Author: privacymaverick

Facebook and Real Names and social circle segmentation

At the IAPP Global Summit in Washington, D.C., Jules Polonetsky (@JulesPolonetsky) conducted a public discussion with Facebook Chief Privacy 542842_10102843702374493_485191411_nOfficer Erin Egan.  During the audience Q&A portion of the discussion, I posed two question: essentially what does Facebook do to ensure its developers are assuring that contextual clues help the Facebook audience know what information is being shared and with whom and secondly, why does Facebook insist on a real names policy despite the fact that there exist a clear minority of it’s audience that reject the idea.

I’ll save you an analysis of the response to the first question which essentially amounted to context is important and our developers know that. The response to the second question, though, bears further investigation. Erin answered, essentially, that its a means to encourage good community standards; that being anonymous or pseudononymous on the Internet leads (or allows) people to engage in behavior that they, shall we say, wouldn’t want their mother to see them doing. Jules chimed in that at AOL they saw rampant disregard for social norms due to the pseudononymous nature of that forum. I later approached Jules and suggested that, while the pseudononyms may play a role, another factor may have contributed more to AOL’s raucous nature. Unlike Facebook, AOL was primarily based on public forums (chat rooms, bulletin boards, groups). Facebook, though it has some of those features, is primarily based on private forums: private messages, postings on friend’s walls. The public forums do exists but they are largely an ancillary service to Facebook’s primary use (sharing old high school photos).  I would put out the hypothesis that this is the major contributing factor to people being on their best behavior.  If they are obnoxious, rude, crude, or otherwise inappropriate, users have the ability to ban those people from their private spaces (ignore their posts, unfriend them or block them).  Even the public spaces generally have moderators that can remove unwanted visitors.

Facebook is perhaps the ultimate big data company. I would suggest Facebook researchers (they have those right?) do some data analysis on how many adverse reports they get of people in public spaces versus private spaces.  Do users mostly avail themselves of self help (unfriending) or resort to reporting to Facebook? Of those complaints, how many of the users appear to be using pseudonyms and how many appear to be using real names? Inquiring minds want to know. If, as I suspect, the public spaces are much more rife with complaints and pseudononymous users, then perhaps Facebook could require real names for access to public content as opposed to the private spaces.

Many people have justifiable reasons not to use their real names. A one size fits all policy is not appropriate for a space of 1 billion users (*cough cough*).  In the real world, while we use our real names, people engage in social circle segmentation. What I tell my doctor I don’t tell my neighbor. What information I give to my boss may be different than the picture I paint and my kid’s little league game. In those environments, context plays a role in allowing us to socially segment our acquaintances into circles of what we share. While concepts like Google Circles and Facebook Smart Lists allow people to segment their audiences in those platforms, this is often difficult and mentally taxing for people to do. Easier is to segment their friends either on different platform (Facebook for school friends, LinkedIn for professional contacts, Google for online friends, Twitter for ….well it varies by the person).  Pseudonyms on platforms allows for a quick brain response of who am I right now and who is my audience. I don’t have to worry about my boss seeing the picture of my with the lampshade on my head at a party.  Each of my social circles is in a nice distinct bucket. Just some food for thought, Facebook.

 

Predictive policing

At 7:15 this morning I was rudely awaken by a police SWAT team banging on the door. I’m currently in a cold northeastern city visiting a friend (whom I happened to take to the airport last night to fly to my home state of Florida). He offered to let me stay here for a few days until I return to D.C. It’s a great savings of a few hundred dollars in hotel nights and the solitude has given me an opportunity to concentrate on some much needed work. Of course, solitude is not exactly what I had this morning. First there was a knock. As I peered bleary eyed out the window to see if it was an obnoxious solicitor, the knock grew furious. “Police, Open Up” was the shout. I scurried towards the door in only underwear and a tshirt. I opened it to approximately 10-15 police officers in full gear (bullet proof vest, helmets, guns). I stated to the officer at the door (who clearly recognized that I wasn’t whom they were looking for) that I was a house guest. He showed me a picture and asked if I recognized the man and I said no. He gave me his card and ask me to have the resident (my friend) call him.

I passed the information on to my friend who called the detective and spoke at length. Apparently, this is not the first time his house had been visited by the police. The detective explained that the suspect, wanted in connection with a shooting, and his family were listing this address as theirs. My friend explained that he had been there for 3 months and the owner of the house, who previously lived there, had been there many years. The detective offered to email my friend the picture of the suspect and asked to be contacted if he saw him in the neighborhood.

