Archive for March 27th, 2018

Privacy.  Something that I like to think I have a good amount of, in reality probably have a lot less of, and always want to have more of.  Today I want to explore the idea of “losing” privacy and why our fear of this phenomenon may be higher in the current climate than it was before.

Before going any further, let’s first define what privacy is.  For the purposes of this blog post, we’ll define “privacy” as the level of difficulty a stranger would have in finding out personal details about you.  The more privacy you have, the harder it is for someone to find out information about you, and the less privacy you have, the easier it is for someone to find out information about you.  We’ll define strangers as fellow human beings with whom you do not have a personal relationship with and who do not work in government surveillance.

Now, what does it mean to “lose” privacy, and when did we start “losing” it?  According to our definitions above, we can say losing privacy is essentially making it less difficult for strangers to find out details about you.  As for when we actually started to lose it, the answer is a little less clear.  Technically speaking, we can say that we started losing privacy as soon as we started posting information about ourselves on publicly available spaces.  In practice this means using social media such as Xanga, MySpace, Facebook, and, more recently, Instagram, Twitter, and Snapchat.  However, with even these services alone, it can be argued that society’s collective privacy was still fairly safe, as, while it may be easy for an individual to stalk a few people, it would be quite the effort for an individual to find information about thousands or millions of people.  In other words, the information was all there, but the method for viewing a lot of it at once wasn’t something a layman could do.

This is, of course, before the widespread use of web scraping and web crawling.  Web scraping and web crawling, at their core, are methods by which one can scan and extract data from the internet en masse.  While these tools have been in existence almost as long as the internet has, their threat to privacy is their recent adoption and integration in facets of everyday life.  Consider Spokeo, a company that aggregates individuals’ information across their social media accounts, public data, and deep web to create a “profile” of that person.  This profile would include information such as potential family members, place of residence, past places of residence, salary range, and estimated credit score.  Spokeo then sells this information to entities such as employers, creditors, and landlords, who then use this data to make hiring, loan, and rent decisions.  In a similar vein, consider Fama, a company that classifies one’s social media activities and posts as “positive”, “negative”, or “neutral”, and then sells the count of each type of action to potential employers.

From the two examples above, we see that there are now commercially available ways for strangers to not only obtain information about you, but also act on it.  This, I argue, is the ultimate chipping away of privacy, and why our societal fear is greater and more warranted than it was before.  The information is available as it has been for over a decade now – however, there are now very accessible tools with which those with minimal technical experience can not only aggregate information about an individual, but also aggregate that aggregated information for the millions of individuals who have some form of online presence.

So, is this how democracy dies, in a late stage capitalistic state where oligarchical companies know everything about us?  I would like to think not.  Thankfully, there are ways that we can combat this very thing, all from the comfort of our own homes.  Spokeo, and companies like it have an opt-out option where individuals can delete information about themselves that Spokeo and other companies have been storing.  An incomplete list of how to do this can be found here.  Additionally, while our information may be available to the public, our “content” is under copyright.  Anything posted on Twitter or Instagram, according to the respective services’ Terms of Use, is the legal property of the user.  Further, there is legislation in the pipeline that would protect users’ online privacy.  For the state of California, one need only look here to see the upcoming legislation.  Finally, the simplest option is to, of course, discontinue use of social media platforms.  For many, this is understandably a challenge.  While we may not be able to completely stop using social media, there are ways to make more of our information on social media private, thus preventing companies like Spokeo and Fama from harvesting it.  Ways to do this on Facebook can be found here.

Other Sources:

This past week has seen Facebook as the center of a news cycle that since the 2016 election has proven very difficult to get attention from. Cambridge Analytica, a political consulting firm, has been accused of manipulating users to gain access to their data and users are upset with Facebook for not doing more to protect such data. It’s not just users who have shown displeasure though – the stock market reacted in a large way with Facebook’s stocks dropping over 13% in the two weeks since the revelations.

While users and investors are upset with Facebooks, things won’t change. From investor’s perspective – they don’t want things to change. The reason they’re upset with the company is that Facebook got caught. Markets have valued Facebook’s stock so since they’re IPO because of the amount of data they have available and what that data is worth to advertisers. Sure, investors would like Facebook to be slightly more careful with some privacy issues, but only so far as it doesn’t impact the business in a significant way.

Users, of course, are more upset. They feel violated, not only because their data was made available but because of how it was used to manipulate them by companies like Cambridge Analytica. Already user engagement has dropped. [1] Mark Zuckerberg has tried taking out full-page ads and going on a public relations tour to reassure users, but thus far it’s been shown little success.

