Privacy dangers — an overview
This post is the first of a series. The second one delves into the technology behind the most serious electronic privacy threats.
The privacy discussion has gotten more active, and more complicated as well. A year ago, I still struggled to get people to pay attention to privacy concerns at all, at least in the United States, with my first public breakthrough coming at the end of January. But much has changed since then.
On the commercial side, Facebook modified its privacy policies, garnering great press attention and an intense user backlash, leading to a quick partial retreat. The Wall Street Journal then launched a long series of articles — 13 so far — recounting multiple kinds of privacy threats. Other media joined in, from Forbes to CNet. Various forms of US government rule-making to inhibit advertising-related tracking have been proposed as an apparent result.
In the US, the government had a lively year as well. The Transportation Security Administration (TSA) rolled out what have been dubbed “porn scanners,” and backed them up with “enhanced patdowns.” For somebody who is, for example, female, young, a sex abuse survivor, and/or a follower of certain religions, those can be highly unpleasant, if not traumatic. Meanwhile, the Wikileaks/Cablegate events have spawned a government reaction whose scope is only beginning to be seen. A couple of “highlights” so far are some very nasty laptop seizures, and the recent demand for information on over 600,000 Twitter accounts. (Christopher Soghoian provided a detailed, nuanced legal analysis of same.)
At this point, it’s fair to say there are at least six different kinds of legitimate privacy fear. The first five I have in mind are:
- Governmental force. Your web browsing history can be used against you in a court of law. Profiling — perhaps based on big data analytics — might make you a target for law enforcement or anti-terrorism investigation as well. And between financial transaction records, communication records, physical movement data, and more, the government’s ability to gather and process information about people is effectively unlimited.
- Private sector discrimination. There are many ways private companies could use detailed profiles — or just incriminating photos — to your detriment. They could fire you, not hire you, deny you insurance or credit, or simply not give you their best possible price.
- Identity theft. Phishing happens.
- Social pressure and stalking. What your friends, neighbors, and classmates know about you can become a serious problem, especially if they gang up and cyber-bully you. That your violent ex-boyfriend can track you could be a bigger problem yet.
- Embarrassment and creep-out. Some people REALLY don’t like being viewed naked in busy public places. Some people are bothered by weirdly (in)appropriate advertisements. Maybe there’s no obvious tangible harm other than their uncomfortable feelings — but their discomfort is serious even so.
The sixth is:
- Throwing out the baby with the bathwater in a backlash. I think medical privacy rules already cost lives, in research and treatment alike. (Forbes offers multiple examples of life-saving research being stopped by HIPAA.) I think there’s an inevitable tradeoff between intrusive physical security measures, such as the TSA’s various forms of security theater, and spooky behind-the-scenes profiling and surveillance. (Unfortunately, we can hardly live in a society without some kinds of security measures — and even if we could, voters would never allow it.) Proposals that would hamstring the internet advertising industry currently seem unlikely to pass — but how much uproar would it take before that changed?
You probably knew most of that already. Even so, here are a number of examples and links.
Slashdot has more on the Jensen case, in which a man was convicted of murder in no small part because his computer revealed that he had searched for information about murder methods, including one that duplicated the actual method of his wife’s death. The money quote in an appeals court decision is in Section 37.1, which characterizes “computer evidence” as “probably the most incriminating other evidence.”
Obviously, that particular trial had the correct outcome. But would you want a court to hear about the research you did about minimizing your taxes? What about when you considered changing jobs, something that might be of interest both in employment and child custody litigation? How about your viewing of sexy images other than those of your spouse? And by the way — just what kinds of online viewing or writing should get you on a terrorist watch list?
It’s getting ever more practical to track our actions and movements. The privacy implications are potentially grave — would you want THAT kind of information used in court, or for decisions about your insurance? Accordingly, the Electric Freedom Foundation coined the word “traitorware” to describe and call attention to consumer (mainly) devices that keep or even transmit records of your movements and doings. And mind-bogglingly, Forbes says that Sprint “turned customers’ GPS information over to law enforcement 8 million times in a year.”
But it’s not just your own devices. The New York Times recently wrote of uses for smart video technology. Enforcing good hand-washing procedure on doctors sounds great. But how about enforcing busy-ness on cubicle workers? Watching movie previewers’ emotional reactions to specific scenes and characters seems kosher. But what if all movie-goers are watched? Or what if this is done at supermarkets or vending machines, perhaps even repeatedly over time? Could be creepy, huh? And by the way, while it could be a way to get you great discounts and service, it could also be a way to categorize you as unworthy of same.
