Hypotheticals

New Privacy

Privacy Hypotheticals

Privacy today is not what it was a decade ago. We have created a set of new privacy hypotheticals to provide examples of ways by which an individual can lose his or her privacy in today's digital world.

• Dustin Touglas is a film producer who understands that his reputation in the film
industry is essential and that BooTube views are now a measure of your appeal. Because
of this, he is careful to keep questionable and/or poorly shot material on private settings,
where people need a password to view it. He posted a video of himself complaining
about the band for which he was filming a music video. He complained about how their
music sucked, how they were only able to make this video because of the band
members’ wealthy parents, and how the girl in the band is a slut. Dustin’s a humorous
guy, especially when he’s drunk and pissed off. Tory, Dustin’s friend, used the password
to access the video and decided to repost it without a password. The video quickly shot
to the top of BooTube’s most viewed list. Dustin quickly contacts BooTube’s owner
company, Goggle. It takes Goggle four days to remove the video – enough time for
Dustin to lose his next contract with the band.

• For the last couple of weeks, Sam Brelinsky has been hooking up with Andrew,
the ex-boyfriend of Sam’s roommate and best friend, Ryan. Sam and Andrew decided it
was easiest to just keep it a secret, so they exclusively hook up at Andrew’s place. Last
night, Sam drank too much, blacked out, and lost his wallet. While Sam was in the
shower, Ryan realized he could digitally retrace Sam’s steps using the recorded GPS
information on Sam’s oPhone. Ryan picked up Sam’s phone and began going through
the information. Ryan was confused when he saw Sam was at Andrew’s house the night
before. Curious, Ryan looked further and realized that Sam has been at Andrew’s house
most nights of the week, often until the next morning.

• ThreeTriangle is a new social networking tool that lets you see friends and
friends-of-friends who are physically close to you at present. ThreeTriangle is meant to
serve as the link between people who may or may not have met before. When Katie
checks into a location, an announcement is sent to all of Katie’s friends and friends-of-
friends within a half-mile radius. ThreeTriangle designers want to maximize the
usefulness of the social network, so they set the default privacy settings as least secure
as possible. To ease security concerns, ThreeTriangle allows Katie to block certain users
from receiving any updates from her. This blacklist mechanism requires Katie to list the
ThreeTriangle user names of any people she wants not to receive updates. A blacklist is
in opposition of a whitelist, where Katie would have to approve a member before a
message is sent to that user.
Katie had blocked her ex-boyfriend from receiving her updates because he had a
bad habit of showing up wherever she checked in. Once he realized he hadn’t received
any updates from Katie, an avid ThreeTriangle user, he decided to make second
ThreeTriangle account, friend one of their mutual friends from that account, and head
down to her favorite row of bars and wait for her to check in at one of them. He
promptly heads to the next place she checks in and continues to “accidently” run into her
most weekend nights, without ever letting on that he is doing so through ThreeTriangle.

• Alexis Sillon lived an extravagant life for a while – partying internationally at
the hottest clubs. Carrying around her credit card was a drag, so she had an RFID chip
implanted into her hand with her name, birthdate (for age verification), and credit card
information on it. To close out her tab, all she had to do was wave her hand within five
feet of the club’s RFID reader.
Jon, a regional stock manager of the large chain Walshop, drove by the church
where Alexis was attending an AA/NA meeting. Jon used RFIDs to maintain stock
levels in the various Walshop. Because of the size of warehouses, Walshop bought the
most recent RFID readers, which had a range of 60 feet. As Jon was driving from one
store to another his RFID reader beeped. Looking over at the reader, he saw Alexis’s
name and information pop up on the reader. Thinking on his feet, he quickly wrote down
the information and began making subtle charges on her credit cards, which went
unnoticed for months.

• Marack Olama is the only Muslim male in a predominately white neighborhood.
He has a day job at a bank, but his real passion is to become a writer. He’s been working
on his first suspense novel at night for the past year. The search engine he uses,
Aluminum, gains extra money by selling sets of web searches that have been
“declassified.” One company looking to optimize advertising bought many of these data
sets for their analyses. Chris Green is in charge of this project and he notices something
suspicious when looking through the data sets. One user has an inordinate number of
searches of terms like “jihad” “train bombing” “dirty bombs” and “explosion impact
patterns.” More alarmingly, these searches are mixed in with searches related to his
neighborhood – in particular, directions to and from Marack’s house. Chris alerts the
police but as far as he can tell, the police do nothing.
Chris decides to take matters into his own hands and warn his neighbors. He
creates a website that identifies Marack as a homegrown terrorist and cites his searches
as proof. The website quickly picks up steam throughout the neighborhood and in the
general Internet community. The 6chan /d/ community catches wind of this website and
decides to launch a Goggle bomb. For the next two months, when someone began typing
“Marack” into the search bar, Aluminum suggested the autocomplete statement “Marack
is a homegrown terrorist.” When his first book hit the stands, many readers refused to
purchase or read it because Marack was “linked” to terrorist organizations.


