FTC Taps Privacy Scholar Who Blasted Netflix, Carrier IQ
The Federal Trade Commission has tapped privacy expert Paul Ohm to serve as senior policy adviser for consumer protection and competition issues. Currently a law professor at the University of Colorado, Ohm will begin work at the FTC in August, he said Monday on Twitter.
In the last few years, Ohm has emerged as a prominent expert about the risks of "de-anonymization," or how people can be identified based on non-personally identifiable information. In his 2010 paper "Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization," Ohm argues that the differences between personally identifiable information and non-personally identifiable information aren't as significant as people once believed.
Computer scientists "have demonstrated that they can often 'reidentify' or 'deanonymize' individuals hidden in anonymized data with astonishing ease," the paper states. "By understanding this research, we realize we have made a mistake, labored beneath a fundamental misunderstanding, which has assured us much less privacy than we have assumed."
He adds: "Although it is true that a malicious adversary can use PII such as a name or social security number to link data to identity, as it turns out, the adversary can do the same thing using information that nobody would classify as personally identifiable."
In a high-profile controversy about "anonymization," Ohm was the first to sound the alarm about Netflix's plans for a contest that could have exposed people's movie-watching history. Netflix had announced that it was going to release certain supposedly anonymized data as part of an effort to crowdsource improvements to its recommendation system. The company intended to make available customers' gender, ages, ZIP codes and previously rented movies, in hopes that researchers would sift through the data and figure out how to better predict users' preferences.
Writing on the Freedom to Tinker blog, Ohm urged Netflix to reverse course. "Netflix should cancel this new, irresponsible contest," he wrote at the time. Researchers have known for more than a decade that gender plus ZIP code plus birthdate uniquely identifies a significant percentage of Americans (87% according to Latanya Sweeney's famous study.) True, Netflix plans to release age not birthdate, but simple arithmetic shows that for many people in the country, gender plus ZIP code plus age will narrow their private movie preferences down to at most a few hundred people," he wrote.
Netflix eventually canceled the contest.
That's not the only time Ohm has weighed in on privacy issues. In February, when Google was getting ready to start aggregating data about users across Gmail, Android, YouTube and other services, Ohm told the Denver Post that "a bad situation for privacy is bound to get much, much worse."
He added: "It's especially bad because now we've got really vigorous competition between Google and Facebook, and they're competing on our secrets, basically. Whoever can make money out of our secrets is going to win this battle."