Monday, June 04, 2007

Coming up next

I will probably always keep this post at the top, so just because it looks familiar, doesn't mean that there isn't new stuff right below it. In any case...

Here's what you can look forward to in this blog: (Or, rather, "that to which you can look forward"... or is it "that forward to which you can look"?)

The next thing I want to talk about, in a post yet to be finished, is why it's OK for software to send information about your actions to a central server, as long as this is explained when you download, start, or first use the software. In almost all cases, this information is lumped with information from all other users (it's aggregate and cannot be traced back to you individually) or is only read and interpreted by computers with no human intervention. Examples: the iTunes mini-store, FireFox, Google's anti-phishing plug-in, the Google Toolbar, etc.

I also want to talk about my perspectives on Google Book Search (especially in light of this and this and this and this) and on the China censorship thing, also here. Ah, yes, and on this extremely interesting "feature" of the latest version of Google Desktop, which I first heard about from this blogger but was, of course, also featured on SlashDot. And, and the DoJ subpoena thing seems to be concluded.

After I do some more reading (and thinking), I want to talk about The Transparent Society (Chapter 1 here) and why that kind of transparency is the only way to prevent situations like this and this. Privacy, secrecy, transparency, and security are all closely tied (in my opinion, only the guilty have anything to hide), so I might also bring this kind of thing into it as well.

This USA Today article also clearly deserves a review. It shows how what you say on social networking sites can come back to affect you later, that it is not private. Who knew?!?! Ah, look, the FBI made an announcement about this that, believe it or not, is even MORE retarded. And now, even The New York Daily News has something to say.

Not only do people not know how to manage their online presence, they also get mad and confused when it comes to their appearance (or lack thereof) on Google search results. Companies simply expect to be ranked highly, and some people think they can ask Google to remove them from search results entirely. Idiots.

This article is also worth blogging about sometime soon. In one sentence: The New Jersey legislature is considering a bill that would require operators of public forums to collect users' legal names and addresses, and effectively disallow anonymous speech on online forums.

Some people think you have a right to get on an airplane or bus without showing ID or being searched. (link, link, link, link). Like I say here, I think this is nonsense. It's like students claiming that they have a constitutional right to not do work, say whatever they want whenever they want, do whatever they want, harass teachers, not allow their things to be confiscated, etc. What's wrong with this? Well, when you expect a service from a group of people (education from a school, or transportation from a bus company, airline, bus station, airport, etc), sometimes you are required to follow the rules those people ask of you, even if those rules can be interpreted as "unconstitutional" by a narrow-minded fool. It's like saying a confidentiality / nondisclosure contract I voluntarily sign is violating my right to free speech. Or like eating at a restaurant and then refusing to pay because your money is your property and you don't wish to part with it. I'm going to have to find more articles about not showing ID at airports, then I'll blog about it. In particular, one article I remember seeing said you can refuse to show ID if you're willing to be thoroughly searched - the webpage then said "Choose to do this, and then tell us what happens to you!". When I find this again, I'll write about it. If you know where it is, please let me know.

This is also interesting - US govt subpoenas sent to ISPs!

Speculating about Google's future might also be fun sometime, but I doubt I can outdo the classic "EPIC" animation.

Stay tuned!

Sunday, June 03, 2007

Google Maps Street View

Much noise has been made recently about the fact that Google is starting to provide street-level pictures to their Google Maps web service (which already includes maps, directions, traffic info, aerial/satellite photography, and a local-business finder). Which of those privacy concerns are legitimate? Which are only the product of people who do not think enough about the information they leave behind all over the place as they go about their daily activities? Some privacy concerns about this service are almost legitimate (you will not hear me say this very often!), most are at least somewhat misguided, and a couple are so hilariously ignorant to be worth me singling out their authors and making fun of them.

This post will primarily be in response to the posts and comments at BoingBoing about this issue. BoingBoing is a great blog that brings to my attention many cool (or outrageous) things every day, and I am a big fan of most of the stuff they support. Except for their privacy paranoia and their support for the "right" to not be accountable for what you say and do online.

Before going to the specific posts I want to respond to, here are two simple points:

Point 1: When you are in public, do not expect privacy. Sounds obvious, doesn't it? Not to a lot of people. When you exit your house, get in your car, drive down the road, park your car, and get into a building, photons bouncing off of you are broadcasting your precise location, continuously, at the speed of light, to anyone who cares to catch these photons and extract that information from them. If you are having a conversation in a public place, your sound waves may not travel as far or as fast as those photons, but they can still be made out from quite a ways away. Is it wrong for people to collect this information? If so, then shouldn't you cover your eyes and ears when you go to a public place where there are other people? Is it wrong to drive down the street in a van (or VW Bug) and take pictures of people?

Point 2: Here is where I make a rare near-concession to the privacy nuts. It's wrong for me to capture or publish images/sounds of the inside of your home, beyond what a person can see/hear from the street. So I may not go onto your property to record such images/sounds, and I may not use enhancing devices (telephoto lenses, parabolic microphones) to record such images/sounds. I say this all based on California's anti-paparazzo law, which Jennifer Aniston used to sue a paparazzo photographer (I mean this kind, not this kind) who took pictures of her naked in her home. (You can read more about Jennifer Aniston's lawsuit here, here, here, and here). In other words, you do NOT have a reasonable expectation of privacy when something in your house can be seen from the street by a passer-by. A reasonable person will agree that the titles of your books and DVDs, the content of your computer's screen, and anything not visible through a window or door, cannot be seen by a passer-by, and thus can be thought of as "private". But your cat right by the window, the license plate of your parked car, possibly a poster on your wall, and of course you yourself through an open window, can be seen by a passer-by without binoculars and whatnot, so those things are NOT private, unless you close the window. (I presume this also applies to businesses, and that police warrants and criminal activities invalidate some of these rights). So, actually, it is NOT wrong for Google to capture/process/publish what you get from photons and sound waves coming from within a private residence, as long as an average human walking down the street could capture and interpret those photons or sound waves without the aid of technology.

Anyways, here are the BoingBoing posts in question:

This first post is where I learned about this Street View thing: Mary Kalin-Casey writes BoingBoing outraged that on Google Maps you can see a picture of her cat sitting just inside her window.

Rich Gibson's reply says exactly what I was thinking, better than I could have said it: "Boing Boing regularly blogs about evil security guards beating down poor photographers who just want to take pictures of pretty buildings. How is the case made different when the 'poor photographer' is replaced by a van of camers, and the evil security guard is replaced by [...] a cat owner?".

Which one is it? Are we free to take pictures at public places and post them on the internet, or aren't we? I say "Yes", and BoingBoing usually agrees.

The next post to discuss the privacy implications of Street View has both the most nearly-legitimate privacy concern, and the most misguided.

The almost-valid concern is when Ms. Kalin-Casey says "The next step might be seeing books on my shelf. If the government was doing this, people would be outraged". Her husband quickly added, "It’s like peeping". If extremely-high-resolution images were made available, then this would, indeed, be an invasion of privacy, since it would show more than the unaided eye could see from the street, like a paparazzo with a long lens. However, Google's images of people's houses (especially when you look into windows and doors) are NOT as sharp as what a passer-by would see, and that's the bottom line. No invasion of privacy.

This concern leads her to ask a series of questions. I think she asks them believing them to be rhetorical, but they do have answers. Let's go over them:

"Where do we draw the line between public and private? [...] By opening my windows for some much-needed light and air, am I granting permission for my living room to be broadcast worldwide? I don’t think I am. [...] When does it move from a grainy picture of the cat to a high-res image where you can see small details in my apartment? When do I have to choose between sunlight and unseen threats to privacy? It’s one thing to be monitored on the public streets of London. I think it’s another to wonder if, right now, someone or something is taking my picture through my living room window."