• Stop and Buy is a grocery store that offers customers with Stop and Buy cards
customized coupons based on the customer’s previous purchases. These coupons are
profitable because Stop and Buy sells the information collected from the cards to
consumer analysts. A fertility clinic employs consumer analysts to determine which
neighborhoods purchase higher than average amounts of pregnancy tests. The fertility
clinic moves in and begins advertising with signs reading, “You’re not alone: 30% of
women in this neighborhood struggle with becoming pregnant!” accompanied by
pictures in which actual receipts were reconstructed (meaning, all the items on the
receipt were put photographed in a shopping cart) with the pregnancy test right on top.
Catherine Cavalier, a neighborhood woman who has been trying to get pregnant for two
years, recognizes her weekly shopping list in the cart – down to the same brands and less
common items.

• VictoriasSshhh.com uses cookies to make returning visitors’ shopping
experiences more pleasant. When someone visits the website, VictoriaSshh.com cookies
let the website suggest items similar to the user’s previous purchases and automatically
look for items in the user’s size. Her own laptop broken, Rachel Lee used her husband’s
laptop to purchase new bras and underwear on VictoriasSshhh.com. Rachel quickly
realized that the suggested sizes were not her size and the similar items were unlike
anything her husband had given her.
Rachel is able to log onto her husband’s Bookface account, since the default
setting is to remain logged in after closing the window. She looks through his messages
and discovers he is having an affair with a woman named Liz Narner. Rachel uses online
search service to look up Liz and finds her phone number. Only after leaving many,
increasingly aggressive voicemails does Rachel learn that the online search service
incorrectly listed a Liz Parner’s phone number as Liz Narner’s.

• Chelsea Tillet is the head of social networking for Parah Salin’s presidential
campaign. The heads of the campaign love what Chelsea is doing with social networking
but don’t know about her Furry fetish. Chelsea is a member of several private Furry
groups on Bookface, but is very careful to keep her membership private from her
colleagues. Dristol Salin, Parah’s daughter, is also working on the campaign in between
shooting episodes of Twirling With The Supernovas, a popular dance competition reality
show. Bored on Bookface one day, Dristol sees that she has many friends in common
with Chelsea and looks through them. Beyond fellow campaign workers, Dristol notices
that many of the friends in common are friends she met while at Furry conventions,
since she too has a secret Furry fetish.
Over the next few days, Dristol goes out of her way to walk by Chelsea, who is
always on Bookface, so that she can see Chelsea’s Bookface ads. In a surprising stroke
of intelligence, Dristol knows that Bookface’s ad formula fails to take into account
whether a user’s membership to a group is private or not. So the appearance of the same
ads that Dristol gets on Bookface confirm Dristol’s suspicion that Chelsea also has a
Furry fetish. Not willing to risk being exposed by Chelsea, Dristol begins to monitor
Chelsea’s email, as allowed by Chelsea’s contract, looking for anything upon which to
fire her. Dristol fires Chelsea for lack of support the minute Chelsea sends an email
questioning any of the campaign’s decisions.

