Zittrain: Peer-to-peer transactions risk privacy

Tools

CAMBRIDGE, MASS. – The rise of low-cost, peer-to-peer transactions facilitated by the Internet presents challenges for privacy, yet regulation of it may be difficult due to the First Amendment, said Jonathan Zittrain, a Harvard law professor. He spoke Nov. 9 at a symposium on privacy and technology held by the Harvard Law Review.   

Technology has already greatly reduced privacy, Zittrain said, citing developments such as Facebook's automatic scanning of chats on its site for signs of sexual predators. "If you can find one kid who was spared a meeting with a predator…it's hard to say the system isn't good. On the other hand, there are now [artificial intelligence applications] scanning all your Facebook messaging to see if you're a criminal. That strikes me as quite a change from the year 2000," he said.

Microsoft has recently filed a patent for "consumer detector" technology that would allow an Xbox to discover the number of people present in a room where content such as a movie is displayed  and refuse to show it if the number of people would violate the content license.

"Why not put in your living room a big camera attached to Microsoft?" Zittrain said. "That's all, [giggle], just leave it there," he added.

Peer-to-peer applications can challenge privacy even farther. People whose financial information is heavily protected by binding disclosure laws on banks have taken to voluntarily posting it online in order to get a peer-to-peer loan. Police have taken to photographing law-breakers and posting those photos online with a reward for those who can identify the individuals. Although public law-breakers arguably don't have a right to privacy (Zittrain didn't say), groups with different agendas are doing the same thing, such as the extreme-right British People's Party, whose Redwatch website posts photographs of alleged "traitors."

If the Iranian government wanted to use a service such as Amazon's Mechanical Turk to pay people 40 cents to look at a protestor's photograph and see whether or not it matched a photograph of a known person, it would require only $15,000 to identify arbitrarily-chosen citizens among a population of 72 million, Zittrain said, based on his own calculations.

Malevolent intent isn't required for privacy violations to occur, however. A website called VizWiz allows people with sight problems to upload photos with simple questions such as "what denomination bill is this."

VizWiz is "incredibly empowering, but they are not necessarily thinking through the privacy implications," Zittrain said. For example, some photos on the site have come from a bathroom with the question to identify a pill bottle's contents, not realizing there's a mirror in the bathroom.

However, regulating this new world will be difficult, especially in light of the First Amendment, Zittrain said, since there's troubling implications in preventing other people from saying something about you.

Possible regulatory solutions might include the ability to occasionally wipe one's reputation clean from all the data points collected by third-party aggregators, he said. Allowing people the right to add metadata to statements made about them is another, so that as a data point is perpetuated, "I can say something more about it, rather than having you make assumptions about it," Zittrain said.

Were there a way to license data points about you in the way that Creative Commons permits people to license their creative work, that could also be useful, he added. Such a system would permit people to change their preferences over time, since one fallacy of current privacy regulations is that individuals are given only one choice, upfront, to consent or not to their data being collected.

For more:
- listen to Zittrain's talk

Related Articles:
Solove: Privacy regulation a failure
Audio: Daniel Solove on privacy self-management and the consent paradox
Supreme Court to hear arguments on FISA Amendments Act standing suit