Given "Point 2" I made at the beginning of this post, it's pretty clear where those lines are. Indeed, the line is drawn: It is illegal to take (let alone publish) pictures that show the inside of a private residence (without permission from the resident) if those images show more detail than a passer-by can see. When you open your windows, it has always been the case that you give up some privacy: People will be able to look into your living room (Do you walk around your place naked when the windows are open? I sure don't), and this is not wrong unless they are using binoculars, telephoto lenses, or parabolic microphones. And I don't see how "new technology" changes this; Spyglasses have been around for a heck of a long time, at least since the 1600s. The only difference now is, if someone can see something, they can put it on the web. To expect that someone will see something and, out of the goodness of their hearts, NOT put it on the web, is unreasonable.

"There's a reasonable expectation of who is able to see into your house when driving past at the speed limit, and that expectation doesn't include everyone in the world with a web browser".

I'm not sure this is still the case. Heck, some people record EVERYTHING they see (1) and put it online (2). The rise of "many to many" technologies means that, if someone can see something, everyone might be able to see it. Denying this fact will not make it go away. We're getting closer to a "transparent society" (1, 2, 3). One aspect of this is: To counteract the prevalence of cameras whose owners do not share the content captured, private citizens should record as much as they can themselves and make this data publicly available.

But I digress. My point is, if anything about the inside of your home is visible on Google Maps Street View that is more detailed than what a passerby could see, then you should sue Google. (Here's the relevant law again, and here and here is some more useful reading). But until then, Google is not doing anything wrong.

Now, despite her mostly almost-valid concerns, here's where Ms. Kalin-Casey deserves to get made fun of:

"It’s my feeling that we should know what kind of monitoring we’re subject to and when".

Wait wait wait, even in public places? Like I said in "Point 1" above, when in public, you are emitting photons and sound waves in every direction. Are you saying that everyone who is capturing them needs to tell you about it? If I want to take a picture or video of a crowded place - say, a street in Manhattan, a sporting event, a convention, a rally, a concert, an aerial view of a town - do I need to go up to EVERY person visible in the shot and tell them about what I am doing? NO! Sure, to publish that shot and be paid for it, I need a model release from people who are recognizable in the shot, under certain circumstances. But if I'm not getting paid by publishing an image of you, and if that image does not mis-represent you (e.g. by going along with a claim that, say, you endorse my product), then no, I do not have to tell you about that image shot in a public place. It is NOT wrong for surveillance cameras to be hidden. Heck, one could easily argue that the surveillance cameras that are easily visible are not the most effective ones.

So I don't care if the Google Maps van caught you being late for work, going into a cannabis club, or coming out of a strip club. If you are in a public place, continuously emitting photons and sound waves in every direction that show your position, but you don't want your position and route to be public information, I'm afraid your only reasonable option is to wear a disguise.

We all leave a trail of information wherever we go. In the information age, it is silly and stupid to assume that this trail of information will not be gathered and processed by entities who benefit from organizing information. It is silly and stupid to expect that separate pieces of information about you cannot/should not/will not be combined. To expect this is to believe that computers should not exist. I don't know why some people think that everything they buy is NOT known to the companies they buy from, that their daily route to and from work/class cannot/should not/will not be observed or kept track of by anyone, or that the fact that they drive over the speed limit is not plainly visible by anyone with a doppler-capable device (or a simple stopwatch)

You have zero privacy anyways. Get over it ;)

Long time no see

About a year ago, a few factors caused me to stop posting on this blog. I got a new full-time job that kept me quite busy (that's the main reason), the 2006 airshow season started (which meant I spent 1 out of 3 weekends at airshows, and the other two weekends editing the photos and making the webpages for those airshows), and I moved away from Silicon Valley (I pretty much stopped reading SlashDot, although I do visit Reddit and BattelleMedia every now and then, Digg regularly, and BoingBoing every day). I have also become more interested in issues of intellectual property, copyright, DRM, the DMCA, etc, so that has pretty much replaced my interest on privacy, as far as keeping track on how new technologies make people have to reconsider old ways of doing things, old expectations, etc.

There have been some news regarding online privacy over this past year, but nothing major. There was Google's announcement about anonymizing their logs after however many months. And that one thing about how someone logged into their Google account on another person's computer, and the other person did not log out so all their searches were visible by that someone, which for some reason some people found outrageous. And the whole thing about Yahoo and the guy in China who went to jail. And soldiers in Iraq not being allowed to blog quite freely. And how US intelligence agencies pretty much spy on everyone. Maybe I'll comment about these topics, while I'm resurrecting this blog.

But the real reason I just brought this blog back to life was to give my reaction to the whole Google Maps Street View thing, another tool that manipulates public information in a way that many idiots have found to be scary, due primarily to their misconceptions about whether what you do in public is private (they seem to think it is). So my next post will be about that. I'll be done with it soon. Stay tuned.

Wednesday, March 01, 2006

Houston police chief wants cameras in homes

From the Seattle Post Intelligencer via SlashDot:

In one of the most blatant and frightening statements made on privacy, the Associated Press reports that Houston's police chief wants surveillance cameras in apartment buildings and even private homes. Chief Harold Hurtt wants building permits to require cameras in shopping malls and large apartment complexes. He also wants them in private homes if the homeowner has called the police repeatedly. So, if you're in Houston, don't call the cops too much, or they might install a camera the next time they show up. And what does Hurtt have to say about privacy concerns?

"I know a lot of people are concerned about Big Brother, but my response to that is, if you are not doing anything wrong, why should you worry about it?"

While I am a big supporter of security cameras everywhere and of the "Only the guilty have anything to hide" philosophy, I do think that what you do inside your own home ought to be private, unless you're breaking the law. Maybe putting cameras in criminals' homes (as part of the parole process or something) might be doable (one could argue they gave up their right to privacy once they committed a crime), but in the houses of people who call the police a lot? C'mon!

But the story does not end here. From BoingBoing:

Matt Asher is offering a $1000 reward to the "first person who can provide definitive videotaped evidence of Houston police chief Harold Hurtt committing a crime, any crime."

This is in response to a Seattle Post Intelligencer article reporting that Hurtt wants to install surveillance video cameras "in apartment complexes, downtown streets, shopping malls and even private homes."


I think it should be fairly easy to nab Mr. Hurtt committing a crime, as I believe it is still a city statute in Houston that one must make a 360-degree survey of any car one intends to start to verify that no children are under the vehicle or threatened by it. If you post this, hopefully someone can come up with verification and other bizarre laws in this city that it should be easy to observe him breaking.

That link again (to the "Hurtt Prize") is Brilliant! Sousveillance at its finest! (Maybe in the future I will blog about sousveillance, probably as part of an upcoming post on The Transparent Society).

PS: I think this is starting to become a tradition, but here is a picture of the dude I'm talking about, Houston police chief Harold Hurtt:

UK CCTV camera operators jailed for voyeurism

From BBC News:

Two council CCTV camera operators have been jailed for spying on a naked woman in her own home.

Mark Summerton and Kevin Judge, from Sefton Council, Merseyside, trained a street camera into the woman's flat.

At Liverpool Crown Court, Summerton, 37, of Kirkdale, Liverpool, admitted voyeurism and attempted voyeurism. He was sentenced to four months in prison.

Judge, 42, from Waterloo, admitted misconduct in public office and was jailed for two months.


The images from the camera, including the woman without her clothes on, were shown on a large plasma screen in the council's CCTV control room in November 2004, Liverpool Crown Court heard.

Over several hours, she was filmed cuddling her boyfriend before undressing, using the toilet, having a bath and watching television dressed only in a towel.


"You only have to read the impact statements of the lady to realise the harrowing effect that this had on her.

"Her life has almost been ruined, her self-confidence entirely destroyed by the thought that prying male eyes have entered her flat."

