Tuesday, May 25, 2010

Facebook helps you connect and share with the people in your life. Whether you want to or not.


Just heard about this on NPR. When asked on air some people people REALLY don't care about their privacy. One woman updated her new cell phone number unaware that it went out to everyone. When she asked if it mattered to her, she simply said, "No, not at all."

I'll post the story from NPR in a bit.

Friday, May 21, 2010

National Coalition Against Censorship Newsletter May 2010

I subscribe to this via email and find it really great.

NCAC's newsletter contains information and discussions about freedom of expression issues, including current school censorship controversies, threats to the free flow of information, and obscenity laws.

Read their roundup of some of the top censorship stories in The Long and the Short of It. http://www.ncac.org/The-Long-and-the-Short-of-It-CN-112


Monday, May 17, 2010


One individual compared privacy to a dodo bird. Extinct. I think this National Conversation on Privacy needs to be an ongoing conversation (. . . into perpetuity?) since the whole idea of privacy is continually growing and adapting to our ever increasing use of technology and overall 21st century environment.

Always fond of a good dictionary! I used this definition after the last session I had, and found that discussion around quite stimulating since it seemed to focus the group into describing how their experiences fit into the various parts of the definition.

Privacy - from the OED
1. The state or condition of being alone, undisturbed, or free from public attention, as a matter of choice or right; seclusion; freedom from interference or intrusion.

full link:

Thursday, May 6, 2010

Is Privacy a positive, or merely a protection?

During our privacy deliberation, we talked about identity theft and other safety concerns, e.g. being Googled by a stalker, etc. One person raised the alternative of a caring community where members watch out for each other. We talked about how that kind of community often stifles non-conforming persons and drives them away to the anonymity of the big city. The question we came away with is whether it is possible for a community to be sufficiently tolerant of diversity that individuals do not have to hide what makes them unique.

The deeper question is to what extent is privacy a reaction to intolerance and to what extent would we still want privacy even if our community harbored no prejudices that would include us? Do we want privacy to avoid humiliation, or is it something necessary for our spirits to flourish. Is privacy just protection from the cruelties of the world, or is it something positive in itself? Do those people who proudly say, "I have nothing to hide" really have no private areas in their lives?

Certainly the reason I want privacy for my reading is so others will not leap to conclusions about what kind of person I am. Usually, I want to tell others about books I have enjoyed, but I have read about topics I'm not yet ready to wear on a sandwich board. And, I know that if someone was watching I might skip some titles, because we still have people who think that they can predict your behaviour from what you read.

So, what do you think? In Utopia would we still need privacy?

There's a buzz in the library!

The Privacy Revolution videos have been a huge draw for students in the library. Impromptu discussions, many different points of view, students were fascinated by the idea of how regularly they give up so much information. Some students did just shrug it off, while others appeared genuinely horrified! I could only smile and nod.

"We know what you read and we're not saying"

I found this post by Cory Doctorow after watching a video from Privacy Revolution.

He writes, "Just ran into a Norwegian librarian at Internet Librarian International in London wearing this killer tee-shirt, created in protest of the PATRIOT Act's provision to force librarians to reveal which books their patrons were checking out. The Latin translates as "We know what you read, and we're not saying."


Guild of Radical Militant Librarians - Wow!

Wednesday, May 5, 2010

How unique is your browser's fingerprint?

It was back in January that we first blogged about the fingerprint that your browser leaves on every website it touches, but Choose Privacy Week seems like an appropriate time to find out how unique YOUR browser is, with the Panopticlick tool from the Electronic Frontier Foundation. The more unique your browser is, the more identifiable you are, even if your IP address changes and don't log into anything.

The browser fingerprint is made up of characteristics that a server can detect, like which browser (and version) you are using, which fonts you have, what plugins are installed, your screen size, and time zone.

This information is legitimately used by webservers to make sure the version of the web page they are showing will work on your system. But, unintentionally, this fingerprint may be provide a unique identifier.

So, try EFF's tool and see how unique your browser is: http://panopticlick.eff.org

Kindle Readers: Amazon is watching!

Just in time for Choose Privacy Week comes this article in the Christian Science Monitor about a new service from Amazon that shows what passages from Kindle books are most often highlighted.

You can even search to see what is the most highlighted passage on a certain topic.

Since the population of Kindle users is still pretty small, I can't see exactly what the purpose of this service is, except as a really great reminder that whatever you do online, or connected to an Internet device, is being tracked and recorded.

