Personal Blog

Fun with Numbers - What Privacy?

Posted by K Krasnow Waterman on Mon, May 28, 2007 @ 12:05 PM
For most of us, privacy is an important issue.  We talk about, write about, sue each other over it, and debate the extent to which it is our Constitutional right.  We know that our original notions of privacy have been drastically eroded by the amount of data collected about us every day.  Every time you buy with a credit card, debit card, or even pay cash and use a discount card, the records are collected and aggregated.  Every time you pay a bill, borrow money, or ask to borrow money,  the information is collected and stored together.  There's work being done right now to do the same things with all of your medical records. 

What's happening to all this information?  Private companies are using the information to trying to figure out what to sell you next, whether to extend you credit, and to whom they can sell your name and information.  The government is using the information to try to figure out if you are a law-abiding citizen.  And, your friends, family, and acquaintances may be using it just to find out what you haven't told them directly.  (In response to a challenge recently, in five minutes on Google, I was able to retrieve a friend's secondary address, parent's and sibling's names, religion, political party affiliation, last job, current job, foreign language spoken, and a hint about his financial position.) 

Criminals want to gain access to your private personal information, too.  They want to use it to take advantage of you -- most typically by fraudulently posing as you and making credit purchases.  Some of them want to use or sell your identity more generally, in order for someone else -- typically an illegal immigrant or another criminal -- to be able to hide from the authorities by posing as you on a day-to-day basis. 

So, how likely is it that your private personal information will end up in the wrong hands? 


The most recent US Census statistics estimate that there are about 225 million adults in the US (aged 18 and over).  The Privacy Rights Clearinghouse has been trying to keep track of all of the instances when an organization has lost private personal information, including everything from hacker attacks on universities to laptops and disks lost by employees.  It's current total for 29 months (January 2005 to May 2007) is over 155 million records lost that contain information useful to identity thieves.  But, about 15% of the incidents do not have reported loss numbers; so, I estimate the true number to be around 182 million (155/.85).  And, that results in an estimate of approximately 75 million records lost or stolen per year (182 * 12/29).  Or, approximately 225 million records lost or stolen in three years.  Of course, this does not mean that every US adult's data will be lost or stolen in a three year period; some unlucky souls will have their data compromised more than once, while others will not be affected.

In addition to large scale losses of information by those we entrust with our digital data, there are lots of small scale ways to lose our personal information.  A Gartner Group analyst reported that 1.2 million Americans a year believe they have given their personal information to a criminal on the internet, but that same group is reported to have estimated that the true number for 2006 would be 3.5 million.  Large numbers of credit cards (or credit card numbers) are lost or stolen every year:  A Harris poll reported that 16% of American adults had had a credit card used by someone they didn't know.  And, a 2004 study for the Federal Trade Commission found that identity theft victims who did know who stolen their identity, nearly always reported manual (non-computer, non-digital) theft by family members, friends, neighbors, in-home employees, co-workers,  sales employees, and financial institution employees, people who had access to the physical cards, receipts, or statements. 

According to the FTC report, 4.6% of survey respondents reported they had been victims of identity theft in the past year; extrapolated across the adult population today, that would be about 10.4 million new victims per year.  If that number weren't escalating, you'd be at risk for identity theft about once every 22 years during your adult lifetime.  However, the FTC study found that the rate of discovery of identity theft nearly doubled from one year to the next.  If that trend continued, in 5 years the entire adult population would be compromised each year.  Clearly, that won't happen, as consumer awareness increases and anti-fraud technologies improves.


 In US
 Per Year
Adults   225 million 
Estimated digital records lost or stolen
with personally identifiable information
  75 million 
Estimated number of adults who give
personal information to phishers and
other online criminals             
   3.5 million
Estimated number of individuals
who were victims of identity theft (2003)  
    10.4 million

The bottom line is that there's lots of information floating around about most of us and quite a bit of it is in the hands of people or systems we never intended. 


Post Script: Should I care that I don't have much privacy?

There are two ways to think about this.  1) It's not a problem; it's just part of evolution.  Look at YouTube and MySpace; the next generation is creating permanent, open records about things that older generations would never want publicly known.  In the not-too-distant future, privacy will be dead as a concept.   2)  It is a problem.  Privacy (like discretion) is more appreciated with age.  Identity theft and credit card fraud will become such a time-consuming and costly issue that protections are a better alternative.  I admit I have my toe in the water of the first camp, but that my weight (and work) still fall heavily in the second.

Article has 1 CommentClick here to read/write comments

Topics: public policy, privacy, technology b2c

MIT - March - California Deamin'

Posted by K Krasnow Waterman on Wed, Apr 26, 2006 @ 23:04 PM
The month of March was marked by moving in different directions. 

In the first half of the month, we finished the first half of our final semester.  At MIT Sloan, there are half semester courses and I'm happy to report the end of Systems Dynamics.  As I've mentioned before, it was a great course, but a lot of work. We each had to develop a personal project and mine was an analysis of the cycle of the growing volume of data in the world, wanting to improve data privacy, and the creation of new data in an effort to protect privacy.  (I didn't solve the problem but I did learn from this course that I tend to see intractable problems as vicious cycles.  This gives me a lot of insight into how to address them differently in the future.)  The most impressive output of the course was an analysis of the problem of violence in the Middle East jointly prepared by a citizen of Saudi Arabia and a citizen of Israel.

Two weeks of the month were out of class and away from Boston.  One week, we took a trip to San Francisco/Silicon Valley and heard from some of the country's leaders of technical innovation.  We also had a chance to meet some of our Stanford counterparts (there is another Fellows program there) over lunch.  That was enjoyable and informative -- it turns out that we have a lot of the same experiences and concerns.  I also got to sneak in some time with a Stanford member of the TAMI research team - Deb McGuinness - and help with the preparation for the AAAI presentation.  All in all, March was a time for a lot of of private consulting and some intense thesis drafting, so there wasn't much "break," but I did get to do a bunch of my work at home on the back porch in the Arizona sunshine with the dog at my feet. :-)




Article has 0 CommentsClick here to read/write comments

Topics: MIT - Sloan Fellows, privacy