February 6th, 2015
In a recent article for Science, researchers Yves-Alexandre de Montjoye, Laura Radaelli, Vivek Kumar Singh, and Alex “Sandy” Pentland showed that the “anonymization” of personal data is not a guarantee of privacy for individuals. Before we discuss their study, let’s consider that it has been almost two decades of researchers telling us that anonymization, or “de-identification,” of private information has significant problems, and individuals can be re-identified and have their privacy breached.
Latanya Sweeney has been researching the issue of de-anonymization or re-identification of data for years. (She has taught at Harvard and Carnegie Mellon and has been the chief technologist for the Federal Trade Commission.) In 1998, she explained how a former governor of Massachusetts had his full medical record re-identified by cross-referencing Census information with de-identified health data. Sweeney also found that, with birth date alone, 12 percent of a population of voters can be re-identified. With birth date and gender, that number increases to 29 percent, and with birth date and Zip code it increases to 69 percent. In 2000, Sweeney found that 87 percent of the U.S. population could be identified with birth date, gender and Zip code. She used 1990 Census data.
In 2008, University of Texas researchers Arvind Narayanan and Vitaly Shmatikov were able to reidentify (pdf) individuals from a dataset that Netflix had released, data that the video-rental and -streaming service had said was anonymized. The researchers said, “Using the Internet Movie Database as the source of background knowledge, we successfully identified the Netflix records of known users, uncovering their apparent political preferences and other potentially sensitive information.” Read more »
January 28th, 2015
International Data Privacy Day is today. Take the time to think about how privacy is important in your life and how you can protect your rights from being infringed upon. Please also take the time to donate to any number of organizations out there trying to protect your privacy rights.
Visit the official site to find events near your area. Here are a few highlights in the United States:
DPD San Francisco: Data Privacy Trends 2015
W San Francisco, 181 Third Street, San Francisco, CA
Jan 28, 2015
The ever-growing demand for big data. Increasingly effective “bad actors,” leading to the worst year on record for data breaches. Privacy practices designed only to deal with compliance or breach response. Conflicting global privacy laws. A growing concern among consumers about who’s doing what with their data. These and other factors are impacting corporate and consumer needs and behaviors around data privacy like never before. Forrester Research predicts that privacy will be a top business technology agenda item for 2015; here’s your chance to hear candid, up-to-the-minute views from an impressive panel of leading thinkers about what matters most in data privacy for the year ahead. Read more »
January 15th, 2015
Recently, the Independent in the UK reported on the use of spyware by abusers to track and control their victims. “Helplines and women’s refuge charities have reported a dramatic rise in the use of spyware apps to eavesdrop on the victims of domestic violence via their mobiles and other electronic devices, enabling abusers clandestinely to read texts, record calls and view or listen in on victims in real time without their knowledge.”
A 2009 report about stalking from the Department of Justice’s Bureau of Justice Statistics found: “Electronic monitoring was used to stalk 1 in 13 victims. Video or digital cameras were equally likely as listening devices or bugs to be used to electronically monitor victims (46% and 42%). Global positioning system (GPS) technology comprised about a tenth of the electronic monitoring of stalking victims.” (Here’s the 2012 update.) The U.S. National Network to End Domestic Violence has a paper about how abusers and stalkers use technology to control and harass their victims. Read more »
January 7th, 2015
The Federal Trade Commission recently announced that it had charged in a federal court complaint (FTC pdf; archive pdf) that data broker LeapLab “sold the sensitive personal information of hundreds of thousands of consumers — including Social Security and bank account numbers — to scammers who allegedly debited millions from their accounts.” There is an industry for gathering data on individuals — there are data brokers such as LeapLab, Acxiom and Choicepoint, along with individual companies tracking individuals’ online and offline behavior to create consumer profiles. (Here’s a great New York Times article from 2012 that takes an in-depth look at “How Companies Learn Your Secrets.”)
The FTC said, “data broker LeapLab bought payday loan applications of financially strapped consumers, and then sold that information to marketers whom it knew had no legitimate need for it. At least one of those marketers, Ideal Financial Solutions – a defendant in another FTC case – allegedly used the information to withdraw millions of dollars from consumers’ accounts without their authorization.” Read more »
December 18th, 2014
I’m taking time off for the holidays and will resume posting here in January. I’ll be posting sporadically on Twitter, so follow me there @privacylives if you want privacy news.
December 16th, 2014