Tag Archives: privacy

Protecting Digital Privacy in Public Shaming Era

by Julia Angwin ProPublica
January, 2017

Every January, I do a digital tune-up, cleaning up my privacy settings, updating my software and generally trying to upgrade my security. This year, the task feels particularly urgent as we face a world with unprecedented threats to our digital safety.

We are living in an era of widespread hacking and public shaming. Don’t like your political rivals? Beg Russia to hack them, and their emails mysteriously show up on Wikileaks. Don’t like your ex-spouse? Post a revenge porn video. Don’t like your video game opponents? Find their address online and send a SWAT team to their door.

And, of course, the US government has the capability to do even more. It can spy on much of the globe’s Internet traffic and has in the past kept tabs on nearly every American’s phone calls. Like it or not, we are all combatants in an information war, with our data under constant siege.

So how can ordinary people defend themselves? The truth is you can’t defend everything. But you can mitigate threats by reducing how much data you leave exposed for an intruder to grab. Hackers call this minimizing your “attack surface.”

The good news is that there are some easy steps you can take to reduce the threat. Here is what I am doing this year:

Updating Software

Every year, I ditch old buggy software that I don’t use and update all the software that I do use to its most current version. Exploiting software with known holes is one of the ways that criminals install ransomware — which holds your data hostage until you pay for it to be released. (Read the FBI’s tips on avoiding and mitigating ransomware attacks.)

Making Passwords Longer

This year, I’m working to lengthen my passwords to at least 10 characters for accounts that I don’t care about and to 30 characters for accounts I do care about (email and banking). After all, in 2017, automated software can guess an eight-digit password in less than a day.

Most importantly, don’t re-use passwords. You don’t have to think of unique passwords yourself — password management software such as 1Password, LastPass will do it for you. EFF technologist Jacob Hoffman-Andrews makes a very good case for password management software being the best defense against a phishing attack. (Phishing is how the email of John Podesta, Hillary Clinton’s campaign chairman, got hacked).

Securing Communications

The good news is that it’s never been easier to send encrypted text messages and make encrypted phone calls on the phone apps Signal and WhatsApp. However, please note that WhatsApp has said it will share users’ address books with its parent company, Facebook, unless they opted out of the latest privacy update.

Of course, people who receive your messages can still screenshot and share them without your permission. On Signal you can make it slightly harder for them by setting your messages to disappear after a certain amount of time. In WhatsApp, you can turn off cloud backups of your chats, but you can’t be sure if others have done the same.

Protecting Mobile Web Browsing

The websites that you browse are among the most revealing details about you. Until recently, it was hard to protect mobile web surfing, but this year there are a lot of good options for iPhones. You can use privacy protecting standalone web browsers such as Brave or Firefox Focus, or install an add-on such as Purify that will let you browse safely on Safari. In an excess of excitement, I’m currently using all three!

Of course, blocking online tracking also means blocking ads. I hate to deny worthy websites their advertising dollars, but I also think it’s unfair for them to sell my data to hundreds of ad tracking companies. Brave is building a controversial system that pays publishers for users’ visits, but it remains to be seen if it will work. In the meantime, I try to subscribe or donate to news outlets whose work I admire.

Dropping Dropbox

You wouldn’t leave your most sensitive documents in an unlocked filing cabinet, so why do you keep them in unencrypted cloud services such as Google Drive and DropBox? Those companies can read your files, as can anyone with a link to your documents. One option is to password protect your files before uploading them. But I prefer a cloud service that encrypts for me. In my usual overkill approach, I’m using Sync.com to synchronize files and SpiderOak for backup.

Deleting Some Data

Consider whether you really need to store all your old emails and documents. I recently deleted a ton of emails dating back to 2008. I had been hanging onto them thinking that I might want them in the future. But I realized that if I hadn’t looked at them until now, I probably wasn’t going to. And they were just sitting there waiting to be hacked.

Reconsidering Installing Cameras and Microphones at Home

As Internet-enabled devices — ranging from smart hairbrushes to voice-activated speakers — invade the home, criminals are finding new ways to penetrate their defenses.

