IBM Uses Call-Detail Records To Identify "Friends"

theodp writes "Big Blue may know what you did last summer. Or at least who you called. In a move out of the NSA's playbook, IBM Research has been scrutinizing the call-detail records of 'one of the largest mobile operators in the world' (PDF). By analyzing who calls whom, and for how long, IBM claims its patent-pending snooping software can now identify circles of 'friends' who tend to exhibit the same profit-threatening behavior. 'We believe that our analysis is a first of its kind that exploits the underlying social network in a telecom call graph,' boasted a team of IBM researchers and a UMD prof. For now, IBM seems to have focused on using the info to see if your friends are churners, so you can be dealt with pro-actively lest you follow their lead and bolt. However, IBM suggests its SNAzzy data mining technology (Social Network Analysis for Telecom Business Intelligence) has a bright future, noting it 'is also capable of analyzing any kind of social network or graph, not just telecom networks.'"

Uh-oh

[davidwr]

So if several of my friends have poor credit ratings or are frequently arrested for petty crimes, I may not get a job?

Not good, not good at all.

Re:Uh-oh

[blackraven14250]

Yeah, change due to the will of a corporation!

Re:Uh-oh

[rtb61]

Instead and looking at your preferences it analysis social interactions and establishes a method by which they can mimic those social interactions in order to what, manipulate your choices and future social interactions.

What is interesting is specially they are seeking to monitor non-customers ie. using customers as judas goats to analyse the behaviour of the people they contact. Reminds me of the whole g-mail thing, whose email is it, the person who sends it (a gmail customer), the person who receives it (a non-gmail customer who now has no choice as to whether some of their email is analysed) or the corporations that temporarily handles it.

It's like more and more companies are looking at the privacy invasiveness of facebook, google, M$ and seeking to spread it into every facet of human life, to what convert humanity into droid buy bots, the 21st century equivalent of consumers. Looks like we are going to need tools like this http://mrl.nyu.edu/~dhowe/TrackMeNot/faq.html#options not only to obscure searches but also to obscure email and even voip phone calls. So in the future 80% of your communications will not be genuine but random obscuring coms designed to regain your privacy by burying under a ton of obscuring, pointless and wasteful coms. It seems much simpler, simpler and more energy efficient to legislate back in privacy and respect for the individual, let's get some 'mind your own fucking business' back into the market.

More Fascism from Big Blue

[Foobar+of+Borg]

I mean, what can you expect from a company that was perfectly willing to profit from the Holocaust?

Re:More Fascism from Big Blue

[MRe_nl]

Q: How many Iranian presidents are there ?
A: Two?

Threats to Profit!

[jhhl]

NSA: we snoop to find terrorist threatS (and whatever else we run into)
IBM: We snoop to find profit threats (and whatever else we run into)

phone-churn terrorism?

[Trepidity]

This sort of data-mining of quasi-private data to spot anomalous behavior is sometimes referred to as "terrorism informatics", since lots of the funding for it and interest in it comes from the case where anomalous=terrorist. Not sure it's going to be good for society to be applying the same sorts of intrusive analysis to legal things that are merely bad for business.

Of course, it's a tricky regulatory issue. On the one hand you might say that a business should be able to analyze its internal data however it wants. But on the other hand, most people view the phone companies as infrastructure, and people don't expect them to be analyzing their calls--- just providing them with service at the stated rates. And since they form a oligopoly of sorts with very high barriers to entry, it's not clear that "just don't do business with the shady ones" is a feasible solution.

Re:How can we churn?

[Epsilon+Moonshade]

I actually read TFA! "Churn" is apparently when people switch from one carrier to another, presumably at the end of the contract. (This answers both the parent poster, and one in this same thread)

That being said, it looks like they'd be using this data to identify who's likely to switch over, and sweeten their deals a bit to keep them - at least, in the context of cell phone companies and the like. Obviously, this has other implications outside of cell companies, but I'm sticking with the original thought on this one.

