This ought to be fun.

According to an article in the WSJ, Europe Approves New Cookie Law, “the Council of the European Union has approved new legislation that would require Web users to consent to Internet cookies..”

The law could have broad repercussions for online ads. “Almost every site that carries advertising should be seeking its visitors’ consent to the serving of cookies,” wrote Struan Robertson, a lawyer specializing in technology at Pinsent Masons and editor of Out-Law.com. “It also catches sites that count visitors — so if your site uses Google Analytics or WebTrends, you’re caught.”

This hit slashdot (“Breathtakingly Stupid” EU Cookie Law Passes) this morning.

By the way, our ebiquity site uses cookies. Send mail to no-more-ebiquity-cookies at cs.umbc.edu if you want to opt out.

Hmmmm. I wonder how we would implement cookie opt-out. I think setting a cookie to indicate that the user has opted out of your site’s cookies would be a good approach.

The Economist has been running a series of online Oxford Union style debates on topical issues — CEO pay, healthcare, climate change, etc. The latest one is on the cloud computing: This house believes that the cloud can’t be entirely trusted.

In his opening remarks, moderator Ludwig Siegele says

“The participants in this debate, including the three guest speakers, all agree that computing is moving into the cloud. “We are experiencing a disruptive moment in the history of technology, with the expansion of the role of the internet and the advent of cloud-based computing”, says Stephen Elop, president of Microsoft’s business division, which generates about a third of the firm’s revenues ($13 billion) and more than half of its profits ($4.5 billion) in the most recent quarter. Marc Benioff, chief executive of Salesforce.com, the world’s largest SaaS provider with over $1.2 billion in sales in the past 12 months, is no less bullish: ‘Like the shift [from the mainframe to the client/server architecture] that roiled our industry in decades past, the transition to cloud computing is happening now because of major discontinuities in cost, value and function.’”

While the debate’s proposition suggests that security or privacy is its focus, it’s really a broader argument about how software services will be delivered in the future in which security is just one aspect.

“Whether and to what extent companies and consumers elect to hand their computing over to others, of course, depends on how much they trust the cloud. And customers still have many questions. How reliable are such services? What about privacy? Don’t I lose too much control? What if Salesforce.com, for instance, changes its service in a way I do not like? Are such web-based services really cheaper than traditional software? And how easy is it to get my data if I want to change providers? Are there open technical standards that would make this easier?”

Google added a great new service, Dashboard, that summarizes data stored for a Google account — see MY ACCOUNT>PERSONAL SETTINGS>DASHBOARD.

“Designed to be simple and useful, the Dashboard summarizes data for each product that you use (when signed in to your account) and provides you direct links to control your personal settings. Today, the Dashboard covers more than 20 products and services, including Gmail, Calendar, Docs, Web History, Orkut, YouTube, Picasa, Talk, Reader, Alerts, Latitude and many more. The scale and level of detail of the Dashboard is unprecedented, and we’re delighted to be the first Internet company to offer this — and we hope it will become the standard.”

This is a good move on Google’s part. But while there’s a lot of information included, it’s not everything that Google knows about you — e.g., data in cookies, click throughs data from search results and information from companies it’s acquired, like Doublclick. Still, it is a big step in a positive direction.

In the Fall of 2007, two MIT students carried out a class project exploring how presumably private data could be inferred from an online social networking system. Their experiment was to predict the sexual orientation of Facebook users who make their basic information public by analyzing friendship associations. As reported in the Boston Globe last month, the students’ had not yet published their results.

Well, now they have — in the October issue of the First Monday, “one of the first openly accessible, peer–reviewed journals on the Internet”.

Carter Jernigan and Behram F.T. Mistree, Gaydar: Facebook friendships expose sexual orientation, First Monday, v14, n10, October 2009.

The paper has a lot of detail on the methodology for collecting the data and how it was analyzed. Here’s the abstract.

“Public information about one’s coworkers, friends, family, and acquaintances, as well as one’s associations with them, implicitly reveals private information. Social networking Web sites, e–mail, instant messaging, telephone, and VoIP are all technologies steeped in network data — data relating one person to another. Network data shifts the locus of information control away from individuals, as the individual’s traditional and absolute discretion is replaced by that of his social network. Our research demonstrates a method for accurately predicting the sexual orientation of Facebook users by analyzing friendship associations. After analyzing 4,080 Facebook profiles from the MIT network, we determined that the percentage of a given user’s friends who self–identify as gay male is strongly correlated with the sexual orientation of that user, and we developed a logistic regression classifier with strong predictive power. Although we studied Facebook friendship ties, network data is pervasive in the broader context of computer–mediated communication, raising significant privacy issues for communication technologies to which there are no neat solutions.”