I do agree that what you do inside your own home should be private (as long as you're not breaking the law). This is awful. On the other hand, I am a tremendous supporter of Closed-Circuit TV surveillance as a crime deterrent and as a tool for investigation... as long as the images used are those from public spaces!!!

PS: This Kevin Judge guy does look a bit creepy ;]

I love [Sun CEO] Scott McNealy

From Wired:

The chief executive officer of Sun Microsystems said Monday that consumer privacy issues are a "red herring."

"You have zero privacy anyway," Scott McNealy told a group of reporters and analysts Monday night at an event to launch his company's new Jini technology.

"Get over it."

That's awesome! While this was obviously stupid in that it must have alienated tons of his customers and lost their trust in his company, I still applaud his courage, sincerity, and admirable views on online privacy.

You can go read the article to check out the predictably hysterical reaction by, well, just about everyone.

And here's a picture of the guy:

Great SlashDot discussion on Minnesota GOP's CD-ROM

This is interesting. From Slashdot and the ThinkProgress blog:

the Minnesota Republican Party has been distributing a new CD about a recent proposed amendment. The CD poses questions about some of the hot-button issues like abortion, gun control, and illegal immigration. The problem with this CD, however, is that it "phones home" to the Minnesota GOP, without making it clear that your name is attached. So, if you take a look at the CD and take time to answer the questions, beware. Once you are finished they will know not only who you are, but where you stand on the issues at hand.

The comments on Slashdot, as usual, cut right to the heart of the matter. The first comment (by "Anonymous Coward") is:

Let me get this straight;

If you submit a form with your name on it... it submits your form with your name on it?!! The shock! The horror!

Anyway, the real story, if you actually read, is that the information you submit is supposedly available on a publicly accessible website.

The next comment that is visible was sent in by Romancer and sez:

Here's the difference:

If I install a program on my computer it can ask for my name company name etc. It can then ask if I want to register this program and send this information outside the computer.

The difference would be that if the program asked for my information without stating that it would automatically be sent out it would be considered misrepresentation.

It is an understood assumption by consumers (one which I personally believe is valid as well as the standard) that software must inform you explicitly that any data will be sent outside the software/computer it is on.

One would not assume that the forms in software such as ACT, MS Word, MS Excel, or other programs that ask for your information would be sent out without at least telling you so before the process.

Even the software companies that are on the edge of customer acceptance in this area have a policy that you can read and find exactly what information is being sent back to the company. Quickbooks is a prime example. They monitor your usage and use pop-ups and in-program ads to try and sell you other products that they think you might use. This is specific data collected with the association to your registration. Which by the way is mandatory. But disclosed.

DerGeist then asks

Isn't this technically spyware?

And JourneyExpertApe responds:

No. Spyware, by definition is something that collects information about you and sends it without you knowing it. Filling out a form in a program that you deliberately ran and having that same program send that information somewhere is not spying. What would be the purpose of filling out such a survey (into which you entered your name), if not to be sent somewhere so you can receive political junk mail (or "analog spam", as I like to call it)?

Now, in my highschool government class (which was required for graduation), we had to take a "test" at the end that asked for our opinion on some key issues like welfare, taxes, and I forget what else. As I recall, this was to be sent elsewhere to be "evaluated". I always suspected that this information ended up on file with the state government so they could characterize everyone's political views. The difference is that the GOP software is optional.

The discussion progresses. Most of it becomes just people from the right and people from the left criticizing the other's side's approach to politics and publicity, what it means to be patriotic, that kind of stuff, but some comments do stick to the issue. It is discovered that some of the compiled information that the Minessota GOP gathered from these CDs is visible publicly on the internet, which is potentially more serious than just them taking that information without explicitly saying they would. (But then again, since they did not explicitly say anything about how that information would be used, they really can do whatever they want, and any feelings to the contrary are based on your own unfounded assumptions about an inexistent privacy policy). This post by tmandry sums up the main points raised and the reasonable counter-arguments:

You have to consider that the personal information, such as name and phone number, are probably there to keep people from voting more than once. Also, if you're filling out a form about your opinions and submitting it - whether it says you're sending it elsewhere or not - you're submitting it, for crap's sake. To submit means to turn something in. It's common sense, really.

Without a privacy policy, the state party can tell your views to anyone at all. If you give the "wrong" answers on abortion or other issues, they can tell your boss, members of your church, or anyone else. In fact, these answers could get distributed to campaigns in your town during get-out-the-vote efforts - precisely the place where "wrong" answers can be most damaging.

I'll believe it when I see it - if anyone really did that, it would be on the news in a heartbeat anyway. And - once again, common sense - it's just not going to happen.

What's worse. That information is on a public Web site. I'm not going to tell you what site we found it on, just to let you know that the data is there. And it can be found. Easily so. In fact, the experts I talked with suggested that having it so readily available is "amazingly stupid" of any data mining company.

Well that doesn't sound all so credible to me, but it does beg some consideration. It does sound like a privacy issue to me. But wait a minute - look at that image [] a little more closely. All I see is a bunch of names and dates and numbers - no opinions. If someone can prove that the opinions are shown, it's fairly serious. Otherwise, although many people may feel uncomfortable or intruded upon for it, it's only names. So do us all a favor and don't get the wrong impression.

Some more concise comments:

ch-chuck writes:

This is insufferable - we will not stand for any stinkin' politicians finding out where we stand on important issues.

and ynohoo asks:

if you receieve an un-solicited CD thru the mail, you stick it in your CD drive and see what happens?

You guys crack me up

yuna49 brings up a good point I would not have thought of:

One interesting side issue in all this concerns how marketing organizations can exploit CDs like these to end-run the do-not-call rule in telemarketing. In later comments by the original Minnesota Public Radio author; aut/

he cites an executive at the firm that developed this CD who talks about how marketers can use this approach to establish a "prior relationship" with people that can then be used to justify calling them for marketing purposes. I'd be curious if marketing versions of this CD make any of this explicit. Apparently the only terms of use on the MN Republican CD enforce the rights of the software developers.

Note that this doesn't apply to the Minnesota Republican Party's use of this technology since political solicitations are explicitly excluded from the do-not-call law (wonder why?).

and finally, justin w hall hints at the reasons why privacy may be important:

Are my opinons so dangerous?

(disclaimer: insane leftist psycho)

Apparently us liberals are now terrified of anyone knowing our opinions. Yeah, it's bad that there are no privacy concerns in the terms of use, and I'm not surprised that Republicans are trying to hide their underhanded methods of stealing information.

But crap, they aren't getting my social, or the combination to my luggage (12345). Don't you WANT the government to know how you feel on the issues? Isn't that the point of a democratic society? And your boss? Your church? Why be so afraid to think what you think?

I don't know, I guess I can see some people wanting that information private. That can't be the majority view, though...

Even I (of all people) will grant that this last post is missing a very important point. There are people out there who will not trust you or respect you if they find out you disagree with them on some issues. You may call it discrimination or prejudice, but it is a fairly natural human impulse that we must learn to fight in order to live in a civilized world. For example, I am fairly sure (but not 100% sure) that abortion is not murder (this is actually one of the questions on the GOP's CD-ROM). Some people who DO think abortion is murder therefore could believe that I think a certain form of murder is OK, and hence that I am an immoral person not worthy of any trust or respect. I myself am confident that my relationships and duties to my friends, family, employer, co workers, etc, are not affected by this pro-choice stand (just my duties to unborn babies, that's all), but I can see why a pro-lifer might not trust me to make that distinction (and that is, fundamentally, what prejudice and discrimination are). So for these reasons it might be prudent of me to keep this belief to myself, in case I ever encounter discrimination for it. (As you can plainly see, however, I have chosen to be open about how I feel on this issue, primarily because I think I could still be persuaded to change my views if presented by a good pro-life argument).

