Misconceptions about privacy and surveillance
Everybody is confused about privacy and surveillance. So I’m renewing my efforts to consciousness-raise within the tech community. For if we don’t figure out and explain the issues clearly enough, there isn’t a snowball’s chance in Hades our lawmakers will get it right without us.
How bad is the confusion? Well, even Edward Snowden is getting it wrong. A Wired interview with Snowden says:
“If somebody’s really watching me, they’ve got a team of guys whose job is just to hack me,” he says. “I don’t think they’ve geolocated me, but they almost certainly monitor who I’m talking to online. Even if they don’t know what you’re saying, because it’s encrypted, they can still get a lot from who you’re talking to and when you’re talking to them.”
That is surely correct. But the same article also says:
“We have the means and we have the technology to end mass surveillance without any legislative action at all, without any policy changes.” The answer, he says, is robust encryption. “By basically adopting changes like making encryption a universal standard—where all communications are encrypted by default—we can end mass surveillance not just in the United States but around the world.”
That is false, for a myriad of reasons, and indeed is contradicted by the first excerpt I cited.
What privacy/surveillance commentators evidently keep forgetting is:
- There are many kinds of privacy-destroying information. I think people frequently overlook just how many kinds there are.
- Many kinds of organization capture that information, can share it with each other, and gain benefits from eroding or destroying privacy. Similarly, I think people overlook just how pervasive the incentive is to snoop.
- Privacy is invaded through a variety of analytic techniques applied to that information.
So closing down a few vectors of privacy attack doesn’t solve the underlying problem at all.
Worst of all, commentators forget that the correct metric for danger is not just harmful information use, but chilling effects on the exercise of ordinary liberties. But in the interest of space, I won’t reiterate that argument in this post.
Perhaps I can refresh your memory why each of those bulleted claims is correct. Major categories of privacy-destroying information (raw or derived) include:
- The actual content of your communications — phone calls, email, social media posts and more.
- The metadata of your communications — who you communicate with, when, how long, etc.
- What you read, watch, surf to or otherwise pay attention to.
- Your purchases, sales and other transactions.
- Video images, via stationary cameras, license plate readers in police cars, drones or just ordinary consumer photography.
- Monitoring via the devices you carry, such as phones or medical monitors.
- Your health and physical state, via those devices, but also inferred from, for example, your transactions or search engine entries.
- Your state of mind, which can be inferred to various extents from almost any of the other information areas.
- Your location and movements, ditto. Insurance companies also want to put monitors in cars to track your driving behavior in detail.
Of course, these categories overlap. For example, information about your movements can be derived not just from your mobile phone, but also from your transactions, from surveillance cameras, and from the health-monitoring devices that are likely to become much more pervasive in the future.
So who has reason to invade your privacy? Unfortunately, the answer boils down to “just about everybody”. In particular:
- Any internet or telecom business would like to know, in great detail, what you are doing with their offerings, along with any other information that might influence what you’re apt to buy or do next.
- Anybody who markets or sells to consumers wants to know similar things.
- Similar things are true of anybody who worries about credit or insurance risk.
- Anybody who worries about fraud wants to know who you’re connected to, and also wants to match you against any known patterns of fraud-related behavior.
- Anybody who hires employees wants to know who might be likely to work hard, get sick or quit.
- Similarly, they’d like to know who does or might engage in employee misconduct.
- Medical researchers and caregivers have some of the most admirable reasons for wanting to violate privacy.
And that’s even without mentioning the most obvious suspects — law enforcement and national security of many kinds, who can be presumed to in at least certain cases be able to get any information that’s available to any other organization.
Finally, my sense is:
- People appreciate the potential of fancy-schmantzy language and image recognition.
- The graph analysis done on telecom metadata is so simple that people generally “get” what’s going on.
- Despite all the “big data analytics” hype, commentators tend to forget just how powerful machine learning/predictive analytics privacy intrusions could be. Those psychographic clustering techniques devised to support advertising and personalization could be applied in much more sinister ways as well.
Related links
- The crucial point about chilling effects was laid out in two July, 2013 posts, and some public policy recommendations around the same time. Those four posts are a great starting point for the non-technical “bottom line” part of the discussion. A January, 2014 post adds some more political context.
- A January, 2011 post on the technology of privacy threats adds detail to many of the points above.
- A February, 2014 post on various metadata-related confusions notes some egregious governmental spin.
Comments
2 Responses to “Misconceptions about privacy and surveillance”
Leave a Reply
[…] always keep in mind the risks to privacy in whatever you do. Categories: Data mart outsourcing, eBay, Health care, Investment research […]
Curt,
I always enjoy your posts on privacy. I think this is truly the big technology issue of our time, and the intersection of big data and privacy is unbelievably critical.
It’s really important to talk about the chilling effects in the way that you lay out above.
And it’s also important to think about how we balance the benefits of big data on our personal lives against the intrusions it creates.
Keep writing this stuff!
Ben