Slashdot Mirror
Google Researchers Warn of Automated Social Info Sharing
holy_calamity writes "Researchers from Google have written a paper about how social networks can undermine privacy. The most interesting scenario they discuss is 'merging social graphs' — when correlating multiple social networks makes it possible to reveal connections that a person has intentionally kept secret (PDF). For example, it may be possible to work out that a certain LinkedIn user is the same person as a MySpace user, despite their attempting to keep their profiles separate. The Google solution is to develop software that screens new data added to a social network, attempting to find out if it could be fodder to such data mining."
how many people will be surprised about Google being the champion of privacy?
The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny...
Also in the "what do you expect?" vein, you're putting lots of personal information on various websites that are publicly available worldwide. What kind of privacy are you expecting?
Hell, I maintain totally different personas on several sites and in many cases have different lies about my identity on each site, and I can still see how people would put the pieces together.
This is a case where multiple pieces of information, that individually do not compromise one's privacy, can actually do so when aggregated and correlated together.
This sort of pattern is why something like Google Street View subverts the privacy laws that we have. Yes, a photo taken from a public location of things viewable from that location, by itself, does not violate privacy, and privacy law has been developed so that each individual photo that Google takes and publishes does not, on its own, violate anybody's privacy. What the law fails to capture is that putting a vast number of such photos together, correlating them with a geographical information system, yellow page listings, satellite imagery, internet search results, and offering it to the general public to use for free, without any restrictions of purpose, does massively violate privacy. So the standard response to privacy challenges to Street View ("the law allows you to take photos of any public place you want") just massively misses the point.
Are you adequate?
While that is a completely fair thing to point out, there is a very important thing that it misses: other people can put information about you online, without your permission, and that information is just as subject to analysis as what you put up.
The two best examples that come to mind right away:
Notice that both of these acts are perfectly legal, and while the second arguably should be regulated and restricted by law (the aggregation, correlation and publication parts, not the picture-taking part), the first one ought not to.
Are you adequate?
If you are concerned about your identity, do you think your domain registrar would give it up if somebody claimed that massive spam was coming out of that interface?
Well sure, but that's a bit of a different issue. That's a question of whether companies that you have private transactions can be trusted to keep your information private. My point was that with social networking sites, you're posting information in a public forum and then expecting privacy-- which doesn't make a lot of sense.
Since the inception of the web, I have been wondering how much longer privacy could last.
People who have grown up with the web tell everything about themselves freely on sites like MySpace. I don't know if this is because they are just stupid from youth or if it is a different paradigm than the old folks had.
But in any event it is clear that privacy is diminishing rapidly. Look at cameras. Everyone carries a camera in their pocket now. Anyone can set up a wifi-connected miniature webcam with very little effort or cost. It's not even very difficult to listen through walls (or especially windows) nor to see at least heat traces through walls. And of course, there are satellites watching everything we do at least outside of walls.
Then think about things like grocery store cards, credit cards, online accounts... And how many people here use a plethora of Google accounts with the blind faith that a mere slogan (Do No Evil) will somehow protect their privacy? Really?
Then think about how cheap data storage is and how everything is not only logged but archived. It might not be used today, but it can be accessed ten years from now, or twenty, or fifty. After all, computers of a decade from now will be able to eat petabytes like Tic-Tacs.
Expecting to maintain an old-school sense of privacy is probably not realistic in this, um, brave new world we live in.
If such a tool was used to narrow down a suspect in a crime or malfeasance, would constitutional guarantees against self-incrimination come into play?
No, the right against incriminating yourself basically amounts to "you have the right to remain silent". The police aren't allowed to punish you for not telling them about your crimes. However, anything you do tell them can (and will) be used against you.
(IANAL, but I'm pretty sure I'm right)
I think you're too hung up on this concept of "invasion," which, in my opinion, is too closely linked to existing privacy law. I think the real questions should be: (a) what is privacy, and (b) how should the law protect people's privacy?
The way I see it, privacy is your ability to control what information other people can learn about you. Privacy is the law's recognition that people have a right to conceal various kinds of information about themselves from others, either because some people may find such information discreditable, or simply because the information would cause embarassment (though deep down I think the latter is just a special case of the first).
Of course, privacy has never meant that a person is allowed to conceal any facts about themselves. There has always been information about oneself which the law requires to be a matter of public record (e.g., your criminal record, or what real property you own); and also, one person's right to privacy has to be carefully balanced with other people's right to learn and disseminate facts about others. This stuff falls squarely in the intersection of law, ethics and sociology, and is insanely context-sensitive and subtle. For example, if you see my last name and try to find out whether I'm Mexican or some other Hispanic nationality, it can make a big difference whether you're a member of the Mexican-American Students Association trying to recruit people for your association, or somebody who's evaluating my job application. Basically, there are vague, ethical and legal rules of what information various people should be allowed to consider in which contexts, and what information they should not be allowed to consider.
But I digress. If privacy is about controlling what information others can learn about you, then we can see privacy in terms of these three components:
The idea of an "invasion" of privacy really boils down to acts that violate the rules for (1), and in some cases (2); somebody invades your privacy when they directly obtain a fact about you that they do not have the right to obtain (or example, when they take a picture of your naked wife inside your house, and give it to somebody else.) My argument is that our privacy laws have been built to deal with cases (1) and (2) there, because, historically, (2) was less of a problem than now (there was no Internet), and (3) wasn't really a problem (there were no computers!). So we need to come up with laws to regulate (3); which doesn't mean to forbid (3), but rather, to strike a balance between people's rights to conceal about themselves and to learn about others.
So, to answer your question: if an "invasion of privacy" means a violation of rules about (1) or (2), then no, I don't believe that Google is "invading" your privacy by taking and publishing a picture of what anybody who goes by my house can see. The thing that concerns me is that Google and other folks are working very actively on technologies that affect my privacy via route (3), and what kinds of laws we should have in other to protect people's privacy in that regard. Basically, I'm worried in general about cases where many individual pieces of information, licitly obtained and disseminated, allow somebody equipped with newer technology to infer facts about me and use them to make decisions that negatively impact me, in a way that is u
Are you adequate?