Some of the survey’s findings:

* Even when they are told that the act of following them on websites will take place anonymously, Americans’ aversion to it remains: 68% “definitely” would not allow it, and 19% would “probably” not allow it. (p. 2)

* 69% of American adults feel there should be a law that gives people the right to know everything that a website knows about them. (p. 2)

* 92% agree there should be a law that requires “websites and advertising companies to delete all stored information about an individual, if requested [...]]]> Joseph Turow, Chris Hoofnagle, Jennifer King, Amy Bleakley, and Michael Hennessy have just issued a very interesting consumer survey on privacy and behavioral marketing entitled, Americans Reject Tailored Advertising and Three Activities that Enable It.

Some of the survey’s findings:

* Even when they are told that the act of following them on websites will take place anonymously, Americans’ aversion to it remains: 68% “definitely” would not allow it, and 19% would “probably” not allow it. (p. 2)

* 69% of American adults feel there should be a law that gives people the right to know everything that a website knows about them. (p. 2)

* 92% agree there should be a law that requires “websites and advertising companies to delete all stored information about an individual, if requested to do so.” (p. 2)

* Signaling frustration over privacy issues, Americans are inclined toward strict punishment of information offenders. 70% suggest that a company should be fined more than the maximum amount suggested ($2,500) “if a company purchases or uses someone’s information illegally.” (p. 3)

* Our survey did find that younger American adults are less likely to say no to tailored advertising than are older ones. Still, more than half (55%) of 18- 24 year-olds do not want tailored advertising. And contrary to consistent assertions of marketers, young adults have as strong an aversion to being followed across websites and offline (for example, in stores) as do older adults. 86% of young adults say they don’t want tailored advertising if it is the result of following their behavior on websites other than one they are visiting, and 90% of them reject it if it is the result of following what they do offline. (p. 2)

These are just a few of the many findings in this fascinating survey.  The New York Times has coverage of the survey here.

Although the President has proven his mettle on Facebook and MySpace (where he has over 1.8 million friends), Republicans rule the day on the micro-blogging front.  The Congressional Research Service reports that congressional Republicans out-tweeted their Democratic counterparts during two one-week periods this summer.  Nancy Scola attributes Congressional Republicans’ Twitter dominance to their desire to regain the public’s attention and favor [...]]]> During the 2008 election, Democrats effectively used Web 2.0 platforms to garner interest in the campaign and win supporters.  President Obama has been widely hailed as the first “Tech President,” and he seems to have trounced the Facebook landscape.  To date, President Barack Obama has over 6.6 million Facebook friends, while Sarah Palin only has 848, 614 Facebook pals and Mitt Romney has 70, 130.

Although the President has proven his mettle on Facebook and MySpace (where he has over 1.8 million friends), Republicans rule the day on the micro-blogging front.  The Congressional Research Service reports that congressional Republicans out-tweeted their Democratic counterparts during two one-week periods this summer.  Nancy Scola attributes Congressional Republicans’ Twitter dominance to their desire to regain the public’s attention and favor now that they are in the minority.  AMERICAblogs’ John Aravosis worries that Democrats have ceded their online advantage.

No matter the current political victor in this social media landscape, Government 2.0 is here to stay.  It surely has great potential to shine light on government policymaking and to marshal public participation, especially from people who otherwise wouldn’t bother getting involved with government policymaking.  Adding the President as a friend on MySpace and joining live chats may seem to be a relatively costless endeavor as compared to writing letters or commenting on agency rulemakings.  But Government 2.0 also poses privacy risks: social media sites not only give government access to people’s policy insights but also access to all of individuals’ social media data, such as their videos, photos, walls musings, “Top 25 things you don’t know about me” lists, and the like.  Soon, I will be posting on SSRN a draft of my essay “The One-Way Mirror: Enhancing Participation and Securing Privacy for Government 2.0″ (forthcoming George Washington Law Review) and hope to get your feedback.

* The Facebook-Fandango Connection: Invasion of Privacy?

* Facebook’s Beacon: News Feeds All Over Again?

* Facebook and the Appropriation of Name or Likeness Tort

* The New Facebook Ads — Starring You: Another Privacy Debacle?

* Facebook — the New DoubleClick?

* Facebook Listens and Responds

* Facebook’s Beacon, Blockbuster, and the Video Privacy Protection Act

A class action suit was initiated against Facebook, and recently, a settlement agreement has been reached.  According to the WSJ:

Facebook Inc. said Friday it settled a class-action lawsuit related to its Beacon Web product, a controversial service that displayed actions that users took on other Web sites back on Facebook.

As part of the settlement, which is pending approval [...]]]> A while ago, I wrote a lot about Facebook’s Beacon on this blog:

* The Facebook-Fandango Connection: Invasion of Privacy?

* Facebook’s Beacon: News Feeds All Over Again?

* Facebook and the Appropriation of Name or Likeness Tort

* The New Facebook Ads — Starring You: Another Privacy Debacle?

* Facebook — the New DoubleClick?

* Facebook Listens and Responds

* Facebook’s Beacon, Blockbuster, and the Video Privacy Protection Act

A class action suit was initiated against Facebook, and recently, a settlement agreement has been reached.  According to the WSJ:

Facebook Inc. said Friday it settled a class-action lawsuit related to its Beacon Web product, a controversial service that displayed actions that users took on other Web sites back on Facebook.

