Don’t Even Give them Your Zip Code Anymore

Consumers who have asked me whether they should give their zip code at the register have been getting bad advice! I was under the misimpression that zip-level data was only being collected for demographic research purposes (to determine where stores should be located, and advertising directed, on a mass scale) and thus said that no harm came from revealing the zip. No longer. Here’s a summary of data practices at William Sonoma, according to a recent California case (Pineda v. Williams-Sonoma Stores Inc., Cal. Ct. App., 4th Dist., No. D054355). Giving the zip code allows the store to “enhance” the information they already have about your (your name from the credit card) and determine your home address:

Jessica Pineda visited a store in California owned by Williams-Sonoma Stores, Inc. (the Store) and selected an item to purchase. She then went to the cashier to pay for the item with her credit card. The cashier asked for her zip code, but did not tell her the consequences if she declined to provide the information. Believing that she was required to provide her zip code to complete the transaction, Pineda provided the information. The cashier recorded it into the electronic cash register and then completed the transaction. At the end of the transaction, the Store had Pineda’s credit card number, name and zip code recorded in its databases.

After acquiring this information, the Store used customized computer software to perform reverse searches from databases that contain millions of names, e-mail addresses, residential telephone numbers and residential addresses, and are indexed in a manner that resembles a reverse telephone book. The Store’s software then matched Pineda’s now-known name, zip code or other personal information with her previously unknown address, thereby giving the Store access to her name and address.

So, when they ask for your zip code, say no, or to have fun, give them the zip code of the White House: 20500.

Google’s Leadership on Privacy

For some time, I’ve been trying to better understand Google’s worldview on privacy issues. The culture of companies fosters different privacy values and sensitivities, and the signals sent by those at the top shape how the organization itself conceives of and addresses privacy issues. In wrestling with this, I read every article discussing Google and privacy in the New York Times and the Wall Street Journal, resulting in a paper titled, Beyond Google and Evil, How policy makers, journalists and consumers should talk differently about Google and privacy.

In last week’s New Yorker, which is doing the rounds, Ken Auletta writes (subscribers only) about the growing pains the company has. But it also includes this strange discussion of privacy. Auletta writes:

At the same time, Brin and Page can seem indifferent to users’ anxieties. In 2007, at Google’s annual Zeitgeist conference, a gathering of Google business partners, public intellectuals, traditional-media executives, and technologists, Brin declared that “the No. 1 privacy issue we deal with is that there is some information about someone on the Web . . . sometimes it’s not true and people just publish stuff.” The No. 2 privacy issue, he said, was “various things where people get their machine hijacked or somebody . . . breaks into various accounts of theirs.” Concern about the information collected on cookies he dismissed as “sort of Big Brother-type fears”–in other words, paranoia. Page agreed: “Sergey is just saying there are practical privacy issues that are different from the ones debated.”

If the corporate culture is shaped by how principals frame and discuss issues, how reassured should we be about Google’s privacy worldview? Why do we trust this company with our documents, communications, etc, if concerns about massive data collection are conceived of as mere paranoia?

Let me put this a different way: if it were your job to design privacy into Google products and policy, how much support would you feel that you had from the top? What priorities are expressed by that statement, and how would it shape your response?

Gawker: The Best Blog on the Internets on the Worst Oped Page

Alex Pareene has given voice to what many longtime Post readers believe: Fred Hiatt needs to be axed.

Under editor Fred Hiatt, the Post op-ed page has gone completely off the rails. They picked up Bill Kristol after the Times dumped him for being not just wrong but boring and lazy. They openly allow George Will to lie, to straight-up lie, without fact-checking or corrections, because we all know reality is open to different “interpretations” and if a prominent columnist writes something patently untrue the best response is to then publish a “true” column by someone else as a counterpoint, because that doesn’t just represent everything misleading and terrible about the moden political press. They still publish Richard Cohen. The regular columnists are, for the most part, interchangeable ancient “moderate” liberals who haven’t written or thought anything vaguely interesting since 1974. Anne Applebaum was allowed to publish a blog post in support of Roman Polanski without disclosing that her husband is Polish Foreign Minister Radoslaw Sikorski, who opposes extradition. Richard Cohen, again.