In other words, in the somewhat uncivilized world in which we live, I can see why some people might want to keep their opinions private. I think they should be able to do that. However, I think that if you reveal those opinions to a website, person, computer program, survey, etc, and did not care to find out how that information will be used and where it will end up, then you might just have revealed those opinions publicly.

What I mean to say is: If you care about keeping something private, make sure that when you reveal it, you are revealing it to those who will keep it private. Don't just ASSUME they will. If you reveal your private opinions to a computer program/website and just ASSUME they will be kept private, then you just did something very stupid, and have lost the right to keep that information private. It's like you shared ownership of something - it's not your anymore, this information now belongs to you AND to the people you shared it with, and THEY in turn can share it with whomever they wish (if they did not explicitly tell you they would not). Information is like property: Don't just give it out to anyone and assume it will be taken good care of. THAT's the moral of the story.

Friday, February 10, 2006

Suicides, ISPs and IP addresses, online forums, social networking, email privacy, "anonymity vs liability" again, Japan, and euthanasia

Now here's a really fascinating issue. I was reminded of it today by Michael Williams' blog, although I remember reading about it last year, probably on SlashDot. The article linked to is this one, and it says:

A total of 91 people committed suicide in 34 Internet-related incidents across Japan last year, but police managed to prevent several potential victims from killing themselves by cooperating with Internet service providers, it has been learned.

Police began cooperating with Internet service providers in October last year, based on guidelines created by an organization on Oct. 5.

Under the cooperation system, Internet providers hand the names and addresses of people who post suicide-related messages on the Internet in emergencies.

Two of the 14 people police managed to contact were in the process of committing suicide at the time of their discovery, but they were taken to hospital and survived. Nine others were persuaded not to commit suicide. The remaining three did not actually intend to commit suicide.

This is actually saving lives! Neat, huh?

Now, all they say is that this system finds "people who post suicide-related messages on the internet", which implies forums, message boards, and so on. Remember that forums and message boards are NOT private. A good samaritan - it could be anyone, like a search engine, the forum owners, or even anyone with a web-crawling program, like Amazon - just reads non-private things posted online, and alerted the police. So far, no privacy problems.

But how do the police find out what actual person posted those messages? Here's where things get tricky.

Say "suicideboy1982" posts about killing himself. The person writing the post probably feels safe that no one will find out that HE is "suicideboy1982". The people with access to that kind of information will keep it private, right?

The log files on the forum host's computer can say what IP address posted what message and when. And the ISP can say who was accessing the internet from that IP address at that time.

The IP information in the log files may or may not be private. Depends on the forum's privacy policy. For the record, if you ask me to look at my site's log files to ask me what IP address accessed what and when, I'd be happy to tell you (because nowhere on my site do I specify or imply that your access to my site is private. There are hosting companies that take the same approach, so that they are not liable for stuff hosted there, like illegal MP3s or whatever - they just say "IP address so-and-so did it"). Some online forums even automatically write, under each post, the IP address from which the request came that generated the post (in other words, the IP address that supply the information you supply when you click on "Submit"). On the other hand, some social networking services make a big deal about NOT handing over IP addresses without a court order, subpoena, or other justice / law enforcement communication. So if someone writes me a mean note on my orkut page, the orkut people will NOT tell you the IP address behind that message, unless a court tells them to (because, say, the note is defaming you) or unless a police investigation asks them to (because, say, the note is threatening you). I know because I used to be one of those orkut people.

People broadcast an IP address when they do anything online. While some people think that this IP address is private and will not be revealed to people who ask "Who did THIS?", these people are usually wrong.

Now, going from IP address to individual person is currently a little trickier, usually. For that, you need the ISP's help, because the ISP is the one who assigns IP addresses to different computers. The "ISP" is AOL, Comcast, SBC, a university, a workplace, whoever gives the user his internet access. Most ISP's privacy policies usually specify that they will not reveal who used what IP address at what time, unless told to reveal it under subpoena, court order, etc. This has come into play recently when the RIAA went after people who downloaded songs illegally. All the RIAA knew is that certain IP addresses shared certain copyrighted songs. The ISP sometimes "gave up" the culprit (i.e. revealed what person was using that IP address at the time), and sometimes refused to snitch on its users. So the knowledge that YOU were the person using a certain IP address is usually private, actually, thanks to the privacy policies in the ISPs' contracts. This may not protect you if you do something illegal or just really bad, though (there's that "liability vs anonimity" thing I talked about earlier), or if your ISP decides to no longer consider your IP address private and changes the privacy policy in the contract.

So, back to where we started... These Japanese ISPs are revealing to the police who used what IP address when, if the police says that it's to stop a suicide. And it's working! Are these ISPs violating the user's privacy? Depends on what they specify on the Privacy Policy part of the contract. But even if they DO specify that the identity of users of IP addresses would not be revealed except under court order, in which case this IS an invasion of privacy... I still think it's OK. I mean, it's like an ambulance breaking the speed limit to save a life. It might be almost-illegal, it might be inconvenient to lots of people, but it's for a good reason. The article mentioned that, out of 14 people contacted by the police from this kind of monitoring, three were NOT about to commit suicide. I can imagine those three might initially have felt mad, betrayed by their ISP, whatever. But they feel that way due to the harmless error of a process, a process that is saving lives. Being annoyed at this for too long would be like being annoyed that you have to pull over when an ambulance goes by.

Michael, who posted about this on his blog, says:

I don't think there's any legal privacy issue if a private company decides to monitor the traffic that goes through its servers.

In general, I agree. But here's an interesting question: What if it were email? I mean, in this case, public posts are being monitored, but what if it were email (the one thing in the online world I agree always is and should be super-private)? Someone reading my email without my permission is not really different from someone stealing my snail-mail or going through my closets and drawers without my permission. Does a company have the right to "monitor" my email just because it goes through their servers? Depends on what "monitor" means.

I agree with Michael that a company should have the right to monitor what goes through their servers. But with email you have to be careful. Does my landlord have the right to open my mail because it is in "his" house? Does the post office have the right to read my letters? Well, they have the right to scan packages for bombs and anthrax, and I think they can X-ray international packages to make sure drugs (and expensive things not mentioned in the customs form) aren't being smuggled...

Thing is, though, the ISPs in this case aren't just monitoring the information, they're acting on it. That is also relevant to the question. Does a company have the right to act on stock tips that go through their servers? I don't think so.

Say these Japanese ISPs did set up a system where emails were monitored for suicide-related content. If the email is read by some automatic system that then determines "suicide probability: high, call police", this may be all right. That's not too different from Gmail computers reading your email to give you targeted ads. But I bet there would have to be a real person in there somewhere, who would actually READ the stuff to decide if he/she really ought to call the police. In other words, I doubt they'd just take the computer's word for it. And if they do this with people reading emails, then it might be a violation of privacy. Again, if it saves lives, it's probably all right, though.

Still, the article only talks about "posting messages", which are public anyways, so the email discussion is hypothetical. It's still an interesting one, though: WOULD it be all right to alert a human operator when one user's emails seem to contain many suicide-related words? To then allow the human operator to read the emails and to call the police?

Well, just as ISPs may reveal IP addresses when users break the law, in this case the invasion of privacy would probaby be justified if

a) suicide is illegal (which I think it actually is, at least in California, which has led people like Brian Copeland to say "And what is the punishment for committing THAT crime? DEATH?!")

b) preventing suicide is so important as to over-ride privacy concerns, Privacy Policy contracts, and possibly even privacy laws (like the ones about email).

Now, that last one is REAL tricky and goes a little beyond the scope of this blog. Do people have a right to commit suicide? Is it really "saving a life" if the person who owns that life doesn't want it anymore? Of course, as a society we have decided that much inconvenience is more than justified if it keeps a person from committing suicide, but this IS an interesting question. I personally think that euthanasia is ok. And if a suicidal person is PERSUADED not to commit suicide, then his life WAS saved. These questions are not terribly relevant to the privacy issues surrounding the screening of different kinds of online communication for suicide information, but it's tangentially related, in that this screening may or may not be justified.