Hackers have spied on women through the womens’ webcams and used networks of online cameras and other devices to bring down the Internet in Liberia. Like many people including the Pope and Facebook CEO Mark Zuckerberg, I have covered the cameras on my computers with stickers and magnetic screens to avoid peeping Toms. But until device makers heed the Federal Trade Commission’s security recommendations for internet-enabled devices, I won’t introduce new cameras and microphones into my home.

Opting Out of Data Brokers

Fears that President Donald Trump might build a Muslim registry prompted thousands of Silicon Valley tech workers to sign a pledge stating that they wouldn’t participate in building any databases that profile people by race, religion or national origin. But only three of the hundreds of data brokers that sell lists of people have affirmed that they would not participate in a registry. Two other data brokers told a reporter that the price for such a list would range from about $14,000 to $17,000.

It’s not easy to remove personal data from the hundreds of data brokers that are out there. Many of them require you to submit a picture of your photo ID, or write a letter. But if you do it — as I did two years ago — it is worth it. Most of the time when a new data broker emerges, I find that my data is already removed because I opted out from the broker’s supplier. I compiled a list of data broker opt-outs that you can use as a starting point.

Taking a Deep Breath

The size of the problem and the difficulty of the solutions can be overwhelming. Just remember that whatever you do — even if it’s just upgrading one password or opting out of one data broker — will improve your situation. And if you are the subject of a hateful, vitriolic internet attack, read Anita Sarkeesian’s guide to surviving online harassment.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.

 ~~~

Facts and Opinions is a boutique journal of reporting and analysis in words and images, without borders. Independent, non-partisan and employee-owned, F&O is funded by our readers. It is ad-free and spam-free, and does not solicit donations from partisan organizations. To continue we require a minimum payment of .27 for one story, or a sustaining donation. Details here; donate below. Thanks for your interest and support.

F&O’s CONTENTS page is updated each Saturday. Sign up for emailed announcements of new work on our free FRONTLINES blog; find evidence-based reporting in Reports; commentary, analysis and creative non-fiction in OPINION-FEATURES; and image galleries in PHOTO-ESSAYS. If you value journalism please support F&O, and tell others about us.

Posted in Also tagged , |

A Man Dies on Reality TV, and Privacy and Permission Collide

A camera operator for the ABC show NY Med films medics at work. NY Med publicity photo via Facebook

A camera operator for the ABC reality television show NY Med films medics at work . NY Med publicity photo via Facebook

By Charles Ornstein, ProPublica 
January, 2015

This ProPublica story was co-published with the New York Times.

Anita Chanko could not sleep. At 4 a.m., on an August night in 2012, she settled onto the couch in her Yorkville, N.Y., living room with her dog, Daisy, and her parrot, Elliott, and flipped on the DVR. On came the prior night’s episode of ” NY Med,” the popular real-life medical series set America’s NewYork-Presbyterian Hospital, starring Dr. Mehmet Oz. Mrs. Chanko, 75, was a fan of the show and others like it.

“It starts off, there’s a woman with stomach cancer and her family, and then there’s somebody with a problem with their baby, I think it was a heart,” she remembered. “And then I see the doctor that treated my husband.”

Mark Chanko, her husband, had died 16 months earlier, in April 2011, after being struck by a sanitation truck while crossing a street near his home. The doctors and nurses at NewYork-Presbyterian Hospital/Weill Cornell Medical Center tried in vain to save his life.

On the TV screen, she saw the chief surgery resident Sebastian Schubl, responding to an emergency in which a man is hit by a vehicle.

“And then I see, even with the blurred picture, you could tell it was him,” she said. “You could hear his speech pattern. I hear my husband say, ‘Does my wife know I’m here?’.”

There was no doubt in her mind: The blurred-out man moaning in pain was her husband of almost 46 years, the Korean War veteran she met in a support group for parents without partners.

“I hear them saying his blood pressure is falling. I hear them getting out the paddles and then I hear them saying, ‘OK, are you ready to pronounce him?’.”

She clenched her fists so tightly that “the palms of my hands almost looked like stigmata” and her mouth got so dry that her tongue stuck to the roof “as if I had just eaten a whole jar of peanut butter.”

“I saw my husband die before my eyes.”

No one in the Chanko family had given “NY Med” permission to film Mr. Chanko’s treatment at the hospital or to broadcast the moments leading up to his death.

Such moments — indeed, all of the intimate details of a person’s health — are supposed to be shared only with a patient and whoever they designate, under a United States federal law known as Hipaa.

In the 18 years since the law was passed, doctors and hospitals have put in place an ever-expanding list of rules meant to protect patient privacy. Hospitals warn staff members not to discuss patients’ conditions on elevators. Drug stores ask customers to stand back so they don’t overhear information about others’ prescriptions.

