In April of this year, The New York Times launched a new interactive portal on their website called “The Privacy Project.” The project was launched as a way for the Times to provide comprehensive coverage and background on the privacy issues that are progressively finding themselves closer and closer to the center stages of modern cultural discourse. Whether it’s concerns over the commercial use of personal data from D-I-Y DNA kits, BigTech’s litany of user-privacy scandals or federal investigations into the possible damage done by the latest viral app, privacy issues are ubiquitous in the press. While the coverage is there, it is always after the fact, trying to put the pieces together after the latest worrying revelation. The Times project is an attempt to illuminate the key components of modern privacy issues in order to stimulate a more proactive approach to them.
It has been interesting, and at times enlightening, to read the pieces published as part of the project. Earlier this month, House Minority Leader Kevin McCarthy published an op-ed that started with the following scenario: “Imagine that Congress proposed a law that made postage free in the United States. Even in the digital age, this would be quite convenient. The only catch? In exchange for free mail, postmasters would be permitted to open your mail and read our letters and bills. The benefit, postmasters would insist, is they would know when you’re planning a family vacation. And then the post office could send you hotel recommendations or advice for the best restaurants and activities.”
Sound familiar? McCarthy goes on to argue that this is essentially what is happening today: communication via post has been replaced by email and other online methods, which, while they are free, are not private. The only difference here is that it is not the government that is snooping through your mail to learn about your family vacation, it is a private company, which then takes the information they’ve gleaned and sells it to the highest bidder.
How far has the tracking gone? Though at this point it should come as no surprise, Microsoft recently published findings from its research department that show that Google and Facebook keep tabs on everything their users do, including their activity on porn sites. Apparently 93% of user data on porn sites is leaked to third parties, and this figure includes users that take precautions to surf anonymously.
For their part, Google and Facebook tried to minimize the findings, with Google claiming to the Times that “we don’t allow Google Ads on websites with adult content and we prohibit personalized advertising and advertising profiles based on a user’s sexual interests or related activities online. Additionally, tags for our ad services are never allowed to transmit personally identifiable information to Google.” Facebook pointed to its public community guidelines, noting that they “forbid advertising trackers on sex websites, and such sites are blocked from data collection processes.”
While you generally have to take everything Facebook says publicly with a grain of salt, both companies used careful wording, specifying that they do not allow tracking related to advertising to happen on sites of this kind. While Facebook went further, saying that the sites are “blocked from data collection processes,” which, in light of the findings, seems not to be true, saying that advertising-related tracking isn’t happening is another way of saying other types of tracking are happening.
Nowhere to Hide
There is also an issue with the “personally identifiable information,” which, Google claimed, tags for its ad services are not allowed to transmit to Google. In a recent article for the MIT Technology Review, Charlotte Jee discusses new findings published in Nature Communications which reveal that, even when companies take efforts to anonymize the data they have gathered from your activity, it is remarkably easy to reidentify individuals from an anonymized data set.
The study consisted in taking an anonymized data set and seeing if, by plugging in some general demographic attributes, they could pinpoint identities that correspond to data in the set. Reidentifying individuals out of the data set turned out to be easier than the researchers anticipated, as you can see on the linked-to site, where you can test how hard it would be for an outside party to reidentify you out of a data set, if they had three of your basic demographic attributes: your zip code, gender and date of birth. According to the study, with just those three personal records there is an 83% chance of reidentification. The more records you have, the easier it is to pinpoint an individual, or as Imperial College researcher and co-author of the study Yves-Alexandre de Montjoye put it, “as the information piles up, the chances it isn’t you decrease very quickly.” The study determined that with 15 personal attributes, the chance of identification rises to a staggering 99.98%.
The percentages of the study are helpful in conceptualizing how vulnerable our data is, but the vulnerability itself is hardly new, and neither, as it turns out, is the knowledge of how it can be used. The MIT article points out that there are papers from over a decade ago that determined that even online activity as quotidien as leaving a Netflix review can have an equivalent deanonymizing value as that of a social security number. And just this past year, the above-mentioned New York Times employed similar demasking techniques to publicly reveal Donald Trump’s tax returns from 1985 to 1994.
Getting back to the Facebook and Google porn problem, Google’s handwashing in the end amounts to little more than empty words, but, seeing as Google and its fellow tech giants are never really held accountable for their many intrusions, abuses and missteps, some light public handwashing is all that’s ever really required of them.
That is, at least, how it has played out up to this point. Public sentiment has decidedly soured on Silicon Valley’s predilection for overstepping its bounds and for the apparent reluctance of lawmakers to do anything about it. Some representatives in the United States have at least started to speak out more forcefully and acknowledge that changes need to be made, as evidenced by the op-ed I quoted from at the start of the column. That the Times has been covering the many aspects of this issue so thoroughly is a heartening sign.
To return to McCarthy’s op-ed, as an alternative to his free postage scenario, McCarthy suggests that we might find it more comfortable to pay the small postage fees if, in turn, they would keep the contents of our letters strictly between us and our recipients. Adapting the scenario to the digital state of affairs, McCarthy writes that the privacy of our mail is protected by law, as is the privacy of our health records, and that something needs to be done to apply the same standards to our personal data in the digital sphere.
While many have called upon the government to take action (Europe’s General Data Protection Regulation has been looked towards as an example worth emulating) McCarthy argues that whatever success the government may be able to achieve in asserting more control over Silicon Valley will likely come at the cost of cementing the current tech giants’ position at the top of the pyramid and barring the path for newcomers. In an industry built on constant development, the possible stagnation this move could entail would be debilitating.
Instead, McCarthy emphatically nominates blockchain technology as a means of helping us regain control over our own data. Rather than government intervention, McCarthy calls for investment into projects that have the potential to deliver new breakthroughs. In his vision, user activity on a blockchain network will be protected from outside parties via encryption. Private keys, handled only by the individual that has produced the data in question, would data private and prevent tracking. In order for this to work, the system would have to be decentralized, which would only be possible if individuals were incentivized to contribute to its operation, i.e., via cryptocurrency.
Having worked for a long time in this sphere with my team at Bytecoin, it is somewhat surreal to read an op-ed in the Times by a major American government official singling out blockchain and cryptocurrency as a means of transformative and much needed change. McCarthy’s idea isn’t completely original, but by writing about it he is normalizing it and encouraging intelligent people to ply their talents in this field, which could do wonders for the industry.
As I have touched on before, I think blockchain will be key to privacy protection as we move forward into a more digital reality. The key, to me, is cryptographic development. As it stands now, the kind of system McCarthy is talking about would not be able to provide complete anonymity. The potential range of actions people could perform on such a theoretical system would be too wide to provide complete anonymity, but it would seriously hamper the all-pervasive tracking that is in place right now.
If McCarthy’s proposal is given legs and other like-minded people join in the discussion it could help us all in our shared quest to make manifest the full potential of this technology. Here’s to that happening and further confirmation that cryptocurrency has arrived on global, mainstream and legitimate level as a force to be reckoned with.