Syllabus for Solon Barocas @ Cornell | INFO 4270: Ethics and Policy in Data Science

INFO 4270 – Ethics and Policy in Data Science
Instructor: Solon Barocas
Venue: Cornell University

Syllabus

Solon Barocas

Readings

A Canon, The Canon

In order of appearance in the syllabus, without the course cadence markers…

  • Danah Boyd and Kate Crawford, Critical Questions for Big Data; In <paywalled>Information, Communication & Society,Volume 15, Issue 5 (A decade in Internet time: the dynamics of the Internet and society); 2012; DOI:10.1080/1369118X.2012.678878</paywalled>
    Subtitle: Provocations for a cultural, technological, and scholarly phenomenon
  • Tal Zarsky, The Trouble with Algorithmic Decisions; In Science, Technology & Human Values, Vol 41, Issue 1, 2016 (2015-10-14); ResearchGate.
    Subtitle: An Analytic Road Map to Examine Efficiency and Fairness in Automated and Opaque Decision Making
  • Cathy O’Neil, Weapons of Math Destruction; Broadway Books; 2016-09-06; 290 pages, ASIN:B019B6VCLO: Kindle: $12, paper: 10+SHT.
  • Frank Pasquale, The Black Box Society: The Secret Algorithms That Control Money and Information; Harvard University Press; 2016-08-29; 320 pages; ASIN:0674970845: Kindle: $10, paper: $13+SHT.
  • Executive Office of the President, President Barack Obama, Big Data: A Report on Algorithmic Systems, Opportunity, and Civil Rights; The White House Office of Science and Technology Policy (OSTP); 2016-05; 29 pages; archives.
  • Lisa Gitelman (editor), “Raw Data” is an Oxymoron; Series: Infrastructures; The MIT Press; 2013-01-25; 192 pages; ASIN:B00HCW7H0A: Kindle: $20, paper: $18+SHT.
    Lisa Gitelman, Virginia Jackson; Introduction (6 pages)
  • Agre, “Surveillance and Capture: Two Models of Privacy”
  • Bowker and Star, Sorting Things Out
  • Auerbach, “The Stupidity of Computers”
  • Moor, “What is Computer Ethics?”
  • Hand, “Deconstructing Statistical Questions”
  • O’Neil, On Being a Data Skeptic
  • Domingos, “A Few Useful Things to Know About Machine Learning”
  • Luca, Kleinberg, and Mullainathan, “Algorithms Need Managers, Too”
  • Friedman and Nissenbaum, “Bias in Computer Systems”
  • Lerman, “Big Data and Its Exclusions”
  • Hand, “Classifier Technology and the Illusion of Progress” [Sections 3 and 4]
  • Pager and Shepherd, “The Sociology of Discrimination: Racial Discrimination in Employment, Housing, Credit, and Consumer Markets”
  • Goodman, “Economic Models of (Algorithmic) Discrimination”
  • Hardt, “How Big Data Is Unfair”
  • Barocas and Selbst, “Big Data’s Disparate Impact” [Parts I and II]
  • Gandy, “It’s Discrimination, Stupid”
  • Dwork and Mulligan, “It’s Not Privacy, and It’s Not Fair”
  • Sandvig, Hamilton, Karahalios, and Langbort, “Auditing Algorithms: Research Methods for Detecting Discrimination on Internet Platforms”
  • Diakopoulos, “Algorithmic Accountability: Journalistic Investigation of Computational Power Structures”
  • Lavergne and Mullainathan, “Are Emily and Greg more Employable than Lakisha and Jamal?”
  • Sweeney, “Discrimination in Online Ad Delivery”
  • Datta, Tschantz, and Datta, “Automated Experiments on Ad Privacy Settings”
  • Dwork, Hardt, Pitassi, Reingold, and Zemel, “Fairness Through Awareness”
  • Feldman, Friedler, Moeller, Scheidegger, and Venkatasubramanian, “Certifying and Removing Disparate Impact”
  • Žliobaitė and Custers, “Using Sensitive Personal Data May Be Necessary for Avoiding Discrimination in Data-Driven Decision Models”
  • Angwin, Larson, Mattu, and Kirchner, “Machine Bias”
  • Kleinberg, Mullainathan, and Raghavan, “Inherent Trade-Offs in the Fair Determination of Risk Scores”
  • Northpointe, COMPAS Risk Scales: Demonstrating Accuracy Equity and Predictive Parity
  • Chouldechova, “Fair Prediction with Disparate Impact”
  • Berk, Heidari, Jabbari, Kearns, and Roth, “Fairness in Criminal Justice Risk Assessments: The State of the Art”
  • Hardt, Price, and Srebro, “Equality of Opportunity in Supervised Learning”