As part of the settlement, which is pending approval in the U.S. District Court of the Northern District of California, the social-network concern will shut down the Beacon service, which it has been phasing out but which is still being used by a small number of Web sites, according to a Facebook spokesman.

The company will also pay $9.5 million to create a foundation to fund products that promote online privacy, safety and security, the spokesman said. The settlement was submitted to the court late Friday evening.

Understanding Privacy offers a comprehensive overview of the many difficulties involved in discussions of privacy. Drawing from a broad array of interdisciplinary sources, I set forth a framework for understanding privacy that provides clear practical guidance for engaging with privacy issues.

During the MACO conference, a gubernatorial staffer posted 115 party pics on Facebook, documenting the Governor, Mayor, county executives, and staffers having drinks during the event.  It took little time for the pictures to leak: they now reside on the blog Maryland Politics Watch despite the staffer’s delection of the pictures from his Facebook page.

Why would the staffer post the party pics given the Governor’s admonition for a [...]]]> Every summer, the Maryland Association of Counties (MACO) sponsors a networking bonanza where pols solidify contacts over drinks.  With the budget disaster, Maryland Governor Martin O’Malley promised a “sober” MACO outing.  Surely, partying on the state’s dime would seem in poor taste given the state’s continued layoffs and furloughs.  Well, that was the plan, at least in theory.

During the MACO conference, a gubernatorial staffer posted 115 party pics on Facebook, documenting the Governor, Mayor, county executives, and staffers having drinks during the event.  It took little time for the pictures to leak: they now reside on the blog Maryland Politics Watch despite the staffer’s delection of the pictures from his Facebook page.

Why would the staffer post the party pics given the Governor’s admonition for a sober event and given the dour economic outlook in the state?  Guest blogger James Grimmelmann’s important “Saving Facebook” article, just published in the Iowa Law Review, explains why.  Social network site users have a powerful sense of privacy.  Facebook’s design produces the sense that users engage in private conversations.  Users see their friends’ pictures and names when they send messages and post wall missives, pictures, and videos.  They sense that users are “just like them” and thus would be unlikely to betray them.  We also trust others because double nuclear annihilation lurks.  If we publicize our friends’ pictures and videos beyond the Facebook walls, we can expect the same in turn.  As Grimmelmann convincingly develops, social network site users cannot appreciate the real privacy risks of sharing on Facebook: we are cognitively limited in that way.  Grimmelmann’s piece develops a strategy for addressing these issues and is a must read.

Last month, Government Technology had an article entitled “Blurring the Line,” which discussed the increasingly public nature of online social networking sites.  Employers now “friend” employees, leaving the employed likely to accept those friendships out of fear for losing their jobs.  The article discusses the problems attendant to the convergence of of our work, social, and family worlds and asks whether this phenomenon will alter the nature of those spaces from a sharing free-for-all to a more buttoned-down, “not afraid for the boss to see” experience.

In reading the article, I wondered if the story will play out in a different way, one that will meet employers’ desire to harness the connectivity of social networking sites without compromising its current incarnation.  As we have seen in [...]]]>

Last month, Government Technology had an article entitled “Blurring the Line,” which discussed the increasingly public nature of online social networking sites.  Employers now “friend” employees, leaving the employed likely to accept those friendships out of fear for losing their jobs.  The article discusses the problems attendant to the convergence of of our work, social, and family worlds and asks whether this phenomenon will alter the nature of those spaces from a sharing free-for-all to a more buttoned-down, “not afraid for the boss to see” experience.

In reading the article, I wondered if the story will play out in a different way, one that will meet employers’ desire to harness the connectivity of social networking sites without compromising its current incarnation.  As we have seen in the government sector with internal wikis like Intellipedia, we may see employers increasingly adopt in-house social networking sites, say a [Name] Company Connect.org, just as we have seen employers wade into the Twitter space.  We may already be doing this (and it would be really interesting to learn about it), but perhaps such sites would nip in the bud employers/managers/supervisors’ desire to friend their underlings.  This may detract from the goal of monitoring employees, but we surely have enough of that in the workplace already (as well as the ability to view employees’ profiles for the very many people who fail to set rigorous privacy settings, as ACM studies show).  And it may save employers from having looked at employees’ damning wall musings and pictures and figuring out just what to do about it.

This development has much significance.  It tells [...]]]> As I noted in a blog post late last year, Mark Zuckerberg, chief executive of Facebook, has predicted that “next year, people will share twice as much information as they share this year, and that next year, they will be sharing twice as much as they did the year before.”  He explained that “people are ever more willing to tell others what they are doing, who their friends are and even what they look like as they crawl home from a college party.  Recent statistics support his optimism (and then some).  Yesterday, Zuckerberg announced that his social networking site now has 250 million active users, up from 200 million users just three months ago and 150 million in January.

This development has much significance.  It tells us that social networking is no passing fad — it is deeply embedded in our daily lives and will likely remain so despite many parents’ dismay.  It suggests that we are more connected personally (and perhaps more distracted professionally).  And it means that we entrust Facebook with an exponentially increasing amount of data.  Facebook’s information security practices and privacy policies are thus worth watching carefully.  No doubt, this development will have other far-reaching impacts so your comments are most welcome.

