Search


  • Categories


  • Archives

    « Home

    Archive for the ‘Anonymity’ Category

    When Software Can Read Your Emotions as You Walk Down the Street

    Wednesday, April 22nd, 2015

    I’ve written before about the increasing use of “digital signage.” What is “digital signage”? Most people have heard of the term connected with billboards or other screens that have cameras (and facial-recognition technology) to watch people watching ads in order to target advertising toward individuals. The data-gathering and surveillance practices raise substantial privacy questions.

    The Los Angeles Times reported on the expansion of these digital billboards and their use of facial-recognition biometric technology in casinos, Chicago-area bars and more. USA Today and the New York Times have detailed safety problems that can arise from these digital billboards. BBC News has reported on the use of digital billboards in the United Kingdom. The Wall Street Journal has reported on digital signage use in Japan.

    Now, Wired reports on the more widespread use of software from the artificial intelligence startup Affectiva that “will read your emotional reactions” in real time. “Already, CBS has used it to determine how new shows might go down with viewers. And during the 2012 Presidential election, [Affectiva's chief science officer Rana el Kaliouby’s] team experimented with using it to track a sample of voters during a debate. Read more »

    License-plate-reader Technology Continues to Raise Privacy, Civil Liberty Questions

    Thursday, March 26th, 2015

    As the use of license-plate-recognition camera technology  to gather and record drivers’ movements started becoming widespread in the United States, people asked a number of questions about the privacy, civil liberty and security implications about the surveillance technology.  Last year, the Center for Investigative Reporting looked into privacy questions concerning the use of license-plate readers and found that “a leading maker of license-plate readers wants to merge the vehicle identification technology with other sources of identifying information.” A couple of years ago, the American Civil Liberties Union released a report (pdf) on license-plate readers and how they are used as surveillance devices.

    And law enforcement is concerned about how such tech affects privacy rights, as well. In 2009, the International Association of Chiefs of Police issued a report on license-plate-recognition technology and said, “Recording driving habits could implicate First Amendment concerns. [...] Mobile LPR units could read and collect the license plate numbers of vehicles parked at addiction counseling meetings, doctors’ offices, health clinics, or even staging areas for political protests.” The privacy and civil liberty questions have led to the cancellation of some license-plate-recognition surveillance programs, including ones in Boston and by the Department of Homeland Security.

    One of the biggest questions is: What happens to all the data on innocent individuals? Often, we don’t know what the restrictions are on the collection and use of the data. We have learned some information about what some groups do with the data. Last year, the Washington Post reported that commercial databases gather such location data to sell. In 2013, the ACLU review of license-plate-reader camera technology found that “the approach in Pittsburg, Calif., is typical: a police policy document there says that license plate readers can be used for ‘any routine patrol operation or criminal investigation,’ adding, ‘reasonable suspicion or probable cause is not required.’ [...] As New York’s Scarsdale Police Department put it in one document, the use of license plate readers ‘is only limited by the officer’s imagination.’” In 2011, the Washington Post reported that Virginia used the license-plate scanning technology for tax collection.

    Now, as a result of the public records request, Ars Technica has received the entire license-plate-reader dataset of the Oakland Police Department, “including more than 4.6 million reads of over 1.1 million unique plates between December 23, 2010 and May 31, 2014.” And it’s interesting to see what personal information can be gleaned from the surveillance data.

    Read more »

    Privacy Problems Continue with Anonymization of Data

    Friday, February 6th, 2015

    In a recent article for Science, researchers Yves-Alexandre de Montjoye, Laura Radaelli, Vivek Kumar Singh, and Alex “Sandy” Pentland showed that the “anonymization” of personal data is not a guarantee of privacy for individuals. Before we discuss their study, let’s consider that it has been almost two decades of researchers telling us that anonymization, or “de-identification,” of private information has significant problems, and individuals can be re-identified and have their privacy breached.

    Latanya Sweeney has been researching the issue of de-anonymization or re-identification of data for years. (She has taught at Harvard and Carnegie Mellon and has been the chief technologist for the Federal Trade Commission.) In 1998, she explained how a former governor of Massachusetts had his full medical record re-identified by cross-referencing Census information with de-identified health data. Sweeney also found that, with birth date alone, 12 percent of a population of voters can be re-identified. With birth date and gender, that number increases to 29 percent, and with birth date and Zip code it increases to 69 percent. In 2000, Sweeney found that 87 percent of the U.S. population could be identified with birth date, gender and Zip code. She used 1990 Census data.

