As announced today in Technology Review the trend of social networks now applies in the fields of genetic science. A new service is currently online, where you can compare your DNA with that of family and friends.

We are witnessing a boom in the field of social networks, which now expands to medical fields, where privacy is of utmost importance. My concern is not if these services actually protect their customers, but if customers really realize where they are getting into.

23andMe

The service is called 23andMe and is

a web-based service that helps you read and understand your DNA. After providing a saliva sample using an at-home kit, you can use our interactive tools to shed new light on your distant ancestors, your close family and most of all, yourself.

All they require from you is a sample of your spit and 999$. Then, they will gather all sorts of medical and genetical information and send you a thorough analysis. Purpose of this social network is not only to answer the question “where do I come from?” but also “how do I compare to other people?” Apart from that, as Technology Review notes

23andMe offers information about an individual’s disease risk. But it has also opted to emphasize more entertaining approaches to personal genomics, including using colorful visualization tools to look at a subject’s ancestry and compare it with that of celebrities from Jesse James to Benjamin Franklin and Bono. Now, to capitalize on the boom in social networking, the company will launch a genome-sharing tool that allows people to compare their genome with those of family members, friends, and even strangers who have offered up their DNA data.

It all sounds fun, but a person’s medical history is very thin ice and I wonder if potential users come to realize that.

23andMe’s Privacy Statement

The Privacy Statement of 23andMe is very clear and covers several issues to protect its users.

• they can choose if they want to share their information,
• the information collected are non-personal used for research and never released outside the company without the user’s consent
• users can delete their account anytime, which is also deleted from the company’s database.

It is obvious, that 23andMe takes privacy very seriously - and it should. Users are protected in multiple levels and given a variety of choices.

But one of the main reasons to join 23andMe is the community driven system. Users will likely want to compare information, they will want to see if they have the same genes as Gandhi; and that’s where the real privacy issues emerge.

Privacy in Social Networks; more important than ever

Until now, participators in most social networks were sharing information, of minimal importance: their favourite links, their hobbies, their bio or the number of their friends. Of course these are also subjects, that should be carefully shared, but no big harm can be done.

But with services like 23andMe, we are seeing a transformation in social networks and the privacy issues, that emerge.

Social networking is mostly fun and play, but when it comes to sharing information of your own DNA, things become much more serious. I’m not going to list the problems of publicly showing your medical history/future, these are obvious.

But users of social networks, should start thinking with extreme caution, which networks they should join. The fun and joy remains in social networking, but the hazards seem to increase.

Would you share information about your genealogical tree and your medical history with the wide public of the social web?

I think this graph on privacy from the New York Times didn’t get the attention it deserved. Although the companies argued, that they are not collecting individual data but statistical information, it is still a case of data mining versus privacy.
While the web expands, the user’s need for privacy increases.

I know that Google’s Street View is old news.

Google actually uses an extremely high-tech camera, scrounges the streets and takes photos. I’ve never really used the service myself, but while surfing today I found some articles that drew my attention on the subject.

Invading Privacy

Mashable: Mashable’s top 15 google street view sightings is supposed to be an entertaining article listing some pictures of several interesting and funny places around the world. What is disturbing in this article is not only the complete disregard of people’s privacy but also the quality and quantity of comments.

There are currently 155 comments linking to other sighting (guy picking his nose or girl showing her panties, etc.) or praising the humor of the article. From these 155 comments only 8 are actually referring to the factor of privacy.
Googlesightseeing: A little bit more search down the road and I found googlesightseeing.com. This site’s niche is posting images from Google Maps and Google’s Street View. Of course this might not directly say anything about privacy issues, since images of people are not that often on the site. But it implies something else:

There are people, who are extensively searching these all-viewing databases. So it is not the government, the CIA or “add conspiracy theory here” but ordinary people that are breaking the privacy barrier.

Psychology of Control

The panopticon was a model prison proposal of Jeremy Bentham in 1785. The idea was that the prisoners could not see the guards observing them. Although the concept was never realized, Bentham

pointed out that the prison could employ very few guards, since the prisoners could not know when they were being watched. The project’s key concept, however, wasn’t about architecture or economics; it was about the psychology of control.

In other words, people will start developing a sense of being constantly observed and therefore behave accordingly. It seems that there is not only a central authority, which practices control and surveillance, but also the society in general. Google’s Street View is one of the tools provided to the public to spy on each other.

Between private and public

But where are the boundaries between private and public?
There has been a great discussion on the subject;

• some state that Google’s street view is a major privacy issue, which will be subject in upcoming legal discussion

• while others don’t see any privacy violation, since the people are already in public.

