|
META TOPICPARENT | name="FirstPaper" |
| |
< < | Data Mining and Information Sharing | > > | Information Sharing | | -- By JanethLopez - 16 Oct 2012
Introduction | |
< < | There’s a diminished expectation of privacy online that most internet users have already come to acknowledge and accept. | > > | This course has focused my attention on a problem that I, along with other users of "free" online services, face - the disconnect between what we think we are sharing with one party for a specific purpose and the reality of being spied on in ways and for purposes that aren't as obvious. | | | |
< < | What has "expectation"
to do with it? That's a doctrinal fragment from Fourth Amendment
law. If it's relevant here, why is it relevant?
The use of many products online – email, games, maps, music and video streaming – comes at a price. What we watch, what we buy, who we email and chat with, where we go is all tracked by a computer’s browser or a mobile phone.
The issue is not
primarily what is known to client software. If your browser is a
free software browser not made by an advertising company
(i.e. Firefox, the only common browser not made by an advertising
platform company and released as free software with access to
buildable source code) you can trust it. It's the server-side
software and the logs that software creates that are dangerous to
you. (Locked-down mobile operating systems are a problem, too, but
you don't have to do dangerous things with a mobile phone, unless
you've given your soul to the King of the Undead.) Do you understand
the technology enough to write this essay? If not, we should see to
it that you learn what you need to learn.
Many people seem to be willing to sacrifice their right to privacy in exchange for "free" online services. The problem is not that users are unaware that information sharing and data mining occurs, it is that they assume the purchasers of the information are advertisers, who are not looking to personally identify each user, but instead are aggregating information from millions of users to know how to sell products efficiently.
No, it's that they don't
understand how either personally identifiable information or
aggregate information, let alone the combination of the two, is used
against them.
While the harm seems minimal when information collected is used for targeted advertising, when data is shared with and abused by credit card companies, insurance companies, and government agencies, not for the purposes of advertising, but for surveillance and risk management, the privacy concerns raised are too great to ignore.
Perhaps you should also
think more seriously about what happens through the process of
behavior modification known as "advertising." Perhaps you should
interrogate the assumptions that lie behind this graf, never mind for
other people, but for you. Perhaps it would be helpful to stop
distancing yourself from the situation by writing about "people"
instead of "me and those I love."
Information Sharing for Targeted Advertising
Companies gather information on the online movements of internet users in order to target ads that they believe these users are statistically more likely to click.
No. That's the least of
it. Perhaps you're unconsciously minimizing, repressing cognitive
dissonance, in order to avoid acknowledging facts that would disturb
your beliefs?
The data collected provides an overall view of the user's digital self. For example, Google’s Privacy Policy and Terms of Service allows Google to share information taken from all of its services, aggregating information on a user as Google tracks her every move online. Google reads information from Gmail, videos watched on Youtube, appointments on Google Calendar, gps information when using Google Maps, Google Search terms, purchases made with Google Wallet, mobile purchases of music and games via Google Play, etc. and ties the data together to get an overall view of a user’s interests in order to provide targeted advertising.
No. Providing
advertising would be not a very good business unless they were
actually selling at auction the key words that motivate your
behavior. They aren't just interested in what your interests are:
they are reading what you are thinking now, constructing it from the
totality of your online behavior over the last 45 minutes. They are
selling your thought processes to people who use your thought
processes to automate your behavior. But you don't want to believe
that your identity is constructed from moment to moment, because you
have a self-protective belief in the long-term integrity of stable
unified personality. So you can't let yourself understand what
Google's actual business is. That makes your writing less useful to
other people, because instead of helping them to attain freedom,
you're actually unconsciously reinforcing their ignorance while
believing yourself to be telling them the truth. Poor
you.
Attention is a scarce commodity, and internet users understand that advertisers need to know what their interests are, what they buy, and how much they are willing to spend in order to target the right products. Google assures customers that no humans read emails to provide the ads (Gmail Ads) and that it never sells or shares information that personally identifies them for marketing purposes. Of course, these policies could change, but for now, providing this information is a price people (myself included) are willing to pay for the convenience of integrated services, like Google Maps working with Google Calendar to indicate how much traffic there is to a user's next appointment. It’s spying, yes, but who cares if a bot somewhere reads my search terms and a “relevant” ad appears on the side of my screen? The practice seems harmless. Advertisers are not interested in finding out who I am, just what they can sell me.