Yet, even in the face of this growing sensitivity, reality shows like “NY Med” have proliferated, piggybacking off popular fictional counterparts like “ER,” “Grey’s Anatomy” and “House.”

Medical ethicists and groups like the American Medical Association worry that these shows exploit patients’ pain for public consumption, but their makers argue that they educate viewers and inspire people to choose careers in medicine.

“We have heard many stories of people who were inspired to go to medical school, to become nurses or paramedics, or to head into particular specialties like trauma or transplant surgery after watching our show,” Terence Wrong, executive producer of “NY Med,” said in an email. (He declined to discuss Mr. Chanko’s case or to be interviewed for this article.)

Hospitals like NewYork-Presbyterian, meanwhile, have seized upon such shows as a way to showcase themselves, vying to allow TV crews to film their staff and patients — even emergency-room patients sometimes in no condition to give permission.

When the first season of “NY Med” was broadcast on ABC in 2012, the hospital’s vice president of public affairs at the time, Myrna Manners, told PR Week, “You can’t buy this kind of publicity, an eight-part series on a major broadcast network.” (A second season, also based at the hospital, ran over the summer and garnered more viewers than the first. ABC has not announced whether another season is planned.)

For the Chankos, the episode of “NY Med” added a coda of anger to more than a year of grief. Their daughter, Pamela Chanko, said seeing the specifics of her father’s injuries and death on TV sent her spiraling back into clinical depression. “It just sent me straight back to square one,” she said.

Kenneth Chanko, Mr. Chanko’s son, filed complaints with the hospital, the New York State Department of Health, ABC, a hospital accrediting group, and the U.S. Department of Health and Human Services’ civil rights office.

The show had caused him “great emotional distress and psychological harm,” he wrote in a complaint to the hospital. “I had to unnecessarily relive my father’s death at your hospital a second time, while knowing that the public at large was able to — and continues to be able to — watch my father’s passing, for the purposes of what can only be described as drive-by voyeuristic ‘entertainment.'”

ABC quickly removed the segment involving Mr. Chanko from its website, DVDs and future viewings (although not from the promotional blurb for the episode, which still says “Sebastian Schubl, a Dr. McDreamy-like young trauma surgeon, tries to save the day when a critically injured pedestrian struck by a vehicle is brought to the ER.”) In 2013, the state cited the hospital for violating Mr. Chanko’s rights.

That was not enough for the Chankos, who sued ABC, NewYork-Presbyterian and Dr. Schubl for damages. An appellate panel recently dismissed the case, but the family has asked for that decision to be reviewed. Dr. Schubl and the hospital declined to comment for this article, citing the continuing litigation. ABC referred a reporter to Mr. Wrong’s statement.

In court filings, the hospital and ABC do not dispute that they did not have consent from Mr. Chanko or his family, but they say the patient is not identifiable to the public. The network has asserted that because “NY Med” is produced by its news division, it is protected by the First Amendment. Lawyers for NewYork-Presbyterian have argued that the state does not recognize a common law right to privacy and that any privacy right Mr. Chanko did have ended upon his death. They say that the Chankos themselves are responsible for their loss of privacy.

“There would today still be no identification of the patient or his family but for the latter’s publication via this lawsuit,” a brief for the hospital says.

The day Mr. Chanko was hit by a private garbage truck had been entirely forgettable, his wife said. “If I had a diary, I’d leave the page blank.”

They arrived home past 11 p.m. after spending a few days at their second home in Goshen, Conn., in Litchfield County. As they unloaded their luggage, Mr. Chanko looked in the refrigerator and noticed they were out of milk and bananas. He decided to run across York Avenue, in the Yorkville section of Manhattan, to a deli.

After Mr. Chanko had been gone a few minutes, the building doorman buzzed up and asked Mrs. Chanko to come downstairs. Not understanding the urgency, she said she would be down in a bit.

The doorman buzzed again. Moments later, the doorbell rang. When she answered, a longtime neighbor grabbed her arm. “Anita, you have to come with me,” she recalled the neighbor as saying. “Mark needs you. He’s been hurt.”

When she got downstairs and walked outside, Mrs. Chanko saw an ambulance and her 83-year-old husband on a gurney, his head bandaged. The neighbor drove her to NewYork-Presbyterian. There, she watched as the medical team hurriedly pushed the gurney carrying her husband near the emergency room.

“I rushed up because I wanted to run alongside him and just hold his hand and reassure him and say, ‘You’ll be OK,'” she said. The doctor said no. “That would have been my last chance to even say something to him.”

Mr. Chanko was initially alert and awake, and able to respond to questions, medical records show. But he was in bad shape: His pelvis had been broken in several places, as had his left femur. The skin was ripped off his right leg.

