Category Archives: Privacy

Art Makes Privacy Issues Visceral

Between February 7 and April 17, 2013, the Parsons New School for Design put on an unusual art exhibition. For this exhibition, the topic was privacy and included works from artists pushing boundaries, showing just how use of private data can be disconcerting. 


When you think about the people who have made a lasting mark on our understanding of medical science, you probably think about celebrated scientific heroes like Jonas Salk, Thomas Hunt Morgan, Linus Pauling, Watson and Crick. I would like to encourage you to reserve a special place in that list for a poor tobacco farmer from Virginia named Henrietta Lacks. Mrs Lacks was being treated for cervical cancer at Johns Hopkins when samples of her tumor and normal cells were removed from her body without her consent. Those cell lines, which have important biological properties that allow them to be kept alive and replicated, have been propagated down to the present day, and have played an instrumental part in many medical breakthroughs of the past six decades — including the discovery of the Polio vaccine by Jonas Salk.

The journey of the so-called HeLa cell line, as detailed in Rebecca Skloot’s remarkable book The Immortal Life of Henrietta Lacks, has proceeded entirely without consent — not from Henrietta Lacks herself, nor from her descendants who, arguably, own her genetic heritage just as much as Mrs Lacks herself. In the meantime, the HeLa cell line has formed the basis for countless scientific and commercial projects. The USPTO has registered around 11,000 patents that depend on the HeLa line in some way. Henrietta Lacks’s family only found out about this massive market when researchers began to contact them to ask about acquiring their genetic samples.

With the publication of Ms Skloot’s book in 2010 and the widespread attention that it has brought to this issue, you might imagine that researchers would be particularly sensitive when handling HeLa cells and its derivatives. But this appears not to be the case. Recently, researchers from the European Molecular Biology Laboratory published, for the first time, a high-resolution version of Henrietta Lacks’s genome. Without consent.

Rebecca Skloot describes the case in a recent opinion piece in the New York Times. Many in the scientific community justify this publication with ends-justify-the-means arguments, but it raises serious policy questions around subject privacy that are being completely ignored. For example, how much (very private) information can you learn about Henrietta Lacks’s children and grandchildren based on her genome? A lot. So much, in fact, that a relative’s DNA can be used in criminal forensics. The damage to Mrs Lacks herself is done, but the threats to the privacy of her descendants continues.

The EMBL claimed that it was publishing innocuous information that could not possibly violate the privacy of Mrs Lacks’s descendants. However, quoting from Ms Skloot’s piece:

But that’s not true. And a few scientists decided to prove it. One uploaded HeLa’s genome to a public Web site called SNPedia, a Wikipedia-like site for translating genetic information. Minutes later, it produced a report full of personal information about Henrietta Lacks, and her family. (The scientist kept that report confidential, sharing it only with me.)

The Lacks family was not happy. Once they contacted the EMBL and registered their dissatisfaction, the EMBL apologized and took the data offline. After it had been downloaded at least 15 times. Given the immense importance of the HeLa cell line in medical research, you can form your own conclusion as to how private that genome will remain.

Since the HeLa genome was published, there has been a broad spectrum of reactions, ranging from dismissing the Lacks family’s privacy concerns altogether to incredulity that it happened this way at all. The ethical and policy debates will continue, but I will leave you with the following, again from Rebecca Skloot:

In the three years since my book about HeLa was published, the Lacks family and I have spoken to audiences by the thousands about these issues. Public response is overwhelmingly consistent and in line with several studies: the public supports the science and wants to help it move forward. But that support is dependent on consent and trust.

I invite you to learn more about our efforts to strike a balance between open access and privacy for genomic data.

Additional Links

The Henrietta Lacks Genome: Consent, Trust, and Common Decency

A Smart Company Really Doesn’t Want All that Info about You

The perception that a company wants to know everything about their potential customers is probably a leftover from direct mail. With the rise of the Internet as a personalized marketing tool, smart companies realize they are most interested in targeted demographics while avoiding keeping Personally Identifiable Information because of legal liabilities. Personagraph can help. 

Personagraph Protects Personal Data Privacy

At Personagraph, we take Scott McNealy’s “You have zero privacy anyway, get over it,” comment as a challenge. Personagraph features technology which securely collects personal information from the smart phone but only shares this in an anonymized fashion with Personagraph, enabling business models while protecting privacy. 

“Do Not Track” and Personagraph: Comparing Two Approaches to Protecting Consumer Privacy

In December, 2010, the US Federal Trade Commission (FTC) issued a preliminary staff report entitled Protecting Consumer Privacy in an Era of Rapid Change. Widely seen as a response to pressure from consumer advocacy groups, this document contained a recommendation that the FTC work with private industry to set up the equivalent of the “Do Not Call List1” for the online world, called “Do Not Track.” Similar to Do Not Call, the idea behind Do Not Track is to set up a mechanism where consumers can state their wishes not to have their online browsing activity tracked by Internet marketers. Since that time, the FTC has held several workshops discussing Do Not Track, it has been featured in at least one bill placed in Congress and actually been implemented by several browser manufacturers. However, at the time of the writing of this article, Do Not Track continues to be controversial and has not been implemented into law but it is being used on a voluntary basis.