• Davida Tat, a gossip blogger and coder, writes new program that utilizes free
facial recognition technology to identify plastic surgery. The program scans the web for
photographs of people whose features line up almost perfectly. The program uses
metadata from the photographs to determine the date of the photograph and compares
photographs for matches of seven out of eight measurements – nose, mouth, cheeks,
forehead, and area around eyes, breast, waist, and ears. If a person changes one of these
measurements dramatically in a short time period, the two photographs are delivered to
Davida’s inbox. If upon visual inspection Davida deems the change the work of a
surgeon, Davida will post the photographs on her blog as before and after shots. Readers
of the blog are encouraged to provide any details they know about the work, including
the name of the person and their surgeon.
    The majority of students at Dale University use the same cell phone provider,
SY&Y. SY&Y had a major data leak, and cell phone call and text records were released
for all users in the area surrounding the university. Students from the campus tabloid, the
Bumpus, downloaded this data set. The same students also pulled the cellphone numbers
of Dale students from the school’s facebook and students’ accounts on Bookface. These
lists were cross-referenced with each other to produce a list of who called whom and at
what times. Using only the weakest of deductions, they were able to publish a “Gettin’ It
On” list of likely hook-ups, based on number of days that two people exchanged calls
after 2 AM. They also published “Dale’s Finest,” a list of the twenty male and twenty
female students who called the largest number of different people after 2 AM in a single
month. That issue became the most read issue of Bumpus ever.

• Walshop uses RFIDs to maintain close records on their more expensive and
frequently stolen items such as electronics, razor blades and pregnancy tests. Robert
Whitmore, a stock manager, is walking by a group of Walshop employees on their break
when his RFID scanner begins picking up a signal. Robert demands to investigate their
bags to see if they have stolen anything. In Caitlin’s bag, he finds a pregnancy test box
and one used pregnancy test, which indicated “pregnant.” Caitlin had the paid for the
test and still had the receipt, so she was not accused of any wrongdoing. However, all of
her co-workers discovered she was pregnant, so when she later had an abortion it was
obvious that something had happened.
Jake Bevelyn and Morgan Mahs were best friends in high school, but since going
to college they have lost contact. Out of the blue, Jake receives an email saying that
Morgan posted a photograph of him on a new social networking website. Jakes not a
member of the site, so in order to view the photograph he must provide significant
personal information about himself, including his name, birthday, geographic location,
and educational background. Jake had plenty of photographs taken of him doing
embarrassing and/or illegal activity when he was younger, so now he must choose
between certain exposure of personal information or the possibility that that photograph
may incriminating or embarrassing.

• Hillary Baxon applies for a job with Sorgan Manley, a financial powerhouse. In
the hiring process, Sorgan Manley human resources employees search the Internet for
information on Hillary Baxon. They find the public profiles of Hillary’s friends, who
have posted hundreds of photographs and videos. Since the default setting on
photographs and videos is public, the photographs chronicling Hillary’s frequent bar
crawls, power hours, and anything-but-clothes (or lack-of-clothes) parties are easily
found.

• Home Depots in California recently began using RFID chips to help keep track
of quantities, manage shelves, speed up checkout, and generally improve consumer
experience. Each item in the store has a tiny RFID chip embedded in its packaging. This
allows Home Depot employees to remotely monitor which goods are running low and
what shelves need to be re-stocked. Since the RFID chips have a signal radius of ten
feet, this new technology also makes checkout much easier (no more moving everything
to that silly conveyor belt!).
Julia Twain has been buying enormous quantities of fertilizer over a period of six
months to help make a bomb. A clever and careful terrorist, Julia has spread her
purchases out over many Home Depots in California so as to escape the attention of the
authorities. Once she had gathered enough fertilizer, Julia constructed the bomb and
placed all the discarded fertilizer bags in opaque, black trash bags on the curb to be
picked up the next morning by the garbage truck.
The next morning, a police cruiser drove casually down Julia’s street looking for the a lost cat
with an RFID chip in its collar. Scanning the yards on the left and right with the
detectors, Officer Sam Ginsburg noticed an extremely large amount of RFID chips that
registered as fertilizer bags coming from a pile of trash outside one house. Officer
Ginsburg examined the house and saw no signs of landscaping or gardening, and the
quantity of fertilizer was enough to raise suspicions.
Officer Ginsburg returned the next day with a warrant to search Julia’s and found the
bomb along with detailed plans for an attack on a nearby subway station.

• Web-based information aggregator ChoicePoint builds profiles of individuals
based on information purchased or gathered from a variety of websites that harvest data
from their users. Chris Smith was applying for a very competitive teaching job at
Young’s Preschool. After several rounds of interviews, Chris was given the
disappointing news that he did not get the job. Chris felt that he was far more qualified
than all the other applicants, so he asked why he was not chosen. The preschool
disclosed that they contacted ChoicePoint to conduct a background search. The
information ChoicePoint provided was largely incorrect, including three ex-wives and a
statutory rape charge.