Outside the operating room, doctors and nurses could not detect Mr. Chanko’s pulse and resuscitated him. In the operating room, he became more unstable, medical records show. Twice more they tried to bring him back. He was pronounced dead at 1:17 a.m.

Dr. Schubl and a social worker walked into the conference room, where the family was waiting, and shut the door.

“I did everything I possibly could,” Dr. Schubl told them. “Unfortunately, he did not survive. I am sorry.”

The family did not know until the episode was broadcast that a camera was focusing on the closed door of the room where they had gathered and that audio of Dr. Schubl was being recorded.

Afterward, on the episode, Dr. Schubl turned to the camera and said, “Rough day. Rough day.”

“Watch this man die, now we’re going to sell you some detergent.”

“It was the last clip before the commercial,” Mrs. Chanko said, “or as I put it, ‘Watch this man die, now we’re going to sell you some detergent.'”

According to PR Week, the public affairs staff at NewYork-Presbyterian contacted Mr. Wrong in 2008, eager to bring one of his shows to the hospital. Mr. Wrong had completed two shows based at Johns Hopkins Hospital in Baltimore and was working on another in Boston.

After three years of trying, production began in 2011 at two campuses of NewYork-Presbyterian: Weill Cornell on the Upper East Side and Columbia University Medical Center in Washington Heights, both in Manhattan (some filming also took place at Lutheran Medical Center in Brooklyn).

But two months into filming the first season, Mr. Wrong later told the Philadelphia Inquirer, “Weill Cornell was just not delivering enough traumas.” To capture more drama and action for “NY Med,” he said he signed contracts with other emergency rooms and began keeping videographers in NewYork-Presbyterian’s emergency room at Weill Cornell 24 hours a day.

Mr. Wrong ended up with thousands of hours of footage, and the luxury of cutting any example that was not perfect, he told Capital New York last year. “You can be shut out of a critical moment that the case lacks emotional resonance without,” he said. “I will give you one of those: the ‘goodbye’ moment, it is the moment where a family says goodbye to their loved one going into surgery. If you don’t capture that moment, because a nurse shut the door on your camera’s face, you kill that piece. “

Some of the patients and families captured by Mr. Wrong’s cameras have no complaints. “I think they were honest in their portrayal of our family and the love that we had and the concerns that any average family would go through when faced with this type of surgery,” said Dara van Dijk, whose mother’s heart valve operation was featured on the same episode as Mr. Chanko’s death. Ms. van Dijk did have one quibble: She was shown falling off a chair while meeting Dr. Oz in the episode. “In a million years, I didn’t think that they would show that,” she said.

Typically, hospitals have not received money in return for allowing medical reality shows to set up shop, and NewYork-Presbyterian is no exception, an ABC spokeswoman said in an email.

“That was very important to us,” said Peggy Slasman, a spokeswoman for Massachusetts General Hospital, which was featured on Mr. Wrong’s Boston Med. “This was not entertainment. This was news. We would not have participated if they had said, ‘For $20,000 or for $50,000, we will include you in a series.’ We’re not the marketing department. We processed it in a similar way as we would any request that we would get from the media.”

The real payoff for participating hospitals is distinguishing themselves at a time when other forms of promotion are no longer as effective, said Jennifer Coleman, the senior vice president of marketing and public relations for Baylor Scott & White Health, a large hospital system in Texas. Baylor self-produced a reality series about its cancer center and paid to broadcast it on local television.

“Advertising is just so saturated right now,” she said. “You put your thumb over anybody’s ad and it’s just the same. That’s what people are trying to break through.” By participating in a major network program, she added, “They get that endorsement.”

Patients caught up in emergencies are especially vulnerable, posing special issues for reality shows. They may not be conscious or able to speak for themselves; they may be quite literally exposed, as caregivers work to help them. Joel Geiderman, co-chair of the emergency medicine department at Cedars-Sinai Medical Center in Los Angeles and chairman of the ethics committee of the American College of Emergency Physicians, compared it to taping in a store dressing room and only asking for permission later. Patients’ loved ones, too, are caught up in the moment, making decisions on the fly.

The emergency physicians group opposes “the filming for public viewing of emergency department patients or staff members except when they can give full informed consent prior to their participation,” yet show after show returns to the emergency room, drawn by the life-or-death stakes.

The New York Times Co. was sued for invasion of privacy in the early 2000s, by a group of patients in New Jersey who appeared in “Trauma: Life in the ER,” a series produced for Discovery’s Learning Channel. One appeals court ruled that the show qualified as news and deserved the same protections under the law. Many of the plaintiffs settled their cases individually, a lawyer for them said.

Mr. Wrong of “NY Med,” said by email that he had not been sued over his medical shows before: “We put enormous behind the scenes effort into training our team and working in the medical environment. We have profound respect for the work we witness and the dispensation that allows us to do so.”

