I don't think people set little store by "privacy" writ large, it's just that conversations about privacy are usually pretty remote from the kinds of privacy that I care about and that I suspect a lot of people care about. Why should anyone care about an Amazon algorithm, where no humans see the results connected to the customer's name, guessing their age or other demographics, in order to show you stuff they think you'd like to buy? It's different when it's the government, though; the government can fine, conscript, or arrest people, among other materially harmful things. People care about privacy relationally; it just doesn't make sense to think of privacy as a binary of "information public" vs. "information hidden". What people care about is like "I don't want my employer seeing my exercise habits / my relatives seeing my sexts / hiring managers and landlords seeing my political activities or family planning intentions / abusive exes seeing my physical location / the state keeping a record of my conduct for use in some kind of social credit system." What's worrisome is that the government can get access via subpoenas to some of the data private companies are tracking, but it's hard to see how making the census marginally less accurate helps.
The loss of digital privacy coincides with a massive surplus of privacy in physical reality. Try growing up in a small town. If you took a different girl than usual to the Blockbuster to pick up a movie on Friday night, your mom's friend's cousin would know about it by Saturday morning. I guess it's true that Facebook and Google probably know weird stuff about me; but in every meaningful human sense, I have way more "privacy" than all of my ancestors.
"This is fine if you’re an ideological libertarian who cares mostly about making the state ineffective."
I know this was tongue-in-cheek, but as an ideological libertarian myself I must object. I don't want an ineffective state--I want a state that is highly effective within a narrowly defined scope.
I know many people who work/worked at the equivalent Australian organisation. The sense I got was always that they just accepted privacy axiomatically as a good thing. No one ever considered trade-offs instead it was just a thing which they did.
There's also a significant portion of maths/computer people working at these places for whom privacy maximisation is quite simply an interesting intellectual challenge and that very quickly becomes an end in and of itself.
Meta-observation: this was probably the first time Slow Boring alerted me to a topic entirely off my radar. (Well, there was the whole "Chad" thing, but that was half-joking...)
I liked it. An interesting twist on wonkery, reporting detailed changes like this. Good to mix in with some of the opinions - which I like, but often simply reinforce opinions I already hold.
The thing about all the data gathered online for advertisers is that it's used mostly for bullshit. I work in advertising (though on the creative side, not in data, analytics or media buying) and can tell you a lot of what we do is bullshit. Most of it isn't even in the ads – those are straightforward compared to what vendors, agencies and clients tell each other.
Data is the latest hotness in advertising. Previously we had VR/AR and Account Planners/Strategists with British accents. While there's value in all these, they're often used by agencies to bullshit their clients that they're using the latest, trendiest, ideas. The clients than bullshit their bosses, who bullshits the CMO, who bullshits the CEO, who bullshits the board, who bullshits the shareholders. Though in the end, consumers often walk into a store and buy your client's product instead of a competitor's and this whole apparatus gets justified.
There's a reason targeting often tries to sell you stuff you've already brought and uses dumb localization like "Hey NYC, aren't are our pickup trucks great?". It's because advertisers want to sell to clients way more than they want to sell to consumers.
I agree with Matt's larger point about the perverseness of requiring the administrative state to have less access to private data than commercial entities, but I'm still not clear on what Census is doing for the 2020 census that it especially problematic.
Title 13 requires the census to avoid disclosure. Here's a working paper from the Census (https://www.census.gov/library/working-papers/2018/adrm/cdar2018-01.html) that describes how they did it from 1970-2010. If you ask the Census people, the 2020 method that uses differential privacy is less hamfisted than previous methods that just blanked out tables or injected synthetic data using cruder methods. Are they wrong about that?
What I sort of suspect is happening is that privacy researchers in academia know a lot about differential privacy, which requires lots of fancy statistics and is the new hotness, and so poking holes in the Census's 2020 method generates academic papers in a way that saying, "deleting tables and blanking out data is bad" doesn't. It's fine to say that Census is screwing up differential privacy in 2020 but if it's still an improvement (again, I don't know!) on what they were doing 1970-2010 then we've kind of lost the plot here.
I have seen a lot of stupidity on this subject. Anybody remember how during the Obama years we had the terrible fears that the NSA would be preserving telephone billing records? Yep. They were going to know who was calling who and when forever. Big deal thinks I. That information is absolutely useless except forensically and it can only be accessed by a FISA warrant. I was quite comfortable being buried in a mass of information of stupendous size. I do not care if anyone in any government knows what my favorite pizza place might be. Forensically on the other hand it was a great idea to collect this information and preserve it.