  • Wattenberg, Viégas, and Hardt, “Attacking Discrimination with Smarter Machine Learning”
  • Friedler, Scheidegger, and Venkatasubramanian, “On the (Im)possibility of Fairness”
  • Tene and Polonetsky, “Taming the Golem: Challenges of Ethical Algorithmic Decision Making”
  • Lum and Isaac, “To Predict and Serve?”
  • Joseph, Kearns, Morgenstern, and Roth, “Fairness in Learning: Classic and Contextual Bandits”
  • Barocas, “Data Mining and the Discourse on Discrimination”
  • Grgić-Hlača, Zafar, Gummadi, and Weller, “The Case for Process Fairness in Learning: Feature Selection for Fair Decision Making”
  • Vedder, “KDD: The Challenge to Individualism”
  • Lippert-Rasmussen, “‘We Are All Different’: Statistical Discrimination and the Right to Be Treated as an Individual”
  • Schauer, Profiles, Probabilities, And Stereotypes
  • Caliskan, Bryson, and Narayanan, “Semantics Derived Automatically from Language Corpora Contain Human-like Biases”
  • Zhao, Wang, Yatskar, Ordonez, and Chang, “Men Also Like Shopping: Reducing Gender Bias Amplification using Corpus-level Constraints”
  • Bolukbasi, Chang, Zou, Saligrama, and Kalai, “Man Is to Computer Programmer as Woman Is to Homemaker?”
  • Citron and Pasquale, “The Scored Society: Due Process for Automated Predictions”
  • Ananny and Crawford, “Seeing without Knowing”
  • de Vries, “Privacy, Due Process and the Computational Turn”
  • Zarsky, “Transparent Predictions”
  • Crawford and Schultz, “Big Data and Due Process”
  • Kroll, Huey, Barocas, Felten, Reidenberg, Robinson, and Yu, “Accountable Algorithms”
  • Bornstein, “Is Artificial Intelligence Permanently Inscrutable?”
  • Burrell, “How the Machine ‘Thinks’”
  • Lipton, “The Mythos of Model Interpretability”
  • Doshi-Velez and Kim, “Towards a Rigorous Science of Interpretable Machine Learning”
  • Hall, Phan, and Ambati, “Ideas on Interpreting Machine Learning”
  • Grimmelmann and Westreich, “Incomprehensible Discrimination”
  • Selbst and Barocas, “Regulating Inscrutable Systems”
  • Jones, “The Right to a Human in the Loop”
  • Edwards and Veale, “Slave to the Algorithm? Why a ‘Right to Explanation’ is Probably Not the Remedy You are Looking for”
  • Duhigg, “How Companies Learn Your Secrets”
  • Kosinski, Stillwell, and Graepel, “Private Traits and Attributes Are Predictable from Digital Records of Human Behavior”
  • Barocas and Nissenbaum, “Big Data’s End Run around Procedural Privacy Protections”
  • Chen, Fraiberger, Moakler, and Provost, “Enhancing Transparency and Control when Drawing Data-Driven Inferences about Individuals”
  • Robinson and Yu, Knowing the Score
  • Hurley and Adebayo, “Credit Scoring in the Era of Big Data”
  • Valentino-Devries, Singer-Vine, and Soltani, “Websites Vary Prices, Deals Based on Users’ Information”
  • The Council of Economic Advisers, Big Data and Differential Pricing
  • Hannak, Soeller, Lazer, Mislove, and Wilson, “Measuring Price Discrimination and Steering on E-commerce Web Sites”
  • Kochelek, “Data Mining and Antitrust”
  • Helveston, “Consumer Protection in the Age of Big Data”
  • Kolata, “New Gene Tests Pose a Threat to Insurers”
  • Swedloff, “Risk Classification’s Big Data (R)evolution”
  • Cooper, “Separation, Pooling, and Big Data”
  • Simon, “The Ideological Effects of Actuarial Practices”
  • Tufekci, “Engineering the Public”
  • Calo, “Digital Market Manipulation”
  • Kaptein and Eckles, “Selecting Effective Means to Any End”
  • Pariser, “Beware Online ‘Filter Bubbles’”
  • Gillespie, “The Relevance of Algorithms”
  • Buolamwini, “Algorithms Aren’t Racist. Your Skin Is just too Dark”
  • Hassein, “Against Black Inclusion in Facial Recognition”
  • Agüera y Arcas, Mitchell, and Todorov, “Physiognomy’s New Clothes”
  • Garvie, Bedoya, and Frankle, The Perpetual Line-Up
  • Wu and Zhang, “Automated Inference on Criminality using Face Images”
  • Haggerty, “Methodology as a Knife Fight”
    <snide>A metaphorical usage. Let hyperbole be your guide</snide>