• Web-based information aggregator ChoicePoint builds profiles of individuals
based on information purchased or gathered from a variety of websites that harvest data
from their users. Chris Smith was applying for a very competitive teaching job at
Young’s Preschool. After several rounds of interviews, Chris was given the
disappointing news that he did not get the job. Chris felt that he was far more qualified
than all the other applicants, so he asked why he was not chosen. The preschool
disclosed that they contacted ChoicePoint to conduct a background search. The
information ChoicePoint provided was largely incorrect, including three ex-wives and a
statutory rape charge.

• One day, Barb Rasin invests in a new smartphone from the local phone store.
Excited with her purchase, she rushes home to upload her new phone number to her
private Facebook profile to alert her friends and family. Strangely, within a few hours
Barb begins receiving mysterious phone calls from callers asking her sexually explicit
questions and desiring to meet up. Confused, Barb searches her new phone number on
the Internet and realizes that Ax Chu, a transvestite hooker, has posted an ad for her
services on Craiglist but has accidently listed Barb’s new phone number to call. Either
that, or Barb’s new friends are playing a horrible prank on her.
Unfortunately, not only does Barb’s new phone continue ringing off the hook
with potential suitors, but also unbeknownst to her the data-aggregating, public profile
site Spokeo has linked information from the Craiglist ad to its listing of her information.
Quickly, other data-aggregrating, public profile sites also add “transvestite prostitute” to
Barb’s occupation list. When Barb attempts to email these websites to get this
information removed, they demand that she send them a copy of driver’s license to
prove who she is. The problem is, her driver’s license shows her gender to be female,
and given her occupation, these websites are skeptical that the license is real, so they
refuse to take her public profiles down.

• Sylvia Rifkin gets arrested for the misdemeanor charge of interfering with an
officer during a raid of Levitate night club. Incidental to this arrest, the police scroll
through her phone as part of a search of her person. In doing so, they find emails
detailing her close ties to a potentially violent political organization dedicated to saving
the whales. Intrigued, the officers make a note of these connections, add this information
to her police file, and release Sylvia.
The next time Sylvia is at the airport, TSA sends her through extra security
because her name is now linked with a suspicious political organization. Undeterred,
she eventually boards her flight after extra interrogation but is surprised to experience
the same treatment on her ride home. Upon talking with the Customer Relations desk at
her home airport, she learns that her new background profile means that she will never
fly easily again. This is particularly problematic because Sylvia works as a consultant.
Sylvia must fly frequently as a part of her job and needs to be able to get to urgent
appointments quickly.
Some months after the initial change to her profile, Sylvia’s car company client,
Fonda, demands her immediate presence for crisis management in the wake of an
impending recall of their new car, the Concord. When Sylvia attempts to rush through
the airport with her boss, TSA once again singles her out for super-enhanced security,
but this time it causes her to miss her flight altogether. Sylvia’s boss, enraged by her
failure to make the meeting in time and suspicious of the reasons behind Sylvia’s
detention fires her on the spot.

  • Jonas Schmonas is an assistant manager at the local UPS branch. Unbeknownst
to him, he is a distant--but not too distant--relative of the recently deceased billionaire
Wilson Bumfort. Part of Mr. Bumfort’s will included a clause that $100 million be given
to each of his living relatives, so his attorneys use ancestry.com to locate these
Schmonas clicks on them. As soon as he arrives at these sites, the companies collect his
IP address, name, and web browsing habits through cookies placed on his computer.
These cookies enable the companies to identify Mr. Schmonas completely and he begins
receiving paper advertisements through the mail for an array of wealth-related services.
In spite of Mr. Schmonas’s best efforts to remove himself from these mailing lists, the
advertisements deluge his office and apartment building, attracting the attention of
colleagues and neighbors. Sebastian Tark, a local reporter living in Mr. Schmonas’
building, takes a special interest in the vast array of wealth-related mailings and decides
to investigate Mr. Schmonas. During his investigation, Sebastian uses a similar site to
ancestry.com to uncover the relationship between Mr. Schmonas and Wilson Bumfort.
With this, Sebastian infers that Mr. Schmonas has indeed received a sizable sum of
money.
Seeing the potential to break a big story, Sebastian writes about his find in the
local paper, revealing the details of Mr. Schmonas’s mailings as well as the nature of his
relationship to Wilson Bumfort. Quickly, big media players like The New York Rhymes
and Washington Roast as well as Mr. Bumfort’s local evening news pick up the story.
Mr. Schmonas is devastated by this exposure, having immediately received a mix of
hatemail and ingratiating emails that affirmed his worst fears that his new wealth would
harm his friendships.
Worse still, local thieves learn of the new money in their midst. They Google
Mr. Schmonas’s home on Google Earth, verifying not only his address but also his
complete lack of home security. So, that night just as Mr. Schmonas is lying back to
have an evening drink to take the edge off the night, these men break into his apartment
and rob him of all his belongings.