The question is if users aren’t using Facebook then where are they going? There are few other options; other services like Twitter or Snapchat don’t provide quite the same service as Facebook, and more importantly, they’re just as happy to share your data for advertisers as well. Any competitor that might arise would be faced with the same issues as Facebook – little incentive to self-regulate. There have been attempts in the past for subscription-based social network such as which have demonstrated users aren’t willing to pay for privacy.

If investors are only interested in privacy so far as any violations aren’t in the headlines and users want some kind of privacy but aren’t willing to pay for it, what can be done? The best solution to this problem is to introduce government backed regulations to monitor the handling of data by companies such as Facebook and other tech giants. It’s not just that they lack the incentive to self-regulate, in many ways they lack the perspective to gauge whether a business decision is a violation of users’ privacy. It takes someone with the ability and the experience to really look at a process and not just see best case scenarios – such as the scenario where all developers respect the agreement they’ve signed.

Government regulators need the ability to hold companies accountable and help provide the necessary guidelines to make sure users’ data is safeguarded. It’s impossible to prevent every single violation of privacy when data is so prevalent; however, users have already shown that’s not what they’re expecting. They’re already aware that they’re sharing their data and that it’s being consumed not only by friends and family but also 3rd parties. They’re willing to make that tradeoff to enjoy free services, but only if basic precautions are implemented. Given most users aren’t in the position to evaluate a company’s data practices and determine if they are up to snuff, the government must step in to work with companies to make sure users’ privacy is respected.


Privacy and Teenagers

March 27th, 2018

In the 2014 book “It’s Complicated: The Social Lives of Networked Teens”, author danah boyd presents a decade of research of the role of the internet and social media in the lives of teenagers. This book goes beyond the common stereotypes of teenagers always being on their phones, unable to interact face to face, and through interviewing hundreds of teens in the United States across racial, class and geographic divides, creates a nuanced picture of how teens use and view social media. Of particular interest is a chapter on privacy. This chapter examines why teens share personal details on public forums, the conscious privacy decisions they are making in the process, and who they want privacy from.

In short, boyd asserts that teenagers are aware that postings on social media such as Facebook are accessible to the general public, but they view that as a standard part of life. They are more concerned about privacy from parents and teachers than privacy from corporations, and data analytics. By posting in vague ways that require deep understanding of social context or inside jokes, teens communicate on public forums in ways that are meaningful to their social network while appearing as meaningless noise to outsiders.

This work suggests that teens are a unique subgroup of internet users, with a unique understanding of privacy, and unique concerns. These generational differences should inform how privacy policies are presented, what they contain, and how regulations are created.

Privacy Regulations for Teenagers

In the State of California, online data use is governed by CalOPPA, the California version of the Online Privacy Protection Act. Because most websites in the US have users in CA, CalOPPA has become the national standard.There is a specific subsection of this act referred to as the “Online Eraser” rule. This requires websites that have users between the ages of 13 and 17 “provide a mechanism for minors to remove the content or information that they have posted(1)”. This law acknowledged that the teenage years are a special time, and makes additional leeway for decisions made during this time. Teens are acknowledges as a subgroup deserving of additional privacy protections.

Societal Pressure to Clarify Privacy Policies and Increase Understanding

The is an increasing pressure on tech companies to clarify privacy policies, and ensure that users understand what they are consenting to, rather than clicking “I agree” to a long unintelligible document full of legal jargon. In 2011, Facebook was investigated by the Federal Trade Commission (FTC) on charges “that it deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public.(2)” In the resulting settlement, Facebook overhauled its privacy and data use policy to create an easier to understand format, is subject to bi-annual third-party audits. In light of the recent scandal with Cambridge Analytica, as of March 26th, 2018 the FTC has reopened the investigation into Facebook’s privacy practices(3).

Duty of Companies to Explain Privacy in Ways that Match Teens Worldview

Many current privacy concerns center around the use of data for unintended purposes. This includes the scrapping of Linkedin data to tell a current employer that someone is looking for a new job, such as the topic of a lawsuit between LinkedIn and HiQ labs(4), or Cambridge Analytica scraping Facebook data to create psychological profiles of voters to target personalized political advertisements in the 2016 Brexit vote and the US Presidential election(5).

It would be logical to expect that as a result of these recent high profile stories, internet users will be analyzing privacy policies with a fresh eye towards data use by third parties. In the fallout of these scandals, many companies that rewrite or reformat privacy policies will be looking to assuage these fears and provide clear information where users have the option to consent before their data is shared, or used by outside analytic firms.  

However, in this moment of increased scrutiny, it is important to look at the data privacy expectations and understanding of all subgroups. Rewritten privacy policies should not assume that teens have the same privacy priorities and understanding as adults. There is a need for clear information on what sharing with a third party would mean, as well as why that could be beneficial or dangerous, as well as clear information on privacy from specific people that the teens crave.