As far as this blog is concerned, the question is: Am I OK with my ISP possibly revealing that I was the person behind my IP address, just because someone (or some computer) read some posts (or, say, some emails) and decided that, in their opinion, I was probably going to commit suicide? Personally, I'm ok with that - I don't really do anything online where it is important that my real identity NOT be easy to connect to my IP address (well, I do download the occasional illegal song or video, but I'm ok other than that).

Most of this blog is about users being aware of the privacy policy. In this case, though, an ISP may have to violate the Privacy Policy in order to lead police to the address where a suicide-related communication originated. I say it's ok because it's saving a life. The fact that suicide is illegal also helps. But I can see that some people may disagree, and in this case, they may have a point.

Still, this whole thing is just another reminder that, when you're online, you should not do thing you'd be ashamed of later. The internet is almost ALWAS less private than you think... even when you DO read the Privacy Policy...

Sunday, February 05, 2006

In Soviet Russia, Google searches YOU!

I like this article:

I really don’t think the average internet browsing person has a concept of what concerns about privacy they should have, and what they are led to worry about senselessly.


I stumbled across yet another article about privacy called “You Search Google, Google Searches You”. Throughout the article, the author, Andy Dornan, feeds readers with an extra dose of suspicious obsession with statements like “pretend privacy” and “advertisers manipulate you into giving them money”.


Yet Dornan goes on to say “…Google’s privacy policy admits that it does log traffic…”. He fails to embody the entire policy regarding logs they collect.


Is there a difference? Is there a difference between your newspaper being dropped at your front door (the same front door as every member of your household) because you signed up to receive it, and someone monitoring everything you read, who reads it, when each person reads it, what was most interesting to each individual, and then attaching that to your name, phone number, social security number, and birth date for sale and publication?

The privacy dogmatists (or whiners) would have you believe that you are being tracked on a very granular level and that the companies tracking you have an obsessive interest in you as an individual. For some reason, companies like Google want to know more about you – they want to know you inside and out – they want to know things that only you know about yourself and they want to put a name and a face to that, and use it to your disadvantage. This is a very naïve and amateurish viewpoint, but it is something that human nature would lead us to easily believe. Just as it makes us want to believe that we can be abducted by aliens, that we never went to the moon, that JFK was shot by a dozen or so people, and that there is a poltergeist in our kitchen.


The fact is that Google doesn’t care about you. Nor do their advertisers. Their software doesn’t even care who you are. They care only about what is in your wallet, and their optimization engines only care that it is delivering advertising to the desktop that you are on with the possibility of it being slightly more affective because it is related to something that someone on that computer has viewed in the past. No one – not even Google – gives a damn who you are until it comes time to type your Billing Name and Address for a purchase, and even then their only interest in the information is to, oh my gosh, complete the transaction and make money. There is no Google Empire collecting information on citizens to have the world come to an evil end under their control. They just want to be the best advertiser in an industry where costs per millions of impressions has dropped into the pennies.

Dornan’s comment that “I’d rather get a thousand spams for breast enlargement and interest-only mortgages than one carefully tailored sales pitch that might work” is absolutely ridiculous. Why would you rather get breast enlargement advertising than something in which you might actually be interested?

Well said.

Saturday, February 04, 2006

Search queries are not private. Get over it.

So you think Google would have violated your privacy by revealing some large number of random search queries to the Justice Department?

Well, do you think that Google Zeitgeist violates your privacy?

No, you don't.

And neither does Google:

We may share aggregated non-personal information with third parties outside of Google.

What is aggregated non-personal information?

"Aggregate non-personal information" is information that is recorded about users and collected into groups so that it no longer reflects or references an individually identifiable user.

So, end of story, right?

Not quite. Google's own lawyers have admitted that one can envision scenarios where queries alone could reveal identifying information about a specific Google user. In fact, Google suggests you google your Social Security number, your credit card numbers, etc, to see if they appear on the web. And who does not Google him/herself once in a while? I definitely want to see what comes up in a Gogle search for my name! (I am happy to report that, except for some embarassing song parodies I wrote at a young age, nothing too embarassing comes up).

However, people cannot complain when Google hands that information over, under a court order or subpoena. Google's Privacy Policy explicitly says

When you use Google services, our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.

When you visit Google, we send one or more cookies - a small file containing a string of characters - to your computer that uniquely identifies your browser. We use cookies to improve the quality of our service by storing user preferences and tracking user trends, such as how people search. Most browsers are initially set up to accept cookies, but you can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, some Google features and services may not function properly if your cookies are disabled.

Google may present links in a format that enables us to keep track of whether these links have been followed. We use this information to improve the quality of our search technology, customized content and advertising.

Google does comply with valid legal process, such as search warrants, court orders, or subpoenas seeking personal information. These same processes apply to all law-abiding companies. As has always been the case, the primary protections you have against intrusions by the government are the laws that apply to where you live.

They're perfectly transparent about all this.

Besides, this information (unlike, say, email) is NOT considered private under the Electronics Communications Privacy Act, if you want to get legal about it.

Some people think that search is private. Some people think that, when you search for something on Google, you have the right for that information (the fact you searched for something, and then went on to check out some of the search results) to never be revealed to anyone.

I don't know where those people got this delusional idea. They wouldn't have, if they read the Privacy Policy. Or if they just used common sense and knew about how user logs work (by which I mean, every site you vist - even my little photography site - knows your IP address, knows what link you followed to get there (i.e. what other site you came from), knows what Google query you made when you found the site, and knows what you typed in to the web forms on the site, such as a "search" box. Do people not know this? Everyone could learn a little something from being a webmaster. But it's not like engineers and physicists are the only ones who expect SUVs to tip over. Use some common sense, people).

SOME information really IS private, though, like your name, email address, credit card information, and other info you may give to Google in the course of signing up for services, as well as information we know to be related to confidential medical information, racial or ethnic origins, political or religious beliefs or sexuality. About THAT kind of information, Google sez:

When you sign up for a particular service that requires registration, we ask you to provide personal information. If we use this information in a manner different than the purpose for which it was collected, then we will ask for your consent prior to such use.

If we propose to use personal information for any purposes other than those described in this Policy and/or in the specific service notices, we will offer you an effective way to opt out of the use of personal information for those other purposes. We will not collect or use sensitive information for purposes other than those described in this Policy and/or in the specific service notices, unless we have obtained your prior consent.

You can decline to submit personal information to any of our services, in which case Google may not be able to provide those services to you.

Google only shares personal information with other companies or individuals outside of Google in the following limited circumstances:

- We have your consent. We require opt-in consent for the sharing of any sensitive personal information.

- We provide such information to our subsidiaries, affiliated companies or other trusted businesses or persons for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Policy and any other appropriate confidentiality and security measures.

- We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Google, its users or the public as required or permitted by law.

If Google becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will provide notice before personal information is transferred and becomes subject to a different privacy policy.

So, again, you don't have to worry about TRULY private information, any more than you do when you allow a law-abiding company to become aware of this information. Search queries and links visited, though, are NOT truly private. They never were, and Google has always said they weren't. Heck, Google displays a scrolling, streaming list of Google search queries on a projector screen on each lobby of each building! (It only updates about once a second, so there is less than 1% chance that any given query will appear, but still, it's possible that you search for something "personal" and have that be projected on a screen in the lobbies of the Google buildings for several seconds... Or be shown on similar lists on websites that do the same thing).

So all you crazy people worried about the subpoena can just learn to accept this. Sheesh.

Coming up next: Why it's OK for software to send information about your actions to a central server (as long as they're clear about this). Stay tuned.

