Major companies including Netflix, Google and Facebook have let private data loose -- and the results can be devastating.
1. Netflix
Four years ago, Netflix came up with what seemed like an ingenious plan to improve its movie recommendations algorithm: crowdsource the problem and award the best solution a $1 million prize. But the video rental and streaming company found out that anonymizing data isn't easy.
For the first edition of the "Netflix Prize" in 2006, the company released 100 million supposedly anonymized movie ratings. Each included a unique subscriber ID, the movie title, year of release and the date on which the subscriber rated the movie. Contestants were asked to develop an algorithm that was 10% better than Netflix' existing in predicting how subscribers rated other movies.
Just 16 days later, two University of Texas researchers announced that they had identified some of the Netflix users in the data set. In some cases, Arvind Narayanan and Vitaly Shmatikov were able to identify targets by matching their Netflix reviews with data from other sites like IMDb. More damningly, the found that if you knew a few movies a Netflix subscriber had rented in a given time period, you could reverse-engineer the data and find out the rest of their viewing history.
Despite the UT findings, Netflix continued the contest and named a $1 million winner. But when Netflix tried to launch another contest in 2009 -- with subscriber data including gender, zip code, and age -- the smackdown came in the form of a lawsuit. One plaintiff said she would be "irreparably harmed by Netflix's disclosure of her information."
That woman is a lesbian mother who is not open about her sexual orientation. She filed the suit as Jane Doe. As her legal filing put it: "To some, renting a movie such as Brokeback Mountain or even The Passion of the Christ can be a personal issue that they would not want published to the world."
After months of back-and-forth, Netflix called off the second contest and settled the lawsuit. Lead counsel Scott Kamber, of KamberLaw LLC, says he believes Netflix genuinely tried -- but failed -- to protect its users' privacy.
"The contest was clever, but they overlooked an aspect of privacy that I think we were able to get them to focus on," Kamber said. "Netflix was in its infancy, so really, it made a mistake while trying to do the right thing."
2. Facebook broadcasts engagement ring purchase
Facebook Beacon remains one of the blackest marks in the history of the social network, which was a mere fledgling when it launched the moneymaking initiative in November 2007.
Beacon sucked in data from external websites and posted those activities to a user's wall. The idea was to promote the merchants users chose to shop at. In Facebook's press release about the Beacon launch, which included 44 partners, the company called Beacon "a core element of the Facebook Ads system."
But Facebook members found their online purchases posted to their profiles without their consent; they had to choose to opt out. Forrester Research analyst Charlene Li blogged that her purchase of a coffee table on Overstock.com was added to her Facebook wall without any prior warning.
"In the present day, Facebook has set the expectation that things are public," Li told CNNMoney in an interview last week. "But in 2007, we users were under the assumption that we were in control. So it was shocking."
A commenter named Will posted on Li's blog: "I purchased a diamond engagement ring set from Overstock in preparation for a New Year's surprise for my girlfriend...Within hours, I received [phone calls of] 'congratulations' for getting engaged.... I learned that Overstock had published the details of my purchase (including a link to the item and its price) on my public Facebook newsfeed, as well as notifications to all of my friends... including my girlfriend."
Li says she wasn't able to confirm the story, as Will left no contact information -- but the tale soon spread around the Internet.
Then Facebook users started complaining their purchases were posted to their walls even after they explicitly opted out. On November 29, the New York Times quoted a Facebook executive insisting that users were able to opt out of the Beacon program entirely. But that same day, security researcher Stefan Berteau published a note saying he'd found that data was still being collected and sent to Facebook -- even if users had opted out of Beacon and/or were logged out of Facebook.
Less than one month after Beacon's launch, Facebook changed Beacon to an opt-in system and added a privacy setting to turn Beacon off completely. Facebook CEO Mark Zuckerberg posted an apology on the company blog: "We've made a lot of mistakes building this feature, but we've made even more with how we've handled them. We simply did a bad job with this release, and I apologize for it."
Beacon was the target of a lawsuit filed in 2008, and the service shut down in September 2009
Â
3. Google Buzz loops exes into your every move
Google Buzz, one of the Web giant's highest-profile forays into social networking, launched in February as messaging tool integrated into Gmail. It sounded fine on paper, but the moment it went live, a major flaw emerged: Activating Buzz automatically set users to follow posts from everyone in their Gmail contact lists.
