A fascinating paper from University of Texas researchers Arvind Narayanan and Vitaly Shmatikov, showing how easy it is to de-anonymize the user data routinely shared by online social networks. While interesting from an analytics perspective, the paper also ties into a broader debate about the expectations we have to privacy online.
Today’s cultural and legal situation is contradictory, with big differences between:
- Data protection laws (notably between US and Europe)
- Cultural expectations of how personal data could or should be used (between the US and the rest of the world)
- Cultural expectations of data protection between online and offline (particularly driven by a trend towards using "real identity" in online social media)
But while these factors vary, the global dominance of social networks like Twitter and Facebook is driving a more homogenous – and open – cultural view of personal data. Witness for example the nearly-universal convention on Twitter for users to be operated by clearly-identified "real people", and the frequently-offered advice for new Twitterers to offer a real name, photo and bio in their profile. Despite being offered the opportunity to keep our presence anonymous and / or private, most of us choose to interact publicly.
As Narayan / Shmatikov’s paper indicates, much of the personal information that we are concerned about protecting can be mined, engineered or intuited by careful examination of our freely and publicly conducted interactions. This isn’t even trail-blazing academic research – third party research companies are doing this today. Looked at in this context, in the sense that it’s original purpose was to protect us from unwanted and / or pernicious use of our personal information, this application of data protection law is redundant.
Our current approach to the use of personal data sourced online is a confused mess, and a reexamination of what we mean by privacy, and what we seek to achieve by data protection law is well overdue.
