A few days ago, National Public Radio (NPR) tried to offer some lighter fare to break up the death march of gloomier stories about economic calamity. You can listen to the story online. The story's reporter, Chana Joffe-Walt, followed a mail carrier named Andrea on her route around the streets of Seattle. The premise of the story is that Andrea can measure economic suffering along her mail route--and therefore in that mythical place, "Main Street"--by keeping tabs on the type of mail she delivered. I have two technology policy thoughts about this story, but because I have a lot to say, I will break this into two posts. In this post, I will share some general thoughts about privacy, and in the next post, I will tie this story to NebuAd and Phorm.
I was troubled by Andrea's and Joffe-Walt's cavalier approaches to privacy. In the course of the five minute story, Andrea reveals a lot of private, personal information about the people on her route. Only once does Joffe-Walt even hint at the creepiness of peering into people's private lives in this way, embracing a form of McNealy's "you have no privacy, get over it" declaration. In the first line of the story, Joffe-Walt says, "Okay before we can do this, I need to clear up one question: Yes, your mailman reads your postcards; she notices what magazines you get, which catalogs; she knows everything about you." The last line of the story is simply, "The government is just starting on its $700 billion plan. As it moves forward, Wall Street economists will be watching Wall Street; Fed economists will be watching Wall Street; Andrea will be watching the mail."
There are many privacy lessons I can draw from this: First, did the Postal Service approve Andrea's participation in the interview? If it did, did it weigh the privacy impact? If not, why not?
More broadly speaking, I bet all of the people who produced or authorized this story, from Andrea and Joffe-Walt to the Postal Service and NPR, if they thought about privacy at all, engaged in a cost-benefits balancing, and they evidently made the same types of mistakes on both sides of that balancing that people often make when they think about privacy.
First, what are the costs to privacy from this story? At first blush, they seem to be slight to non-existent because the reporter anonymized the data. Although most of the activity in the story appears to center on one city block in Seattle, we aren't told which city block. This is a lot like AOL arguing that it had anonymized its search queries by replacing IP addresses with unique identifiers or like Phorm arguing that it protects privacy by forgetting that you visited Orbitz.com and remembering instead only that you visited a travel-related website.
The NPR story exposes the flaw in this type of argument. Although a casual listener won't be able to place the street toured by Andrea, it probably wouldn't be very hard to pierce this cloak of privacy. In the story, we are told that the street is "three-quarters of a mile [north] of" Main Street. The particular block is "a wide residential block where section 8 housing butts against glassy, snazzy new chic condos that cost half-a-million dollars." Across the block are a couple businesses including a cafe "across the way." Does this describe more than a few possible locations in Seattle? [Insert joke about the number of cafes in Seattle here.]
It's probably even easier for someone who lives in Seattle to pinpoint the location, particularly if it is near where they live or work. For these people, thanks to NPR, they now know that in the Section 8 building lives "a single mom with an affinity for black leather is getting an overdraft notice" and a "minister . . . getting more late payment bills." The owner of the cafe has been outed as somebody who pays his bills only by applying for new credit cards. If you lived or worked on this particular block, wouldn't you have at least a hunch about the identities of the people tied to these potentially embarrassing facts?
Laboring under the mistaken belief that anonymization negated any costs to privacy, the creators of the story probably thought the costs were outweighed by the potential benefits. But these benefits seem to pale in comparison to the privacy risks, accurately understood. What does the listener gain by listening to this story? A small bit of anecdotal knowledge about the economic crisis? A reason to fear his mailman? The small thrill of voyeurism? A chance to think about the economic crisis while not seized by fear and dread? I'm not saying that these benefits are valueless, but I don't think they were justified when held against the costs.
Front page posts
[...] What Your Mailman Knows (Part 1 of 2) | Freedom to Tinker What Your Mailman Knows (Part 1 of 2) | Freedom to Tinker [...]
Yes, the NPR folk were a little incautious about information that may make it possible to identify the specific neighborhood. (Not living in Seattle, I cannot judge if this makes specific identification possible - possibly not.) Then again, their incaution makes little or no difference, and makes a (perhaps unintended) point. Much of the information you might hope was private is not, and more can be deduced indirectly.
