in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based data and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based data and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

The Value Of Privacy Is 65 Cents? Hardly. Try "The Value Of Keeping Your Phone Number Private"

While blogging for AlertBoot, I've run over many an interesting article -- sometimes, those that don't quite involve data encryption software, such as data privacy issues.  Once in a while, I come across an article a headline that defies belief.

Such as the one below which implies that only 65 cents stands between you and spilling your guts to some Big Data collector.  Once you read the entire study, however, you find that that's not quite the case, as common sense would dictate.

Cinema Tickets

The Threat Post blog over at Kaspersky Labs has an article titled "The Value Of Data Privacy To Consumers? About 65 Cents."  It's a summary of an ENISA (European Network and Information Security Agency) report, "Study on Monetising Privacy: An Economic Model for Pricing Personal Information."

Now, the Threat Post title is not incorrect, but it's misleading (although, to be honest, that's ENISA's fault, since that's their conclusion).  Breaking down the study to its most basic elements (and doing away with the usual concerns for sampling error, self-selection, etc):

  • Students were offered the choice between buying a movie ticket for €7.50 (without collecting additional information) or for €7 (providing extra information, i.e., a cell phone number).  There were no other prices.  The €0.50 difference translates to about $0.65.
  • The options were displayed side by side on a computer, so that everyone being tested knew upfront the prices and what type of data was collected.
  • Basic information was collected regardless of which option participants chose: name and email address, and date of birth.  In other words, it was required to provide information regardless.
  • Multiple tests were run, in a lab setting as well as in the "real world."
  • The tickets the participants were buying were real.  It was their money buying tickets to real shows.
  • Researchers ensured that subjects knew their information would be checked going into the experiment (and actually checked afterwards).  The implication is that this was not done in the field test.

If you're interested in the details, read section 6.  It's a measly 13 pages.

What I've concluded from reading the paper is different from what the researchers have concluded.

You Say Privacy, I Say Phone Number

Making the assumption, based on this study, that people are willing to trade their privacy for 65 cents is ludicrous.  I mean, is one's phone number "private information"?  Is it really so private that you see a value in protecting it from movie companies?  I'm of the opinion that it's not, and apparently most people agree.

Even if European law states that a person's mobile phone number is information protected under data protection laws and makes it private information -- I doubt that there is such a law -- what's codified in law is not necessarily what people think.  You can't legislate people to think that their phone numbers are private data, and people will act accordingly when it come to its dissemination.

Furthermore, if mobile numbers are protected under data protection laws...well, Europe's laws are robust in that a company cannot go around selling or sharing such data.  People know this and it might influence their behavior.

In my opinion, the correct way of interpreting the ENISA research's outcome is to state that people are willing to divulge their phone number for 65 cents.

(Anyone care to bet that the results would be quite different if the additional information being collected had been one's tax ID, social security ID, or national ID?)

Another Way of Explaining the Result: 7%

€0.50 is a small number.  I mean, what can 65 cents get you in the US?  A payphone call to your parents to send money, I guess.  But, consider what was being purchased.  A movie ticket with a price tag of €7.00.  €0.50 represents approximately a seven percent difference.

If researchers had used a higher value item, like a laptop computer worth €500, chances are no one would have provided their phone number for a paltry €0.50 discount.  But how about a 7% discount of €35?

The headlines would read differently, of course: "The Value Of Data Privacy To Consumers? About 45 Dollars."

"There are lies, damned lies, and statistics."  Was Mark Twain right or what?

Make Like a Limbo Dance and Go Lower

The above criticism notwithstanding, we could see the, ahem, "value of privacy" go lower.  I mean, the "value" is pegged at €0.50 because that's the price differential the researchers used.

But, what if they had used €0.25 or €0.10?  I'll bet even more sensationalist headlines would be circulating.

Force of Habit

Another thing about the study that bothers me is that participants in the study were required to provide some information, regardless of which option they chose.  If we accept the argument that one's phone number is private information, one could argue that so are one's email address, date of birth, and full name.

This poses a problem -- I admit that I cannot quantify it -- in that providing such information leads to less obstacles or friction in providing the target data: the phone number.  Once you're spilling some of your guts, what's a little more?

It seems to me that a third option should have been present in the research, one where absolutely no data is collected at all.


Related Articles and Sites:
https://threatpost.com/en_us/blogs/value-data-privacy-consumers-about-65-cents-031412
http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/monetising-privacy
http://www.pogowasright.org/?p=27633

 
<Previous Next>

Device Encryption: Board Calls For Protection Again Hacking Of Medical Devices

Laptop Encryption Software: Case Western Reserve University Alumni Data Breach

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.