Wikimedia Commons Image

Information about an individual’s place and date of birth can be exploited to predict his or her Social Security number (SSN). Using only publicly available information, we observed a correlation between individuals’ SSNs and their birth data and found that for younger cohorts the correlation allows statistical inference of private SSNs. The inferences are made possible by the public availability of the Social Security Administration’s Death Master File and the widespread accessibility of personal information from multiple sources, such as data brokers or profiles on social networking sites. Our results highlight the unexpected privacy consequences [...]]]> Alessandro Acquisti and Ralph Gross have recently published their provocative article, Predicting Social Security Numbers from Public Data in the Proceedings of the National Academy of Sciences.  According to the abstract:

Information about an individual’s place and date of birth can be exploited to predict his or her Social Security number (SSN). Using only publicly available information, we observed a correlation between individuals’ SSNs and their birth data and found that for younger cohorts the correlation allows statistical inference of private SSNs. The inferences are made possible by the public availability of the Social Security Administration’s Death Master File and the widespread accessibility of personal information from multiple sources, such as data brokers or profiles on social networking sites. Our results highlight the unexpected privacy consequences of the complex interactions among multiple data sources in modern information economies and quantify privacy risks associated with information revelation in public forums.

Acquisti and Gross’s study has generated significant media attention.  Here’s an article by Bob Sullivan for MSNBC and by Hadley Leggett for Wired.  As Sullivan writes:

The two say they can guess the first 5 digits of the Social Security number of anyone born after 1988 within two guesses, knowing only birth date and location. The last four digits, while harder to guess, can be had within a few hundred guesses in many situations — a trivial hurdle for criminals using automated tools.

SSNs are currently used by numerous businesses and organizations to allow access to accounts – they function as a kind of password. They are also used to verify identity when people sign up for a new credit card or other account. They are thus a very useful tool for identity thieves and fraudsters who want to impersonate people to improperly access their accounts or obtain credit cards in their name.

The current focus of policymakers has been to provide better protections against the disclosure of SSNs.

Acquisti and Gross’s paper provides a powerful demonstration that protecting against the disclosure of SSNs is not providing enough protection to consumers.  The article shows that no matter how much protection against the disclosure of SSNs, SSNs can be determined with other public information.

Congress or the FTC should prohibit companies from using SSNs as a means to verify identity. Companies, organizations, and government entities should be prohibited from using SSNs as a means of verifying identity to provide access to accounts or to create new accounts. Merely protecting against the disclosure of SSNs is insufficient since Acquisti and Gross demonstrate they can readily be predicted.

The government and businesses are at fault here.  Too many business and organizations use the SSN improperly as a means to verify identity.  And the government is at fault for creating the SSN and allowing it to be used improperly in ways that harm people.

computer vendors storing the confidential, electronic data of others will be able to fully analyze data on their clients’ behalf without expensive interaction with the client, and without seeing any of the private data. With Gentry’s technique, the analysis of encrypted information can yield the same detailed results [...]]]> According to Help Net Security, Craig Gentry, a researcher at IBM, appears to have found a way to allow “the deep and unlimited analysis of encrypted information – data that has been intentionally scrambled – without sacrificing confidentiality.” The solution involves a an “ideal lattice.” I’ll leave the explanation of all the math to the math/computer science folks. As the Help Net article notes, the solution seems to enable some great advantages for anyone providing cloud computing for:

computer vendors storing the confidential, electronic data of others will be able to fully analyze data on their clients’ behalf without expensive interaction with the client, and without seeing any of the private data. With Gentry’s technique, the analysis of encrypted information can yield the same detailed results as if the original data was fully visible to all.

It all sounds wonderful. One could have encrypted data and let others data mine while maintaining anonymity or privacy. Yet, something seemed odd to me. So I did what lawyers do, I called someone who knew more about computer science and asked for some help. That person explained that yes this could mean one could query an encrypted database without decrypting the data. The example to consider is a database of book purchases. One could ask how many people bought both book A and book B and see that result without ever seeing what a specific person purchased. Great, right? Not so fast.

As this person reminded me, with other sources of information one can figure out what a specific person did. That reminded me of the AOL debacle. With a little work, people were able to figure out who the anonymous subjects were.

All of which highlights that privacy is not binary. The cluster of information and the ability to analyze it seems often, if not always, to lead to problems about the use of information. So if this breakthrough allows a company or the government to claim that we should remain calm and all is well, we may want to remain clam but show how all may not be well. A few regulations about the use of the data even if supposedly anonymous, might allow the beneficial aspects of the solution to thrive while limiting the harms that can occur.

Image: WikiCommons
By: Gwenda; License: Public Domain
(My apologies to CS folks if the image does not match the breakthrough’s area of encryption)

Here are some practical concerns: the personal information on MySpace pages could be collected and joined with other data gathered from private data mining companies, public sector databases, etc.  (Oftentimes, data about us collected by third parties is often faulty).  All together, the information could suggest (albeit falsely) that we constitute a threat to society.  Law enforcement could be informed and our names could be put on watch lists.  This is not a hypothetical problem, see here.  [...]]]> Yesterday, I wrote about the public’s expectations regarding privacy when interacting with government on social networking sites such as Facebook, MySpace, Flickr among others.  Why should we care if agencies collect our musings, videos, and pictures that we have willingly shared with online “friends,” both real and imaginary ones?