Previously filled.

Smart TV (Fall Technology Series) | FTC

Smart TV; Federal Trade Commission (FTC); 2016-12-07.

Mentions

Surely they said something of import.

Who

  • Justin Brookman is Policy Director of the FTC’s Office of Technology Research and Investigation (OTECH)
  • Ian Klein is a graduate student pursuing an MS in Computer Science at Stevens Institute of Technology,
  • Josh Chasin is the Chief Research Officer of comScore.
  • Jane Clarke is the CEO and Managing Director of the Coalition for Innovative Media Measurement (CIMM).
  • Shaq Katikala is Counsel and Assistant Director of Technology & Data Science at the Network Advertising Initiative (NAI).
  • Ashwin Navin is CEO and co-founder of Samba TV.
  • Mark Risis was the Head of Strategy and Business Development for TiVo Research through 2016-11.
  • Serge Egelman is the Research Director of the Usable Security & Privacy Group at the International Computer Science Institute (ICSI), is “lead” at the Berkeley Laboratory for Usable and Experimental Security at the University of California, Berkeley.
  • Claire Gartland is Director of the Consumer Privacy Project at the Electronic Privacy Information Center (EPIC).
  • Dallas Harris is a Policy Fellow at Public Knowledge.
  • Emmett O’Keefe is Senior Vice President of Advocacy at the Direct Marketing Association (DMA)
  • Maria Rerecich is the Director of Electronics Testing at Consumer Reports (CR).

PrivacyCon (Privacy Conference) | FTC

PrivacyCon; Federal Trade Commission (FTC); 2016-01-14

Materials

Slides

Videos

Commentariat

Inventory, 75 comments.

Mentioned

Referenced

Big Data: A Tool for Inclusion or Exclusion?, Understanding the Issues | Federal Trade Commission (FTC)

Big Data: A Tool for Inclusion or Exclusion?, Understanding the Issues; Federal Trade Commission (FTC); 2016-01-06; 50 pages; landing.

Authors
at the Federal Trade Commission (FTC)

  • Edith Ramirez, Chairwoman
  • Julie Brill, Commissioner
  • Maureen K. Ohlhausen, Commissioner
  • Terrell McSweeny, Commissioner

Mentions

  • Followup from the workshop 2014-09-25 (some fifteen months prior).
  • Big Data is
    •  … (wait for it) … very big.
    • created out of Little data by the process
      1. collection
      2. compilation & consolidation
      3. analysis
      4. use
    • The Three ‘V’s, a framework
      1. volume
      2. velocity
      3. variety
      4. veracity [the fourth]
  • Regulatory interest occurs at Step (4), Use.
  • Regulations
    • Fair Credit Reporting Act (FCRA)
    • Equal Credit Opportunity Act (ECOA)
      • Regulation B
    • Americans with Disabilities Act (ADA)
    • Age Discrimination in Employment Act (ADEA)
    • Fair Housing Act (FHA)
    • Genetic Information Nondiscrimination Act (GINA)
    • Federal Trade Commission Act (FTC Act)
  • Theories, Devices, (Bright-Line) Tests
    • disparate treatment
    • disparate impact, (unjustified) disparate impact
    • protected class
    • deceptive practices
    • unfair practices
  • Categories
    • Data Broker
    • low-income
    • underserved populations
    • protected groups, protected class
  • <quote>if a company has a big data algorithm that only considers applicants from “top tier” colleges to help them make hiring decisions, they may be incorporating previous biases in college admission decision</quote>, page iv (page 12)

Mobile Device Tracking | FTC (2014)

Mobile Device Tracking, a workshop; Federal Trade Commission (FTC); 2014-02-19.

