Risk vs. Service: Online Privacy Dilemma Never Got Solved?

Another interview I had during the past few weeks is with Saikat Guha, an online privacy expert and engineer. His earlier researches have dealt largely with social network’s privacy service from the benefit for both the user and the advertiser: how to maximize the user experience with least risking of privacy and secrecy on one hand, and to reach the targeted market more efficiently on the other hand. Saikat’s latest research has shifted from the encryption of profile database to that of locative media related information processing. The privacy concern of the latter has outgrown the former with latest shifts in the technology use and more pervasive forms of information sharing.

A DNS tracking experiment in Saikat's paper "Identity Trail: Covert Surveillance Using DNS"

———————–
Me: In your paper “NOYB: Privacy in Online Social Networks” you described the way NOYB encryption model(NOYB standing for “None of Your Business”) works is by replacing one users name and age with another friends’ name and age?

Saikat: Yeah. Or anyone else’s name really. NOYB can loosely be defined as traditional encryption combined with steganography. How the other “atoms” (index of data that kept one type of information of the user) are picked is based on traditional encryption, but on top, the final result is something believable, whereas traditional encryption outputs what appears to be garbage or noise. So basically the benefit is that it’s as secure as traditional encryption, but can’t be easily detected like steganography.

Me: How does it benefit the social network users then?

Saikat: It benefits them in the sense that if Facebook were to start banning users that upload info that’s not real, it’s harder for Facebook to detect the NOYB users, vs. users that are uploading “garbage looking stuff” that traditional encryption produces.

Me: It can then allow one to shares false information about themselves?

Saikat: Well, whether the information is false or not is not where the encryption looks at, but rather by using NOYB, real meaningful information appears to others as false information, and only a select few can extract the real information out of it. So it is about sharing your information only to a specific type of group. The user has the selection of who can see his data, and specifically, he can say no one at Facebook should be able to read his profile, which he cannot do today. Or say that some random third-party facebook application developer or random facebook-connect website cannot read his profile, which he cannot now either.

Me: But in reality, the situation of giving permission can vary from time to time and person to person, that is sometimes you want to use the authenticity of the information to present yourself in a certain way you choose, and sometimes you don’t. and there are people you are not sure if you should give them access or not. So are there also technological solutions that provides a hierarchy of access permission?

Saikat: Giving different people different permissions is doable, for example, the paper by researchers from University of Maryland called Persona in Sigcomm. The problem is what happens when the permissions given to a person changes over time. If they are given greater access, that’s fine. But if their access is curtailed, then you can’t erase from their memory what they’ve already seen. At best you can limit any future content from being seen by them.

Me: Then, in this sense, is eliminating archived data a possible solution for protecting identity and personal information?

Saikat: the problem with that is it can result in people changing history for nefarious means. Privacy is one thing, but propaganda is another, and maybe even more worrying.

Me: I see. And in your other paper “Identity Trail: Covert Surveillance Using DNS” you have experimented different methods of tracking them geographically based on DNS addresses. Can I ask if it is also possible to track someone on 3G networks?

Saikat: Technically it’s very hard problem. There are many papers being written on how to do it. But location from 3G address is the least of people’s concerns if you ask me.  Applications on the phone have your GPS coordinates and they are sending it out willy nilly to strangers. There are a good half of applications on smart devices that had no business knowing your location data (for the purposes of the application) were collecting it nevertheless and sending to random third parties on the web.

Me: Locative media is tricky in terms of the way it gives out your privacy. How can we really hide with GPS data?

Saikat: This is exactly what we are trying to do now with our current research! The way it works basically, is that your location can be hidden in a way that neither the application learns where you are, nor anyone on the web. but they can still offer you location based services-  alerts of who are nearby, or Foursquare-like applications etc. It’s not difficult to do. But the key question is what applications cannot be built using the tricks we use. If there are very few such applications, then the trick we use can become the default and everything is rosy.  But if our proposal doesn’t become the default, then applications – that make money by selling your location – will continue to invade your privacy.