Here are some practical concerns: the personal information on MySpace pages could be collected and joined with other data gathered from private data mining companies, public sector databases, etc.  (Oftentimes, data about us collected by third parties is often faulty).  All together, the information could suggest (albeit falsely) that we constitute a threat to society.  Law enforcement could be informed and our names could be put on watch lists.  This is not a hypothetical problem, see here.  If federal agencies collected and maintained that data in their systems, it would be covered by the Privacy Act of 1974.  Nonetheless, you would still appear on a watch list or assigned another ignominious fate by an automated government system.

As a normative matter, the absence of privacy vis-a-vis government on online social networking sites is unappealing.  It would likely have an impact on our willingness to friend government agencies.  We would be less likely to join online conversations that the Open Government directive hopes to generate.  Or if we friend a government agency because we want to peer inside its operations, we may edit what we include on our profiles.  As Julie Cohen has elegantly developed in her work, the lack of privacy would chill our creativity and desire to experiment with different aspects of our personalities.  And Patricia Sanchez Abril has a superb piece entitled “A (My)Space of One’s Own: On Privacy and Online Social Networks” that discusses the social implications of a “no privacy” presumption in information we share with our friends on social networking sites.  Justice Douglas’s remark that “monitoring, if prevalent, certainly kills free discourse and spontaneous utterances” should not be lost to us here.

Wikimedia Commons Image

What [...]]]> Since I last wrote about President Obama’s Facebook friends, Government 2.0 has  steadily progressed.  Since early May, our Commander-in-Chief has added more than 150,000 new friends.  The FDA has initiated its Transparency Blog and will soon add a Twitter feed and Facebook page.  More state agriculture agencies reach the public through social networking sites.  Of course, the government social-networking phenomenon is not brand new:  since 2007, the Commerce Department’s National Oceanic and Atmospheric Administration has maintained a virtual island in Second Life  and the CDC has had a MySpace page.   Nonetheless, it is a particularly auspicious time to think about this trend’s privacy implications especially in light of the GSA’s recent agreement with video-sharing and social networking sites to permit agencies to use their services.

What are the public’s privacy expectations when using government social media?  It is surely too early to identify a clear sense of our expectations, at least in any well-studied way.  But the Obama Administration has provided some sense of what we should expect when we join a future Facebook group sponsored by OMB or engage in virtual conversations with agency officials in Second Life.  How so?  The current push for agencies to use Web 2.0 platforms stems from President Obama’s January 21, 2009 Open Government memorandum.  The memorandum urges executive departments and agencies to be more transparent, participatory, and collaborative.  Agencies “should harness new technologies to put information about their operations and decisions online and readily available to the public.”  They should “offer Americans increased opportunities to participate in policymaking and to provide their Government with the benefits of their collective expertise and information.”  And they should use “innovative tools, methods, and systems to cooperate” and collaborate with the public and private sectors in making policy.  USA.gov’s Sheila Campbell has explained that agencies will appoint directors of new media to determine how they can use social networking tools to meet mission goals and comply with President Obama’s Open Government directive.  As White House CIO Vivek Kundra has noted, public comment on programs will hopefully be a “two-way interaction between government and its citizens.”  White House spokesperson Moira Mack clarified the point:  “we are focused on opening government to the people (and not the other way around), and like with any other online friends, the individual users can still choose to keep information private using their privacy settings.”

So what does all of this signal about our privacy when interacting with government agencies via Facebook, MySpace, Twitter, You Tube, etc.?  The Open Government directive tells us that government wants to shine light on its activities and get our opinions and expertise on policy matters.  It says nothing about government’s interest in our personal lives, i.e., what we write on our friends’ walls, the 25 things you don’t know about us, our network of friends, etc.  Our personal lives seem downright out of place in any discussion of the Open Government directive.  This seems to create a presumption of openness as to policy-related matters and a presumption of privacy as to individuals’ personal matters.

In other words, the Government has created a one-way mirror: the public can peer into agency workings, data, and policymaking but the agency behind the mirror cannot glance back into our personal lives.  And why would we even think that President Obama, the CDC, or NASA has the time or policy-driven motive to see the movies we love, the albums we bought, or the amount of money we spent at a bar?  As a commentator on eParticipation noted: “While the UK Home Office is planning to gain access to social networking sites to snoop on its citizens, the Obama administration seeks to use the same technology to engage with voters and find out what they want.”  Agencies’ recent forays into Facebook environment reflect this intuition.  Agencies have created Facebook “fan pages” that allow Facebook users to join, receive updates (transparency), and conduct discussions on the wall or in forums (participatory/collaborative).  Agencies, however, cannot peer inside the lives of their fans: it is a one-way mirror of sorts.

Tomorrow I will discuss the normative implications of the one-way mirror and would love your feedback on my intuitions.

H/T to the ever-insightful Paul Ohm who shared with me his insights on the one-way mirror.

Put another way, credit-card companies are becoming much more interested in understanding their customers’ lives and psyches, because, the theory goes, knowing what makes cardholders tick will help firms determine who is a good bet and who should be shown the door as quickly as possible.

Luckily for the industry, small groups of executives at most of the large firms have spent the last decade studying cardholders from almost every angle, and collection agencies have developed more sophisticated dunning techniques. They have sought to draw psychological and behavioral lessons from the enormous amounts of data the credit-card companies collect every day. They’ve run thousands of [...]]]> The New York Times Magazine has an interesting article entitled What Does Your Credit Card Company Know About You? From the article:

Put another way, credit-card companies are becoming much more interested in understanding their customers’ lives and psyches, because, the theory goes, knowing what makes cardholders tick will help firms determine who is a good bet and who should be shown the door as quickly as possible.