    In 2008, University of Texas researchers Arvind Narayanan and Vitaly Shmatikov were able to reidentify (pdf) individuals from a dataset that Netflix had released, data that the video-rental and -streaming service had said was anonymized. The researchers said, “Using the Internet Movie Database as the source of background knowledge, we successfully identified the Netflix records of known users, uncovering their apparent political preferences and other potentially sensitive information.” Read more »

    Update: Netherlands Threatens to Fine Google Over Privacy Policy

    Tuesday, December 16th, 2014

    In the ongoing case concerning Google’s changes to its privacy policies a couple of years ago, the Netherlands announced that it will fine the Internet services giant if it doesn’t meet certain requirements by February 2015. “The Dutch Data Protection Authority (Dutch DPA) has imposed an incremental penalty payment on Google. This sanction may amount to 15 million euros. The reason for the sanction is that Google is acting in breach of several provisions of the Dutch data protection act with its new privacy policy, introduced in 2012.”

    Here’s a recap of the controversy and legal questions surrounding Google’s change to its privacy policies. In January 2012, Google announced changes in its privacy policies that would affect users of its services, such as search, Gmail, Google+ and YouTube. Advocates and legislators questioned the changes, saying that there were privacy issues, and criticized (pdf) the Internet services giant for not including an opt-out provision. The critics included 36 U.S. state attorneys general, who wrote to (pdf) Google raising privacy and security questions about the announced privacy policy changes. The EU’s Article 29 Data Protection Working Party wrote to (pdf) to the online services giant about the privacy policy changes, which affect 60 Google services. The Working Party, which includes data protection authorities from all 27 European Union member states as well as the European Data Protection Supervisor, asked Google to halt implementation of these changes while the data protection authority in France (the National Commission for Computing and Civil Liberties, CNIL) investigates. Google refused and its new privacy policies went into effect in March 2012. The CNIL investigation continued, and in January, CNIL fined the Internet services giant €150,000 ($204,000) over privacy violations. Read more »

    Update: Digital Ad Firm PointRoll Settles with Six States Over Bypassing Safari Privacy Settings

    Monday, December 15th, 2014

    In the latest news concerning a 2012 circumvention of a Web browser’s privacy settings, New York Attorney General Eric T. Schneiderman announced that digital advertising company PointRoll — part of media giant Gannett, which owns USA Today and Gannett Broadcasting — has agreed to a $750,000 settlement with New York, New Jersey, Connecticut, Florida, Maryland and Illinois.

    To recap: In February 2012, the Wall Street Journal reported on new research by Stanford researcher Jonathan Mayer that shows four companies seek to circumvent consumers’ privacy settings in Apple’s browser, Safari. The four companies are: Google, Vibrant Media, Media Innovation Group and PointRoll. Google said the circumvention was a mistake and it has disabled the code, but there was (pdf) public criticism, including a complaint (pdf) filed with the Federal Trade Commission. Questions were raised about whether the Safari circumvention meant that Google had violated a settlement it made with the FTC last year over Google’s Buzz product. The Internet services giant had agreed to a comprehensive privacy program to settle charges (pdf) it “used deceptive tactics and violated its own privacy promises to consumers when it launched its social network, Google Buzz. In August 2012, the FTC announced Google would have to pay a minimal-for-the-Internet-giant fine of $22.5 million to settle charges that it circumvented users’ Do Not Track privacy settings in Safari. In November 2013,  Maryland announced that it joined 36 states at the District of Columbia in settling with Google for $17 million. Read more »

    Colleges, Universities Increasingly Review Applicants’ Social Media Postings

    Thursday, December 11th, 2014

    I’ve written before about how postings on Twitter, Facebook, Google+ and other social-media sites have been used against individuals. Such sites have been used to gather evidence in trials against jurors and defendants, in divorce cases, against employees (which can lead to lawsuits), politicians and high school students.

    We’ve seen it affect applicants to jobs in the United States and abroad. For a while, there was increasing focus on the practice by some employers of requiring job applicants to hand over their passwords or allow access to their private accounts on social-networking sites in order to gather personal data when the social-networking profiles are closed to the public. States including CaliforniaIllinois and Maryland passed laws to protect employees from such prying by employers; Maryland’s law includes exemptions for employers for some investigations into possible wrongdoing by employees.

    Recently, the New York Times reported that students are scrubbing their accounts in anticipation of colleges and universities reviewing the social-media postings of applicants. The social-media searches by colleges and universities have been occurring for several years. Six years ago, education services firm Kaplan surveyed 320 college and university admissions officers and found “one out of ten admissions officers has visited an applicant’s social networking Web site as part of the admissions decision-making process.”  Read more »