So how do we game this system? Find people who have recently changed carriers and start having them call you. Free better phone for staying with a carrier you'd probably have already stayed with!

Silly, yes, I know. Thanks.

Re:How can we churn?

[Ezel]

Wiktionary gives asomewhat better answer:
1. A vessel used for churning.
        a butter churn
2. (telecommunications) The time when a consumer switches his/her service provider.
3. (telecommunications) The mass of people who are ready to switch carriers, expressed by the formula Customer Quits/Customer base.

I wonder how the etymology on that is explained.

How the mighty have fallen

[weeboo0104]

As a former IBM employee, I am disappointed to see the company that gave us some of the best typewriters in the world, the mainframe and the Personal Computer, producing this sort of drek after slashing jobs in the US.

I guess it was a matter of time before "IBM India Research Lab" produced something like this. They certainly haven't been producing any real business machines or providing decent customer service to IBM Global Services customers.

Look for more of the same from IBM. IBMs CEO Sam Palmisano has said repeatedly in the past year that IBM will be focusing more on "analytics".

Re:How the mighty have fallen

[v1x]

I guess it was a matter of time before "IBM India Research Lab" produced something like this. They certainly haven't been producing any real business machines or providing decent customer service to IBM Global Services customers.

I fail to understand the rationale (if there is one) behind how the geographic location of a research project might make a difference, but even so, it would appear that the corresponding author in the manuscript is from 'University of Maryland, Baltimore County.' Apart from the above statement, I also do not understand the wisdom behind expecting 'customer service' from a 'Research Lab,' simply because it is located in India--apparently IBM has research labs in many other parts of the world, but there isn't an unspoken expectation of 'customer service' from research labs anywhere else in the world.

Owning personal Information

[TomRC]

Years ago, when I (and others) pushed the idea that personal information generated as one goes about one's life should be considered private property, this is the sort of thing I expected. We should have always owned the copyright on all information generated by living our lives - "I am the author of my own history", and derivative works like IBM's should be a copyright violation.

Now it's too late - the corporations own your personal life log, and they can do whatever they want with it so long as they don't tell anyone else "personally identifying information". They can even, in some cases, deny you the right to see what they know about you, and they certainly have no requirement to actively inform you about what they're tracking about you.

The relationship should have always been the other way around - "I'm letting you use THIS specific information you gather about me for THESE purposes - anything else you want to collect or do with data I've allowed you to collect, you have to ask, same as with any other private property." Someday, some corporation will overstep somehow, and people will get angry enough to force some change.

Re:Owning personal Information

[Trepidity]

I think we (as a society) still haven't worked out what we want to do about this as the problems become more apparent. I wouldn't call the ownership-of-information view as dead as you seem to think it is. If anything, it has considerable support among moderate conservatives or libertarians who agree that we need to do something about privacy and large aggregate databases of personal information, but are wary of more centralized, paternalist solutions based solely around regulation. If you have that combination of traits---want something done, but want it not to be paternalist---a property right in personal information is an attractive idea. It's a few years old now, but this book has a good concise overview (pp. 76-79; might be able to get enough of an excerpt on Google Books if you're lucky) of a bunch of the proposals.

An interesting variant are those that revolve around the idea of default implied contracts. The way that in normal contract law, there are all sorts of implied things for what happens if the contract doesn't explicitly specify terms governing a particular situation, some of the proposals would have default terms include some sensible governance for ownership and use of private information, and require deviation from those to actually be agreed by both sides (this might require broader EULA reform, though, to make sure people really do know what they're agreeing to).

To be fair, the book also (pp. 81-92) has a decent summary of problems and criticisms of these proposals. Some are from people who'd love to aggregate huge databases of information and use it without any restraints, but there are a number from well-meaning people too. The problem is that the property rights are really the means, not the end--- it's not that we think having property rights in information is an inherent ethical good, but that we want to avoid some sort of dystopian surveillance society, and having property rights in your personal information is one possible proposal for how to avoid that. But designing markets is tricky, and subject to unintended consequences and loopholes, or just failing to really produce what we'd like them to produce.

