It must be fun to write about the end of privacy. People write about it alot. And they like to start off with scary stories like this one in the NYTimes.com:
“If a stranger came up to you on the street, would you give him your name, Social Security number and e-mail address?
Yet people often dole out all kinds of personal information on the Internet that allows such identifying data to be deduced. Services like Facebook, Twitter and Flickr are oceans of personal minutiae — birthday greetings sent and received, school and work gossip, photos of family vacations, and movies watched.”
Stop for a second. Did you just think, “wow, people can find out my Social Security number from Facebook, Twitter and Flickr?!” That would be scary!
Now let’s read down some more and cut to the chase.
“Even more unnerving to privacy advocates is the work of two researchers from Carnegie Mellon University. In a paper published last year, Alessandro Acquisti and Ralph Gross reported that they could accurately predict the full, nine-digit Social Security numbers for 8.5 percent of the people born in the United States between 1989 and 2003 — nearly five million individuals.
Social Security numbers are prized by identity thieves because they are used both as identifiers and to authenticate banking, credit card and other transactions.
The Carnegie Mellon researchers used publicly available information from many sources, including profiles on social networks, to narrow their search for two pieces of data crucial to identifying people — birthdates and city or state of birth.
That helped them figure out the first three digits of each Social Security number, which the government had assigned by location. The remaining six digits had been assigned through methods the government didn’t disclose, although they were related to when the person applied for the number. The researchers used projections about those applications as well as other public data, like the Social Security numbers of dead people, and then ran repeated cycles of statistical correlation and inference to partly re-engineer the government’s number-assignment system.
To be sure, the work by Mr. Acquisti and Mr. Gross suggests a potential, not actual, risk. But unpublished research by them explores how criminals could use similar techniques for large-scale identity-theft schemes.
Computer scientists and policy experts say that such seemingly innocuous bits of self-revelation can increasingly be collected and reassembled by computers to help create a picture of a person’s identity, sometimes down to the Social Security number.”
So! Did you see any references to popular sites like Facebook in there? Kinda. Facebook allows you to expose your date of birth and city or state of birth. But I also see references to the SSNs of dead people, as well as references to (what I assume are) complex analysis techniques to find the SSN of people. Is that a risk? For sure, but I would like to see how that risk stacks up with other risks, such as companies not properly handling the capturing and storage of such information. I bet the leakage of your SSN via that way is higher from careless handling then the approach taken in this study. If you are going to worry about something, worry about that first.
Then we have this quote:
“In a class project at the Massachusetts Institute of Technology that received some attention last year, Carter Jernigan and Behram Mistree analyzed more than 4,000 Facebook profiles of students, including links to friends who said they were gay. The pair was able to predict, with 78 percent accuracy, whether a profile belonged to a gay male.”
Sound impressive, yes? Well, it’s hard to conclude the actual numbers, but let’s assume for the sake of argument that of the 4000 students, each had 300 friends, and of those 300 friends, 30 – or 10% – were gay. That means that of the 1,200,000 friends, 120,000 were gay. Now the pair were able to predict which ones were gay with 78% accuracy, which sounds impressive until you realize that they got 26,400 wrong. It’s not possible from the article to tell how they erred. They could have been aggressive in categorizing people as gay and said 26,400 straight friends were gay who weren’t, or maybe they were conservative and said 26,400 gay friends were straight who weren’t. Or maybe it was a mix. Regardless, they got alot wrong. As for the ability to “out” people via social networks, how powerful this is depends on the openness of the campus and the community the study was done. For example, it may not necessarily be difficult to identify at least some of the gay friends (e.g. maybe some male friends listed their interests as “other gay men”, which would tend to clue you in to that person’s sexual orientation). So how much privacy was stripped away is up for debate. If they were able to score 78% on a community or campus that was discriminatory towards gays then that would be impressive and scary. But if it was done at M.I.T., I think they had a better chance of success.
By the way, there was this quote really made me LOL:
“Personal privacy is no longer an individual thing,” said Harold Abelson, the computer science professor at M.I.T. “In today’s online world, what your mother told you is true, only more so: people really can judge you by your friends.”
Really? Does Abelson actually know any young people — or any people — and how they are using social media sites? These are not 20 year old friendships carved in stone on these sites. Alot of times the people associated with people is loose at best. There’s nothing wrong with that, but it’s a bit like saying I can judge who you are based on the last restaurant you dined in!
The article sums things up nicely much further in with this quote. This quote pretty much sets the level of concern for me much lower than the headline:
“So far, this type of powerful data mining, which relies on sophisticated statistical correlations, is mostly in the realm of university researchers, not identity thieves and marketers.”
There you have it: your privacy may vanish online, but not today. Vanishing privacy is still a work in progress. For that matter, technologies that strengthen your privacy are also a work in progress.
Skepticism about this article aide, this doesn’t mean that I think there are not risks to losing control of your privacy due to new technologies. It does mean, however, that I think we need to keep the risk in perspective. Articles like these encourage people to lose that perspective.
The article is here: How Privacy Vanishes Online, a Bit at a Time – NYTimes.com