Materials

  • Speakers
    • Mallory Duncan, National Retail Federation
    • James Riesenbach, CEO, iInside
    • Seth Schoen, staff, technologist, Electronic Frontier Foundation (EFF)
    • Ashkan Soltani, activist
    • Glenn Tinley, Mexia; a consultancy.
    • Ilana Westerman, CEO, Create with Context, Inc.; a consultancy.
  • Slides, 121 slides (gobs of gratuitous reveals at the end).
  • Transcripts
  • Video

Mentioned

  • Euclid
  • Path Intelligence
  • RetailNext

Referenced

Via: backfill, backfill, backfill.

Compendium on Verizon’s Precision Marketing Insights, Precision ID, X-UIDH Header

Mentions

  • Unique IDentifier Header (UIDH)
  • The (silently-added) HTTP header X-UIDH
  • X-UIDH: OTgxNTk2NDk0ADJVquRu5NS5+rSbBANlrp+13QL7CXLGsFHpMi4LsUHw
  • Behaviors (based on information & belief)
    • X-UIDH changes weekly
    • The UIDH identifier indexes demographic, persona and browing history-type records of the subscriber (of the handset or PSTN or paying account).
  • Demonstrators
  • Trade Names
    • Verizon Selects
    • Relevant Mobile Advertising
    • Verizon’s Precision Market Insights
  • Precision Market Insights, a partner
  • Availability
    • No 1st party program
    • Something vague about making data available via partnerships.
  • Capabilities
    • Demographic segments on mobile
    • loyalty
    • retargeting
  • Partners
    • BlueKai
    • BrightRoll
    • RUN
  • Pilot
    • PrecisionID
    • Kraft with Starcom MediaVest group
    • 1-800-Flowers
  • Separately
    • Precision has an in-stadium identification scheme
  • Who
    • Colson Hillier, VP, Precision Market Insights
    • Debra Lewis, press relations, Verizon.
    • Adria Tomaszewski, press relations, Verizon.
    • Kathy Zanowic, senior privacy officer, Verizon.

Referenced

In archaeological order; derivative works on top, original reportage lower down.

Background

  • Open RTB v2.1 Specification, as implemented by MoPub; on DropBox; updated 2015-02-13; landing.
    <quote>2015-02-15: Removed passing of UIDH parameter and removed all references in the specification</quote>
  • HTTP  Header Enrichment Overview; Documentation; Juniper; 2013-02-14.
    • HTTP Header insertion X-MSISDN
    • MobileNext Broadband Gateway for an Access Point Name (APN)
    • <quote>installing one or more Multiservices Dense Port Concentrators (MS-DPCs) in the broadband gateway chassis</quote>

Actualities

Federal Trade Commission Workshop on Cross-Device Tracking on 2015-11-16

Workshop on Cross-Device Tracking at the Federal Trade Commission; 2015-11-16.

Mentions

  • Jessica Rich, Director of the Bureau of Consumer Protection, Federal Trade Commission.
  • Lesley Fair, bloggist, George Washington University, Federal Trade Commission.

Questions

  • What’s the state of the art?
  • How are companies tracking consumers across different devices?
  • What are the pros and cons for consumers and advertisers?
  • What does the privacy and security landscape look like?
  • How can companies be more transparent about what they’re doing?
  • What can be done to give consumers more control?
  • How do existing industry self-regulatory programs apply?

Statement

<quote ref=”presser“>The use of multiple devices creates a challenge for companies that want to reach these consumers with relevant advertising.  The traditional method of using cookies to track consumers’ online activities are proving to be less effective. A cookie may not provide  a complete picture of a consumer who uses different web browsers at home, at work and on their mobile device, for example.
Industry has adopted different approaches to address this issue, from simply having consumers log in to be able to use a site or service from a different device, to methods that rely on various characteristics about a user to match their behavior from one device to another – often without the consumers’ awareness or control.</quote>

Dates

  • 2015-03-18 Questions Posed
  • 2015-10-16 Public commentariat closes
  • 2015-11-16 Workshop
  • 2015-12-16 Post-workshop commentariat closes

Announcements

Promotions

Via: backfill

Data Brokers: A Call for Transparency and Accountability | FTC

Data Brokers: A Call for Transparency and Accountability; Federal Trade Commission; 2014-05; 110 pages.