Luckily for the industry, small groups of executives at most of the large firms have spent the last decade studying cardholders from almost every angle, and collection agencies have developed more sophisticated dunning techniques. They have sought to draw psychological and behavioral lessons from the enormous amounts of data the credit-card companies collect every day. They’ve run thousands of tests and crunched the numbers on millions of accounts. One result of all that labor is the conversation between Santana — a former bouncer whose higher education consists solely of corporate-sponsored classes like “the Psychology of Collections” — and the man from Massachusetts. When Santana contacted the man last month, he was armed with detailed information about his life and trained in which psychological approaches were most likely to succeed.

The article goes on to say:

The exploration into cardholders’ minds hit a breakthrough in 2002, when J. P. Martin, a math-loving executive at Canadian Tire, decided to analyze almost every piece of information his company had collected from credit-card transactions the previous year. Canadian Tire’s stores sold electronics, sporting equipment, kitchen supplies and automotive goods and issued a credit card that could be used almost anywhere. Martin could often see precisely what cardholders were purchasing, and he discovered that the brands we buy are the windows into our souls — or at least into our willingness to make good on our debts. His data indicated, for instance, that people who bought cheap, generic automotive oil were much more likely to miss a credit-card payment than someone who got the expensive, name-brand stuff. People who bought carbon-monoxide monitors for their homes or those little felt pads that stop chair legs from scratching the floor almost never missed payments. Anyone who purchased a chrome-skull car accessory or a “Mega Thruster Exhaust System” was pretty likely to miss paying his bill eventually.

Martin’s measurements were so precise that he could tell you the “riskiest” drinking establishment in Canada — Sharx Pool Bar in Montreal, where 47 percent of the patrons who used their Canadian Tire card missed four payments over 12 months. He could also tell you the “safest” products — premium birdseed and a device called a “snow roof rake” that homeowners use to remove high-up snowdrifts so they don’t fall on pedestrians.

Testing indicated that Martin’s predictions, when paired with other commonly used data like cardholders’ credit histories and incomes, were often much more precise than what the industry traditionally used to forecast cardholder riskiness.

For more, read the article.

There seems to be significant misinformation circulating in the blogosphere relating to the nature of my class exercise, its instructional use, and how the exercise became public.

The exercise was part of my Information Privacy Law class this semester. The course, in exploring the origins and scope of privacy law, examined the ways technology can both invade and protect personal information and examined how the law related to those technologies. We used a traditional case book, Solove & Schwartz, and I supplemented the book with two concurrent exercises that are treated as course materials: 1) each week the students posted links on the [...]]]> Professor Joel Reidenberg has asked me to post the following response to the story regarding his Justice Scalia dossier class assignment:

There seems to be significant misinformation circulating in the blogosphere relating to the nature of my class exercise, its instructional use, and how the exercise became public.

The exercise was part of my Information Privacy Law class this semester. The course, in exploring the origins and scope of privacy law, examined the ways technology can both invade and protect personal information and examined how the law related to those technologies. We used a traditional case book, Solove & Schwartz, and I supplemented the book with two concurrent exercises that are treated as course materials: 1) each week the students posted links on the course discussion board to news stories related to privacy issues so that we could discuss them in class and make connections to the casebook reading assignments; and, 2) throughout the semester, the students posted on a class discussion board links to information found on the web related to the class research exercise.

The research exercise is designed for class discussion to illustrate law and policy issues associated with readily available information, contextual use, social norms and the scope of legal protection. The exercise seeks to provide a first-hand experience for discussions of the boundary between public and private information, the loss of practical obscurity and the capacity of law to respond to these issues. For the exercise last year, I framed the research as a challenge to the class to find a specific piece of esoteric information about me. The class was surprised at how much information could be found readily. This year, I planned for the course to focus more attention on the blurring of public and private information and decided to frame the research exercise as a challenge to find information about a public figure. Very early in the semester, a news report about Justice Scalia’s speech was posted on the class discussion board as one of the weekly news items. He was reported to have made the comment that treating much of the information on the web as private was “silly.”

As our class session began to discuss the article and the transparency of personal information on the web, Justice Scalia became the logical public figure for the exercise researching publicly available personal information. Over the course of the semester, students posted links to web pages containing information about Justice Scalia, which in turn led to information about his family. To enhance a summation class discussion on the issues of aggregation and secondary use, the loss of anonymity, and legal responses, I had one of the students compile the information in an organized dossier format. The class was pretty shocked by the results. This was one of the teachable points.

Our class dossier has remained a course document- we have not published it and have not disclosed the personal information found on the web.

Last week, however, I referenced the exercise during Fordham’s privacy conference when I gave a presentation on “The Transparency of Personal Information and the Rule of Law.” Here’s the abstract of my talk:

This presentation will explore the erosion of the boundary between public and private information on the Internet. The thesis is that the transparency of personal information available online erodes the rule of law in two ways. First, the transparency of personal information that is created by private sector activities enables government to collect and use personal information purchased from the private sector in ways that side step political and legal checks and balances. Second, technical self-help in the development of network infrastructure that seeks to assure complete anonymity online may used by individuals and groups to evade legal responsibility and the rule of law. The presentation will conclude with a discussion of governance implications and norms.

In illustrating the point that there is an over-transparency of personal information, I described the class exercise from last year and this year, the type of information the class found and the students’ astonishment at the results. I did not not release any of Justice Scalia’s personal information.