Me: Because locational data does not work in the way profile data works?

Saikat: Right. In profile data you need exact matches. “Soccer” is not the same as “saucer”… But with location data you need proximity “LA” might be the same as “Santa Monica” depending on the application. That extra bit of information you need for proximity can leak more than you bargained for. The reason you need the latitude-longitude data is so you know the distance between two points so you can compute “near” in a technological sense. If you could compute “near” without access to lat-long data, there would be no reason to expose your lat-long while still letting you do proximity, which would be a much safer approach.

“500 million people are now doing the same thing I’ve been doing for 7 years.” – An Interview with Hasan Elahi

Last week I got a chance to talk to Hasan Elahi, an interdisciplinary media artist known for his 7-year-long self-tracking project that helped him escape from the terrorist watch list of U.S government. The conversation with Hasan Elahi is a fruitful one, as it deepened my understanding towards identity and data sharing, and opened up new directions for my thesis investigation.

———-

Me: I really admire and appreciate the rule you have set up for yourself, and it is a very powerful statement you have made. But for me, I can’t stop thinking if there is any push-n-pull between the fact and information shared about you. How high would be the stake if you were to lie one thing about yourself with the data? And what might be the safest way to do so?

Hasan: My motivation behind the project is to create an alibi and to protect my own safety. In my case, the stake of lying can be really high. Because the data is not just my geographic location and the photos of the places I have been to, but also the account statement of every transactions I make, the ATM machine activities, the flight ticket I booked… it’s easy for someone to verify and supervise the data at any point. What I am doing, I think, should not be described as “deception”, but “hiding”.

Me: So How did you hide?

Hasan: It is about how the data is presented. You know, I could have made a stream line of the data, but instead of doing that, I made them in points and segments. The photos are displayed in a non lineage way and gathered according to the type of the activity. This makes it difficult to dig out any data in the past and piece together the actual story, because there are gaps everywhere, between each frames and that’s why the time has become extremely important for someone to study the data.

Me: How often is the tracking data updated?

Hasan:The updates happen automatically everytime it detects a change in the location, But moving around my own apartment will not result in the change of location. But if leave my place and go to the grocery store, it will interpret it as a change and logs it.

Hasan: If you think about it, you’ll find my data is exactly what trial lawyers have to deal with for years. There are, say, 1,500 pages of evidences but only 2 paragraphs of the text is valuable to the case. Most people don’t have the patience to go through all of the data, or they can’t tell the valuable data from the useless one. The sheer amount of info is valuable on one hand, but on the other hand if one does not know how to approach and use this value, much is of little for them.

Me: Is it also a statement about how little we know how to use the data being collected?

Hasan: Absolutely. When we don’t have the proper strategy of analyze the data, and we don’t understand what is meaningful and what comes out of that data, the access to the information becomes something useless. We are now in a culture of information gathering where we don’t equally understand information analysis. The more you look at the data on my tracking site, the more anonymous you’ll find I am. I have created so much noise about me that you couldn’t really tell which data points are most closely linked to me and my activities.

Me: Do you think tracking one’s own life can also be viewed as an act for privacy defense?

Hasan: In my case, it is not exactly a privacy defense, as basically, I have no privacy. But what I did is something you can call self-identification. It usually comes out of something bad said about you in the past, and you have to reconstruct your image. For example, when you Google your name and found the first result being listed is something shady. Google will not help you filter the search result and you have to do it yourself. What you can do is you create a whole bunch of new information about yourself and make that the top results of Google search. It is a process of generating information you want others to perceive who you are.

Me: I found a new application on iPhone called Path, which, actually allows people to exactly what you have been doing for 7 years. You can tag things in a picture and share them, while the software will also keep a path of the places you have been.

Hasan: That is very interesting. It reminds me of the very first day when I started the project. When I told people that I wanted to track myself, they thought I was a psycho. (One personal called me creep.) Years later, one may find that I was actually doing a pre-twitter and pre-facebook project and now there are 500,000 people who are doing the same thing.