Mentioned

Brokers

  1. Acxiom
  2. Corelogic
  3. Datalogix
  4. eBureau
  5. ID Analytics
  6. Intelius
  7. PeekYou
  8. RapLeaf
  9. Recorded Future

Referenced

Promotions

Via: backfill.

Administration Discussion Draft: Consumer Privacy Bill of Rights Act of 2015

Administration Discussion Draft: Consumer Privacy Bill of Rights Act of 2015; The Office of the White House; 2015-02-26; 24 pages.

Mentions

Definitions

  • Personally Data
  • Personally-Identifiable Information (PII)
  • De-identified data
  • Covered Entity
  • Control [to control data]
  • Delete [to delete data]
  • Customary Business Records
  • Context [Respect for Context]
  • Consent

Highilght

A definition of Personally Identifiable Information (PII) is enumerated

<quote>“Personal data” means any data that are under the control of a covered entity , not otherwise generally available to the public through lawful means, and are linked , or as a practical matter linkable by the covered entity, to a specific individual, or linked to a device that is associated with or routinely used by an individual , including but not limited
<snip/>
(F) any unique persistent identifier, including a number or alphanumeric string that uniquely identifies a networked device; commercially issued identification numbers and service account numbers, such as a financial account number, credit card or debit card number, health care account number, retail account number; unique vehicle identifiers, including Vehicle Identification Numbers or license plate numbers; or any required security code, access code, or password that is necessary to access an individual’s service account;
(G) unique identifiers or other uniquely assigned or descriptive information about personal computing or communication devices; or [anything else] </quote>

Promotions

In archaeological order, derivative works on top, more original output below…

AppChoices of the Digital Advertising Alliance (DAA)

Availability

Promotions

In archaeoloiical order, newer derivatives on top, original works below…

Historical

Compendium, a landing page, at the Digital Advertising Alliance

References

Actualities

DAA AppChoices

AppChoicesAppChoicesAppChoicesAppChoicess
Via: backfill.

Online Ads Roll the Dice declares the Federal Trade Commission (FTC)

Latanya Sweeney (FTC); Online Ads Roll the Dice; In Their Blog; 2014-09-25.
Latanya Sweeney is Chief Technologist at the Federal Trade Commission (FTC)
Teaser: Online ads, exclusive online communities, and the potential for adverse impacts from big data analytics

tl;dr => content targeting is bad, audience targeting is insidious.

Original Sources

Big Data: A Tool for Inclusion or Exclusion?; workshop; Federal Trade Commission (FTC); 2014-09-15;