How do you know? What's
your evidence for this point of view? What do you mean by "no human
being reads your Gmail?" You mean, no human being does so unless she
wants to? What is your email doing where anyone could ever read
it? Why can't you figure out how much traffic there is between you
and your next appointment without someone reading your mail? I can.
This all just reads like lazy thinking. But it isn't. It's thinking
that doesn't want to discover something bad is going
on.
The greater problem is the amount of information that is being stored forever and what, in additional to advertising, could be done with the information in the future. Web searches, gps location, calendar appointments, emails, and purchases, when mixed with the abundance of information available on social media sites, including private conversations, family photos, employment information, and details on significant events (births, deaths, marriages) give a far too detailed view of an individual. The danger, which is ignored by most, is the risk that this extensive data set could easily be shared with those who are interested in personally identifying users.
What do you mean "could
be"? What's your evidence for the subjunctive mood?
Information Sharing with Banks, Insurance Companies, and Government Agencies
An aspect of this course that has made me uneasy is discussion of the ways in which this data mining can affect online users, not because of the data shared with advertisers, but because of the data being inferred from activity sold to insurance firms and banks or shared with government agencies that will later make assumptions or predictions about my lifestyle choices. This kind of information sharing has a far more direct effect on my life than targeted advertising.
Even putting aside the clear privacy issue of having personal information sold without consent, there are far too many possibilities for abuses and false positives. If a user consistently researches a specific medical condition for a family member or purchases wine with her credit card for a group’s weekly wine and cheese, could this activity reach health or life insurance companies, affecting premiums?
Why are you asking
whether it could? You're repressing the cognitive dissonance
caused by your implicit knowledge that it does. You were assigned
to read about the executive in the data brokerage serving insurance
companies who says he buys junk food only with cash to keep his own
insurer from finding out. You know that baby care and formula
producers data-mine hospital records to find out whose pregnant
before the husband is told. Look more closely at your own emotional
need not to learn. | > > | The main problem with the way I live my life is that I use free applications that, in the aggregate creates a very accurate view of a user's digital self. For example, Google’s Privacy Policy and Terms of Service allows Google to share information taken from all of its services, aggregating information on a user as Google tracks her every move online. Google looks over my shoulder as I read messages on Gmail, watch videos on Youtube, enter appointments into my Google Calendar. It knows where I travel, anticipating my daily commute using Google Maps, what I search for in Google Search, the purchases I made with Google Wallet, the games I download to my mobile phone, and even the music I listen to with Google Play Music. As I use their cloud-based service to create and share documents, Google pretty much knows everything I write. I have handed Google all the information it could possibly want - if not for themselves, to sell to others. | | | |
< < | What if online searches for a bankruptcy lawyer reaches a bank or credit card company? An alternative concern is that, as a greater online presence has come to be the norm and not the exception, a refusal to provide information online could be regarded as suspicious. Right now, insurance companies and banks are interested in inserting code into Facebook and Twitter to find clues about policyholders or to find promising leads (Economist). What happens if a credit card company or health insurance company decides that a particular individual is actually a higher risk simply because she does not have the kind of online presence that would provide relevant information on her activities? | > > | Why should we care? Before this course, I was always aware that these "free" programs came with some strings attached, in the form of data collection, but I hadn't paid much attention to the dangers of how the data would be traded with others and used to automate behavior, and how our privacy laws do little to limit access to my information, especially when it comes to access by government agencies. | | | |
< < | Many online companies, including Facebook, Microsoft, and Google, cooperate with government agencies' request for user data. Google seems to be the most transparent, releasing information on the amount of government requests and admitting to complying either fully or partially with over 93% of these government requests in the United States ([http://www.google.com/transparencyreport/userdatarequests/][User Data Requests - Second Half 2011]]). The number of requests not only for user information but for the removal of content has increased steadily in the past few years, raising concerns about how Google (and presumably other online companies monitoring online movements) responds to requests that violate users' rights to privacy and free expression (Google Transparency). | > > | Information Sharing | | | |
< < | Conclusion | > > | Web searches, gps location, calendar appointments, emails, and purchases, when mixed with the abundance of information available on social media sites, including private conversations, family photos, employment information, and details on significant events (births, deaths, marriages) give a far too detailed view of an individual. And companies like Google are strongly incentivized to share this extensive data set with those who are interested in personally identifying users. And, the data collected is not just used for targeted advertising, but also shared with credit card companies, insurance companies, and government agencies for the purpose of surveillance and risk management, raising important privacy concerns.