Better not to believe in an illusion of privacy, when reality differs.
Yes, in balance the impact of the NPR story is almost certainly worth the cost. We have far less privacy than most folk think. That point needs to be made, and repeated. If you value privacy, it is best to know how little you have.
Don't shoot the messenger. :)
Curiously enough -- or maybe this is just a perfect example of Murphy's Law -- there's really only about fifteen blocks or so of Main Street in Seattle, total, maybe half of which might contain a neighborhood with this description; so it shouldn't be difficult to determine the locations of the various landmarks and postal patrons noted in the segment. (One could probably come up with an exhaustive but still very short list of possibilities in only half an hour.) Using a different street, like Jackson or Yesler, would have been a much more effective "anonymization."
Whether or not this proves that street names are an insufficient level of anonymity in a scenario like this, it certainly does demonstrate that for purposes of specificity, all street names are NOT created equal; and, as usual, the devil is in the details.
I highly doubt that the Postal Service approved this story, since they have nothing to gain and everything to lose--in particular, their reputation, such as it is, for preserving customers' privacy--from it.
My guess is that the NPR reporter's token gestures towards privacy preservation were meant as reassurance to the letter carrier, so that she would talk to them, not as a serious attempt to preserve anyone's privacy. Reporters themselves have absolutely zero interest in preserving the privacy of the people about whom they're reporting. They're in the business of disseminating information to people who are interested in it, after all, and any kind of privacy preservation simply gets in their way. I expect that if the letter carrier had been comfortable revealing the full identities of her customers, along with lurid details of their lives, and if the reporter had had reason to believe that her audience would be interested in them--say, if some were friends or relatives of celebrities, or were otherwise objects of public curiosity without being public figures themselves--then even the perfunctory anonymization described here would have been dispensed with.
So many stories about the erosion of privacy, and no mention of the dossier Google has on all of us who use the Internet.
It's downright odd.
So who will be the first to pull this street up on Google's Street View? I
oopse. I thought I corrected the errors sorry all.
Why is this surprising?
There's a technical term for this in security-land. It's called traffic analysis.
Certainly USPS is in a fantastic position to engage in it. But how can you stop it with the current mail delivery protocol, any more than you could stop a network adminstrator from sniffing network traffic?
I'm not too worried about the Andreas or Cliff Clavins or the Newmans of the world being marginally curious or observant about mail traffic patterns, as long as they are not in a position to make or act on inferences about the traffic.
I'd be much more worried if the USPS were given permission (or a mandate) to perform traffic analysis wholesale (or even targeted).
It would not greatly surprise me to hear there's a warrantless mail traffic analysis program run by DHS or some such.
Everything personally-identifying (in the strict sense of that phrase) that leaves my house is shredded. And a generic white plastic bag protects most of the contents of my trash from being seen by my garbageman. So, I suspect my garbageman knows (and *could know*) considerably less about me than my mailman does (but maybe not). Can we solve some of this by, for example, having the postal service deliver mail in opaque pre-sorted containers (or at least offer the *option* of having that)?
[...] Last time, I commented on NPR's story about a mail carrier named Andrea in Seattle who can tell us something about the economic downturn by revealing private facts about the people she serves on her mail route. By critiquing the decision to run the story, I drew a few lessons about the way people value and weigh privacy. In Part 2 of this series, I want to tie this to NebuAd and Phorm. [...]
[...] Last time, I commented on NPR's story about a mail carrier named Andrea in Seattle who can tell us something about the economic downturn by revealing private facts about the people she serves on her mail route. By critiquing the decision to run the story, I drew a few lessons about the way people value and weigh privacy. In Part 2 of this series, I want to tie this to NebuAd and Phorm. [...]
