21 December 2013

Surveillance, spatiality and the social

'The Legality of the National Security Agency's Bulk Data Surveillance Programs' by John Yoo in Harvard Journal of Law and Public Policy argues that
Controversy has arisen again over the federal government’s electronic surveillance efforts to gather intelligence on foreign terrorist groups. Recent disclosures, both authorized and illicit, have described two secret National Security Agency (NSA) programs. The first collects telephone “metadata” such as calling records — but not the content of phone calls — both inside and outside the United States. A second NSA program intercepts the e-mails of non U.S. persons outside the United States.
Despite the claims of critics, these programs do not violate the Foreign Intelligence Surveillance Act (FISA), as recently amended by Congress, or the Fourth Amendment to the Constitution. Concerns about the proper balance between these surveillance programs and individual privacy may be appropriate, but they properly fall within the province of Congress and the President to set future national security policy.
Part I of this paper describes the surveillance efforts against al Qaeda within a broader historical and legal context. Part II argues that the programs, as described publicly by authoritative sources, appear to meet statutory requirements. Part III addresses whether the NSA programs are constitutional along two dimensions. It argues that even if some aspect of the NSA programs does not fall within Congress’s authorization for foreign intelligence and counter-terrorism surveillance, it would most likely rest within the President’s Commander-in-Chief authority over the management of war. Second, even if the federal government has the internal authority to conduct surveillance, the Bill of Rights, through the Fourth Amendment, may still prohibit its application to citizens or non-citizens present in the territorial United States. Part III argues, however, that the NSA programs do not violate the Fourth Amendment, as currently interpreted by the federal courts.
A perspective on Yoo is provided in the mordant article noted here.

