independent, non-profit organization whose mission is to build user's trust and confidence in the Internet by promoting the use of fair information practices. This privacy statement covers the site www.facebook.com and its directly associated domains. Because this Web site wants to demonstrate its commitment to your privacy, it has agreed to disclose its information practices and have its privacy practices reviewed for compliance by TRUSTe.

If you have questions or concerns regarding this statement, you should first contact our privacy staff at . If you do not receive acknowledgement of your inquiry or your inquiry has not been satisfactorily addressed, you should contact TRUSTe Watchdog at http://www.truste.org/consumers/watchdog_complaint.php. TRUSTe will then serve as a liaison with us to resolve your concerns.

What we have, then, is intuitive understanding and acceptance, responsiveness by the site, and enforcement. Kerr's proposed policies have none of these. He is suggesting new uses for data, and doing so without explicit "popular" — i.e., Congressional — assent.

We could, at least, have enforcement of his new privacy policies. In the U.S., the courts are charged with such oversight, precisely because of their independence. If there is a procedural problem with independent review, that needs to be fixed. We do not need to give up on the principle.


Update: There's an online petition against the new Facebook scheme at Moveon.org.

Second update: Facebook has backed down.