Some hospital systems—including the New York City Health & Hospitals Corp., which runs the city’s 11 public hospitals—were approached about participating in “NY Med” but declined. “It was just going to be very difficult to provide all the access that they wanted,” said a hospital corporation spokeswoman, Ana Marengo. “It sounded interesting but it was just too much for us to accommodate really.”

The Mayo Clinic, based in Rochester, Minn., regularly works with news crews to highlight medical care and patient stories. But it has insisted on asking patients for permission before they meet the film crews and has turned down requests to film first and seek permission later.

“Clearly I can’t comment on whatever happened in some other hospital,” said Ginger Plumbo, a Mayo spokeswoman. “I can tell you here, we would not be comfortable with a situation where you’re filming patients’ situations and then trying to get permission after the fact.”

Mr. Chanko’s family had already settled a lawsuit against the private sanitation company whose truck backed over him by the time his widow saw the episode of “NY Med” featuring his case.

A couple of hours after watching her husband die on TV, Mrs. Chanko called her daughter-in-law Barbara, a health care ethicist at the U.S. Department of Veterans Affairs in Manhattan. Barbara Chanko remembers standing up in her office and saying, “If this happened, it’s got to be stopped.” When she watched the episode, she was shocked. “We protect patient privacy in everything we do,” she said. “I feel very betrayed by that medical staff for what they did.”

The Chankos’ son Eric Chanko, a physician who works at a hospital in Ithaca, N.Y., said he, too, struggled to reconcile what he saw on the air with his own work. “They basically did everything that you’re taught in medical school not to do,” he said.

In the aftermath of the broadcast, a lawyer for NewYork-Presbyterian tried to assure the family that no one could identify them from what was shown on TV. “Please be assured that your father’s and your family members’ images, likeness and other potentially identifying information were completely obscured in the episode,” the hospital’s associate general counsel, Caroline S. Fox, wrote in an emailed response to Kenneth Chanko’s complaint.

Yet a few weeks later, Mrs. Chanko said she received a call from a woman who used to work as a pet sitter for her and her husband. “She said to me, ‘Do you watch “NY Med?”.’ She said, ‘That was Mark, wasn’t it?’ She recognized him.”

Officials with the state’s health department concluded that NewYork-Presbyterian had violated Mr. Chanko’s rights and, indeed, its own privacy policy. “The patient was unaware and uninformed that he was being filmed and viewed by a camera crew while receiving medical treatment thus his privacy in receiving medical treatment was not ensured,” inspectors wrote in a citation released under New York’s Freedom of Information Law.

New York regulators did not impose any sanctions on the hospital.

Federal health officials are still reviewing whether NewYork-Presbyterian was obliged to get permission from Mr. Chanko or his family before allowing a TV crew to film him.

Hipaa, more formally the Health Insurance Portability and Accountability Act, does not give patients a right to sue if doctors and hospitals violate their privacy. Neither does New York State’s Patients’ Bill of Rights, courts have ruled.

A state Supreme Court judge in Manhattan narrowed the Chankos’ lawsuit, but allowed some claims to proceed. In court filings, lawyers for the hospital and Dr. Schubl made the argument that the law prohibits medical professionals from sharing information about a patient only after he has been examined or treated. Because the “NY Med” film crew had shot video during Mr. Chanko’s treatment, they claimed, it was legal.

In November, an appellate panel issued a unanimous order dismissing the case. The conduct “was not so extreme and outrageous” to justify a claim of intentional infliction of emotional distress, the judges wrote. The doctor and hospital, the judges added, did not breach their duty to avoid disclosing personal information “since no such information” was disclosed.

Privacy experts say the legal arguments made by ABC and the hospital have troubling implications for patients seeking medical care.

“Taken to its logical conclusion, what they’re saying is you can invite anyone in, and unless the patient objects at that very moment, there’s no violation of the patient’s privacy,” said Joy Pritts, an expert in state health privacy laws who until recently was the chief privacy officer at the Office of the National Coordinator for Health Information Technology. “That’s crazy.”

The family is working on an appeal. “If this ever got in front of a jury, I can’t imagine a jury not thinking a wrong was done to my father and to us,” Kenneth Chanko said. “Morally and ethically it’s not right, and I would also think that legally it can’t possibly be right.”

Asked what she would do if the case fails, Mrs. Chanko said the family would not stop pushing for redress. “If there’s no applicable law, there most certainly should be,” she said. “I’m willing to just pursue it all the way. Why shouldn’t there be a law against this kind of thing?”

Creative Commons

Theodoric Meyer contributed to this story.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.