Wednesday, January 25, 2006

Google's subpoena and some corporate BS

For those of you who don't read SlashDot and BoingBoing every day and who don't pay close attention to the latest developments at the Googleplex or to how often Google appears in the news... What are you doing reading this blog? In any case, if you've been living under a rock for the past week, here's the latest controversy Google got itself in. (I'm sure they did it just because, y'know, people were probably getting bored with the Google Book Search debate/lawsuit).

Where do we start... The Justice Department is investigating whether the Child Online Protection Act is constitutional. It aims to "protect" children from online pornography.

(Personally, I think children would not need to be "protected" from things like violence, drug-related content, strong language, or sexual content, if parents actually talked to their kids. How about trying to work on the problem of bad parenting, rather than trying to "protect" kids from from things that will only affect them if their parents don't explain these things to them? But that's something I can get into later. Until then, I recommend this excellent article by David Mills that explains why children do not need to be protected from pornography and why the whole idea is ridiculous - it is only pushed by the religious right (who are against any kind of pornography and love any chance to fight it) and by politicians who have something to gain by making voters worried and/or scared and/or outraged for no good reason. In fact, this article says that ...the law is backed by such people as Jack Samad of the National Coalition for Protection of Children and Families, an Ohio-based religious advocacy group which avows to "encourage and challenge Christians to live sexually pure lives". For the record, let me say I support the idea of fundamentalist Christians living sexually pure lives - maybe this way they'll go extinct. Yeah, don't I wish. Anyways, in the future, I will probably also write a post about why violent videogames and violent movies are not harmful at all. Until then, recommended reading is here and here and here, and if you really want to look at the psychology behind it, here and here. But back to protecting kids from pornography... Where were we?)

Ah, yes, the controversial Child Online Protection Act. The Justice Department asked Google, MSN, Yahoo, and AOL to give them tons of information about things like

-All the searches performed over a period of 1 or 2 months,
-All the results returned in all those searches,
-All the webpage addresses that COULD be returned in a search,

and so on. From that information, the Justice dept could see how likely porn is to appear among search results where it does not belong.

Yahoo and MSN complied with this request, several months ago. AOL also complied, and then tried to deny this. Google, though, did not comply. According to this article;

When trying to negotiate with Google, the Justice Department eventually narrowed that request to a "random sample of 1 million URLs" and "copies of the text of each search string entered onto Google's search engine over a 1-week period."

This, however, does not help in understanding how often porn sites come up in innocent searches. Even if the majority of the sites in Google's index is pornographic, there is no problem if these sites are rarely or never returned for innocent searches. Well, the "problem" (as far as the Online Child Protection Act is concerned) would be if these sites allow users access to pornography without verifying their age, but I don't see how this is related to what people search for, or to what percentage of sites are pronographic, or even to whether these sites come up in search results. Well, I guess the Justice Dept thinks it can cite this kind of data to "prove" whether the Online Child Protection Act is constitutional. We'll see how they do.

But back to Google and privacy issues.

Google's non-compliance was discussed here when it became known that a judge was asked to demand this information from Google. Ramifications of this issue, theories behind motivations, and even the court documents themselves, are linked to (and concisely explained) here.

Supposedly, the reason for Google's non-compliance was so that users' privacy would not be unnecessarily compromised. Like, yeah right.

Two questions can be asked here:

1) What's the REAL reason why Google did not comply? Some people have some good theories that I will basically agree with.


2) When data about millions of users' actions online is aggregated for the purpose of analysis, even if this analysis discards the part of the data that specifies what users performed any of these actions... Does that violate the users' privacy? A lot of people think it does. I basically think those people are idiots. We'll get to that later.

Regarding the first question... From this article:

Nicole Wong, an associate general counsel for Google, said the company will fight the government's effort ``vigorously.''

``Google is not a party to this lawsuit, and the demand for the information is overreaching,'' Wong said.


Privacy consultant Ray Everett-Church, who has consulted with Internet companies facing subpoenas, said Google could argue that releasing the information causes undue harm to its users' privacy.

``The government can't even claim that it's for national security,'' Everett-Church said. ``They're just using it to get the search engines to do their research for them in a way that compromises the civil liberties of other people.''

And from this article we learn that...

"Google's acceding to the request would suggest that it is willing to reveal information about those who use its services," wrote U.S. Google attorney Ashok Ramani in an Oct. 10 letter to U.S. Dept of Justice attorney Joel McElvain. "And one can envision scenarios where queries alone could reveal identifying information about a specific Google user, which is another outcome that Google cannot accept"...

This, of course, won Google some favor with some privacy advocates. For years now, privacy advocates have understood that Google is storing vast amounts of data regarding who searches for what and when (and information of which sites they go on to, from the search results). Privacy advocates have feared that this information could be revealed, through hacking, theft, the kind of subpoena seen here, vague "national security needs", or other such ways. These people want their search information to be completely private even if the government needs it to investigate criminals and terrorists. Remember, the constitution protects them against "unreasonable searches and seizures"... I'm not sure this is unreasonable... I think they're being unreasonable... In any case, Google is at least pretending to side with them, trying to earn back people's trust, trying to make it seem like it wants to fight as hard as it can before giving up these people's precious search terms.

Seeing through this BS, many people like John Battelle offer very good theories about what's really keeping Google from going ahead with this:

Remember this whole goat rodeo (on the size of indexes)? Remember how slippery both Yahoo and Google got when we tried to figure out exactly how many documents were in their indexes? Well, turns out, that's pretty much what the DOJ is trying to do as well. Hence, Google's defense on a "trade secrets" basis.

Apparently, the subpoena originally asked for a lot more than just a million addresses, as reported Thursday. From the motion the DOJ filed to force Google to comply with the subpoena:

"The subpoena asks Google to produce an electronic file containing '[a]ll URL's that rea available to be located through a query on your company's search engine as of July 31 2005."


"all queries that have been entered on your company' search engine between June 1, 2005 and July 31, 2005."

HELLO. You think Google is going to give that over? Me no think so.

So how to fight it? Well, standing up to the DOJ and getting major praise for doing so is a very smart strategy, in my book. As much as I'd love to believe Google is fighting this for heroic reasons, I'd wager that the data has more to do with it.

A little more research turns up the following:

In a letter dated 10 October, 2005, Google lawyer Ashok Ramani objected to the Justice Department's request on the grounds that it could disclose trade secrets and was "overbroad, unduly burdensome, vague and intended to harass".

So I guess it's fair to say that Google is doing this:

1) Because it wants to guard its precious information (only WE mine the information we worked so hard to get!) and its index size,

2) Because it doesn't want the US government to get the impression Google is happy to do research for them when this research ough to be done by the government,

3) Because Google wants the crazy privacy advocates to think that Google's large stores of "private" information are safe, that Google actually values privacy (rather than simply fearing the crazy privacy advocates. It's a subtle difference).

Now, the more complicated question... Does aggregate data violate privacy? MSN, Yahoo and AOL seem to not think so. Google even has a whole series of webpages dedicated to showing the most popular searches every week, in different countries, per category, as well as the search terms being searched for with the most quickly-increasing frequency and with the most quickly-decreasing frequency (fads, interests, and cultural fascinations that are just starting or dying down). This also ties in with all those software programs that send information about your online habits to a centralized server. Many people think this is private, even if the company only knows that "a user did this" (or, rather, that "more users did this than did that" and "most of the users who did that were also the users who did this"). This even ties in to the supermarket / retail-chain cards I talked about earlier, except that web surfing and searching happen in a more private space than retail shopping... Right? Maybe, maybe not. I'll talk about that next post.

Sometimes, when I'm alone, I Google myself

Ed Felten once said that "privacy is for Google what security is for Microsoft": Basically, it ought to be the highest priority, and failures in this area could destroy the company's image and its users' trust. "It’s high time for Google to figure out that it is one or two privacy disasters away from becoming just another Internet company".