As we had previously noted, this datamining exercise only accesses information that Facebook users explicitly choose to make public. The authors note that their analysis “relies on public self–identification of same–gender interest in Facebook profiles as a sentinel value for LGB identity”. The privacy vulnerability is that the default setting for a Facebook account is that friendship relations are public and you can not control the privacy settings of your friends. So if your leave your friend list public and many of your Facebook friends open up their profiles, it may be possible to draw reasonable inferences about your age, gender, political leanings, sexual preferences and other attributes.

The New York Times reports that the data for the Netflix Prize 2 will include more information about the anonymous users:

“Netflix was so pleased with the results of its first contest that it announced a second one on Monday. The new contest will present contestants with demographic and behavioral data, including renters’ ages, gender, ZIP codes, genre ratings and previously chosen movies — but not ratings. Contestants will then have to predict which movies those people will like.”

As others have noted this will make it much easier to “de-anonymize” individuals in the collection.

As an experiment, I checked the zip code where I grew up and found that it had about 3900 people in the 2000 census. So, given an age and gender you would have a set of about 40 people. With just a little bit of additional information, one could narrow this to a specific individual.

For example, Narayanan and Shmatikov showed (Robust De-anonymization of Large Sparse Datasets) that this could be done with the dataset from the first Netflix Grand Prize by mining information from IMDB. Think of how much more powerful such attacks would be with the new dataset.

Today’s Boston Globe has an article on online privacy provocatively titled Project ‘Gaydar’ that leads with a story of an class experiment done by two MIT students on predicting sexual orientation from social network information.

“Using data from the social network Facebook, they made a striking discovery: just by looking at a person’s online friends, they could predict whether the person was gay. They did this with a software program that looked at the gender and sexuality of a person’s friends and, using statistical analysis, made a prediction. The two students had no way of checking all of their predictions, but based on their own knowledge outside the Facebook world, their computer program appeared quite accurate for men, they said.”

I suspect that many will read the article and think that such an analysis can be easily done on their own Facebook information. While I’m not a Facebook expert, I assume that the vast majority of its users employ the default privacy settings which do not allow non-friends to see personal information including gender and the ‘interested in’ attribute, which can be used as a proxy for sexual orientation.

Still, the problem of protecting privacy in online social networking systems is a very real one. The Boston Globe story also mentions work by Murat Kantarcioglu on predicting political affiliations (see Inferring Private Information Using Social Network Data).

“He and a student – who later went to work for Facebook – took 167,000 profiles and 3 million links between people from the Dallas-Fort Worth network. They used three methods to predict a person’s political views. One prediction model used only the details in their profiles. Another used only friendship links. And the third combined the two sets of data. The researchers found that certain traits, such as knowing what groups people belonged to or their favorite music, were quite predictive of political affiliation. But they also found that they did better than a random guess when only using friendship connections. The best results came from combining the two approaches.”

The article also mentions Lise Getoor’s work on discovering private information by integrating work across Facebook, Flickr, Dogster and BibSonomy (see To Join or not to Join: The Illusion of Privacy in Social Networks with Mixed Public and Private User Profiles).

“Those researchers blinded themselves to the profiles of half the people in each network, and launched a variety of “attacks” on the networks, to see what private information they could glean by simply looking at things like groups people belonged to, and their friendship links. On each network, at least one attack worked. Researchers could predict where Flickr users lived; Facebook users’ gender, a dog’s breed, and whether someone was likely to be a spammer on BibSonomy. The authors found that membership in a group gave away a significant amount of information, but also found that predictions using friend links weren’t as strong as they expected. “Using friends in classifying people has to be treated with care,” computer scientists Lise Getoor and Elena Zheleva wrote.”

The Electronic Frontier Foundation released a whitepaper, On Locational Privacy, and How to Avoid Losing it Forever, discussing problems and solutions involving location privacy. The report, written by Andrew Blumberg and Peter Eckersley, outlines how location information is being collected by devices and services and argues for solutions that maintain potential benefits without sacrificing personal privacy.

