THE BLOG
02/20/2013 12:23 pm ET | Updated Apr 22, 2013

Online Profiling and Invasion of Privacy: The Myth of Anonymization

AP

We have been conditioned to accept that privacy is dead.

We have been conditioned to accept privacy abuses as the price of using the Internet. These abuses generally involve having our search engine send us "better" ads, which most of us believe cannot be too dangerous. They are "only" ads, and they are "anonymous."

This acceptance of targeted as safe is based on five false assumptions:

1. Better-targeted ads are better for us.
2. Ads are "anonymous."
3. Ads really are "harmless."
4. Worrying about privacy is only for "bad" people; "good" people don't need privacy.
5. Ads cost us nothing and allow "good" companies like Google to give us great service "free."

1. No! Better Ads are Not Better for Us

There is a science of pricing theory, including Nobel Prize work in Economics, that addresses information asymmetry and its impact on pricing. With the most accurate pricing models, sellers know exactly what each buyer is willing to pay, and offer that price. This is of course best for sellers, since the buyer pays the maximum he is willing to pay.

Suppose you desperately need to get to Chicago for a family emergency. Just before you book you send a couple of texts and you receive a couple of emails, all describing the urgent need for the trip. In contrast, I'm bored and my best friend is bored as well. I send him a couple of texts and I receive a couple of emails, and we think we might go out to dinner tomorrow near his home in Chicago. You and I both start getting ads for flights to Chicago and hotels in Chicago, you for your emergency, and me for my whim. Which of us is going to get better prices?

Better ads are better for the sender, not the consumer. This is why Google earns tens of billions of dollars a year serving targeted ads, and newspapers and magazines are going bankrupt selling traditional ads. Targeted ads allow companies to target them based on the desirability of individual consumers. With better information companies can charge much more for targeting some buyers than for others. That's why some Google ads have much higher cost-per-clicks than others.

Better advertising is not better for you. Google earns billions, companies pay them billions for your clicks, and they do so because you pay those companies billions more as a direct result.

2. No! Anonymous and Harmless Ads are Neither Anonymous nor Harmless for Us

Now let's use a less benign, scarier example. Let's assume that a consumer has come back from a wild bachelor party in New York, with no clear memories of how he spent Saturday night. He suspects he has engaged in unprotected sex with one or more individuals, whom he suspects of being paid sex professionals. He is frightened. He Googles the incidence of HIV/AIDS among professional sex workers in New York, and becomes more frightened.

He checks on the latency between unprotected sex and the onset of antibodies that can be detected in HIV testing. He realizes that he will test clean even if his insurance company does have compulsory HIV testing. There will be no antibodies for the tests to detect so soon after exposure. He does a few more searches to determine he is not guilty of insurance fraud if he denies having had exposure to the HIV virus; after all, he is not certain he has been exposed.

Soon after, he gets an ad for insurance policies for guys who sound like him, with the same life style, in the right age group, single, and non-smokers. The policy seems to offer a great rate. Should he click on the ad?

You know how anonymous targeted ads work, right?

Before he clicks, only the search engine vendor that served up the ad knows who he is.

Initially the insurance company only knows that their specific ad has been sent to a bucket of men worried about their exposure to HIV / AIDS and eager to purchase insurance before they can possibly test positive for HIV exposure. However, after he clicks on that specific ad, and is taken to the insurance company's website, they know everything about him that they need to know. The insurance company has purchased the right to target ads to a bucket of individuals, anonymously of course. But the insurance company purchased the right to send the ad to a bucket of single males who have searched for the incidence of HIV in sex workers in New York City, the exact timing of HIV latency before testing positive for HIV/AIDs, and what an applicant is legally required to disclose to insurance companies about possible exposure to HIV/ AIDS when applying for insurance. They have the information needed for very accurate price discrimination!

Should he want the insurance company to know his full profile before they quote him a price? What price do you think they will offer him, based on his search history? Indeed, will they request his identifying real world information, and then simply black list him?

You may argue that his behavior is unethical and that he is attempting to scam the insurance company, and you may be right. But you cannot argue that clicking on the ad is safe because he is" just" clicking on an ad, or that he is safe because ads are served up anonymously.

3. No! Ads are Not Free for Us

Of course ads are not free for us. Google charges tens of billions of dollars for ads and for providing companies with access to their consumers. Companies' costs increase as a result of these ads. The price of air travel goes up by billions of dollars when the price of oil goes up. The price of cars goes up when the cost of steel or aluminum goes up. Companies pay the costs of Google ads and these higher costs lead to higher prices for consumers.

4. Good People Need Privacy Too!

It is sometimes argued that people who don't do bad things don't need privacy. But everyone needs some privacy. Anyone who has ever picked up a large bar tab and then driven to a movie and paid to park with a credit card could look like he drives after drinking, even if he was the designated driver for a birthday party. Anyone can do something that is subject to misinterpretation. Anyone can do something, text something, or post something, that he doesn't want insurance companies or prospective employers to know.

5. Who's Next? Where Should this Stop?

Once society and its legal systems accept privacy abuse from one company it is hard to stop creeping or "copycat" abuse from others.

Why not let Verizon, AT&T, and Comcast in the U.S. record and mine all the traffic they carry: voice, data, and, of course, their own records of your text, email, and search history? After all, if you sent it over the net, your ISP or wireless service provider carried the bits, and easily could record and analyze them.

MasterCard and Visa want to get into the data integration, bucketing, and resale act. And they are offering the same false promises of anonymous bucketing. It's hard to say they should be blocked from mining your purchase history if Google can mine every other piece of history you have.

What about your priest or rabbi? What if the archdiocese of Chicago wanted to sell information from confessions, and send ads to suitably anonymized buckets of sinners?

What if your psychotherapist offered to sell information, allowing suitably anonymized ads to be sent to buckets of troubled men? What if your family physician offered to sell information too, allowing suitably anonymized ads to be sent to buckets of individuals with the same diseases?

What about companies' data mining your kids' email? Of course this happens when Google is the email provider for you kids' school, and it can be done without your permission, and without permission from your children or their teachers. It merely requires permission from the school's data administrator.

When Homeland Security wants to read an American's email, it needs a court order, specifying exactly what it is looking for and why it needs to see it. In contrast, Google can read anything and everything. Indeed, it appears that the controversial Cyber Information Sharing and Protection Act is being resisted because it would allow private companies like Google to share information with the federal government; why are unregulated companies like Google safer places to have your private information than the government? Do you know the limits on what Google could do themselves and they could share with the government?

Perhaps the most scary-ignorant article I have read in a long time was published in TechCrunch, and it ended with:

"The worst-case scenario, as Microsoft happily points out on Scroogled, seems to be more accurate, better targeted advertisements.

Oh, the horror."

Indeed. Horror.

When do we just say "no"?