Turns out a lot of people have e-mail contacts they don't want to maintain any kind of relationship with -- like estranged friends and ex-girlfriends. What's worse, the list of people whom users followed and were followed by was publicly available to all Buzz users. Android users complained the service sucked in photos from their phones without their consent, and pundits warned that repressive governments in countries like China could use Buzz to find dissidents.
A blogger who writes under the pseudonym "Harriet Jacobs" penned a scathing, profanity-laden post on Gizmodo about how Buzz had splashed around her personal information.
"You know who my third most frequent contact is? My abusive ex-husband," Jacobs wrote. "Which is why it's so exciting, Google, that you automatically allowed all my most frequent contacts access to my [Google] Reader, including all the comments I've made on Reader items, usually shared with my boyfriend. ... My privacy concerns are not trite. They are linked to my actual physical safety."
Google soon changed its privacy settings to give Buzz users more control over who sees their information -- but it was still slapped with a major lawsuit just days after the platform launched. Google settled the case in November, and e-mailed all Gmail users to explain that it will give $8.5 million "to an independent fund, most of which will support organizations promoting privacy education and policy on the web."
4. Insurer seeks patient's Facebook posts
4. Insurer seeks patient's Facebook posts
When Dawn Beye's daughter was diagnosed with anorexia six years ago, she thought things couldn't get much worse. Then they did: Beye's insurance company tried to use her sick child's online presence against her.
Beye's daughter was admitted to a treatment facility, at a cost of $1,500 a day. Beye, a New Jersey teacher, had insurance through Horizon Blue Cross Blue Shield -- but her daughter's coverage ran out after just 30 days, because New Jersey considered eating disorders a "non-biologically based mental illness." Horizon did not respond to requests for comment.
Beye was in shock. "I had to beg, borrow and steal to keep her in the facility," she says. "I was opening up charge cards wherever I could. You get to a point of total desperation -- this is your child's life." Finally, Beye filed a lawsuit against Horizon, joining with several other families whose children had been denied coverage for treatment of eating disorders.
The case took a strange turn in late 2007: Horizon demanded access to the children's online journals and e-mails, as well as their Facebook and MySpace profiles, in an effort to prove the eating disorders weren't biologically based.
"I never dreamed that [online postings] could be used against my daughter," Beye says.
A magistrate ruled that the children's data must be turned over for discovery. In early 2008, Horizon complained that the deadline had come and gone -- and it hadn't received all of the information it had demanded. Soon after, the families' attorneys reached an out-of-court agreement with Horizon that the profiles would not have to be turned over, and in 2009, they settled the case.
Beye and the other families received back pay for their children's treatments -- and New Jersey became the 13th state to recognize eating disorders as a biologically based mental illness.
But Beye is still frustrated over the years it took to get coverage for her daughter, who again entered anorexia treatment in January. And she's angry about the toll the case took on her daughter: "She shouldn't have had to worry about being embarrassed by her old journals while she was trying to get better."
5. Stalker buys Social Security number
The story of Amy Boyer's death is an extreme example of what can happen when private data falls into dangerous hands.
Boyer had no idea that her former grade school classmate Liam Youens was stalking her for years. Youens had created a scary, rambling website about Boyer, claiming she rejected him in high school and he'd wanted to kill her ever since.
According to court documents, Youens contacted first private investigation service Docusearch.com on July 29, 1999. The next day, he placed an order for Boyer's Social Security number. Docusearch got that information from a credit reporting agency and sent the number to Youens on August 2 for $45.
A few weeks later, Youens paid $30 for a "locate by SSN" service, which revealed Boyer's home address. Still not satisfied, he placed a few $109 orders for her employment address. It took Docusearch several tries, but eventually the company hired subcontractor Michelle Gambino to call Boyer; Gambino lied about who she was to convince Boyer to confirm her work address.
Youens finally had all the information he needed to carry out his obsessive dream. He lurked outside Boyer's office for weeks, trying to find the perfect time to kill her. Finally, on October 15, Youens fatally shot Boyer multiple times as she left work. He then turned the gun on himself.
Following Boyer's death, her parents sued Docusearch in New Hampshire court. The case went all the way to the state's Supreme Court, which ruled that "an investigator who obtains a person's work address by means of pretextual phone calling, and then sells the information, may be liable for damages."
Docusearch did not respond to requests for comment.
Â