My friend called me back to discuss the incident and we discussed in light of the book I had been reading the previous day while my friend was at the house. That book was Big Data by Viktor Mayer-Schonberger and Kenneth Cukier. Predictive policing, not quite like Minority Report, is the use of big data style analysis for policing. The concept is fairly straight-forword, amalgamate large amounts of information relevant to criminal behavior and find connections that were heretofore unidentifiable. While arrests won’t be made as a result of predictive policing, suspicious actors could be uncovered and scrutinized thereby improving the efficiency of the police department. The risk, however, is having innocent associations place certain members of the population under enhanced scrutiny while others commit crimes. In the old days, this was called profiling and while dispassionate data analysis could be beneficial in removing stereotypes and biases from policing, the risks remains of being caught in a associative bucket of bad guys. My friend, who innocently occupies an address picked by criminals, now potentially will be forever associated with them. Will his car be pulled over more often then not, as police hope to catch him in the act? What other subtle things will threaten his peaceable right to be let alone now? Will credit reporting agencies ding his credit score because he shared an address with a family of criminals?

My ex-girlfriend used to carry her social security card in her wallet, much to my dismay. I pleaded with her not to but her retort was that she had no credit history worthy of stealing so what was the risk? She had a somewhat legitimate need as her drivers license had a different name that her birth certificate, due to custody battle and judges decree when she was just a toddler. She used the SSN as an alternative proof of her name, when her license didn’t match. It is an unfortunately byproduct of living in a society that is hellbent on using identity as a means of security. But the risk to her, were clear. What happens when her identity is stolen for criminal purposes? Or when a criminal uses her identity to commit a violent crime and her name is now tied as an alias to that criminal? While law enforcement making contact with John Smith may do a double take before arresting him on an outstanding warrant, her unique name would not be so lucky.

While efficiencies in the competitive industry of ferreting out criminals is a goal worth pursuing, appropriate safeguards must be in place to not make unwarranted connections. Further, oppression, warrantless searches, identity tattoos (ala WWII germany) make policing efficient but that doesn’t make them ethical. Society must weigh the political repercussions before embarking on the use of big data in this realm.

Mobile Privacy

The California Attorney General has released her recommendations for privacy in mobile space.  Overall, it is a fairly good set of recommendations though some groups have already criticized it.  Two notable recommendations are the integration of privacy into the design process. While not full on privacy by design or privacy engineering, it does give some advice to the mobile developer on how to think about privacy (particularly data minimization) before creating their apps.

The drug war and privacy

Not that this is a new revelation on my part but I just wanted to relay it because it’s fresh on my mind: the war on drugs is the biggest threat to American privacy we have going.  What happened to me that makes me want to post this now?

I’m currently driving across the country visiting friends and family.  I left Salt Lake City earlier today and braved winter storm Gandolf to make it to Reno, Nevada. Afterwards, I’m headed to northern California to visit a friend, then make my way back to Florida through the Southern United States. As I approach Reno, a flash of red and blue lights up behind me.  Perplexed, I pull over at the next safe spot. I wasn’t speeding  given the severe weather conditions (though it wasn’t too bad at that moment). I had actually seen a state trooper a few miles back but I didn’t see him leave his spot though I suspect this was the same one.

He approached the car and I rolled down my window to the 25 degree air. He asked how I was doing this evening (about 9pm). I said fine then asked why he had pulled me over. He asked for my license, which I produced and he said I had crossed the line and wanted to make sure I was safe to drive.  This was a blatant falsity. What was really going on was he was profiling me because of my Florida license  in Nevada (or maybe my Gary Johnson bumper sticker) and used the pretext of me crossing the line to stop me.  [More about how I know this in a minute.]  He then asked for my registration and proceeded to ask me a series of questions:

Where was I headed? Oh a friend is California? How did I know him? High school, really?  Was I staying in Reno? Where was I staying? What did I do for work? Website development? Anything he would know about? Why do I have so much crap in my car? Why am I acting nervous? (I was shaking because I had been warm until I had to roll down the window to the cold night air) The state trooper was a really good actor. He genuinely seemed interested in the answers; like he wanted to learn more about me. The entire time he is vigorously inspecting my license and registration for any discrepancy. Of course he found none.

Unfortunately for him, I’m not a drug mule and had an immediate answer for every question.He eventually let me go and didn’t even say be careful about crossing the line, his original excuse for stopping me. 

 How do I know the officer was pretexting in stopping me?  My friend, whom I’m visiting in Northern California, had exactly the same experience in Oregon. He was driving to visit a friend in Oregon and just a few miles across the state line, he was stopped under the guise of having crossed the line. He was given almost the exact same line of questioning, where was he going, what did he do for work (it was midweek), etc.  Unfortunately for my friend, the officer claimed to smell marijuana and searched his car without his consent. Fortunately, the officer didn’t go that far in my case.