Thing is, though, Google doesn't even have to endanger/violate people's privacy in order to get in trouble. If it just LOOKS like it's endangering/violating people's privacy, its image is hurt badly. This happens often, since so many people have ridiculous and unreasonable expectations of what ought to be kept private, and a very fuzzy understanding of what information goes where and how. Google is in a tough spot: Even if it does things right, it keeps being misunderstood and wrongly criticized by paranoid privacy advocates and by inexperienced/ignorant users.

I was about to start writing a post on the recent subpoena that Google is resisting. And I thought to myself; Hmmm, Google certainly has worried privacy advocates - and still worries some of them - over a huge variety of issues (most of which, incidentally, are blown way out of proportion by privacy advocates and really are not legitimate cause for concern unless you're an idiot, way too paranoid, or careless about how you let other people use your computer). The list I came up with, originally just a way to start talking about the subpoena, is long enough to get a post all for itself:

So let's see, you've got the anti-phishing Firefox extension (that sends information to Google about which sites you visited), the Toolbar (that sends information to Google about what you search for and, possibly, also about which sites you visited), the Desktop Search software (that sends no information to Google at all but LOOKS like it does, thus causing many stupid people to freak out when they see personal emails and Word docs appear among Google websearch results), the Search History service (that keeps track of what you searched, when, and which sites you visited from the ones in the search results... This made many people mad, mostly before these people realized you have to proactively sign up for this service and then turn it on), the Google Phonebook (that does nothing more than connect bits of information about you that you allowed your phone company to publish in a huge book delivered to every doorstep in town), Google Maps (people have actually requested that their addresses NOT be searchable through Google Maps, and that their houses be removed from the satellite pictures... No, seriously, I swear), the Orkut social-networking website (where people post pictures (and other info) publicly and then get all mad that their pictures were stolen by someone else), the different web-browsers' "AutoComplete" function (that remembers the things you searched for on Google and shows a drop-down list of previous search terms that start with the letter you write in the box... This is not a "Google" feature, it's a browser feature, but it happens to reveal to other users of the same computer the fact that you have been searching for odd/inappropriate stuff), the Google Accounts cookie (which keeps you logged in to your Google Account, so if you close a Gmail or Orkut or Google Groups window without first logging out, the next person to use the computer will have access to your Gmail, Orkut, and Groups info/profile/identity), the Google cookie (which supposedly tries to group the searches you do to one individual profile - much like the supermarket savings cards from two posts ago), the Gmail ads (which make it look like someone's reading your email and choosing appropriate ads for it... No, people, it's all automated, no one's reading your email!), the Google Web Accelerator (which blindly and dangerously followed every link it saw, stored webpage info on Google's servers, and could make it look like you were visiting a site under someone else's identity, until it was fixed), the Google search results (that often contain information about you that you think is private, wish were private, or find embarassing and/or inaccurate and/or defamatory), and of course the good ol' Google search engine itself (that might remember what searches were made from what IP addresses and when, and from the computers, using which cookies... It certainly does remember what searches are done, that at least is known, and any site you visit from a Google search results list will know you came from Google and what you searched on Google to find the site. My personal website is visited by people who search for the oddest things).

As I will eventually mention in this blog (if I didn't already in the parenthetical explanations above), almost all these concerns are either 1: caused by a lack of clear understanding of what is private and what is public, 2: caused by worries that the government will know what you do online (not a problem unless you are a criminal), 3: sheer stupidity, or 4: only a problem if you don't know how to properly use a web browser and cookies (and if you are sloppy about deleting things and logging out of sites), which I guess is the same thing as "3": stupid. In any case, you will only worry about any of the things in the previous paragraph if you do not read the Terms of Use and the Privacy Policy of these products...

...except maybe when it comes to finding supposedly defamatory things when you Google your name - a problem that is not Google's fault (or Google's liability), and in fact indicates that Google's search engine is working very well. This "problem" is caused by you being careless about what information about you gets to webmasters - THEY are the ones that publish what appears in Google's search results, THEY are the ones you have to go after. Theoretically, getting in touch with the webmaster will solve the problem of undesired search results on a search for your name, if you do indeed have any right to be mad over the material written about you. More on this in a future post.

...AND, I guess that Web Accelerator bug really was pretty serious, but it got fixed, it looked more serious than it was (you didn't actually have access to other people's online profiles / logins, it just looked like you did), and its potentially destructive link-following (such as following links that said "remove this" or "delete this") was really not too different from regular search-engine spider / crawler indexing, so only websites developed by inept webmasters were damaged (one wonders how those websites survive the crawling / indexing done by search engine spiders / robots...).

But other than that, Google's services offer no cause for worry, privacy-wise, if your expectations of "what is private" are reasonable, and if you are just a tad mindful while doing "private" things on a computer used by other people. Over the next few posts I will go into more detail about why I feel I can safely say this.


PS: The title of this post is just a reference to this hilarious T-shirt, now available as a variety of products (and in the proper Google font) here.

PPS: Coming up next: My reaction to Google's subpoena mess.

Monday, January 23, 2006

Customers who have looked at this Sony laptop have also bought... Pants!!!

I just realized that, in my Private self vs Public self post, I said almost all the things I wanted to say about merchant-customer privacy. Once the concept of "your public self versus your private self" is introduced, it becomes trivial to see why the list of things you previously bought (and the times when you bought them) should not be private: It pertains to actions done by your public self in a public place. Unless these things were bought online from a merchant that specifically tells you the fact you bought them will be kept confidential.

There are a few more dimensions to this kind of thing, so while I'm at it, I guess I'll just finish writing up my current thoughts on them.

So, yeah, many stores have a "profile" on you, and this profile is a list of the things you bought and when. Sometimes this is facilitated by a "savings card", sometimes by the store's asking your phone number, or it could be done by matching credit card numbers. Privacy-wise, what do you have to gain or lose with this? Economics-wise, what do you have to gain or lose, what do the other customers have to gain or lose, and what does the store have to gain or lose? (Right now I'm just talking about brick-and-mortar stores; I'll get to online merchants at the end).

Privacy-wise, the issue is clear and I've already addressed it: These purchases were made in a public place, in plain sight of everyone. Expecting them to be "private" in any way is ridiculous.

Now, you may say; "But there's a difference between scattered people possibly seeing (and then probably forgetting) what I bought on any one trip, and a database that precisely and eternally records what I buy on EVERY trip".

To that, I answer; "Not anymore, there's not". It used to be that bits of information made "public" in different places, in different forums, in different spaces, could be expected to never be compiled together. It used to be that you could, in plain sight, buy Item A in Store X and later buy Item B in Store Y, and expect those two pieces of information to never come together (and to never allow anyone to use them to make a "pattern" out of your shopping habits). It used to be that the people who knew of one purchase would not know how to reach information about another purchase somewhere else. Well, with the digital age, that's out the window. The nature of information has changed, the way it is stored and retrieved, in such a way that scattered public information can easily be grouped. All the things you do publicly can be brought together. And it's ridiculous to think that this compiling of different kinds of public information constitutes a violation of privacy. (This will come up again and again, like when I talk about your information appearing in Google search results and about social networking sites).

It's like there's a giant network of computers stalking EVERYONE. But since they only get to see the "public you", then they are not invading your privacy; just compiling public information.

If you don't want that information to be public, then you're going to have to pay cash and to give phony information when the store/business asks you for your phone number and whatnot.

What about the fact that, once a merchant has your name and address, they often sell it to marketers, resulting in you receiving junk mail? Isn't that "private information"? Well, yes and no. When the people in the store asked you for this information, you probably just gave it to them. Did you first ask with whom this information would be shared and under what circumstances? (Did you read the privacy policy?) No? Then you just gave away that information, and you have no right to expect that this information will not be shared.