  • Proceedings & Media
  • Commentariat
  • Speakers
    • Kristin Amerling, Chief Investigative Counsel and Director of Oversight, U.S. Senate Committee on Commerce, Science and Transportation
    • Alessandro Acquisti, Associate Professor of Information Systems and Public Policy, Heinz College, Carnegie Mellon University and Co-director of the CMU Center for Behavioral Decision Research
    • Katherine Armstrong, Senior Attorney, Division of Privacy and Identity Protection, FTC
    • Solon Barocas, Postdoctoral Research Associate, Princeton University Center for Information Technology Policy
    • danah boyd, Principal Researcher, Microsoft Research, Research Assistant Professor, New York University
    • Julie Brill, Commissioner, Federal Trade Commission
    • Christopher Calabrese, Legislative Counsel, American Civil Liberties Union
    • Leonard Chanin, Partner, Morrison Foerster
    • Daniel Castro, Senior Analyst, Information Technology and Innovation Foundation
    • Pamela Dixon, Founder and Executive Director, World Privacy Forum,
    • Cynthia Dwork, Distinguished Scientist, Microsoft Research
    • Mallory Duncan, Senior Vice President and General Counsel, National Retail Federation
    • Patrick Eagan-Van Meter, Program Specialist, Division of Financial Practices, FTC
    • Jeanette Fitzgerald, General Counsel and Chief Privacy Officer, Epsilon
    • Tiffany George, Senior Attorney, Division of Privacy & Identity Protection, FTC
    • Jeremy Gillula, Staff Technologist, Electronic Frontier Foundation
    • Gene Gsell, Senior Vice President, U.S. Retail & CPG, SAS
    • Mark MacCarthy, Vice President for Public Policy, Software Information Industry Association
    • Carol Miaskoff, Assistant Legal Counsel, Office of Legal Counsel, Equal Employment Opportunity Commission
    • Montserrat Miller, Partner, Arnall Golden Gregory LLP,
    • Christopher Olsen, Assistant Director, Division of Privacy and Identity Protection, FTC
    • C. Lee Peeler, President and CEO of the Advertising Self-Regulatory Council and, Executive Vice President, National Advertising Self-Regulation, Council of Better Business Bureaus
    • Stuart Pratt, President and CEO, Consumer Data Industry Association
    • Edith Ramirez, Chairwoman, Federal Trade Commission
    • Jessica Rich, Director, Bureau of Consumer Protection, Federal Trade Commission
    • David Robinson, Principal, Robinson + Yu
    • Michael Spadea, Director, Promontory Financial Group
    • Latanya Sweeney, Chief Technologist, Federal Trade Commission
    • Peter Swire, Professor of Law and Ethics, Scheller College of Business, Georgia Institute of Technology
    • Nicol Turner-Lee, Vice President and Chief Research & Policy Officer, Minority Media and Telecommunications Council
    • Joseph Turow, Professor, Annenberg School for Communication, University of Pennsylvania
    • Christopher Wolf, Senior Partner, Hogan Lovells, Founder and Chair, Future of Privacy Forum, Chair, National Civil Rights Committee, Anti-Defamation League
    • Katherine Worthman, Senior Attorney, Division of Financial Practices, FTC
    • Jinyan Zang, Research Fellow in Technology and Data Governance, Federal Trade Commission

Big Data, a Tool for Inclusion or Exclusion?; Edith Ramirez (FTC), Solon Baracas (Princeton); Workshop Slides; 36 slides.

  • A tutorial on “data mining,” i.e. what is it?
  • Claims:
    • Data mining is always & by definition a form of discrimination, by conferring upon individuals the traits of those similar to them [it is rational, statistically-based stereotyping] (slide 9)
    • Data mining can be wrong; can be skewed, can overcount, can undercount, can mis-label, can mis-classify; there be dragons here. (middle)
    • Data mining unintentionally exacerbates existing inequality; there is no ready answer (slide 25)

Latanya Sweeney, Jinyan Zang (FTC); Digging into the Data; presentation; 30 slides.

  • Subtitles (huge subtitles)
    • If the appropriateness of an advertisement for a publication depends on the nature and character of the publication, then
      how “appropriate” might big data analytics decisions be when placing ads?
    • If the appropriateness of an advertisement for a publication depends on the nature and character of the publication, then how “appropriate” might big data analytics decisions be when placing ads?
  • Contributors
    • Krysta Dummit, undergraduate, Princeton 2015.
    • Jim Graves, graduate student, Carnegie Mellon University (CMU)
    • Paul Lisker,  undergraduate, Harvard University 2016.
    • Jinyan Zang, Oliver Wyman (a consulting boutique), Harvard University 2013.
  • Mentions
  • Promise:
    • A forthcoming paper: contact Latanya Sweeny for a copy upon release

Response

Referenced

Actualities

alt text for 3
alt text for 4
alt text for 5
alt text for 6
alt text for 7

Via: backfill

Economic Value of Online Advertising and Data

John Deighton, Peter A. Johnson; The Value of Data: Consequences for Insight, Innovation & Efficiency in the U.S. Economy; Direct Marketing Association (DMA); 2013-10-18; 103 pages; mentioned.

Earlier

Promotions

Ad-Supported Internet Responsible for 5.1 Million U.S. Jobs, Contributes $530 Billion to U.S. Economy in 2011 Alone, According to IAB Study; press release; 2012-10-01.
Teaser: New York, California, Washington, Massachusetts, and Illinois are the Top 5 States Where Companies Drive Digital Industry Jobs

Via: backfill, backfill

Checking The Do Not Track (DNT) Header from JavaScript

See navigator.doNotTrack

<script>
var isDNT = navigator.doNotTrack == “yes” || navigator.doNotTrack == “1″ || navigator.msDoNotTrack == “1″;
</script>

Browser Leaks

Previously noted

PulsePoint settles with New Jersey for $1M for violating user privacy

Alexi Friedman; N.J. wins $1 million settlement from online ad company for violating web user privacy; In NJ.com; 2013-07-25.