“Every single datum about my life is private? That’s silly,” Scalia [said]. . . .

Scalia said he was largely untroubled by such Internet tracking. “I don’t find that particularly offensive,” he said. “I don’t find it a secret what I buy, unless it’s shameful.”

He added there’s some information that’s private, “but it doesn’t include what groceries I buy.” . . . .

Considering every fact about someone’s life private is “extraordinary,” he said, noting that data such as addresses have long been discernible, even if technology has made them easier to find.

At a recent conference at Fordham University sponsored in part by the [...]]]> Earlier this year, I blogged about Justice Scalia’s remarks about privacy at the Institute of American and Talmudic Law. According to media accounts:

“Every single datum about my life is private? That’s silly,” Scalia [said]. . . .

Scalia said he was largely untroubled by such Internet tracking. “I don’t find that particularly offensive,” he said. “I don’t find it a secret what I buy, unless it’s shameful.”

He added there’s some information that’s private, “but it doesn’t include what groceries I buy.” . . . .

Considering every fact about someone’s life private is “extraordinary,” he said, noting that data such as addresses have long been discernible, even if technology has made them easier to find.

At a recent conference at Fordham University sponsored in part by the Center on Law and Information Policy, Professor Joel Reidenberg discussed an assignment he gave to his class this past semester — find any public information about Justice Scalia and compile it into a dossier. As Kashmir Hill reports at Above the Law:

“Justice Scalia said he doesn’t care what people find out about him on the Internet,” said Reidenberg during his presentation on the transparency of personal information. “So I challenged my class to compile a dossier on him.”

Now four months later, at the end of the semester, the dossier (available online somewhere, but password protected) is 15 pages long. Among its contents are Nino’s home address, his home phone number, the movies he likes, his food preferences, his wife’s personal e-mail address, and “photos of his lovely grandchildren.”

“When the discrete bits of personal information were assembled at the end of the semester, the extent of the overall dossier and some of the particular items of readily available information on the web concerning his family and family life were astonishing to the class,” Reidenberg wrote to us.

Before the news of the dossier was reported by Above the Law, Reidenberg had sent a letter informing Justice Scalia about the dossier and offering to allow him to see it if he desired. The dossier was not made public.

Justice Scalia recently responded to the Above the Law post about Joel Reidenberg’s experiment:

I stand by my remark at the Institute of American and Talmudic Law conference that it is silly to think that every single datum about my life is private. I was referring, of course, to whether every single datum about my life deserves privacy protection in law.

It is not a rare phenomenon that what is legal may also be quite irresponsible. That appears in the First Amendment context all the time. What can be said often should not be said. Prof. Reidenberg’s exercise is an example of perfectly legal, abominably poor judgment. Since he was not teaching a course in judgment, I presume he felt no responsibility to display any.

Scalia’s characterization of his remarks above seems to be a bit of a retrenchment. If he was only saying that not every single piece of information about his life is private, then this is just too obvious to be worth saying. My interpretation of his remarks (caveat: I haven’t been able to locate his entire speech) is that he believes that certain kinds of information are not private — Internet tracking, most items of consumption (unless embarrassing), addresses, and so on. He partly seems to endorse the view that there’s no privacy violation if there’s “nothing to hide.”

In my blog post, quoting from my book, Understanding Privacy (2008), I argued that the compilation of dossiers can rise to a privacy violation:

[P]rivacy may be implicated if one combines a variety of relatively innocuous bits of information. Businesses and government often aggregate a wide array of information fragments, including pieces of information we would not view as private in isolation. Yet when combined, they paint a rather detailed portrait of our personalities and behavior, a problem I call “aggregation.” (p. 70)

One of the issues discussed at the conference (informally rather than at the public portion of the event) were the ethics of compiling the dossier and whether to inform Justice Scalia about it. In our informal discussion of the issue during the conference, we had a lively debate with a variety of views. Some thought that it was poetic justice for Scalia, taking him up on his challenge that he wouldn’t be bothered by such information compiling. If he didn’t see it as a privacy problem, then there was no harm in doing it. Others thought it since they viewed it as a privacy violation, it shouldn’t matter what Scalia thought about it — it was creepy nonetheless. Some thought that Reidenberg should inform Scalia about it; others thought that this might make Scalia uncomfortable. In the end, no consensus was reached.

Some questions worth pondering:

1. Is Justice Scalia justified in his anger about the dossier? Or does this prove that his stated views on privacy do not match his actual attitudes?

2. Was compiling the dossier of publicly-available information unethical? If so, why?

3. Would it be unethical for Reidenberg to release the dossier to the public?

4. Do the ethics of the dossier experiment change if the subject of the dossier were someone who didn’t share Scalia’s views about privacy? Suppose it were made of somebody who was a staunch privacy advocate. Should the underlying beliefs of the subject of the dossier matter for assessing the ethics of the endeavor?

UPDATE: Here is Joel Reidenberg’s response to Justice Scalia’s reaction:

I’m surprised by Justice Scalia’s characterization of the project. The scope of protection for privacy in our society is at the forefront of the public policy debate. I assign this research project annually and last year used myself as itssubject. The exercise never fails to provide a keen demonstration for my students of the privacy issues associated with aggregating discrete bits of otherwise innocuous personal information.