“There are nifty new location-based technologies like electronic road-toll tags and cell-phone apps that alert you when your friends are nearby — but these systems often create and store records of your movements,” said EFF Staff Technologist Peter Eckersley, one of the co-writers of the white paper. “This could make it possible for others to know when you visited a health clinic, what church or bar you spend time in, or who you go to lunch with. It is essential that privacy-protecting algorithms are built into these devices and services, so we can enjoy their convenience without making our private lives into open books.”
…
“The technical solution to preserving privacy in digital services lies in modern cryptography and careful design,” said Stanford University mathematician Andrew J. Blumberg, the white paper’s other co-writer. “It may seem counterintuitive, but using cryptography, these systems can function without collecting and storing personal data at all. The best way for systems to protect user data is not to collect it in the first place; then the information is not available for anyone to buy, steal, or obtain by subpoena — it would stay truly private.”

APF and others report that Canada considers facebook’s practices to violate its privacy law.

“Canadian officials on Thursday said Facebook was breaking national privacy law by holding on to personal information from closed accounts at the social-networking service. A Canada privacy commission report expressed “an overarching concern” that privacy information Facebook provides its more than 250 million users is “often confusing or incomplete.” Facebook said it is working with the commission to resolve its concerns in ways that safeguard privacy without disrupting user-experiences at the world’s most popular online social-networking community.”

The Office of the Privacy Commissioner of Canada conducted an investigation into a wide-ranging complaint about facebook’s privacy practices filed by the Canadian Internet Policy and Public Interest Clinic (CIPPIC).

In a July 16 press release describes the highlights of the Report of Findings into the Complaint Filed by the Canadian Internet Policy and Public Interest Clinic (CIPPIC) against Facebook Inc.. These include the following:

“An overarching concern was that, although Facebook provides information about its privacy practices, it is often confusing or incomplete. For example, the “account settings” page describes how to deactivate accounts, but not how to delete them, which actually removes personal data from Facebook’s servers.
…
The investigation also raised significant concerns around the sharing of users’ personal information with third-party developers creating Facebook applications such as games and quizzes. (There are more than 950,000 developers in some 180 countries.) Facebook lacks adequate safeguards to effectively restrict these outside developers from accessing profile information, the investigation found.
…
The investigation also found that Facebook has a policy of indefinitely keeping the personal information of people who have deactivated their accounts – a violation of the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s private-sector privacy law. The law is clear that organizations must retain personal information only for as long as is necessary to meet appropriate purposes.”

New York state attorney general Andrew Cuomo announced he intends to sue social networking company tagged.com “for deceptive e-mail marketing practices and invasion of privacy”.

“Between April and June this year, Tagged sent tens of millions of misleading emails to unsuspecting recipients stating that Tagged members had posted private photos online for their friends to view. In reality, no such photos existed and the email was not from their friends. When recipients of these fraudulent emails tried to access the photos, they were forced to become a new member of Tagged. The company would then illegally gain access to their personal email contacts to send more fraudulent invitations.
     “This company stole the address books and identities of millions of people,” said Attorney General Cuomo. “Consumers had their privacy invaded and were forced into the embarrassing position of having to apologize to all their email contacts for Tagged’s unethical – and illegal – behavior. This very virulent form of spam is the online equivalent of breaking into a home, stealing address books, and sending phony mail to all of an individual’s personal contacts. We would never accept this behavior in the real world, and we cannot accept it online.”

See stories in the NYT and Independent.

(via AISL)

FaceBook is changing how it manages privacy starting today. After reading last week’s post on the FaceBook blog, More Ways to Share in the Publisher, and a followup note on ReadWriteWeb, A Closer Look at Facebook’s New Privacy Options, I thought I understood: Facebook was sharing more but only for people who have made their profiles public. From the official FaceBook post:

“We’ve received some questions in the comments about default privacy settings for this beta. Nothing has changed with your default privacy settings. The beta is only open to people who already chose to set their profile and status privacy to “Everyone.” For those people, the default for sharing from the Publisher will be the same. If you have your default privacy set to anything else—such as “Friends and Networks” or “Friends Only”—you are not part of this beta.”