Timothy McVeigh was caught within hours of committing a horrendous act of terrorism. How? Well the rear axle of the truck he rented and filled with explosives had a serial number on it. All part of quality control and product tracing every manufacturer does. Through GMs database that number was attached to a VIN number which led to the rental outfit that led to Tim. And it happened within minutes of knowing that axle number.
Now a stupendous pile of phone records or similar data is absolutely useless for finding anyone before they commit a criminal or terrorist act. But once they have done it then you are absolutely going to want to know who that person was talking to and probably for years. It was a great idea that enhanced everyone's security. Except for the paranoid for whom nothing is ever satisfactory.
> Some jurisdictions have moved toward automated enforcement of speeding rules via cameras which is good ...
This is bad, actually. Yeah it catches more violators, but speed limits being inviolable is a problem. Speed limits aren't well-suited to describing the actual circumstances of the road, where sometimes it makes sense to go faster, and sometimes it makes sense to go slower. If you don't let someone go 50 in a 40 when the road is open and visibility is good, you're actually just incinerating time from people's lives for no gain.
If we want automatically enforced speed limits, we should make speed limits suck less, first
I am not authorized to speak on behalf of my employer, but I want to say all the big tech companies are working on differential privacy. I personally work on differential privacy at a big tech firm and I know people who do the same at every other big tech firm. The Census in this case is helping set an example.
Also, the idea of differential privacy is not really just that you just aggregate at higher levels to eliminate the noise. The shape of the introduced noise is disclosed. When you do statistical analysis, you always assume some noise in your data. When analyzing differentially-private datasets, you basically just include the noise as part of your model.
The other really nice thing about differential privacy is that it is quantifiable and provable. That's going to make it a lot easier to communicate about privacy, set standards, etc... In and of itself, the Census' adoption isn't going to make a huge difference. But it is contributing to an overall trend in the correct direction.
On a lighter subject than terrorism consider transportation planning. You know what is really useful to planning that? Knowing where you are coming from and where you are going door to door. And not just when you turn a turnstyle. If you want better public transportation stop being a paranoid idiot.
This is a bit tangential, but I've always wondered why there was so much hand wringing about the privacy implications of supermarket and drug store loyalty cards. The deal always seemed straightforward:
1. The store would like to know what you're buying
2. This data has value so they pay you for it in the form of discounts
3. It's easy to opt out on any transaction — don't scan the card, or if you're paranoid, use cash
4. This is information I want the store to know – I'm happy to tell the store which SKU of toothpaste I use so they're more likely to stock it
5. The most privacy concerning purchases – prescription meds – I believe are covered by HIPPA
I don't really understand the practical concerns about privacy. The people I know who are super concerned have a wildly inflated view of their own importance. When they rant I just think to myself - no one gives a shit about your or what you do.
That said I can certainly understand if you're friends with our boss or co-workers on Facebook don't post photos of your drunken shenanigans at 12:30am and call in sick later that morning. Is that what people are talking about? I don't get the sense that they are. It's more a concern about some faceless entity doing something they can't quite define.
I've noticed that privacy advocates tend to take a very siloed approach when evaluating these issues.
So for COVID19 tracking apps, they might say "here's all the possible data it could reveal about you", rather than "here's the additional information it could reveal, on top of what Facebook and the cellular carriers already track."
I don't know whether opt-in contact tracing was ultimately a good goal or not, but personally it made me feel more comfortable. I really appreciated that Google and Apple seemed to work really hard on making an API that could be used by health services to track data between nearby phones for spread _without_ revealing who those people were (keys changed regularly, it would push to YOU that you had been near someone, but not tell health services).
I felt completely reassured by this, and was eager to download the contact tracing app that supported their API and.... couldn't ever find it. And never saw advertisements or any info on twitter or anything else on how to download it. (Maybe it came about later, but I was barely coming in contact with anyone anyway, so there's some inertia to over come for checking)
I'm not convinced privacy issues were the problem here, in that even when I _wanted_ to download an app with these protections that Google/Apple made possible, I could not FIND it.
As for cops bricking cars - sounds good, but any backdoor you put in a car is something that can be used by rogue actors. If you create a backdoor for the gov't you create a backdoor for everyone. I'm _more_ in favor of allowing existing backdoors to be usable by the gov't(perhaps to help with the census) than creating new ones.
On several occasions I’ve done research on sensitive business data that had to be provided by a firm with a government agency overseeing. Invariably the firm reps tell me their competitors already know all this stuff and are pretty nonchalant about disclosure while the gov agency insists I can’t report X or Y because the firms have a right to privacy. So, names can’t be used, data are turned into indices that can’t be reverse engineered, regressions redact coefficients, stuff like that. The agency is just following the rules, of course, but it’s always funny how the protected business shrugs with a “meh” during the data gathering.