• Sophia Landa goes streaking through the library as part of the annual Jale
University naked finals run. While she normally would never partake in this sort of
activity, her friends convince her by explaining that the “audience” will be only be other
students who have key-card access to the library. Unfortunately, Sophia fails to
anticipate the interest of the night-shift security guard, who records her on his camera
phone as she runs past him. Before she even gets back to her dorm later that night, the
security guard has uploaded the video for the entire public to see, making Sophia’s
somewhat-private run into an international peep-show. Horrified, Sophia’s parents pull
her out of school even as the general public online quickly traces her identity using the
name of her University as well as the semi-public directory that the University posts
online. Searches of “Sophia Landa” now turn up more Google videos of her naked run
than she could ever hope to have taken down.

  • Tale-New Baven Hospital releases a set of de-identified patient treatment data.
Unfortunately, the data contains gender and tracks the progression of each person’s
disease with the dates of different appointments. University students at MIT want to
make a point about how de-identified data is definitely not non-identifiable. They put it
together with publically available GPS data and personal information from the social
networking site, ThreeTriangle. This allows them to identify some of the individual
patients, including Mary Gibbs. Through a simple algorithm, it is now publically known
that Mary Gibbs has HIV/AIDS.

  • Doel Circus lends his laptop to his friend, Dobby Bresser, to check his online
bank statement. Dobby failed to press the tab button hard enough to switch from the
“user name” field to the “password” field. As a result, he types her username
(DBresser1992) and password (password1234) into the same box. BankofUSA.com
cookies record this information to make it easier for the next time Dobby visits the site
from that computer. The next time Doel goes to BankofUSA.com and types “d” into the
user name field, Dobby’s username and password friend pop up.

• Ax Zho just got a new job with Orange Media. A big user of the new social
networking site, StatusUpdate, Ax posts about his new job right away. Considering his
new employment status, he makes sure to edit his privacy settings so that unapproved
users cannot see any of his photos or statuses.
Ax starts his new job, and while he loves most things about it, he quickly
develops a deep hatred for his immediate supervisor. Because no one at the company is
linked to him on StatusUpdate, he starts to post hateful comments about his supervisor
under the username AxZho as early as his second day of work. At the very end of its
privacy policy, StatusUpdate includes a clause that reads: “We reserve the right to
change this Privacy Policy at any time.” Three weeks into his new employment,
StatusUpdate changes it’s privacy settings so that users have to specifically opt out of
sharing current statuses, past statuses, and statuses that are more than two weeks
old. There is no way to know this change occurred unless users visit the Privacy Policy
on StatusUpdate.com to check for changes. Employees at the company who also use
StatusUpdate.com on a daily basis discover Ax Zho’s two week-old posts, and word of
his feelings quickly gets around. Eventually it reaches his supervisor and Ax is
promptly fired.

  • One fine summer day, a Bank of America in Manhattan was robbed. Three
armed men in ski masks burst through the doors shortly after 2:00 pm, waving machine
guns and shouting demands. They were out the door with bags full of cash in under ten
minutes, but they did not realize that the silent alarm had been sounded the instant they
entered the bank.
As they sped away in their getaway van, a handful of police cars followed. But
before the van could get more than ten blocks from the bank, the robbers encountered a
road block set up by the police and were forced to pull over. The police forced the three
of them out of the van and took them into the station.
Once in custody, the robbers had their smartphones confiscated. Two were
locked, so the police dumped the contents of the phones’ hard drives and then examined
the data. They found a significant number of text messages between the three criminals
planning the operation.
The third phone was not password-protected, and the police has free reign over
its contents. They scoured the criminal’s emails, which contained a large number of
receipts and confirmations from various banks. Curious, they logged into the phone’s
owner’s bank account from the smartphone using the saved password on the bank’s
mobile site. Information found in the online account provided incriminating evidence
that linked the detainee to various money laundering operations, a significant amount of
fraud, and a series of other armed robberies in the area.