It is already questionable how can we achieve true privacy, but the question goes beyond the boundaries of public and private. We are witnessing the development of an all-seeing, all-knowing society.
I’m already against any surveillance of any kind but moreover should the public really have access to such spying tools?

In this blog, I have repeatedly discussed the subject of online privacy. Either by commenting on the current affairs of peer-to-peer networks like torrentspy or talking about the future of privacy regarding the data openness we are lately experiencing.
Yesterday, I visited one of my favorite annual exhibitions in Berlin, the transmediale, whose topic this time was “conspire”. Among other things, I attended a conference called “Web 3.0: Conspiring to keep the Net Public”, with the hope of discussing the evolution of the upcoming semantic web. To my surprise, the talk concentrated mostly on the privacy prospect of the web. To be honest, the overall conference didn’t blow my mind (it was hard to follow), but the presentation of Seda Gürses was a pleasant exception.
She pointed out some very interesting insights on privacy in cyberspace, which I would like to discuss here.

So what is privacy?

In her presentation, Seda showed a mathematical formula of privacy, which says that:

privacy = the right to be left alone / concealment of data x k-anonymity.

This means, that privacy consists of our fundamental need and right to be left alone, which can be achieved by concealment of data and k-anonymity. Lets get a bit more specific with the terms.

Concealment of Data

Whenever you subscribe in a site, there is always a login form with asterisks next to the fields you must fill in (your mail, your age, your zip code, etc); and there is always this little box you must click called “I have read the Terms of Service and agree with the policy”. Now if the service is a commercial one, it may provide these information to the so called ‘data-miners’.
They are marketing people, who collect vast amounts of information and then plan a corresponding marketing pattern.

They say for example: 50% of the Facebook users who have installed the vampire application are buying Dungeons and Dragons books in Amazon. And they put an ad next to the vampires applications about D&D.
Data mining vs. Privacy is an important issue covering not only the online world but also political subjects.

But it’s not, that there is no solution. Bruce Schneier noted:

there are many ways to analyze data without knowing details of the data, [...] it’s just that there is little incentive to use them.

Concealment of data suggests, that information such as name, age, location, etc. remain private. But how can this achieved?

K-Anonymity

That’s where k-anonymity comes handy. It keeps data miners and privacy advocates satisfied. K-anonymity simply says, that

A release provides k-anonymity protection if the information for each person contained in the release cannot be distinguished from at least k-1 individuals whose information also appears in the release.

K-anonymity can be achieved by two methods:

1. Generalization.
   Instead of saying: this subject is 26 years old, you say it is 20-30 years old. Instead of saying he lives in 10247 Berlin, you say 10xxx Berlin. And so on.
2. Another interesting way is perturbing the data. This means, that

The actual value can be replaced with a random value out of the standard distribution of values for that field. In this way, the overall distribution of values for that field will remain the same, but the individual data values will be wrong.

In other words, you can change the individual data in such way, that the collective data will still remain the same.

The right to be left alone

I left this one in the end on purpose. We all take this right for granted and in a way it is for granted. But if you think about it, its boundaries are very flexible. The issue of privacy is not only about concealing data, but also about the negotiation of what is private and what not. Years ago it was a debate if domestic violence was a privacy issue or not.

The best question ever

Seda Gürses stated in interesting theory (with a cute video), which concluded with the best question ever. It is a theory of a swedish scientist, whose name she didn’t remember (sadly).

If we really want to stay private and anonymous, concealing our personal information is surely not adequate enough. There are many parameters, which distinguish us from the others.

True and absolute anonymity can be only achieved when:

• Everyone would wear an identical box, which should be so wide and tall as the widest and tallest person on earth, so that our external characteristics wouldn’t be possible.
• Everyone would walk with the same pace, so that walking differentiation wouldn’t be possible.
• Everyone would go out of his house at the same time, so that noone could identify another.
• Each time someone went out, he should take a different route, so that a categorization would be impossible. etc. etc.

Also to avoid loneliness and isolation, people would be allowed to have a pet.

So in a world of true anonymity, the only distinction from one person to another would be his pet.
The question is: do we really want to live in a world of true anonymity?

Today is International Privacy Day. I always wonder why we always have one day to celebrate something (peace, literacy, freedom, privacy, etc.), when these are subjects we should daily consider and honor. I suppose these International Days act as reminders to the forgetful ones, for the importance and weight of these ideals.

So International Privacy Day. Online privacy is a very vague subject. The International Association of Privacy Professionals (IAPP) has published some very interesting presentations explaining how can our privacy be harmed and how we can protect ourselves. Although researches show that our online privacy concerns have increased google points out that

70% of Europeans did not understand how their personal data was being protected.

So let’s see what one can learn and do on a day like this.