But the New York Times has an article, The Day Facebook Changed: Messages to Become Public by Default that clearly says more is coming (emphasis added):

“By default, all your messages on Facebook will soon be naked visible to the world. The company is starting by rolling out the feature to people who had already set their profiles as public, but it will come to everyone soon. You’ll be able each time you publish a message to change that message’s privacy setting and from that drop down there’s a link to change your default setting.

But most people will not change the setting. Facebook messages are about to be publicly visible. A whole lot of people are going to hate it. When ex-lovers, bosses, moms, stalkers, cops, creeps and others find out what people have been posting on Facebook – the reprimand that “well, you could have changed your default setting” is not going to sit well with people.”

But it will come to everyone soon! That’s a big change if true. There will be blood.

I hope that there is come clarification soon from FaceBook. I, for one, am left confused.

The ABA Journal news blog has an post, Fordham Law Class Collects Personal Info About Scalia; Supreme Ct. Justice Is Steamed, on privacy and the law — or at least one very famous lawyer: U.S. Supreme Court Justice Antonin Scalia. Joel Reidenberg teaches a course on information privacy law at Fordham University and illustrates the scale of the problem empirically.

“Last year, when law professor Joel Reidenberg wanted to show his Fordham University class how readily private information is available on the Internet, he assigned a group project. It was collecting personal information from the Web about himself. This year, after U.S. Supreme Court Justice Antonin Scalia made public comments that seemingly may have questioned the need for more protection of private information, Reidenberg assigned the same project. Except this time Scalia was the subject, the prof explains to the ABA Journal in a telephone interview.

His class turned in a 15-page dossier that included not only Scalia’s home address, home phone number and home value, but his food and movie preferences, his wife’s personal e-mail address and photos of his grandchildren, reports Above the Law.

And, as Scalia himself made clear in a statement to Above the Law, he isn’t happy about the invasion of his privacy: “Professor Reidenberg’s exercise is an example of perfectly legal, abominably poor judgment. Since he was not teaching a course in judgment, I presume he felt no responsibility to display any,” the justice says, among other comments.

This November will be the first time any end-to-end cryptographic system will be used in a binding governmental election.

UMBC Professor Alan Sherman and his students have been helping develop the Scantegrity open source election verification technology for optical scan voting systems. It uses privacy preserving confirmation numbers to allow each voter to verify her vote is counted and that all the votes were counted correctly.

The group has been working with Takoma Park MD to use this in a binding governmental election later this year. Alan recently wrote:

“On Saturday April 11, there will be a mock election in Takoma Park, MD, using the Scantegrity II high-integrity voting system being developed in part at the UMBC Cyber Defense Lab. Anyone is welcome to come and vote – polls will be open 10am-2pm in the Community Center at 7500 Maple Ave. This mock election is preparation for the Nov 2009 municipal election in Takoma Park which will also use Scantegrity – the first time any end-to-end cryptographic system will have been used in a binding governmental election.”

Here’s the text a short article on the election from the April 2009 Takoma Park newsletter.

This Arbor Day: Plant the Seeds for Election Verifiability

Election integrity is a major issue both nationally and internationally. During the City’s annual Arbor Day celebration, Takoma Park will try out what may be one solution. From 10 a.m. until 2 p.m. on April 11, City residents and their families and friends are invited to participate in a mock election administered by the City and its Board of Elections. The point of this mock election is to give voters an opportunity to test out and provide feedback to the City on the voting system it will use in the November 2009 municipal elections.

First among the many characteristics that set this system apart from those previously used by the City is that voters will be able to confirm that their ballots were counted.

As part of their ballot, voters will receive a confirmation code that they can write down, take home and check online to make sure their votes were counted. The confirmation number does not say how you voted and your vote remains private. What it does say, however, is that your vote is included in the final tally and that the machine read your vote correctly.

The system is paper-based and works like an optical scan voting system, making it easy to use. The only difference is that when you vote, instead of a completely black bubble, you will see the confirmation number appear as shown in the illustration above.

Writing down and checking the confirmation number is optional. So, this Arbor Day, while enjoying the festivities, drop by the Community Center Azalea Room to see how the system works. Try it out, ask questions, give feedback, and enjoy the refreshments!

To obtain more information on the Arbor Day Mock Election, visit the City’s website at www.takomaparkmd. gov. Questions may also be addressed to the City Clerk’s office at 301-891-7267 or Clerk@takomagov.org.