When there are so few privacy protections for secondary use of personal information, that information can be used in many troubling ways. A class assignment that illustrates this point is not one of them. Indeed, the very fact that Justice Scalia found it objectionable and felt compelled to comment underscores the value and legitimacy of the exercise.

UPDATE #2:: Joel Reidenberg has responded in more depth. I’ve posted his remarks here.

In reading the essay today, I was struck by [...]]]> In 2003, Eugene Volokh published an essay adaptation of his Harvard Law Review article, “The Mechanisms of the Slippery Slope.” The essay defends the slippery slope metaphor in two interesting ways. It argues that because law plays a powerful expressive role, it changes our thinking about certain behaviors. It can condition us to accept future policies that to today’s sensibilities would be unappealing. Today’s rules alter our attitudes and, in turn, de-sensitize us for more extreme changes in the law. These changes also can lead us to perilous decisions in the future by lowering the costs of certain activities, making future changes in policy politically attractive because they won’t cost us much.

In reading the essay today, I was struck by an example that Volokh provides as demonstrating the perils of the slippery slope: surveillance cameras. The essay asks us to consider a proposal to install video cameras on street lights to deter or catch criminals. Volokh explains that “[o]n its own, the plan may not seem that susceptible to police abuse, as long as the tapes are viewed only when someone reports a crime and otherwise recycled every day or two. Many people may be inclined to support installing the cameras, even if they would oppose a more intrusive extension of that policy, such as linking the cameras to face-recognition software or permanently archiving the tapes.” The slippery slope concern is that once government invests in buying and wiring these cameras, the cost of implementing comprehensive surveillance falls dramatically. This may persuade swing voters to endorse a broader surveillance plan, even if they would have opposed it on cost grounds at the outset. Moreover, the introduction of surveillance cameras changes our view of them: government thought them an effective way to combat crime (and terrorism) and hence broader surveillance may prove useful too. Perhaps we barely notice the cameras as we drive by them; our attitudes and fears have been changed, yet what led us to fear those cameras in the first place has not.

Volokh was spot on in his intuitions: today, six years after the essay’s publication, states and localities across the country employ surveillance cameras that do not just stream video to police departments for short time periods. Instead, in many states and localities, street surveillance cameras wirelessly transmit video footage to state and locallly-run fusion centers that use facial recognition software and other analytical tools like data mining to draw inferences about those images, all in the name of detecting and preventing future crimes and “hazards.” Whatever misgivings we may have had about surveillance cameras in 2003, they serve expansive ends in 2009. Perhaps, in a post 9/11 environment, we have become de-sensitized to surveillance aimed to combat terrorism, even though those cameras may very well be used in ways that having little to do with national security. Perhaps because the federal government gave states and localities the money to purchase them, they become more politically palatable. And perhaps it is because the public knows little about their use. No matter the reason, we seem to be skiing down the slippery slope.

The book is available free for download under a Creative Commons license. One third of the essays are now posted online. The rest will become available in two more stages — on April 22th and May 6th. This is the first book to be published by Oxford University Press under a Creative Commons license.

The book is available on Amazon.com or on [...]]]> There’s a terrific new book of essays about privacy out from Oxford University Press — LESSONS FROM THE IDENTITY TRAIL: ANONYMITY, PRIVACY AND IDENTITY IN A NETWORKED SOCIETY (Oxford University Press 2009). It’s edited by Ian Kerr, Valerie Steeves, and Carole Lucock. The essays are fascinating and are written by a number of very prominent privacy scholars. Highly recommended!

The book is available free for download under a Creative Commons license. One third of the essays are now posted online. The rest will become available in two more stages — on April 22th and May 6th. This is the first book to be published by Oxford University Press under a Creative Commons license.

The book is available on Amazon.com or on our special Concurring Opinions Oxford University Press promo page for 20% off.

Here’s the table of contents:

I. PRIVACY

Introduction to Part I

Chapter 1. Soft Surveillance, Hard Consent: The Law and Psychology of Engineering Consent

by IAN KERR, JENNIFER BARRIGAR, JACQUELYN BURKELL, AND KATIE BLACK

Chapter 2. Approaches to Consent in Canadian Data Protection Law

by PHILIPPA LAWSON AND MARY O’DONOGHUE

Chapter 3. Learning from Data Protection Law at the Nexus of Copyright and Privacy

by ALEX CAMERON

Chapter 4. A Heuristics Approach to Understanding Privacy-Protecting Behaviors in Digital Social Environments

by ROBERT CAREY AND JACQUELYN BURKELL

Chapter 5. Ubiquitous Computing and Spatial Privacy

by ANNE UTECK

Chapter 6. Core Privacy: A Problem for Predictive Data Mining

by JASON MILLAR

Chapter 7. Privacy Versus National Security: Clarifying the Trade-Off

by JENNIFER CHANDLER

Chapter 8. Privacy’s Second Home: Building a New Home for Privacy Under Section 15 of the Charter

by DAPHNE GILBERT

Chapter 9. What Have You Done for Me Lately? Reflections on Redeeming Privacy for Battered Women

by JENA MCGILL

Chapter 10. Genetic Technologies and Medicine: Privacy, Identity, and Informed Consent

by MARSHA HANEN

Chapter 11. Reclaiming the Social Value of Privacy

by VALERIE STEEVES

II. IDENTITY

Introduction to Part II

Chapter 12. A Conceptual Analysis of Identity

by STEVEN DAVIS

Chapter 13. Identity: Difference and Categorization

by CHARLES D. RAAB

Chapter 14. Identity Cards and Identity Romanticism

by A. MICHAEL FROOMKIN

Chapter 15. What’s in a Name? Who Benefits from the Publication Ban in Sexual Assault Trials?