徵信社,案件討論,男女專區,法律諮詢,相關新聞,情趣用品,情趣用品,情趣精品,情趣用品,情趣用品,情趣用品,情趣用品,威而柔,自慰套,自慰套,SM,充氣娃娃,充氣娃娃,潤滑液,飛機杯,按摩棒,跳蛋,性感睡衣
威而柔,自慰套,自慰套,SM,充氣娃娃,充氣娃娃,潤滑液,飛機杯,按摩棒,跳蛋,性感睡衣,視訊交友90739,情人視訊網,情色交友,視訊交友,辣妹視訊,美女視訊,aio交友愛情館,情色論壇,成人論壇,免費視訊聊天,辣妹視訊,視訊交友網,美女視訊,視訊交友,視訊
交友90739,情趣用品,成人聊天室,情趣,情趣,視訊聊天室,視訊聊天,視訊聊天室,情色視訊,情人視訊網,免費視訊聊天室,aio交友愛情館,色情遊戲,寄情築園小遊戲,情色文學,一葉情貼圖片區,室內設計,情惑用品性易購,情境坊歡愉用品,室內設計公司,視訊美女,愛情公寓,一葉情貼圖片區,情色貼圖,情色文學,色情聊天室,情色小說,情色電影,情色論壇,成人論壇,情趣用品,情趣用品,aio交友愛情館,aio交友愛情館,情境坊歡愉用品,情惑用品性易購,一葉情貼圖片區,一葉情貼圖片區,免費視訊聊天室,免費視訊,A片,做愛,愛情小說,性愛,性愛貼圖
花美姬情趣用品提供各類情趣用品.情趣用品產品定期更新,讓您一看再看,~千種情趣用品,~歡迎進入參觀選購
情人視訊網
提供你多元化交友.排遣你無聊的時間
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
花美姬情趣用品
..紅煙論壇..情人視訊網..
成人視訊交友..aio愛情交友館..40元DVD買10送2..高雄轉角情趣用品..
------------------------------------------------------------------------------------------------------------------------------------------------------
情境坊歡愉用品..
情人視訊網..
成人視訊交友
..
視訊交友..
情人視訊網..性感睡衣..
免費視訊聊天..色客風情..
---------------------------------------------------------------------------------------------------------------------------------------------------------
080中部人聊天室..
一葉情貼圖片區..
情人節禮物..
免費影片下載
台灣kiss情色網..
情趣用品..情人歡愉用品..
-------------------------------------------------------------------------------------------------------------------------------------------------------------
成人視訊交友..
情趣用品..聊天室交友..
中部人聊天室..情色交友..情色論壇..一夜情聊天室..上班族聊天室..
--------------------------------------------------------------
情人花束..美姬圖影..成人聊天室..辣妹視訊
アダルト販売
[PR]
自家焙煎
[PR]
カフェポッド
コーヒーギフト
コーヒーポッド
大人のおもちゃ
シャネル 新作
シャネル 通販
[PR]
[PR]
コスチューム
coupple大阪/
[PR]
大人のおもちゃ
アダルトグッズ
大人のおもちゃ
ドレス 通販
先物
[PR]
FX ブログ
ゴールドカード
クレジットカード 審査
電マ
オナホール
[PR]
エアコン 東京
カップリングパーティー-3/
医学論文翻訳
[PR]
システムキッチン
物置
洗面台
結婚式
[PR]
アンドロペニス
仮性包茎
電マ
[PR]
まつげエクステンション
まつげエクステンションスクール
アイラッシュスクール
探偵 調査
素行調査
写真だけの結婚式
アダルトグッズ
大人のおもちゃ
エステ 表参道
英会話 教材
[PR]
東京都 税理士
TAYA
美容室
電報
[PR]
まつげ エクステ
カップリングパーティー
探偵事務所
[PR]
オーガニックアロマ
[PR]
パティオ
お見合いパーティー
ウェルカムボード
株式 情報
SEO
モバイルSEO
携帯SEO
競馬
東京競馬場
小さいサイズ 婦人靴
身辺調査
妻浮気
悩み相談
探偵紹介
探偵事務所
行動調査
追跡調査
[PR]
[PR]
[PR]
[PR]
[PR]
オナホール
TENGA
バイブ
順位チェック
結婚関連情報
[[PR]]
生活役立ち
GooGoo
トゥグテョランダ
Post new comment