If this information is so valuable, or so private, why did you give it away so carelessly? People often wonder how mailing lists, search engines, etc, find out information about them. Well, most of the time the people themselves gave the information away without bothering to find out where it was going. They just assumed it would be kept private, that the commercial institutions would pass up the chance to sell it, out of the goodness of their hearts. Um, yeah.

Why do the stores do this, anyways? Is it because they are mischievously curious to know things about YOU? Is it so that, if you buy a certain series of items, the computer at the store warns the FBI that you are probably a terrorist and/or a sex offender? NO! The store could not care less about YOU! It's so that they can have lots of data, which will allow them to group all their customers into a few (or several) sub-groups. It's so that they can say "the people who shop here most often seem to buy these items", and "the people who buy items in category C also seem to like buying items in category Q", and "smaller and more frequent shopping trips seem to include these items, while less-frequent and bigger shopping trips tend to include those items". This kind of information will allow them to better organize their store layout (it's anyone's guess whether that means that the items usually bought in the same trip will be placed closer together or farther apart), it will allow them to decide which products to sell at low prices and which products to sell at high prices (if everyone who buys product X also buys product Y, then we can sell product X at a super low price and advertise this, and meanwhile crank up the price on product Y and hope no one notices they're actually spending more money). It will allow them to figure out the shopping profile of the kind of customer that brings in the most profit, so that the store can taylor their product selection, their marketing, their prices, and their store layout to bring in and profit from that kind of customer.

The stores claim that savings cards "bring savings to our most loyal customers". So if you buy there a lot, each trip will cost less than it would if you did not have the card. This "motivation" to help their "loyal customers" is, of course, BS. While it may be true that a bunch of items paid for with a card will cost less than those same items would without the card, the seldom-mentioned fact is that most prices are RAISED upon the implementation of a card system, so you're paying about the same that you were paying before the card existed - maybe even more, if they're careful about which prices were raised and how much. You're probably not saving money compared to the pre-card days, you're just saving money compared to current non-card purchases. It's a big difference; It means the "savings" are an illusion and are only relative to artifically inflated prices. Ah, and meanwhile, the other people (those without cards) are 1: paying way more, and 2: shopping in a store that will slowly disfavor their "shopping profiles" by taking away the items that they buy and you don't, by raising the prices on the items that they buy and you don't, and by devoting less store space to the items that they buy and you don't. They want their store to cater to the most loyal (read: profitable) customers. They care less about the less-profitable customers, but unless some law says otherwise, there's nothing wrong with that.

All of which sounds very very good to me. It makes excellent business sense. The fact that the store is hiding their true intentions (they say "We want to reward YOU with savings" rather than "We want to make more money off people like YOU"), and the fact that they falsely claim "big savings" over prices that are too high anyways, are a little annoying and dishonest, sure. But the idea of doing all this makes good business sense and will allow for the store to be more profitable, selling only the more profitable items and drawing the more profitable customers.

One interesting side-effect is that if you provide phony information when they ask you for your name, phone number, address, etc etc, it won't make the least bit of difference. They will still get to see your shopping profile, and will still be able to aggregate your shopping data with that of similar customers. At least you won't get junk mail. (But you might also miss out on their preferred-customer-only gift certificates and coupons! Are those worth getting junk mail? Up to you). Some people are so paranoid about privacy, they have put much effort into making fake supermarket savings cards. If tons of people download these and all use effectively the same card, this may harm the supermarket's ability to track their purchases... or it might be doing the supermarket a favor by having a whole class of customers (techie dorks) use a single card!

So you see, this has nothing to do with "your private information" (unless you give it away and don't bother to make sure this information won't be sold to junk-mailers). It has to do with running a business more efficiently.

So far I've been talking about brick-and-mortar stores. Online merchants have an even easier time: They can match sales in their database by address, credit card info, or name, so in their case it's trivial to group their customers into different categories (and thus to find out which kind of customer is most profitable so that more marketing can be aimed at them, and also to find out which prices can be raised based on what items are usually bought along with what items).

Online merchants can go one step beyond: they can create algorithms that recommend items to YOU based on your individual shopping/browsing history and on the purchases made by people with similar histories. Now, it could be said that what you buy online is NOT public, so the privacy policy of the online merchant might (but might not) allow the merchant to share information about you and your shopping habits (and/or your wish list) with anyone. Whatever their privacy policy says, though, this does not prevent them from having a computer look at your shopping history and, with no human intervention, tell YOU that "We have noticed you are interested in [blah]. People who also seem to be interested in [blah] have also looked at and/or bought [this other thing]".

Personally, I think this is GREAT. regularly recommends this to me that I genuinely would be interested in. I usually know about them, but sometimes not. So they make money, I learn (or am reminded) about neat stuff, my privacy is maintained (if I care about that), everyone wins.

The title of this post comes from the fact that a friend of mine, a Microsoft programmer, has gotten Amazon recommendations for items unrelated to the items he bought or looked at. Sure, it may be true that "People who have looked at the Sony Vaio PCG-GRT100P have also bought... Pants!!!", but that's because most people buy pants, not because pants have anything to do with laptop computers. Are users of Sony's laptops more likely to buy pants (or to not know that you can buy pants online) than most other people? Since the items are recommended by correlating shopping/browsing histories, and not by considering the relatedness (or lack thereof) of the items, the results can sometimes be quite humorous. Or controversial.

Besides, isn't it just NICE when the people at a store know you? If I shop a lot somewhere, I want the people there to know this, so that when I send them an email or something, they see that my business should be valued. In a related note, most retail stores today cut costs by paying their employees very little, which causes high turn-over rates and does not make for knowledgeable or motivated sales associates. Almost-gone are the days when you could walk into a store and be greeted by the same genuinely cheerful person, year after year, a person who would call you by your name, ask you how the family is doing, ask you how that new (whatever you bought there last, or talked about buying) is working, and say "we just got these in, I bet you're gonna love'em". Personally, I'd feel great if I were treated like that. And it just doesn't happen anymore. Is that mom-and-pop store employee violating my privacy by remembering what I bought and remembering things about me? Sure, maybe it's less frightening when a person does it, not a computer or a huge greedy faceless corporation, but that person is also primarily doing it for the sake of keeping his store profitable - the fact that he gets to be nice in the process is just a welcomed side-effect. Or am I being too cynical? Maybe I am.

One last interesting point I could bring up is the concept that the information these stores have on you could literally be treated like property. Heck, the stores go through a lot of trouble and expense to acquire that information - it must be worth something! How much? Could you sell it? Who'd buy it?

It might be useful to treat your "personal information" as property whose ownership is shared between you and the people/company with whom you do business, and who provide you with serivces. Once you tell them your personal information, their privacy policy is a contract that determines how much they own that information, what they can do with it, with whom they can share it. This concept will be brought up again when I talk about information that ends up online, and about how John Battelle feels about this.

One last thing: Sometimes you purchase something, and the price is something like "$300 or $250 after rebate". You buy the thing, pay $300 plus tax, and then when it comes time to get the rebate, you find out the rebate people want information about you, like your career field and occupation title. That's just wrong - it's deceptive and misleading. It assumes your information has no value, since it says you get the rebate without having to provide anything other than $300 (and proof of purchase). At the same time, it's effectively paying you $50 (or whatever) just for your information. That kinda puts a value on it right there. Of course, you can just lie - but then are YOU being deceptive, "selling" information that is inaccurate? Now everything gets REAL confusing. It becomes necessary to formalize the value of your information before we can safely make progress past this mess.

However, one could say that (under some definitions of "privacy"), the information asked for on the rebate (your career field and occupation title) is not really private. What I mean is, if you ever made that information public - such as mentioning your career field and occupation title in some non-private forum, or to someone you did not know well enough to be sure your "secret" would not be spread - then your career field and occupation title are not private. In other words, unless you keep your career field and occupation title a secret (only telling it to people you trust will not tell others, and never revealing it in public where random people could hear/read it), then asking you for this information is NOT a violation of privacy.