The information is shared in ways that affect our daily lives, used by companies to make determinations about how we will behave without our knowledge and without an opportunity to challenge these determinations. One example we have seen in this course is that personally identifiable data is shared between banks or credit card companies and insurance firms, who later make assumptions or predictions about their customers' behavior. Even putting aside the clear privacy issue of having personal information shared without consent, there are far too many possibilities for abuses and false positives. An alternative concern is that the lack of an online presence could also hurt me. As a greater online presence has come to be the norm and not the exception, a refusal to provide information online could be regarded as suspicious. Right now, insurance companies and banks are interested in inserting code into Facebook and Twitter to find clues about policyholders or to find promising leads (Economist). What happens if a credit card company or health insurance company decides that a particular individual is actually a higher risk simply because she does not have the kind of online presence that would provide relevant information on her activities?
Government Access to Information
The course has also brought up concerns about how outdated our privacy laws are, which makes our data available to government agencies without the need for a warrant. The government standards for monitoring of internet communications is outlined in the now 26 year-old Electronic Communications Privacy Act of 1986(ECPA). While the ECPA generally regards online communications as private and protected by the Fourth Amendment, requiring the government to obtain a warrant before they can "listen in" or intercept communications, it treats communications stored on the servers of an email service provider for more than 180 days as abandoned property, not subject to the warrant standard. While 26 years ago, emails kept on the service provider's server could arguably be "abandoned", today's online users have a different expectation. The reality is that the way we live our lives now, maintaining all of our messages, calendars, photos, documents, and other very sensitive information, in the "cloud" instead of on our own hard drives, means that the government is no longer bound by the Fourth Amendment and need only ask these service providers for the data. | | | |
< < | In order to make a conscious decision about how much to disclose and to whom, users need to know what kind of information is being collected and to whom it is being sold. | > > | The courts have been little help, in some cases noting that the third party doctrine, which states that an individual does not have a Fourth Amendment privacy interest in information that they convey to a third party and which that third party later conveys to the government, means we give up our expectation of privacy in the communications we store on these servers. The doctrine extends not only to communications, but also to any documents we store with these companies (see United States v. Miller, 425 U.S. 435 (1976)). | | | |
< < | How will they do that?
Who is going to tell them, and why? | > > | In practice, many online companies, including Facebook, Microsoft, and Google, openly cooperate with government agencies' request for user data. Google seems to be the most transparent, releasing information on the amount of government requests and admitting to complying either fully or partially with over 93% of these government requests in the United States ([http://www.google.com/transparencyreport/userdatarequests/][User Data Requests - Second Half 2011]]). The number of requests not only for user information but for the removal of content has increased steadily in the past few years, raising concerns about how Google (and presumably other online companies monitoring online movements) responds to requests that violate users' rights to privacy and free expression (Google Transparency).
Conclusion | | | |
< < | At the very least, if assumptions are being made about a user by a bank or insurance company based on online activity or offline purchases, they should be made aware of what information is being used, be provided with a copy of the data collected on them, and be given a chance to challenge the assumptions, much in the same way we are able to look into credit reports when denied credit. | > > | All of this information sharing creates a scary world in which these "free" services are not just collecting information to target advertisements, but also using the information against us, automating our behavior, and making assumptions that we are not able to challenge. In addition, just as a person might vitiate any Fourth Amendment protection to information by making a disclosure or giving up documents to a government informant, even without knowing the person's true identity, keeping our information in the "cloud" makes our service providers "informants" for the government. In order to make a conscious decision about whether or not to use these services, users need to know what kind of information is being collected and to whom it is being sold. At the very least, if assumptions are being made about a user by a bank or insurance company based on online activity or offline purchases, they should be made aware of what information is being used and be given a chance to challenge the assumptions, much in the same way we are able to look into credit reports when denied credit. In addition, until outdated privacy laws related to government access to communications stored information is updated to address the ways in which users actually interact with these services, we should be wary of keeping our lives in the "cloud". | | | |
< < | That's a statutory right you got from legislation written on the floor of the Senate in 1974 during a late-night session when lobbyists weren't present as they are now. Are you seriously supposing that any such legislation could now emerge from a Congress owned by Pharma in which Google is now more important than Hollywood, and Facebook is more necessary to the National Security State than Electric Boat? | |
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. |
|