Meanwhile, the Washington Post reminds us that battlefield video surveillance technology is getting ever better. Obviously, such technology could be used for domestic law enforcement as well. More immediately, the Washington Post tells us of things like automatic recognition of license plates being used by police departments that repurpose anti-terrorism grants to general law enforcement. (Analogies to the 1980’s habit of tying every grant proposal to the Strategic Defense Initiative “Star Wars” project are probably not misplaced.)
But the benefits foregone if we don’t use this technology are also scary. The biggest current examples are probably the ones I cited above — medical research, anti-terrorism, and the whole online advertising industry. But even more examples are coming down the pike, of clever electronic aids with privacy implications. Most notably — as the population ages, and nursing homes continue to be miserable (and costly) places, revolutionizing elder care becomes ever more desirable. Well, sensor technology will soon be able to watch over old folks, keeping them safe(r) in their independence — but only if it is highly detailed or intrusive.
Also:
- Slashdot/New York Times had an article on a Marin County ordinance forbidding smart electrical meters. Part of the reason is a San Francisco area backlash against the privacy implications of having your electricity usage recorded moment to moment.
- Slashdot also points us at an article about technology you use for self-control in various ways. In principle, however, the “self” part is an optional feature.
- Computing Now offered an overview of on-body sensing technology. Mainly it talks about gaming and medical applications, but it also suggests that people receptive to putting tracking technology on themselves in crowds in return for certain emergency-response benefits.
Finally, privacy-threatening observations of our web use, postings, and other internet communications are much too numerous to list. But some high/lowlights include:
- AddThis now claims to track 1 billion unique individuals online.
- In its transparency reports, Google publishes a count of how often various governments ask it for data. For the first half of 2010, leaders included the US (4287), Brazil (2435), India (1420), the UK (1343), and France (1017). Also over 100 requests each were Argentina, Australia, Chile, Germany, Italy, Singapore, Spain, and Taiwan.
- Verizon had over 90,000 such requests in 2007.
- An internet service provider who successfully fought off an FBI information request nonetheless was kept under a gag order for six years about the case.
- The Obama Administration wants ever more new legal powers to get electronic information without court order or notice to the investigation’s subjects.
- The UK government, or parts thereof, wants to track everything you do online or telephonically, except — supposedly — the actual contents of your calls and messages. Similarly Australia. There’s an EU directive along those lines as well, although the EU also has some strong data retention safeguards.
- Various governments — India, the United Arab Emirates, and many more — have recently insisted that communication offerings such as BlackBerry provide them with back doors to snoop, on pain of being banned countrywide.
- Informal methods of data acquisition are also used. For example, police departments use fake identities (with photos of hot girls, of course) to friend young folks on Facebook to look for photos of underage drinking.
- A CNN survey article showed how extreme public data revelation can get, using the example of Louis Gray.
- For its own marketing reasons, DuckDuckGo offers a simple overview of how your web searches could/can be used against you.
- And as an example of how even petty internet uses can cause problems, one of many things that got former HP CEO Mark Hurd into trouble was looking at racy online pictures of business associate Jodie Fisher.
Comments
6 Responses to “Privacy dangers — an overview”
Leave a Reply
You mention how “It’s getting ever more practical to track our actions and movements.” Recently, a police procedural TV show called “Law and Order: UK” has been showing on BBC America. One immediately notices that the police make use of CCTV (“closed circuit television”) very commonly. There are cameras all over London (and perhaps other parts of the UK), which I think were installed during the time of IRA “troubles”. They’re still there. American TV uses CCTV results but only in specific cases, like banks and ATM’s.
I wonder if police can use Lojack data to locate a vehicle. Perhaps the need a subpoena. I wonder how long it takes to obtain such a subpoena and act on it.
An interesting issue in US law is that if you have data on your own computer in your own house, it is subject to “search and seizure” limitations of the Fourth Amendment. But if the data is in the cloud, those limitations apply less, if at all. Law enforcement may need a subpoena to get your data from the cloud provider, but you would not necessarily know it. And your data might even be physically located in a country with laws that make it even easier for law enforcement officials to get your data.
It has always been true that having higher security has costs. Often the costs are in terms of convenience and ease of use, and you make good points about other tradeoffs.
[…] Examples of information being tracked (more particulars were covered in the first post of this series): […]
[…] I haven’t done a pure notes/links/comments post for a while. Let’s fix that now. (A bunch of saved-up links, however, did find their way into my recent privacy threats overview.) […]
[…] The discussion above of privacy-related harms is based in part on a 2011 post. […]
[…] spelled out some mechanics of privacy-related dangers in January, 2011. Categories: Liberty and privacy Subscribe to our complete […]