Mentions

  • PulsePoint
    • based in New York, NY
    • Formed 2011-09
    • Via merger.
      • ContextWeb Inc.
      • Datran Media Corp.
  • Technique
    • Apple Safari
    • cookies
    • JavaScript
    • Privacy settings (3rd party cookie settings) were bypassed.
  • Span of occurrences
    • started 2009-06
    • ended 2012-02, by intervention from the Wall Street Journal (an article).
  • Quoted
    • Aleecia McDonald, director of privacy at Stanford University’s Center for Internet & Society.
    • Eric Kanefsky, director of Division of Consumer Affairs, New Jersey.
  • Settlement
    • $566,000 civil penalty
    • $150,000 for privacy protection programs and high-tech investigative tools
    • $250,000 for advertising services PulsePoint will provide “to protect the public from fraud.”

Via backfill

Do Not Track Roundup

Observation

  • A lot of the reportage here is from NYT.
  • Even the copy-pasters in the blogosphere are using NYT material directly.

Backfill

Who & What

  • Abine
  • AdBlock Plus
  • Adobe Flash Player with local storage objects (LSO)
  • Dan Auerbach; staff technologist; Electronic Frontier Foundation
  • Mary Ellen Callahan; a partner at Jenner & Block; former Chief Privacy Officer for the Department of Homeland Security.
  • Children’s Online Privacy Protection Act
  • Brian Kennish; Disconnect; ex-Google
  • Google DoubleClick
  • Electronic Frontier Foundation
  • Erin Egan; Chief Privacy Officer, Facebook.
  • Brendan Eich; founder, Mozilla
  • Keith Enright; Chief Privacy Officer, Google.
  • Roy Fielding; Adobe, also Apache
  • Alex Fowler; Chief Privacy Officer, Mozilla.
  • Hunton & Williams, NY.
  • Stuart Ingis; a lawyer for the Digital Advertising Alliance,
  • Samy Kamkar; of the Supercookie
  • Fatemeh Khatibloo; analyst, Forrester
  • Jon Leibowitz; chairman, F.T.C.
  • Bob Liodice; CEO of ANA
  • Brendon Lynch; Chief Privacy Officer, Microsoft
  • Jonathan Mayer; advocate, student, Stanford
  • Moms With Apps
  • Arvind Narayanan; and Vitaly Shmatikov.
  • Path; an app; spanked for u13 violations by the FTC; statement
  • Paul Ohm; professor (of law); Boulder CO?
  • Online Behavioral Advertising, or OBA.
  • Jules Polonetsky; founder, Future of Privacy Forum.
  • Privacy by Design
  • Peter Swire; law prof?; chair, DNT WG at W3C
  • Morgan Reed; executive director, Association for Competitive Technology, a trade group representing app developers.
  • Joel R. Reidenberg; professor, Center on Law and Information Policy, Fordham Law School
  • Senator John D. Rockefeller IV; VA-D.
  • Lisa J. Sotto; managing partner of Hunton & Williams, NY.
  • David C. Vladeck; professor; Georgetown Law; through 2013-01, director of the Bureau of Consumer Protection at the F.T.C.
  • Vitaly Shmatikov; and Arvind Narayanan
  • Wave Systems, product Scrambls
  • Worldwide Web Consortium (W3C)
  • W3C Tracking Protection Working Group
  • Mike Zaneis; general counsel, IAB.

Articles

Archaeological order, as usual

  • ; Why Do Not Track faces an uphill road; In Fortune; 2013-03-04.
    Teaser: ‘Do Not Track’ sounds a lot like ‘Do Not Call.’ But unlike telemarketing, online ad-tracking takes place unobtrusively, behind the scenes.
  • ; Web Privacy Becomes a Business Imperative; In The New York Times (NYT); 2013-03-02.
  • Do-Not-Track Online Act of 2013; Senators Rockefeller & Blumenthal; the bill itself. 12 pages.
  • Brendan Sasso; Rockefeller introduces bill to limit online tracking; In Hillicon Valley; 2013-02-28.
    Mentions