Privacy is about the right to be let alone.  By pulling people over under false pretenses, invading their personal space and then asking a series of ever probing questions in an attempt to find a gap in their story that would allow them to ultimately search their vehicle in at attempt to find illicit drugs, our fundamental right to let alone suffers. This is no isolated incident, this is a systematic assault on the freedom we enjoy as Americans.  No other rationale serves to create such a culture of invasiveness than the drug war. From pretext traffic stops, to no-knock warrants, to databasing of our cold drug buying habits, the drug war is an insidious disease on freedom. Not event the cause-du-jour, the war on terror, with it’s privacy assault is as pervasive across the country and world as the the fight against narcotics

The war on drugs must end. 

You can have my privacy when you pry it from my cold dead hands.

Sorry for the extended holiday break. Lot’s going on in my life and lots to announce coming up. In the mean time, here is an article on guns and privacy.

After the recent Newton school shooting, in which the shooter allegedly used his mother’s licensed and permitted firearm, a debate has raged about the privacy rights of gun owners. A newspaper in Massachusetts published a  list of licensed firearms owners in the area culled from public records. After a visceral outcry from the public, lawmakers have proposed bills to limit the free speech of newspapers to publish information about gun owners. Notice how I framed the debate as one of the first amendment versus the privacy rights of the second amendment. I’m not the only one who noticed it

When City Paper asked McDonogh if the bill intended to “limit the First Amend­ment in order to pro­tect the Sec­ond,” he responded: “That’s a good way to put it.”

This is hardly a new debate. If fact this is something I wrote about in a white paper for the Florida First Amendment Foundation back in 2007.  That white paper discussed the seeming tension between public records and privacy. My home state of Florida even has a law prohibiting the creation or keeping of a list of owners of firearms, though with copious and quite reasonable exceptions. One of those exceptions is for the state’s licensing of concealed weapons permit holders, currently over a million licensees in Florida. Though this list is exempt from the public records is still doesn’t protect against the ultimate privacy harm upon which the Second Amendment rests, namely the confiscation of firearms by the government in times of civil unrest. 

In states without such exemptions, additional privacy harms are prevalent.   The concern is that once released, this information about gun ownership can be used for nefarious purposes: criminals can target houses with guns (in an effort to steal them) or they can target houses without guns (to avoid armed homeowners). Part of the benefit of a concealed carry is the benefit of surprise, criminals don’t know who is carrying a weapon and where they are. Publicizing this information defeats some of the tactical advantage of concealing the weapon.

So how do we sustain the arguably legitimate interest of government to restrict gun usages (possession / concealed carrying, etc) to those legally eligible yet maintain the privacy of the gun users not only from the general public but from the government that licenses them.  While the first step must be to analyze the entire ecosystem. Fundamentally, if only a small percentage of people are excluded from the eligible pool (and potentially aren’t going to follow the rules anyway), would it make more sense to identify those ineligible people rather than spotlight the eligible majority. Assuming such an option is not politically viable, then a smarter system would be to decentralize the license. In Florida, concealed carry permit holders must carry their license on their persons.  F.S. 790.06 (1) This provision provides part of the solution. If the process for issuing the license can be validated and the license renewed probably more frequently than it is today, then the necessity of keeping a centralized list of licensees becomes moot.  Failure to carry the license at the time of carrying a concealed weapon is a crime and the authorization can be refreshed every time the license is renewed.

De-Identification

This blog post is in response to Daniel Barth-Jones’ tweet to me about de-identification. Due to the space limitations of twitter, I felt a blog post was the best place to respond.

Daniel Barth-Jones @dbarthjones

@PrivacyMaverick @GarrettCobarr “De-identification is not enough. Need k-anonymity with a large k” Really? Check out: http://www.vldb2005.org/program/paper/fri/p901-aggarwal.pdf 
11:25 PM – 25 Nov 12 
 
 
I agree.  K-anonymity may not be useful and it may not be practical. My point in the above statement, which was in response to a tweet Garrett did about re-identification in Big Data, was that the simplistic removal of identifiers and quasi-identifiers, which many people equate with de-identification, is insufficient. The article Daniel references above concludes that the information removed in order to achieve k-anonymity may render the data useless from a data mining perspective. Clearly. I didn’t mean to suggest otherwise.  As Daniel notes in his slide deck, perfect information and perfect privacy are mutually exclusive. 
 