The top two highlighted passages on privacy?
“Never listen to a phone call that isn’t meant for you. Never read a letter that isn’t meant for you. Never pay attention to a comment that isn’t meant for you. Never violate people’s privacy. You will save yourself a great deal of anguish. You might not understand this now, but you will later on.” A quote from Joseph Kennedy to Ted Kennedy published in True Compass, and highlighted by 84 Kindle users,

and, "The only hope for social networking sites from a business point of view is for a magic formula to appear in which some method of violating privacy and dignity becomes acceptable" from You Are Not A Gadget by Jaron Lanier, highlighted by 28 Kindle users.

“Snatching Digital Rights” or Protecting Our Culture? Burning Man and the EFF

In a slightly different take on privacy, we have the ongoing controversy that began last August regarding who owns images taken at Burning Man. The organizers say they do in order to protect participants privacy, while others, namely the Electronic Frontier Foundation (EFF) criticize this policy and are misusing the Digital Millennium Copyright Act (DMCA).


The link above is in response to the EFF article also linked to within the article. Wrestling with issue of personal rights of privacy, both sides present compelling arguments. The DOI permit for the Burning Man event specifically states that this event is conducted on public lands, and I know that to be true. So, to my knowledge, a permit does not constitute the authority of a private business (Burning Man) to trample/over-step the rights afforded to the people granted by law while on public land. I wonder if the Bureau of Land Management where the event is held agrees with that statement?

Here is the Burning Man terms of agreement over "Use of Images" I UNDERSTAND AND ACCEPT THAT NO USE OF IMAGES, FILM, OR VIDEO OBTAINED AT THE EVENT MAY BE MADE WITHOUT PRIOR WRITTEN PERMISSION FROM BURNING MAN, OTHER THAN PERSONAL USE. I understand that I have no rights to make any non-personal use of any image, film, or video footage obtained at the event, and that I cannot sell, transfer, or give the footage or completed film or video to any other party, except for personal use, and I agree to inform anyone to whom I give any footage, film, or video that it can only be used for personal use.

Burning Man states that they do this in order to "To protect our participants so that images that violate their privacy are not displayed." Others (EFF for one) say that a benevolent censor is still a censor. The controversy continues and neither side has acquiesced, although I do know they willingly and freely continue to engage in the dialogue.

Online privacy can't be evaluated on a human scale.

We need to stop thinking of privacy in human terms. The constant surveillance that happens online is not like the East German Stasi in the movie Leben der Anderen: hiding upstairs with headphones on. That image of online surveillance misleads us, because it puts the data collection in human terms. While most of us probably realize that the people at Google (which hosts this blog) could be reading this post as I type, even before I submit. While that is kind of freaky, it doesn’t really worry us, because we know that they aren’t wasting their time doing that. (If I’m wrong, Google Interns, say hi in the comments!)

So by thinking about privacy violations on a human scale, we convince ourselves that even though the capability exists to track us, our privacy is only potentially violated. For our privacy to actually be violated, someone (Google, Facebook, or the FBI) would have to specifically notice us. And our individual activity on the web is not merely a needle in a haystack, it is one needle in the world’s largest pile of needles. Face it, we think to ourselves, we’re just not that interesting.

But this is simply not the case. As we know, information about who we are and what we do drives the advertising-based Web economy. With virtually unlimited and virtually free storage, it doesn’t make economic sense not to collect any piece of information that can be collected. As a recent NYT article showed, retailers and marketers want to know exactly how their marketing campaigns are working. With web coupons, the article states, “a retailer could know that Amy Smith printed a 15 percent-off coupon after searching for appliance discounts at Ebates.com on Friday at 1:30 p.m. and redeemed it later that afternoon at the store.”

Notice how that sentence is written: A retailer could know. This again implies a human retailer looking at the data. Really, if this data has been collected, it is already 'known' in the sense that it will be used in data analysis. And the consequences of our lack of privacy that result from the database sense of knowing are very different than those from having the human retailers and marketers know your behavior.

Rather than a person knowing discrete facts, the database allows your data to be carefully analyzed as part of the aggregate. And when you analyze such a huge pot of data, you start finding odd correlations.

At the risk of sounding like a someone from the tinfoil-hat crowd Let me take two examples that show how real harm can result from data that is, objectively, harmless.