Re:snail mail

[davester666]

Yes. In Louisiana, you must wear a white hood when you are out at night...

Valuble research but -- opt in or opt out?

[nbauman]

There have been some really important results from social network analysis.

The Collective Dynamics of Smoking in a Large Social Network http://content.nejm.org/cgi/content/full/358/21/2249

The Spread of Obesity in a Large Social Network over 32 Years http://content.nejm.org/cgi/content/full/357/4/370

However, in these studies, all the subjects had joined the study and given permission in writing for the researchers to use their personal data.

It would clear a lot of things up if we could see the documents that the UMD professor submitted to the university's human subjects review board, and the documents they sent him in reply.

Re:Academic ethics at work?

[Dogtanian]

If this was an academic study, then the raw data was (or should have been) typified (anonymized). Therefore it would not be useful for identifying real world "friends" responsible for "profit-threatening behavior". Rather, it would be a group analysis tool.

Except that there has been at least one Slashdot story in the past year or so explaining how supposedly "anonymized" data can be associated with real people, or at least different accounts on websites associated with each other.

And if anonymized accounts can be associated with each other, it's quite possible- if not probable- that they could be associated with one or more non-anonymized accounts- even if that particular account was used for some innocuous purpose- destroying the anonymity of them *all*.

Of course, you couldn't do this by hand; but that's what computers are for- data processing is a great way to spot patterns and guess which accounts might be the same person. The more advanced data mining software gets, the easier it becomes to have it automatically associate different accounts via patterns and trends.

(Of course, in some cases, it's not even that hard- searching for names- ego-surfing or looking up friends and family- is a big clue if not complete giveaway to anyone looking at (e.g.) a Google search history, if that info hasn't been anonymized as well).

Even if the websites were unwilling to share account info with each other, I suspect that one could write a screen-scraper for information and posts on the most popular sites, and group all the public info associated with a particular account anyway- which is probably enough.

To reiterate the point above- if you have a large number of anonymous or anonymised accounts that you reckon are associated with each other, you only need to make a connection between *one* of them and some non-anonymous source for anonymity to be blown on all of them.

And even if you were to take more care from now on, there's probably a mass of info you've left out there already, and it won't all go away in a hurry, if at all. And even if today's data mining wasn't powerful enough to tie it all together, it's quite plausible that it could improve significantly in the near future, changing its nature completely.

Things are changing all the time- this story being just one demonstration. Assuming you'll be safe because you're using anonymous or anonymised accounts gives a very dangerous sense of false security.

Re:snail mail

[nbauman]

Unless all mailboxes come with mandatory cameras these days.

U.S. post offices have security cameras these days. You can't mail anything that weighs >15 ounces without getting photographed, whether you know it or not.

A woman who worked for the Republican Party had an attack of conscience and mailed some documents to the Democrats, in an Express Mail envelope. She was prosecuted for theft, and part of the evidence was the Post Office security cameras. (Although I can't understand why she used Express Mail, where you have to fill out a return address and get a receipt.)

Re:How can we churn?

[St.Creed]

Churning seems to mean (in general) "to agitate, to upset, to replace old with new". As far as I know the word "churn" has been used as a synonym for "turnover" in several areas, including banking, e-commerce and telecom.

Ha!

Good luck IBM, I don't HAVE any friends!

Re:How can we churn?

[cymen]

In the USA, whenever one of the two parties in a contract wants to change the terms, the new terms must be agreed to by both parties or the contract can be cancelled. Typically, the verbiage that one can cancel the contract and get out of the terms without loosing the deposit is buried in all the other legalese. But it should be there.

Who gave out the data?

[mstrcat]

I'd be interested to know what telecom gave the researchers the data. If I'd been a customer of that company, I sure wouldn't any longer. I think I'll switch cell phone companies and phone numbers, just to become part of the churners.