I don't think people set little store by "privacy" writ large, it's just that conversations about privacy are usually pretty remote from the kinds of privacy that I care about and that I suspect a lot of people care about. Why should anyone care about an Amazon algorithm, where no humans see the results connected to the customer's name, guessing their age or other demographics, in order to show you stuff they think you'd like to buy? It's different when it's the government, though; the government can fine, conscript, or arrest people, among other materially harmful things. People care about privacy relationally; it just doesn't make sense to think of privacy as a binary of "information public" vs. "information hidden". What people care about is like "I don't want my employer seeing my exercise habits / my relatives seeing my sexts / hiring managers and landlords seeing my political activities or family planning intentions / abusive exes seeing my physical location / the state keeping a record of my conduct for use in some kind of social credit system." What's worrisome is that the government can get access via subpoenas to some of the data private companies are tracking, but it's hard to see how making the census marginally less accurate helps.
The loss of digital privacy coincides with a massive surplus of privacy in physical reality. Try growing up in a small town. If you took a different girl than usual to the Blockbuster to pick up a movie on Friday night, your mom's friend's cousin would know about it by Saturday morning. I guess it's true that Facebook and Google probably know weird stuff about me; but in every meaningful human sense, I have way more "privacy" than all of my ancestors.
"This is fine if you’re an ideological libertarian who cares mostly about making the state ineffective."
I know this was tongue-in-cheek, but as an ideological libertarian myself I must object. I don't want an ineffective state--I want a state that is highly effective within a narrowly defined scope.
I know many people who work/worked at the equivalent Australian organisation. The sense I got was always that they just accepted privacy axiomatically as a good thing. No one ever considered trade-offs instead it was just a thing which they did.
There's also a significant portion of maths/computer people working at these places for whom privacy maximisation is quite simply an interesting intellectual challenge and that very quickly becomes an end in and of itself.
Meta-observation: this was probably the first time Slow Boring alerted me to a topic entirely off my radar. (Well, there was the whole "Chad" thing, but that was half-joking...)
I liked it. An interesting twist on wonkery, reporting detailed changes like this. Good to mix in with some of the opinions - which I like, but often simply reinforce opinions I already hold.
The thing about all the data gathered online for advertisers is that it's used mostly for bullshit. I work in advertising (though on the creative side, not in data, analytics or media buying) and can tell you a lot of what we do is bullshit. Most of it isn't even in the ads – those are straightforward compared to what vendors, agencies and clients tell each other.
Data is the latest hotness in advertising. Previously we had VR/AR and Account Planners/Strategists with British accents. While there's value in all these, they're often used by agencies to bullshit their clients that they're using the latest, trendiest, ideas. The clients than bullshit their bosses, who bullshits the CMO, who bullshits the CEO, who bullshits the board, who bullshits the shareholders. Though in the end, consumers often walk into a store and buy your client's product instead of a competitor's and this whole apparatus gets justified.
There's a reason targeting often tries to sell you stuff you've already brought and uses dumb localization like "Hey NYC, aren't are our pickup trucks great?". It's because advertisers want to sell to clients way more than they want to sell to consumers.
I agree with Matt's larger point about the perverseness of requiring the administrative state to have less access to private data than commercial entities, but I'm still not clear on what Census is doing for the 2020 census that it especially problematic.
Title 13 requires the census to avoid disclosure. Here's a working paper from the Census (https://www.census.gov/library/working-papers/2018/adrm/cdar2018-01.html) that describes how they did it from 1970-2010. If you ask the Census people, the 2020 method that uses differential privacy is less hamfisted than previous methods that just blanked out tables or injected synthetic data using cruder methods. Are they wrong about that?
What I sort of suspect is happening is that privacy researchers in academia know a lot about differential privacy, which requires lots of fancy statistics and is the new hotness, and so poking holes in the Census's 2020 method generates academic papers in a way that saying, "deleting tables and blanking out data is bad" doesn't. It's fine to say that Census is screwing up differential privacy in 2020 but if it's still an improvement (again, I don't know!) on what they were doing 1970-2010 then we've kind of lost the plot here.
I have seen a lot of stupidity on this subject. Anybody remember how during the Obama years we had the terrible fears that the NSA would be preserving telephone billing records? Yep. They were going to know who was calling who and when forever. Big deal thinks I. That information is absolutely useless except forensically and it can only be accessed by a FISA warrant. I was quite comfortable being buried in a mass of information of stupendous size. I do not care if anyone in any government knows what my favorite pizza place might be. Forensically on the other hand it was a great idea to collect this information and preserve it.
