Jeff Jonas has published an important post: “Your Movements Speak for Themselves: Space-Time Travel Data is Analytic Super-Food!”
More than you probably realize, your mobile device is a digital sensor, creating records of your whereabouts and movements:
Mobile devices in America are generating something like 600 billion geo-spatially tagged transactions per day. Every call, text message, email and data transfer handled by your mobile device creates a transaction with your space-time coordinate (to roughly 60 meters accuracy if there are three cell towers in range), whether you have GPS or not. Got a Blackberry? Every few minutes, it sends a heartbeat, creating a transaction whether you are using the phone or not. If the device is GPS-enabled and you’re using a location-based service your location is accurate to somewhere between 10 and 30 meters. Using Wi-Fi? It is accurate below 10 meters.
The process of deploying this data to markedly improve our lives is underway. A friend of Jonas’ says that space-time travel data used to reveal traffic tie-ups shaves two to four hours off his commute each week. When it is put to full use, “the world we live in will fundamentally change. Organizations and citizens alike will operate with substantially more efficiency. There will be less carbon emissions, increased longevity, and fewer deaths.”
This progress is not without cost:
Continue reading →
In response to Professor Jonathan Zittrain’s op-ed in The New York Times last Monday about online privacy and open platforms (which Adam thoroughly refuted last week) I have a letter to the editor in today’s The New York Times:
To the Editor:
Re “Lost in the Cloud” (Op-Ed, July 20):
In discussing the privacy risks that have accompanied the growth of the Internet, Prof. Jonathan Zittrain rightly bemoans the willingness of governments to violate individuals’ privacy rights. Unfortunately, he proposes new legal restrictions that would stifle online innovation while doing little to enhance consumer privacy.
Mr. Zittrain proposes a “fair practices law” that would require companies to release personal data back to users upon request. Such a rule may sound workable, but purging specific data across globally dispersed server farms is no simple endeavor. Who is to pay for the implementation of such privacy procedures — especially for free services like Facebook or Twitter that have yet to turn a profit?
A better approach to online privacy is to educate users on safeguarding personal information. Ultimately, however, the only foolproof approach to protecting sensitive data online is to simply not disclose it.
Continue reading →
Over on Techdirt, Mike Masnick discusses an interesting new survey that highlights the sharp disconnect between how much we claim privacy matters to us and how far we’re willing to go to safeguard it. America Online polled 1,000 users in the United Kingdom, and the results further reinforce what other recent studies have suggested:
The study found 84% of users say they carefully guard their info online — but when tested, 89% of people actually did give away info in the same exact survey.
The AOL survey brings to mind security guru Bruce Schneier’s insightful quip on privacy from back in 2001:
If McDonald’s in the United States would give away a free hamburger for a DNA sample they would be handing out free lunches around the clock. So people care about their privacy, but they don’t care to pay for it.
When presented with the option of sacrificing a bit of privacy for something of value, like a chocolate bar or a free gift certificate, many users are surprisingly willing to dole out data to third parties for commercial use. And the value of personal details to marketers is massive. As social networking sites and ad-serving networks amass ever greater knowledge of our hobbies, political views, and even our favorite music, these sites are getting better at mining data to tailor ads with pinpoint precision, commanding high click rates while sustaining server farms and original content publishers.
Continue reading →
Google has found itself stuck between a rock and a hard place in its legal battle with Viacom over the question of whether IP addresses constitute “personally identifiable information,” as
Jim pointed out yesterday
. It’s worth noting, however, that EU regulators have left Google little choice but to stake out uncharted territory in order to defend its data collection practices.
Under the European Union’s
strict privacy directive
, websites are prohibited from retaining “personal data” for more than six months. What exactly constitutes personal data is up for debate. Google, which retains IP addresses for
18 months
, has taken the position that
IP addresses don’t constitute personal data
and therefore are not subject to EU data retention limits.
That argument has placed Google in a double-bind in its legal proceedings with Viacom. In his recent ruling, Judge Stanton
specifically referenced
Google’s recent blog post which argued that IP addresses should not be considered personally identifiable information. If IP addresses aren’t private, Stanton reasoned, then what’s the harm in Google handing them over to Viacom?
Whether an IP address can identify an individual is a matter of context. Google stated recently, “Based on our own analysis, we believe that whether or not an IP address is personal data depends on how the data is being used.” That makes sense; an IP address alone is generally
not enough information
to identify an individual, absent a court order.
Yet while IP addresses are not capable of overtly identifying individuals in the same way as phone numbers and addresses, IP addresses combined with other details often make it possible to positively identify individuals with a high degree of accuracy. Anybody can run a
reverse DNS lookup
on an IP address, which usually reveals the city and state in which the user of that IP address is located, along with the service provider. The YouTube logs that Google has been ordered to produce include not just IP addresses but also usernames and specific viewing times, so it’s all but guaranteed that quite a few individuals could be
personally identified given enough man-hours of data mining
.
Continue reading →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.