The first example is the case of Maka Mini Mart in South Seattle, a small store serving the local East African immigrant community. In early 2002, in the wake of the 9/11 terrorist attacks, Muslim run businesses were under scrutiny for ties to terrorist organizations, and based on the records of the electronic debit cards that replaced paper food stamps, Maka Mini Mart looked suspicious. According to this Seattle P-I Article, the suspicious transactions included large purchases made minutes apart and transactions for even-dollar amounts, unusual for food purchases. As a result, the USDA ‘permanently disqualified’ the store from the food-stamp program, immediately eliminating virtually the entire revenue of the store.

Eventually, the USDA reversed its decision against this and a few other Somali markets in Seattle. The unusual, even-dollar purchases, it turns out, were a result of the community's practice of buying meat by the dollar, rather than by the pound. (Isn’t it interesting that it is more typical to by meat by the pound but gas by the dollar? I’ve never seen anyone say 5 gallons on pump 3) The multiple large purchases were because people in the community tended to go shopping together, and buy in quantity.

These are all perfectly appropriate behaviors, and wouldn’t raise the suspicions of any human watching, but when computer analysis looked for suspicious anomalies, suddenly this business was practically shut down.

Take a second, more hypothetical example.
A lot of employers, particularly in the public sector, do background checks before hiring someone. Imagine a not too distant future in which a company includes aggregated online history in their background checks. The company won’t tell your employer specifically what you do online (that would be an invasion of privacy that no one would stand for), but they have an automated system that looks for patterns and can generate something like a credit score. Just as a credit score is used to predict how likely you will be to pay back your debts, your background score might predict how likely you are to embezzle, have a drug problem, get into fights etc.
As I said, when you analyze data, you can find strange correlations. Let’s say, a correlation is found between pedophilia and being a Star Trek fan.

Even though, statistically speaking, that correlation doesn’t mean Star Trek fans are likely to be pedophiles, (it means pedophiles are likely to be Star Trek fans) it is easy to imagine that subtle distinction getting missed (or ignored in the name of being extra thorough) in the algorithms that generate these scores.

So, if you spend a lot of time browsing Star Trek forums, your background score might show that there is just some small chance you might be a pedophile. If you were hiring someone for a position working with children, what would you do?

No reasonable person would deny someone a job working with children solely because they like Star Trek, but in this hypothetical situation, no human would see that data in context. Maybe listening to a certain type of music will be found to correlate with posting hate speech in blog comments. Buying spinach on sale with a loyalty card might correlate to some other undesirable behavior.

Tons of individually insignificant pieces of data are being collected, stored, and analyzed. Which bits of data are truly harmless and which wind up having consequences remains to be seen. We don’t know how data being gathered now will be used in two, three, or ten years. What we do know is that it isn’t prying human eyes we need to worry about. Whatever privacy implication there are, they aren’t on a human scale.

Tuesday, May 4, 2010

Unshelved cartoons on privacy

If you missed these when they were published April 12-15, enjoy them now! Our favorite cartoonist really captured common, thoughtless Internet behavior.
April 12
April 13
April 14
April 15

Monday, May 3, 2010

great Privacy forum tonight in Virginia Beach

Privacy is a hot topic -
hard for the recorder to keep up!

It was a small group, but we had no difficulty filling the time. Two of the participants work in law enforcement and brought practical knowledge with their perspectives on privacy. We started by sharing a personal experience with privacy. That ranged from reading Skype's privacy policy to a case of mistaken identity to discovering a need for a gene test.

No one had much faith in the marketplace's intentions, but while conceding that public servants generally do have good intentions, we questioned their capacity to protect privacy. We talked about hacked databases and conflicting regulations on public records. Most of the group felt that no one cares as much about my privacy as I do, but it will mean giving up convenience and making a real effort to protect my information. We could use advice and tips, but also people just take really foolish risks without thinking.

We expressed a desire to rebuild the kind of community where people look out for each other, but without the stifling conformity that drove people away. While privacy is needful to protect us from criminals, it would be less of an issue if people were more tolerant of diverse views.

database security and humility

Last year, Virginia’s statewide prescription drug database was hacked, exposing over 35 million prescription records affecting 530,000 people. So much for the arrogance of government database security!
We can hope that one lesson officials draw is not to keep any information that isn't absolutely necessary. "Social Security numbers have since been scrubbed from the system." Another lesson is that no data can ever be guaranteed secure. If you want more details, read the Virginian Pilot article.

Choose Privacy Week open discussion

Happy Choose Privacy Week!

Use the comments below to share news, links, and your thoughts on all matters relating to privacy or the Choose Privacy Campaign