  • Natasha Singer; Senator Seeks More Data Rights for Online Consumers; In The New York Times (NYT); 2013-02-28.
  • ; In the Tracking Wars, It’s Browser Makers vs. Advertisers; In The New York Times (NYT); 2013-02-25.
  • Peter Swire (W3C); Full Steam On Do Not Track; In Their Blog; 2013-02-13.
    Statement: standard by 2013-Q3 (summer).
    Goals

    1. Create a standard through the W3C.
    2. Be consistent with the group’s charter.
    3. Make a change from the status quo.
    4. Justify why a user’s choice of DNT reduces tracking for participating web sites.
    5. Drive adoption of the final standard.
  • Mobile Privacy Disclosures: Building Trust Through Transparency; Federal Trade Commission (FTC); 2013-02-01.
    Promotions:

  • DAA Statement on DNT Browser Settings; press release; 2012-10-09.
    Mentions:

    • The DAA is a consortium of, among others:
      • American Association of Advertising Agencies (4A’s)
      • the American Advertising Federation (AAF)
      • the Association of National Advertisers (ANA)
      • the Direct Marketing Association (DMA)
      • the Interactive Advertising Bureau (IAB)
      • the Network Advertising Initiative (NAI)
    • Locations
    • The DAA Principles
      • Self-Regulatory Principles for Online Behavioral Advertising
      • Self-Regulatory Principles for Multi-Site Data.
    • Quotes:
      • <quote>The trade associations that lead the DAA do not believe that Microsoft’s IE10 browser settings are an appropriate standard for providing consumer choice. Machine-driven do not track does not represent user choice; it represents browser-manufacturer choice. Allowing browser manufacturers to determine the kinds of information users receive could negatively impact the vast consumer benefits and Internet experiences delivered by DAA participants and millions of other Web sites that consumers value. In addition, standards that are different than the consensus-based DAA Principles could confuse consumers and be difficult to implement. A “default on” do-not-track mechanism offers consumers and businesses inconsistencies and confusion instead of comfort and security.</quote>
      • <quote>The DAA Principles, self-regulatory program, and consumer choice tool is the only mechanism in the marketplace that truly provides consumers with clear transparency, choice, and meaning about how their data will and will not be used. For these reasons, the DAA’s constituent trade associations continue to support these efforts by the DAA.</quote>
  • Microsoft turns on ‘do not track’ by default in IE10; In CNN Money; 2012-06-01.
  • Jeff Blagdon; ‘Do Not Track’ Explained; In The Verge; 2012-10-12.
    Summary: historical survey

    • Lots of pointers to previous articles in The Verge
  • Christopher Soghoian; The History of the Do Not Track Header; In His Blog; 2011-01-21.
  • Paul Ohm; Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization; In UCLA Law Review; Vol. 57, No. 1701; 2010.
  • Philippe Golle; Revisiting the Uniqueness of Simple Demographics in the US Population; In Proceedings of WPES; 2006-10-30.
    Abstract-of-Abstract: The results generally agree with
    the findings of [10], although we find that disclosing one’s gender, ZIP code and full date of birth allows for unique identification of fewer individuals (63% of the US population) than reported previously.

    • L. Sweeney; “Uniqueness of Simple Demographics in
      the U.S. Population”; In Proceedings of LIDAPWP4; Available from Carnegie Mellon University, Laboratory for International Data Privacy; Pittsburgh, PA; 2000.
  • Arvind Narayanan and Vitaly Shmatikov; Robust De-anonymization of Large Sparse Datasets; 2008.
    Abstract-of-Abstract: We apply our de-anonymization methodology to the Netflix Prize dataset, which contains anonymous movie ratings of 500,000 subscribers of Netflix, the world’s largest online movie rental service. We demonstrate that an adversary who knows only a little bit about an individual subscriber can easily identify this subscriber’s record in the dataset. Using the Internet Movie Database as the source of background knowledge, we successfully identified the Netflix records of known users, uncovering their apparent political preferences and other potentially sensitive information.
  • Center for Democracy & Technology (CDT); Consumer Protection from Behavioral Advertising; 7 pages; 2007-10-31; Submitted to: Donald S. Clark; Secretary, Federal Trade Commission; In advance of the FTC Town Hall, “Behavioral Advertising: Tracking, Targeting, and Technology,” 2007-11-01 & 02 in Washington, D.C.