 

The flaw of Startup Weekend

I’m participating in my 3rd Startup Weekend event; this time in Tampa. My previous two Startup Weekends were both in Orlando with the previous one just last week. Some things that wasn’t apparent during my first event earlier this year have now become readily apparent after two more bites of the apple.  I present here my unfiltered observations.

  1.  The focus is on shallow businesses.  Though not exclusively, Startup Weekend tends to focus on technology startups by bringing together designs, developers and non-technical (i.e. business) people.  The idea seems to fit well in an era of web services where a business can be mashed together by amalgamating the right combination of APIs, throwing in a pretty interface and making some financial projections. “Google-y” eyed entrepreneurs with visions of Facebook riches don’t realize that it takes real sweat and a real idea to make money.  The persistent question at StartUp Weekend seems to be what is your secret sauce? Why isn’t anybody else doing this?  After three SWs under my belt, I’ve seen numerous repeated ideas or pitches, new to the pitchers, but with a dozen competitors.
  2. “No talk. All action.”- One of my partners in Orlando, a programmer and developer, really was under the impression that we were going to build something.  Unfortunately, he and two others on our team, spent the entire weekend working on a mobile application and back end only to see none of their work incorporated into the final pitch.What a waste of productivity and resources. While, given the technical focus of the weekend, it is important to have technical talent on the team, that talent should be geared towards keeping the business folks on the level when it comes to the technical capacity and what it’s going to take to actually bring a product/service to market.
  3. Cocky mentors – This is certainly not universal but quite a number of the mentors come across as smug. While they may be somewhat successful in their fields, I didn’t run across any household names. You can be constructive and provide insight and criticism without being passive aggressive. There is more than one way to skin a cat and yours is not the only way. This seemed far more prevalent in Tampa than in Orlando.
  4. Designers are golden. If you’re going to have a slick presentation at the end, you need a good designer.  I think next SW I’m going to bring a bunch of designers for hire.  

Security vs Privacy

I posted a response to a posting about needing your employees to be privacy aware. I’ve copied my response below. I’d be interested in feedback on my analysis. Basically my argument is that while privacy awareness among employees is good, really a business should be looking at process design to avoid employees being in a position to make decisions about privacy. I need to write more about this! Bob, I would like to argue that none of the scenarios above are ideally dealt with by making your employees “privacy aware.” I submit three alternative ways of dealing with the issues Scenario 1 is process problem. The process has been design in such a way as to allow leakage of private customer information. I analogize this to the difference I experienced at the DMV and a doctors office. When I entered the DMV, I was assigned a customer number and when called to the window I was called by my customer number. At the doctor’s office, a nurse came out and called my name. The process at the doctor’s office is not privacy friendly because it removes my control over who knows my name in the waiting room. In Scenario 1, the process in the problem, not the employee. Scenario 2 is an information security issue. I understand why many people think this is a privacy issue but the privacy problem isn’t the retailers, it is the credit cards companies. They have abdicated their duty and essentially created a info security problem for retailers. Now here, unfortunately, their is a case for security training but not privacy training, IMHO. Scenario 3 is again an information security problem. This is the companies proprietary data and employees need to be aware of security lapses. If one were to approach it as a privacy problem, you should redesign the way you define relationships and give customers the ability to prove the ongoing relationship (a loyalty card) without keeping their identifying information where it becomes a security issue requiring employee training. Just my 2 cents

Personal knowledge

This article makes a good point about the difference between personal use of personal information and the impersonal use of personal information. I would like to expand on that concept a bit here. For the last few years, I’ve gone to the same barber at the same barber shop near where I live and work. Though he frequently forgets, I almost consider it a dereliction of duty if he doesn’t remember the setting on his shavers or how I like my hair cut. I expect him to know this in order to provide me with quality care. I also talk to him about my personal and professional life and the conversations are much more than I would share with most companies I do business with. I do this in order to get close interaction with what is a very personal service (grooming and hair care). And while I want that level of interaction with my barber, I would be a bit disconcerted if other barbers in his shop would be able to immediately engage me with the same level of knowledge he has built up over the years about me. The point is I don’t expect him to share that information, even within the same business. While I do clearly see the benefit in a business being able to provide me with very personalized service, I don’t necessarily want that information escaping the confines of how and when I’ve shared it. When I develop a rapport with a particular customer service representative who knows of my travails, I don’t want that representative to gossip about me to others in the firm, even though such is possible and in all likelihood, probable What companies need to realize is that they need to find a way of delivering that personal service without the risks to the customer that the information escapes the bounds of the relationship they’ve developed (i.e. hacker, crackers, looky-loos or governments).