~~~

Help sustain Facts and Opinions‘ independent, non-partisan and professional journalism by purchasing a $1 day pass or subscription. An online journal of first-rate reporting and analysis, without borders, Facts and Opinions is employee-owned, does not carry advertising, and is funded entirely by readers. Receive new blog posts free by email by using the form on our FRONTLINES blog.


Posted in Also tagged , , , |

Swapping privacy for (real) cookies

Brownie Cookies photo by Robert S. Donovan, creative commons

Brownie Cookies. Photo by Robert S. Donovan, Creative Commons

by Lois Beckett, ProPublica
October 1, 2014

In a highly unscientific but delicious experiment last weekend, 380 New Yorkers gave up sensitive personal information — from fingerprints to partial Social Security numbers — for a cookie.

“It is crazy what people were willing to give me,” said artist Risa Puno, who conducted the experiment, which she called “Please Enable Cookies,” at a Brooklyn arts festival. The cookies — actual cookies — came in flavors such as “Chocolate Chili Fleur de Sel” and “Pink Peppercorn Pistachio.”

Interactive installation/sculpture artist Risa Puno swapped cookies -- a Pink Peppercorn Pistachio cookie, anyone?  -- for people's private data and even fingerprints, at the Dumbo Arts Festival in New York. The cookie escapade was part of Heather Hart's Barter Town project in New York.

