October 19, 2021

How Facebook’s Advertising Algorithms Can Discriminate By Race and Ethnicity

Jinyan Zang

This study examines racial and ethnic biases in the targeting of ads on Facebook’s advertising platform in January 2020 and January 2021, before and after a major July 2020 boycott of Facebook by advertisers over issues of misinformation and civil rights.
In 2021, Facebook’s new “African-American Culture” ad targeting option contained 75% fewer White users than the old “African American (US)” option removed the previous year.
Facebook’s tools to help advertisers find users similar to their existing customers generated biased target lists that included either more African-Americans or more Whites, depending on which racial group was dominant in an advertiser’s submitted customer list. This was true for both the Lookalike Audience tool and the Special Ad Audience tool that Facebook designed to explicitly not use sensitive demographic attributes when finding similar users.
The degree of bias toward African-Americans or Whites in the composition of a Lookalike or Special Ad audience was greater when customer lists of individuals with racially stereotypical names or ZIP codes were used as the basis for each tool.
Similarly, lookalike audiences can also be biased toward Asians. An audience generated by using a customer list of Asians with stereotypical names and ZIP codes as the source list was 100% Asian. Lookalike audiences based on source lists of Hispanics also overrepresented Hispanics.

December 17, 2019

Publicly available artificial intelligence methods can generate an enormous volume of original, human speech-like topical text "Deepfake Text") that is not based on conventional search-and-replace patterns
I created a computer program (a bot) that generated and submitted 1,001 deepfake comments regarding a Medicaid reform waiver to a federal public comment website, stopping submission when these comments comprised more than half of all submitted comments. I then formally withdrew the bot comments
When humans were asked to classify a subset of the deepfake comments as human or bot submissions, the results were no better than would have been gotten by random guessing
Federal public comment websites currently are unable to detect Deepfake Text once submitted, but technological reforms (e.g., CAPTCHAs) can be implemented to help prevent massive numbers of submissions by bots

December 17, 2019

Describes the TwitterTrails tool that enables the investigation of rumors on Twitter
Using TwitterTrails, analyzes Pizzagate, an infamous conspiracy theory that gained prominence during the 2016 US Presidential election
Reveals several previously unknown facts about the story, including the role that a Turkish journalist played in internationalizing the rumor, visualizes the echo chamber of those who promoted it, and describes their identities and connections

November 12, 2018

Examines the spread of two competing narratives on Twitter following the sarin gas attack in Syria in April 2017
Finds that false narratives tend to spread via widely networked distribution nodes, many of which are amplifier accounts created for the express purpose of increasing activity around a particular hashtag
Russian digital disinformation efforts are the result of new methods applied to old tactics, and tend to target online communities which have the greatest latent potential for agitation
Future research would do well to explore the actual impact of such disinformation efforts on either popular opinion or leader decision-making

November 12, 2018

Leading data privacy experts produced four protocols that they said were popular ways to render personal information anonymous so it could be shared or sold publicly
Experts relied on the HIPAA Safe Harbor, a flawed use of k-anonymity, an enclave, randomization, and standardized statistical values
None of their protocols achieved the privacy protection they promised
We were able to put names to the records in all of their protocols.

October 08, 2018

Presents a curated list of 44 historically noteworthy incidents in which individuals suffered privacy harms that were not the result of data breaches (theft of personal information).
Shows application of Solove’s Taxonomy of Privacy to recent privacy incidents.

October 08, 2018

We used newspaper data to match names to anonymized patient records in statewide hospital data from Maine and Vermont
We found that 28.3 percent of names from Maine news stories and 34 percent of names from Vermont news stories uniquely matched to one hospitalization in the Maine and Vermont hospital data.
When redacted to the HIPAA Safe Harbor standard, the Maine data allowed for a 3.2 percent re-identification rate and Vermont data allowed for a 10.6 percent re-identification rate.
Our results suggest that states should revisit de-identification practices and reassess risks to patient privacy when determining data sharing protocol

October 08, 2018

We randomly sampled 693 Airbnb listings from Wisconsin from urban, suburban, and rural areas with varying population densities
We introduced a method to probabilistically re-identify Airbnb hosts using public voter files from Wisconsin and the fuzzed location of Airbnb listings
Despite Airbnb’s efforts to protect personal data, we re-identified 94% of cases using the first name and town of resident living closest to the location provided by a listing

August 31, 2018

Compete in <a class=MsoNormal href="https://thedatamap.org/contests/"><b>theDataMap Visualization Contest</b></a> and create unique visualizations to represent the sharing of personal health and mobile data.
Win a free trip to the Patient Privacy Rights Foundation (PPR) Health Privacy Summit in Washington D.C.
Submissions will be accepted until December 28, 2018 at 11:59PM (EST), and the winning team will be announced on January 7th, 2019.

September 05, 2017

Websites for 35 states and DC in 2016 were vulnerable to voter identity theft attacks: an imposter could submit changes to voter registration information
An imposter needed a combination of voter’s name, date of birth, gender, address, Social Security Number, or Driver’s License Number
Relevant data can be acquired from government, data brokers, or darknet markets. Total cost of an automated attack against 1% of all vulnerable voter registrations nationwide ranged from $10,081 to $24,926 depending on the data source used. States cost less, e.g., $1 for Alaska and $1,020 for Illinois
A voter identity theft attack could disrupt an election by imposters submitting address changes, deleting voter registrations, or requesting absentee ballots.