How Privacy Vanishes Online
By STEVE LOHR March 16, 2010
If a stranger came up to you on the street, would you give him your name, Social Security number and e-mail address?
Yet people often dole out all kinds of personal information on the Internet that allows such identifying data to be deduced. Services like Facebook, Twitter and Flickr are oceans of personal minutiae - birthday greetings sent and received, school and work gossip, photos of family vacations, and movies watched.
Computer scientists and policy experts say that such seemingly innocuous bits of self-revelation can increasingly be collected and reassembled by computers to help create a picture of a person's identity, sometimes down to the Social Security number.
"Technology has rendered the conventional definition of personally identifiable information obsolete," said Maneesha Mithal, associate director of the Federal Trade Commission's privacy division. "You can find out who an individual is without it."
In a class project at the Massachusetts Institute of Technology that received some attention last year, Carter Jernigan and Behram Mistree analyzed more than 4,000 Facebook profiles of students, including links to friends who said they were gay. The pair was able to predict, with 78 percent accuracy, whether a profile belonged to a gay male.
So far, this type of powerful data mining, which relies on sophisticated statistical correlations, is mostly in the realm of university researchers, not identity thieves and marketers.
But the F.T.C. is worried that rules to protect privacy have not kept up with technology. The agency is convening on Wednesday the third of three workshops on the issue.
Its concerns are hardly far-fetched. Last fall, Netflix awarded $1 million to a team of statisticians and computer scientists who won a three-year contest to analyze the movie rental history of 500,000 subscribers and improve the predictive accuracy of Netflix's recommendation software by at least 10 percent.
On Friday, Netflix said that it was shelving plans for a second contest - bowing to privacy concerns raised by the F.T.C. and a private litigant. In 2008, a pair of researchers at the University of Texas showed that the customer data released for that first contest, despite being stripped of names and other direct identifying information, could often be "de-anonymized" by statistically analyzing an individual's distinctive pattern of movie ratings and recommendations.
In social networks, people can increase their defenses against identification by adopting tight privacy controls on information in personal profiles. Yet an individual's actions, researchers say, are rarely enough to protect privacy in the interconnected world of the Internet.
You may not disclose personal information, but your online friends and colleagues may do it for you, referring to your school or employer, gender, location and interests. Patterns of social communication, researchers say, are revealing.
...***** Moderator's Note *****
I've said before that the current generation of twenty-somethings is the first in history to give up the last bastion of privacy: the names of their friends. Social media, starting with Instant-messenger programs and ranging up to applications that disclose a cellphone user's lattitude and longitude, have allowed database designers to compile social maps which will be eagerly sought after by marketers of all kinds.
We're not yet at the point where our chopsticks have continuously- scrolling advertisements on them, but I think that the "younger" generation will soon realize that technology isn't always their friend.
Bill Horne Moderator