This is stuff that's been on my mind for a while, but has been brought** to the front by the launch of Conversations on Upmystreet.com
Britain is pretty unique in the world in the way that its postcode
system is structured (as far as I know - are there others?)
For foreign readers: The country is divided up into
124 Postcode Areas eg. WC* ***(194000 households)
and further subdivided into Postcode Districts (2858, WC1A *, 8200 housholds) and Postcode Sectors (9461, WC1A 1, 2500 households). The last
two characters are then allocated non-contiguously within the sector,
giving about 1,700,000 full postcodes with an average of 14 households
in each. Postcodes churn over time, so these figures may be slightly out of date.
There's more history here if you're interested.
Upmystreet only works because a full postcode provides an easy to
remember, short, easily typed, and in urban areas highly localised key for any kind of geographically variant data. This allows it to be very accurate demographically, and statistically, while not violating a user's privacy.
In the US, where a 5-digit ZIP covers about 100,000 households, a ZIP is pretty useless for doing UpMyStreet, and especially Conversations. There's a nine digit ZIP, but hardly anyone uses them, and they identify an individual abode, so they're not good from a privacy perspective.
Nevertheless, there are potential issues, and I have come to believe these effects will become more serious over time. A postcode doesn't identify an individual, but a postcode + almost any other piece of information about a person** can do. For instance, a postcode + a first name is, even if you've got a common first name, almost always enough to identify an individual.
Here's an example of postcode-based abuse that's already happening. We all know of cases where someone moves into a new flat (often a first time buyer, especially someone buying into a rapidly gentrifying area, or an ex-council house) and suddenly finds themselves refused credit for the first time in their lives. The story given is usually that the flat had a previous bad creditor, but the truth is that the postcode has been classified as uncreditworthy.
Furthermore, the credit risk will have been calculated from a range of demographic factors, not necessarily actual bad credit history. The individual is penalised for the bad behaviour of people statistically like them.
I used to think that the situation in the UK, compared to the US, was much safer, because we had the Data Protection Act, and because we could key anonymously on postcodes, but building Conversations showed us how important it was to teach users to protect their own privacy, and that they can still be quite vulnerable when they talk about themselves.
For this reason, we take steps to obfuscate both a user's home location, and the location of nearby posts, but additionally the first rule we added during our beta test was that it was a violation to reveal personal details (particularly the postcode) of
another user.
a game to play a game: not only googling for postcodes, but see if you can pinpoint a friend with a firstname+ postcode. It doesn't work that well at the moment, but I bet it will in a few years.
stefan EC1Y 8**
paul Says:
very nice. look forward to reading more when i'm not so hungover. good one.