Timothy McVeigh was caught within hours of committing a horrendous act of terrorism. How? Well the rear axle of the truck he rented and filled with explosives had a serial number on it. All part of quality control and product tracing every manufacturer does. Through GMs database that number was attached to a VIN number which led to the rental outfit that led to Tim. And it happened within minutes of knowing that axle number.
Now a stupendous pile of phone records or similar data is absolutely useless for finding anyone before they commit a criminal or terrorist act. But once they have done it then you are absolutely going to want to know who that person was talking to and probably for years. It was a great idea that enhanced everyone's security. Except for the paranoid for whom nothing is ever satisfactory.
> Some jurisdictions have moved toward automated enforcement of speeding rules via cameras which is good ...
This is bad, actually. Yeah it catches more violators, but speed limits being inviolable is a problem. Speed limits aren't well-suited to describing the actual circumstances of the road, where sometimes it makes sense to go faster, and sometimes it makes sense to go slower. If you don't let someone go 50 in a 40 when the road is open and visibility is good, you're actually just incinerating time from people's lives for no gain.
If we want automatically enforced speed limits, we should make speed limits suck less, first
I am not authorized to speak on behalf of my employer, but I want to say all the big tech companies are working on differential privacy. I personally work on differential privacy at a big tech firm and I know people who do the same at every other big tech firm. The Census in this case is helping set an example.
Also, the idea of differential privacy is not really just that you just aggregate at higher levels to eliminate the noise. The shape of the introduced noise is disclosed. When you do statistical analysis, you always assume some noise in your data. When analyzing differentially-private datasets, you basically just include the noise as part of your model.
The other really nice thing about differential privacy is that it is quantifiable and provable. That's going to make it a lot easier to communicate about privacy, set standards, etc... In and of itself, the Census' adoption isn't going to make a huge difference. But it is contributing to an overall trend in the correct direction.
On a lighter subject than terrorism consider transportation planning. You know what is really useful to planning that? Knowing where you are coming from and where you are going door to door. And not just when you turn a turnstyle. If you want better public transportation stop being a paranoid idiot.
This is a bit tangential, but I've always wondered why there was so much hand wringing about the privacy implications of supermarket and drug store loyalty cards. The deal always seemed straightforward:
1. The store would like to know what you're buying
2. This data has value so they pay you for it in the form of discounts
3. It's easy to opt out on any transaction — don't scan the card, or if you're paranoid, use cash
4. This is information I want the store to know – I'm happy to tell the store which SKU of toothpaste I use so they're more likely to stock it
5. The most privacy concerning purchases – prescription meds – I believe are covered by HIPPA
I don't really understand the practical concerns about privacy. The people I know who are super concerned have a wildly inflated view of their own importance. When they rant I just think to myself - no one gives a shit about your or what you do.
That said I can certainly understand if you're friends with our boss or co-workers on Facebook don't post photos of your drunken shenanigans at 12:30am and call in sick later that morning. Is that what people are talking about? I don't get the sense that they are. It's more a concern about some faceless entity doing something they can't quite define.
I've noticed that privacy advocates tend to take a very siloed approach when evaluating these issues.
So for COVID19 tracking apps, they might say "here's all the possible data it could reveal about you", rather than "here's the additional information it could reveal, on top of what Facebook and the cellular carriers already track."
I don't know whether opt-in contact tracing was ultimately a good goal or not, but personally it made me feel more comfortable. I really appreciated that Google and Apple seemed to work really hard on making an API that could be used by health services to track data between nearby phones for spread _without_ revealing who those people were (keys changed regularly, it would push to YOU that you had been near someone, but not tell health services).
I felt completely reassured by this, and was eager to download the contact tracing app that supported their API and.... couldn't ever find it. And never saw advertisements or any info on twitter or anything else on how to download it. (Maybe it came about later, but I was barely coming in contact with anyone anyway, so there's some inertia to over come for checking)
I'm not convinced privacy issues were the problem here, in that even when I _wanted_ to download an app with these protections that Google/Apple made possible, I could not FIND it.
As for cops bricking cars - sounds good, but any backdoor you put in a car is something that can be used by rogue actors. If you create a backdoor for the gov't you create a backdoor for everyone. I'm _more_ in favor of allowing existing backdoors to be usable by the gov't(perhaps to help with the census) than creating new ones.
On several occasions I’ve done research on sensitive business data that had to be provided by a firm with a government agency overseeing. Invariably the firm reps tell me their competitors already know all this stuff and are pretty nonchalant about disclosure while the gov agency insists I can’t report X or Y because the firms have a right to privacy. So, names can’t be used, data are turned into indices that can’t be reverse engineered, regressions redact coefficients, stuff like that. The agency is just following the rules, of course, but it’s always funny how the protected business shrugs with a “meh” during the data gathering.