'Regulating Electronic Identity Intermediaries: The 'Soft eID' Conundrum' by Tal Zarsky and Norberto Nuno Gomes de Andrade in (2013) 74(6) Ohio State Law Journal comments that
Online intermediation platforms, such as Facebook and Amazon, are traditionally defined by their roles in enabling the publication, sharing and distribution of information, as well as the purchase of products and services. Nonetheless, these platforms have assumed an additional role, which has yet to be fully discussed and acknowledged: the role of identity intermediation. This new function can be defined as the process of creating, authenticating, verifying and guiding stable identities used for interacting in the digital realm. This Article explains and demonstrates this role, along with the disputes and tensions it generates. It further discusses a set of specific legal rules, duties and responsibilities for regulating identity intermediaries.
After a brief introduction (Part I), The Article (in Part II) provides the background and terminology for understanding the role of identity intermediaries in the digital age. It notes the recent rise of “soft eID” intermediaries. These are defined as entities which provide for identity intermediation, yet do so incidentally, remotely and in a lightly regulated environment. Part III moves to further address soft eID intermediation, distinguishing between intermediations which rely upon the use of “Real Names” and “Stable Pseudonyms” — each category employing a different set of technologies and verification methods, and generating unique benefits and concerns.
Part IV explores the benefits and risks associated with soft eIDs. Identity intermediation secures economic benefits, protects personality and identity interests, enhances autonomy and promotes free speech. Yet it also raises security and privacy concerns, as soft eIDs might be hacked, used for impersonation or identity misrepresentation. In addition, identity intermediaries may also abuse their power by terminating accounts or limiting their interoperability and mobility.
Seeking the proper legal regime, Part V briefly examines related regulatory frameworks for identity intermediation, namely the EU Electronic Signature (eSig) Directive and its future developments under the current revision process, and the US National Strategy for Trusted Identities in Cyberspace (NSTIC). On the basis of this analysis, Part VI provides recommendations for legal responses, examining a variety of policy moves specific to soft eID intermediaries, such as requiring mandatory approval, setting up a voluntary accreditation system and assigning tort liability. After generally discarding the first two options, the Article closely examines whether and how tort liability should normatively be assigned to these identity intermediaries. Finally, this Part examines the role law should take in curbing the intermediaries’ excessive ability to impede on the individual’s identity interests.
The same issue of the journal features 'Social Data' by Woodrow Hartzog, arguing that
As online social media grow, it is increasingly important to distinguish between the different threats to privacy that arise from the conversion of our social interactions into data. One well-recognized threat is from the robust concentrations of electronic information aggregated into colossal databases. Yet much of this same information is also consumed socially and dispersed through a user interface to hundreds, if not thousands, of peer users.
In order to distinguish relationally shared information from the threat of the electronic database, this essay identifies the massive amounts of personal information shared via the user interface of social technologies as “social data.” The main thesis of this essay is that, unlike electronic databases, which are the focus of the Fair Information Practice Principles (FIPPs), there are no commonly accepted principles to guide the recent explosion of voluntarily adopted practices, industry codes, and laws that address social data.
This essay aims to remedy that by proposing three social data principles — a sort of FIPPs for the front-end of social media: the Boundary Regulation Principle, the Identity Integrity Principle, and the Network Integrity Principle. These principles can help courts, policymakers, and organizations create more consistent and effective rules regarding the use of social data.
'Unique in the Crowd: The privacy bounds of human mobility' by Yves-Alexandre de Montjoye, César A. Hidalgo, Michel Verleysen & Vincent D. Blondel in (2013) 3 Scientific ReportsArticle number: 1376 comments 
We study fifteen months of human mobility data for one and a half million individuals and find that human mobility traces are highly unique. In fact, in a dataset where the location of an individual is specified hourly, and with a spatial resolution equal to that given by the carrier's antennas, four spatio-temporal points are enough to uniquely identify 95% of the individuals. We coarsen the data spatially and temporally to find a formula for the uniqueness of human mobility traces given their resolution and the available outside information. This formula shows that the uniqueness of mobility traces decays approximately as the 1/10 power of their resolution. Hence, even coarse datasets provide little anonymity. These findings represent fundamental constraints to an individual's privacy and have important implications for the design of frameworks and institutions dedicated to protect the privacy of individuals. 
 The authors argue
 Derived from the Latin Privatus, meaning “withdraw from public life,” the notion of privacy has been foundational to the development of our diverse societies, forming the basis for individuals' rights such as free speech and religious freedom. Despite its importance, privacy has mainly relied on informal protection mechanisms. For instance, tracking individuals' movements has been historically difficult, making them de-facto private. For centuries, information technologies have challenged these informal protection mechanisms. In 1086, William I of England commissioned the creation of the Doomsday book, a written record of major property holdings in England containing individual information collected for tax and draft purposes. In the late 19th century, de-facto privacy was similarly threatened by photographs and yellow journalism. This resulted in one of the first publications advocating privacy in the U.S. in which Samuel Warren and Louis Brandeis argued that privacy law must evolve in response to technological changes. 
Modern information technologies such as the Internet and mobile phones, however, magnify the uniqueness of individuals, further enhancing the traditional challenges to privacy. Mobility data is among the most sensitive data currently being collected. Mobility data contains the approximate whereabouts of individuals and can be used to reconstruct individuals' movements across space and time. Individual mobility traces T [Fig. 1A–B] have been used in the past for research purposes and to provide personalized services to users. A list of potentially sensitive professional and personal information that could be inferred about an individual knowing only his mobility trace was published recently by the Electronic Frontier Foundation. These include the movements of a competitor sales force, attendance of a particular church or an individual's presence in a motel or at an abortion clinic. 
While in the past, mobility traces were only available to mobile phone carriers, the advent of smartphones and other means of data collection has made these broadly available. For example, Apple® recently updated its privacy policy to allow sharing the spatio-temporal location of their users with “partners and licensees”. geo-tagged payments are made per year in the US while Skyhook wireless is resolving 400 M user's WiFi location every day. Furthermore, it is estimated that a third of the 25B copies of applications available on Apple's App StoreSM access a user's geographic location, and that the geo-location of ~50% of all iOS and Android traffic is available to ad networks. All these are fuelling the ubiquity of simply anonymized mobility datasets and are giving room to privacy concerns. 
A simply anonymized dataset does not contain name, home address, phone number or other obvious identifier. Yet, if individual's patterns are unique enough, outside information can be used to link the data back to an individual. For instance, in one study, a medical database was successfully combined with a voters list to extract the health record of the governor of Massachusetts. In another, mobile phone data have been re-identified using users' top locations28. Finally, part of the Netflix challenge dataset was re-identified using outside information from The Internet Movie Database. 
All together, the ubiquity of mobility datasets, the uniqueness of human traces, and the information that can be inferred from them highlight the importance of understanding the privacy bounds of human mobility. We show that the uniqueness of human mobility traces is high and that mobility datasets are likely to be re-identifiable using information only on a few outside locations. Finally, we show that one formula determines the uniqueness of mobility traces providing mathematical bounds to the privacy of mobility data. The uniqueness of traces is found to decrease according to a power function with an exponent that scales linearly with the number of known spatio-temporal points. This implies that even coarse datasets provide little anonymity.