by JANE DOE

Chapter 16. Life in the Fish Bowl: Feminist Interrogations of Webcamming

by JANE BAILEY

Chapter 17. Ubiquitous Computing, Spatiality, and the Construction of Identity: Directions for Policy Response

by DAVID J. PHILLIPS

Chapter 18. Dignity and Selective Self-Presentation

by DAVID MATHESON

Chapter 19. The Internet of People? Reflections on the Future Regulation of Human-Implantable Radio Frequency Identification

by IAN KERR

Chapter 20. Using Biometrics to Revisualize the Canada–U.S. Border

by SHOSHANA MAGNET

Chapter 21. Soul Train: The New Surveillance in Popular Music

by GARY T. MARX

Chapter 22. Exit Node Repudiation for Anonymity Networks

by JEREMY CLARK, PHILIPPE GAUVIN, AND CARLISLE ADAMS

Chapter 23. TrackMeNot: Resisting Surveillance in Web Search

by DANIEL C. HOWE AND HELEN NISSENBAUM

III. ANONYMITY

Introduction to Part III 63.60 Kb

Chapter 24. Anonymity and the Law in the United States

by A. MICHAEL FROOMKIN

Chapter 25. Anonymity and the Law in Canada

by CAROLE LUCOCK AND KATIE BLACK

Chapter 26. Anonymity and the Law in the United Kingdom

by IAN LLOYD

Chapter 27. Anonymity and the Law in the Netherlands

by SIMONE VAN DER HOF, BERT JAAP KOOPS, AND RONALD LEENES

Chapter 28. Anonymity and the Law in Italy

by GIUSELLA FINOCCHIARO

Most of us have done it.

Instead of hitting “reply” to an e-mail, we accidentally push “reply all,” sending a potentially embarrassing or insulting message to those we didn’t intend to see it.

To address this problem, Google Inc.’s Gmail Labs has launched an experimental feature called “Undo Send” that gives users a chance to rewrite their message, correct settings or simply fix typos.

When a Gmail user who enables this feature sends an e-mail, a button that says “Undo” will pop up on their screen for five seconds. If the user hits the button within that time, the service will retrieve the e-mail in draft form — allowing the user to make changes or cancel the message altogether.

I assume that this service works by delaying sending [...]]]> From CNN:

Most of us have done it.

Instead of hitting “reply” to an e-mail, we accidentally push “reply all,” sending a potentially embarrassing or insulting message to those we didn’t intend to see it.

To address this problem, Google Inc.’s Gmail Labs has launched an experimental feature called “Undo Send” that gives users a chance to rewrite their message, correct settings or simply fix typos.

When a Gmail user who enables this feature sends an e-mail, a button that says “Undo” will pop up on their screen for five seconds. If the user hits the button within that time, the service will retrieve the e-mail in draft form — allowing the user to make changes or cancel the message altogether.

I assume that this service works by delaying sending out an email after the user hits the send button. Suppose that Google offered a different service, one that allowed users to edit or delete emails sent after being received by recipients. Currently, I don’t think it would be possible within the technical architecture of email systems, but I wonder whether there’s a way it could be possible and/or legal. Would such a service be desirable? It would certainly be so for senders, who may want to zap the existence of emails they later came to regret. But what about the recipients, who would suddenly see emails vanish from their inboxes or change in content?

FreeCreditReport.com is not free. You can get your free credit report at the official site, AnnualCreditReport.com.

Here’s a terrific spoof of a FreeCreditReport.com commercial. These commercials appear all over cable TV with jingles about how people’s lives were ruined by identity theft or bad credit and how all their woes could have been averted if they only used FreeCreditReport.com:

The Fair Credit Reporting Act (FCRA) requires that credit reporting agencies “follow reasonable procedures to assure maximum possible accuracy of the [...]]]> I’ve blogged in the past about FreeCreditReport.com and the fact that I think it ought to be shut down. This is one of the rather obnoxious attempts by the credit reporting agencies to exploit people’s fears of identity theft as a tool to generate money.

FreeCreditReport.com is not free. You can get your free credit report at the official site, AnnualCreditReport.com.

Here’s a terrific spoof of a FreeCreditReport.com commercial. These commercials appear all over cable TV with jingles about how people’s lives were ruined by identity theft or bad credit and how all their woes could have been averted if they only used FreeCreditReport.com:

The Fair Credit Reporting Act (FCRA) requires that credit reporting agencies “follow reasonable procedures to assure maximum possible accuracy of the information concerning the individual about whom the report relates.” 15 U.S.C. § 1681 e(b). If services like FreeCreditReport.com are really necessary to protect oneself from inaccuracies, then why wouldn’t these be required by the FCRA for free? If such services are unnecessary, then the advertisements are doubly false — trying to sell consumers a “free” service that’s not really free plus selling a service as essential and necessary yet that’s unnecessary.

As I wrote in my previous post:

The other irony is this: It is the practices of the credit reporting agencies that have put many consumers at risk for identity theft. Now, they are selling consumers protection from a problem that is at least in part their own making. It reminds me of the scene in The Godfather Part II, where the mob would rob and pillage people’s stores and then offer security protection for a fee.

Hat tip: BoingBoing