In the beginning of 2013, Intertrust’s Personagraph division has begun to discuss another technological approach to protecting consumer privacy in the digital world. While Personagraph is not a direct competitor to Do Not Track and could easily coexist with it should Do Not Track ever be fully implemented, it is interesting to compare and contrast the approaches of both of these initiatives.


The Problem: Creepy Ads 

One of the major problems that Do Not Track is trying to address is the perceived invasion of privacy by online marketers as they try to analyze consumers’ Internet browsing in order to more effectively target advertisements and offers to same consumers. Anyone who has browsed the Internet has probably seen a version of this following issue. Go to the website of a product to learn more about it and all of a sudden it seems like every other website you visit is sporting advertisements for the same product. These sorts of visible effects, along with articles appearing in media outlets such as the Wall Street Journal about how users’ browsing patterns are tracked by a wide variety of third-party companies, has led to an increasing perception by consumers that unknown companies and organizations are tracking and analyzing the minutiae of their Internet browsing without their permission or control.

One thing to note is at this point, Do Not Track is primarily focused on web browsing on a personal computer. More and more, consumers are using mobile devices such as smartphones and apps rather than a browser to access Internet content. With many mobile and other connected devices, such as connected cars, increasingly being equipped with GPS and other sensors, it’s possible for organizations that track these sorts of devices to get very detailed and sensitive information about consumers, such as a consumers’ physical location. The FTC, US Congress and consumer advocates are certainly aware of the privacy implications of these devices, but whether or not they will fall under Do Not Track is not clear.


Do Not Track, Easy to Understand, Difficult Business Model

The concept behind Do Not Track is easy to understand. Once a consumer decides that they do not want to be tracked by online marketers, they would place their name on a list and marketers and other online organizations have to respect the consumer’s wish to not have their browsing tracked. The technology to make this happen has already been implemented by browser manufacturers such as Microsoft and Mozilla, so technology is not a barrier.

Most of the controversy around Do Not Track comes from potential effect it could have on current Internet media business models. Much of the media on the Internet is free to the consumer, usually supported by advertising. Many advertisers value Internet advertising for its ability to be able to target ads at a much finer grained level than is possible with traditional media. The concern is should Do Not Track become law, large numbers of consumers will naturally sign up for it. This could potentially reduce the amount of revenue that websites can collect for advertisements, endangering their ability to remain economically viable.

Do Not Track also has another major issue. Should it become law, it would rely upon the government for enforcement. While it is expected the vast majority of Internet advertisers and related organizations would follow the law, there will always be a number will flout the law. The US government has already implemented laws against unsolicited e-mail, often known as spam, however, spam continues to be a problem aggravating consumers and corporations alike.


Personagraph: A Different Approach

The concept behind Personagraph lies in the same concerns driving Do Not Track, namely how to ensure a consumer’s reasonable expectations of privacy in a world of ubiquitous networks and devices. However, the approach is very different. One key difference is Personagraph, at its core, envisions that a consumer’s data about their location, browsing habits, social networks, etc. should remain on the consumer’s device and any access to that data should be easily controlled and managed by consumer. Another key point is Personagraph understands the need for advertising supported business models and the fact that many ads, if presented to the consumer in the proper context, can actually be welcome. One example could be a consumer being delighted to receive a discount offer from a restaurant featuring one of their favorite types of food just as they are deciding where to go for lunch in a new town.

Currently, Personagraph is aimed at smartphones and tablets. With much of the Internet media on these devices consumed in the form of apps, many app developers wish to provide targeted ads and offers to a consumer based on behavioral derived from data collected by the smartphone. These app developers would integrate with Personagraph by using Personagraph’s SDK (software development kit). One of the features this integration would bring is a personal agent within the app. This agent centralizes all the data collected by the app on the device without sending it to any third parties. This agent also has a user interface making it easy for a consumer to decide which data they would be willing to share with marketers for targeted offers. The data chosen to be shared by a consumer would be sent to Personagraph’s cloud based service will only be sent on an anonymous basis, without personally identifying the user. Personagraph would then aggregate behavioral profiles and work with online marketers to deliver targeted ads and offers using these. Again, these profiles are anonymous with no identifiable personal information.

With Personagraph, we can get the best of both worlds. The consumer gets the benefit of keeping sensitive personal information directly on their device, and controlling what they share for hopefully beneficial offers. A consumer also really only has to worry about trusting one organization, Personagraph. For marketers, they can access what they really want, behavioral profiles from consumers who state an interest in receiving related ads and offers. What they don’t get is any personally identifiable information, which they really don’t want due to potential liabilities associated with keeping that information secure. Internet media outlets also benefit by being able to continue providing free to consumer apps and supporting them through advertising.

While Personagraph doesn’t claim to be the end-all service for protecting privacy on the Internet, we believe that Personagraph can help consumers feel better about receiving targeted offers as well as providing Internet marketers with new and potentially lucrative business models to support the emerging mobile media environment which should be a win-win for all.


1) Do Not Call is a program created by US Federal law which allows consumers to voluntarily register their phone numbers with a central registry and prohibits most telemarketers from calling those numbers.