Ouch!

New Blog Endorsement Guidlines Released by FTC

Bloggers, under new guidelines issued by the Federal Trade Commission, you must disclose gifts or payments for products that you review! Also your endorsements cannot be false or misleading!

The FTC’s release advises:

The revised Guides also add new examples to illustrate the long standing principle that “material connections” (sometimes payments or free products) between advertisers and endorsers – connections that consumers would not expect – must be disclosed. These examples address what constitutes an endorsement when the message is conveyed by bloggers or other “word-of-mouth” marketers. The revised Guides specify that while decisions will be reached on a case-by-case basis, the post of a blogger who receives cash or in-kind payment to review a product is considered an endorsement. Thus, bloggers who make an endorsement must disclose the material connections they share with the seller of the product or service. Likewise, if a company refers in an advertisement to the findings of a research organization that conducted research sponsored by the company, the advertisement must disclose the connection between the advertiser and the research organization. And a paid endorsement – like any other advertisement – is deceptive if it makes false or misleading claims.

Also, the FTC is tightening the screws on weight loss products. It’s no longer okay to just say, “results not typical.” Instead they must present information about consumers may generally expect from the product (nothing!).

…advertisements that feature a consumer and convey his or her experience with a product or service as typical when that is not the case will be required to clearly disclose the results that consumers can generally expect. In contrast to the 1980 version of the Guides – which allowed advertisers to describe unusual results in a testimonial as long as they included a disclaimer such as “results not typical” – the revised Guides no longer contain this safe harbor.

Strange New Art Game

I’m a fan of Jason Nelson’s I made this. You play this. We are enemies. He’s just released his newest game, Evidence of Everything Exploding, described as:

…Using documents, both historical and little-known from B. Gates, NASA, James Joyce, Dadaism, Neil Gaiman, Fidel Castro, the Pizza Box Patent and many others, the game explores those strange moments where history turns or doesn’t, where unusual forces collide to create or topple storylines, possible futures. Complete with matchbook death rewards, strange marked up text and curious prophecies, The madness of the pages meets the madness of the game.

Enjoy!

EU Panel Spanks Some Specious Claims

The Wall Street Journal’s Matthew Dalton reports:

European scientific authorities Thursday rejected dozens of health claims made by food companies, in a sign of how tricky it will be for them to get some of their most popular claims past a European Union drive to bring scientific rigor to the health foods.

A panel of the European Food Safety Authority issued nearly a hundred opinions on health claims, about two-thirds of which were negative. The rejections included claims on special bacteria that are supposed to aid digestion and boost the immune system, beta carotene additives for sunscreen and shark cartilage for healthy joints.

The panel rejected two-thirds of the claims, and half of these were rejected because the substance in question wasn’t adequately described, the EFSA said in a statement. The claims that were accepted related mainly to vitamins and minerals known to promote health, dietary fiber, fatty acids for lowering cholesterol and sugar-free gum that is good for the teeth.

The European Food Safety Authority (EFSA) has posted these opinions, and a survey of them shows an interesting regulatory model. Information online includes:

“General Function” health claims such as “calcium is good for your bones” are defined by article 13.1 of the Regulation. These claims are based on generally accepted scientific evidence. A consolidated list of these claims is currently being evaluated by EFSA.

“New function” health claims defined under Article 13.5 of the Regulation are based on new scientific evidence and/or for which protection of proprietary data is requested. They require applicants to provide scientific evidence substantiating the claim proposed for a specific product or substance.

Claims regarding disease risk reduction and child development or health. These kinds of claims, defined under Article 14 of the Regulation, require applicants to provide scientific evidence substantiating the claim proposed for a specific product or substance.

Criteria for setting nutrient profiles. Nutrient profiles are nutritional requirements that foods must respect in order to bear nutrition and health claims. Nutrient profiles are established by the European Commission and Member States.

I’d love to hear what ScienceBloggers think of the EFSA’s process and work. The opinions are all online here!