Interactive installation/sculpture artist Risa Puno (right) swapped cookies — a Pink Peppercorn Pistachio cookie for your driver’s licence, anyone? — for people’s data and even their fingerprints, at the Dumbo Arts Festival in New York. The cookie escapade was part of Heather Hart’s Barter Town project in New York. Photo courtesy of Risa Puno

To get a cookie, people had to turn over personal data that could include their address, driver’s license number, phone number and mother’s maiden name.

More than half of the people allowed Puno to take their photographs. Just under half 2014 or 162 people 2014 gave what they said were the last four digits of their Social Security numbers. And about one-third — 117 people — allowed her to take their fingerprints. She examined people’s driver’s licenses to verify some of the information they provided.

When people asked Puno what she was going to do with their information, she refused to say. Instead, she referred them to her terms of service, a full page of legal boilerplate displayed in tiny print, which gives her the right to display the information and share it with others.

Puno’s performance art experiment highlights what privacy experts already know: Many Americans are not sure how much their personal data is worth, and that consumer judgments about what price to put on privacy can be swayed by all kinds of factors.

While most people will say they value privacy, there’s a clear dichotomy between “what we say about privacy and what we do,” said Alessandro Acquisti, a Carnegie Mellon privacy expert.

A study published last year by Acquisti and other researchers found that people’s willingness to pay for privacy depended on whether they perceived that their data was already protected. In one experiment, one group of people were given a free $10 Visa gift card and told their spending would be anonymous. Another group was given a $12 gift card and told their purchases would be tracked. The groups were then given an opportunity to trade gift cards. It turned out that the vast majority people with the higher-value but tracked card were not willing to give up $2 for privacy. But about half of the people who started out with the higher privacy lower value cards wanted to keep them.

“The answers to questions such as ‘What is privacy worth?” and ‘Do people really care for privacy?’ depend not just on whom but how you ask,” the authors wrote.

Because the Brooklyn data giveaway was part of a performance art piece, Acquisti said, participants may have felt that “it was very low-risk to provide information.”  The giveaway was part of a game: it would seem fun to play along, and also seem unlikely that the data would be abused.

“Traded all my personal data for a social media cookie,” one participant tweeted, along with a photo of a cookie frosted with the Facebook logo.

Puno said some participants did not even eat their cookies 2014 they just wanted to take pictures of them. Cookies decorated with the Instagram logo were so popular among photographers that Puno required “purchasers” to give their fingerprints, the last four digits of their Social Security numbers and their driver’s license information. Many still agreed. “They wanted to hold it against the sky with the bridge in the background,” she said.

While she’s happy with the response to her project, the 33-year-old artist was shocked that people seemed very comfortable giving away the kind of data that’s often used in security questions: pet’s name, mother’s maiden name, place of birth, the name of your first teacher.

People called those questions “easy points,” she said. “They didn’t recognize them as security questions, or they didn’t care, but that’s how people ‘hack’ into celebrity iClouds, by guessing their security questions.”

She was also surprised to find that people would give her more data than they actually needed to earn a given cookie. “That to me was baffling,” she said. “If I were thinking about giving away my information, I wasn’t giving away more than I had to.”

Puno still won’t say what she’s going to do with the data. She says she’s considered destroying it. On the other hand, she said, the disclosure forms are also “precious artifacts of what people are willing to do. I kind of want to hold onto them forever.”

Creative Commons

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.

This story was co-published with Mashable.

Notes:
Risa Puna’s web site is here.

Facts and Opinions is a boutique for select journalism, without borders. Independent, non-partisan and employee-owned, F&O is sustained entirely by readers: we do not carry advertising or solicit donations from foundations or causes.  We appreciate your interest and support by purchasing a day pass for $1; subscriptions start at $2.95 per month A subscription is required for most of our original work. Subscribe for free to Frontlines by entering your address in the form on the right (we won’t share your address). Follow us on Facebook or Twitter.

Posted in Also tagged |