Privacy soon extinct, protection unlikely
January 7th, 2006If you don’t think that laws regarding privacy rights need to be updated and strengthened for the 21st century, then you don’t understand the technical abilities currently availble using today’s technology. We now know that many people’s phone records are available for as little as about $100 to anyone who wants them. But remember that one of the most disturbing aspects of the PATRIOT Act is that it gives the feds access to your library records. Of course, who needs to go through the trouble of getting library records:
Data Mining 101: Finding Subversives with Amazon Wishlists: “Vast deposits of personal information sit in databases across the internet. Terms used in phone conversations have become the grounds for federal investigation. Reputable organizations like the Catholic Worker, Greenpeace, and the Vegan Community Project, have come under scrutiny by FBI “counterterrorism” agents.”
(Via Applefritter.)
How open are your wishlists? You don’t even need to pull up a wishlist with a full name. You can search by first name alone, and pull up all the lists in Amazon’s databases for anyone who shares that name. As the article notes, anyone with a half-decent name database could access virtually all the wishlists on Amazon, given enough tenacity and time.
“Amazon wishlists lets anyone bookmark books for later purchase. By default these lists are public and available to anybody who searches by name. [...] Amazon’s popularity has created a vast database of wishlists. No index of all wishlists is available, but it remains possible to view all wishlists by people of a particular first name. A recent search for people named Mark returned 124,887 publicly viewable wishlists.”
But surely to go through all the wishlists on Amazon would be a stunningly tedious job and not worth the effort. Actually, using modern scripting languages, it turns out that it’s not that difficult at all:
“Using a pair of 5-year-old computers, two home DSL connections, 42 hours of computer time, and 5 man hours, I now had documents describing the reading preferences of 260,000 U.S. citizens.
“I downloaded all the files to an external 120 GB Firewire drive in UFS format. The raw data occupied little more than 5 GB.”
And this was just for the first name “Edgar.” If you don’t believe that organizations with significantly faster computers, more bandwidth, and more man hours to devote to projects like this are rifling through your online data, then I have a bridge in Brooklyn I’d like to sell you.
It’s not just the government organizations we should worry about either. Because wishlists indicate city and state locations for the users, a technically savvy company can develop sophisticated, targeted advertising based on region, state, or town. A political party can tailor candidate advertising, or an interest group fashion issue messaging, to manipulate the electorate in ways that are most effective given the prevailing sentiment of an area.
Even if no one (other than the author at Applefritter) has done this yet, the simplicity with which he was able to do so means that the bar has been lowered to the point that it can only be a matter of time. If we care about privacy, it’s time to demand that effective laws limiting use of our personal data be enacted.