Privacy Harms

• Intrusions: When “they” come to your space to tell you what to do or where to point your attention. In cyberspace, SPAM is the most common example.
• Information Collection: Sadly, our world today. Visual surveillance we experience in our everyday life and don’t complain anymore. Of course asking for private information is considered a privacy breach (do your remember the TorrentSpy trial?).
• Information Processing: The curse of web 2.0. We are willingly opening our private data to anyone. Data mining can be considered as the mildest consequence. Letting marketers to develop patterns and decide if you are a good customer (if not, how can you become one).
• Information Dissemination: When services or software disclose more information about you as they should.

Protecting your Privacy

There are four basic ways to protect your privacy online:

• Technology: use firewalls and spam-filters
• Law: The CAN-SPAM act; an act which establishes certain requirements for those who send commercial email. For example using false headers is illegal.
• Markets: You choose a safe mail provider or a safe Operating System

Of course there are simple actions you can do yourself now to increase the protection of your private data and your system.

6 simple ways to protect yourself

1. Delete cookies after each session. Cookies are a nasty thing. They are the trace of your surf activity on your computer. This means that anyone can see which sites you lately visited. But some sites require cookies to work. So be smarter. Customize your browser to delete the cookies after you close him.In firefox just go to Preferences and to the “Privacy” Tab. Have the ‘accept cookies from sites’ clicked, but in the ‘Keep until:’ chose ‘I close Firefox’. If you think some cookies are really nasty and you don’t want them at all, just add them in the ‘Exceptions…’
2. Delete your web history. While you’re at the same tab (Privacy) select the ‘Always clear my private data when I close Firefox’ box. On ‘Settings’ you can customize that. I Clear everything apart from my saved passwords. (Remember, if you have saved passwords on firefox, ALWAYS keep a master password)
3. Change your passwords often. This might seem like an extreme measure, but it is very important one. Most users (me included) are participating in so many communities, they just have one password for all. The password for gmail, wordpress, ubuntu, yahoo, mixx is just the same. I know it is difficult changing the password for all these services, but it is necessary. I learned it first hand: Almost 3 years ago, while I was still running Windows, I logged in to my MSN Messanger just to see my username changed to “I have been hacked…yeah truly”. I immediately changed the password of my hotmail (and eventually stopped using it) and all other services I currently used. Or just get an OpenID and wait until it gets more popular.
4. Hide your IP when surfing. There are software that can hide your IP. Although, it is not 100% guaranteed hidden IP it is the best you can get. You also get this great feeling of freedom. Some free software to hide your IP are Tor and Smarthide.
5. Read The Terms of Service. I know it is boring. But sometimes you will find something in the Terms of Service that goes completely against your beliefs.
6. Use Encryption: Don’t protect your privacy only from marketers and spammers but also from identity theft, surveillance, system crackers or even espionage. A good place to start is the Pretty Good Privacy project. It is absolutely free and it runs almost in every computer (I think even Atari!)

What will you do today to protect your privacy?

Additional resources:

• Privacy Rights ClearingHouse
• Electronic Frontier Foundation on Privacy
• Tutorial to make a PGP key on Ubuntu for evolution

A study published yesterday on the Associated Press showed, that people are becoming more aware of the security of their private data.

Sixty-one percent of adult Americans said they were very or extremely concerned about the privacy of personal information when buying online, an increase from 47 percent in 2006.

This is a natural reaction, since reports are increasing on breaches of private information.

The Identity Theft Resource Center, for instance, listed more than 125 million records reported compromised in the United States last year. That’s a sixfold increase from the nearly 20 million records reported in 2006.

The paradox

It is interesting though, that two thirds of adult internet users continue buying products online. Of course with credit card frauds, “a customer’s liability is capped at $50, and even that amount is often waived”. But when we are dealing with identity theft, resolution may come after several years.

A very peculiar paradox. On the other hand people are worried about the integrity of their online data and on the other hand the continue shopping online. False priorities? Are people willing to risk their private data for comfort and availability?
I believe people are aware of the risk, but are engaged in a very (ir-?)rational thinking: It won’t happen to me.

Conclusion

The DavidAirey case a month or so ago reminds us, that identity theft can happen to all of us (do you consider your blog/website a part of your private data?).

With the developing privacy wars, the question still stands: Are users ready to have complete control over their private information?

If the subject has made you a bit more worried, here’s a starters guide to safeguard your privacy online, by Allan Leinwand.

I had a post the other day about Facebook and one of its rivals “Kaioo” and the discussion came to the subject of data portability.
M@ri@nn@ expressed her skepticism on the project. This short video (found at Partcls.blog) sumarizes the concept of data portability very well. Enjoy.

Sorry, I had to remove the video because it really messed up with the look of the blog…

Get involved in data portability.