I’ve written on this before, and will again I am sure. It’s an important issue that interests and concerns me, and I assume many of my readers as well. The issue of privacy and security is fundamental, and much of human history and our legal system has been concerned with these issues. “A man’s house is his castle and fortress, et domus sua cuique tutissimum refugium” was written in 1628 by Sir Edward Coke in his legal treatise The Institutes of the Laws of England – (the Latin at end of the sentence translates to and each man’s home is his safest refuge). This principle has been used by countless societies since then to allow defense of what is considered ‘private property’ – whether this be real or virtual.
The recent rate of technological innovation has vastly outstripped the pace of our legal systems as well as even our social, cultural and philosophical consensus. We are now forced to grapple with realities that were only months or a few years back not even conceptualized. And the challenges keep on coming. Here are some recent examples of really good ideas that can have some really bad consequences…
♦ We have all heard much about ‘locational privacy’ – the result of our personal location being revealed through GPS, cellphone tower triangulation, WiFi hotspot location, etc. etc. While incredibly useful and convenient (just ask Siri “where can I get a pizza?”, and with no further information she gives you 3 choices within a few hundred meters…) – this technology can also provide unwitting information for stalkers, abusive partners, criminals, or just plain overzealous advertisers to invade our sense of personal privacy.
Another example: recently mall owners were thwarted in their attempts to track shoppers without notification using their mobile devices. PathIntelligence was hired by Promenade Temecula in southern California and Short Pump Town Center in Redmond, VA to test their FootPath Technology system – without knowledge or consent of shoppers. Basically, the system uses the TMSI signal (Temporary Mobile Subscriber Identifier) – which is emitted continuously anytime a cellphone is powered on [it’s part of the basic cellphone technology – allowing a user’s phone to be identified by a nearby tower, so that when the user wants to place a call a link can be established and authenticated]. There is no way for a user to know they are being monitored in this fashion, and the only way to not be detected is to turn your phone off – not a realisitic answer – particularly if you don’t know you’re being monitored in the first place! The full article is here.
The upside of this technology is [supposedly] anonymous foot traffic info so retailers in malls can see where patrons go when they leave Macy’s for example – which fast food place do they go to next? This of course can be consumed by targeted ad campaigns.The downside: using ‘orthogonal data mining’ techniques (whereby separate databases are ‘mined’ for information based on specific search parameters that yield collective data that is much more informative than any one particular database may yield), it would be entirely possible, for example, to derive the following information: – a so-called ‘anonymous’ shopper buys perfume at Macy’s, using their Macy’s charge card. Since the fine print on your charge agreement with Macy’s is different (and, like most department and other chain stores – allows much more use of your personal data) than your generic VISA or MasterCard, your purchase is now linked to your past history of Macy’s shopping. Now, while the FootPath system only tracks ‘anonymous’ cellphones, it doesn’t take rocket science to start following digital breadcrumbs.. Shopper “Jane Doe” buys perfume at 10:18AM in Macy’s; an anonymous shopper leave Macy’s at 10:21AM and goes to Steve Madden (women’s shoes, for you clueless guys) and buys a pair of sandals, again on a charge card… you get the picture… At best, your patterns, lifestyle, etc. are merged into what is often being called a ‘creepybase’ – a database so personally identifying as to have a significant ‘creep factor’ – and worth a lot to advertisers who desire the most detailed profiles possible. At worst, your ‘profile’ is sold off to criminals who (and this real BTW!) build ‘target profiles’ of people that buy at certain stores (i.e. have a certain level of income), and how long they take to do that… so they won’t be home when their homes are robbed…
♦ Again, another example of how basic locational services (GPS, often augmented with WiFi hotspot triangulation) is being extended. Google was awarded a patent recently for a new technology to determine not just where you are but what you are doing: based on ambient sounds, temperature and any other data that can be measured, either directly or indirectly, by your smartphone or other data device. An actual example provided by Google in the patenet application: “You’re attending a baseball game and call Google’s 411 service for information about a nearby restaurant. The cheers of the crowd and the sounds of the announcer are picked up by your phone. Google’s system analyzes the background noise, takes into account your location, determines that you’re at a ballgame and delivers related ads or links to your phone with sports scores and news.”But did the user know that their call to information was being monitored in that fashion, and used for targeted advertising? And remember, the web never, never, never forgets. Anything. Ever. Regardless of what anyone or any company tells you. And oh by the way the next time you call in sick when the surf’s up… better not be at the beach with a wave crashing in the background… (soundproof padded rooms for certain phone calls will soon be necessary…)
♦ There are new technologies that aim to ‘read’ moods and emotions of speakers. By using advanced voice recognition software that is sensitive to not only the actual words, but the contextual semantics of speech and word patterns, tonal variances in speech sounds, breathing cadence, etc. the algorithms can, on the good side, be used to identify sales pitches that are disguised; scam artists that seek to prey on the eldly, etc. But, since this game is a contstant cat-and-mouse, within a week expect the ‘bad guy’ to be self-monitoring his own speech patterns with such a tool – and using it to analyze his mark’s speech to see if the person on the other end of the phone is suspicious, distressed – or calm and accepting.
♦ Face recognition has received a lot of press recently – it’s getting a LOT better, and is now within the reach of a casual consumer, not just police departments. Researchers at Carnegie Mellon University recently identified about a third of all randomly selected, previously unknown (to the researchers) subjects, just using facial recognition technology recently acquired by Google. With a little social engineering, that figure went up to over 70%. And that’s not all: The professor running the research showed: “As a demonstration of his latest project, Prof. Acquisti also built a mobile-phone app that takes pictures of people and overlays on the picture a prediction of the subject’s name and Social Security number. He said he won’t release the app, but that he wanted to showcase the power of the data that can be generated from a single photo.” This particular research typically got the first five numbers of the SSN correct on the first attempt, all 9 numbers after only 4 attempts.Now, a new startup (Faced.me) has an app that will shortly release that allows VERY fast facial recognition (under 1 second) – and then can automatically link to that person’s Facebook, Twitter, LinkedIn accounts. Now this can be cool – a useful tool for salepeople, tradeshows, conventions, etc. — but the potential ‘creep factor’ is obvious… troll a shopping mall for teenage girls (who are notoriously lax with online security, and tend to post their life story, and pictures, on just about every social site) and snap pix, get IDs, log into FB page, – well you get the picture…
♦ Augmented Reality (AR) has been around for some time, but only recently has it moved from motion picture screens as ‘magic’, and heads-up displays of fighter aircraft (where terrain-following radar is used to call up actual photos from a flight path to better identify obstacles and targets when flying at extremely low altitude (and yes, fighter aircraft DO fly under bridges!). You can now download an app for your iPhone or iPad (Autonomy’s Aurasma) that performs automatic AR on images that are in it’s library. For instance, you point your iPhone camera (while in the Aurasma app) at a still photo of a sporting event, within seconds a live video overlays the still of the game highlights… it’s an advertisers mecca: point this app at billboards, storefronts, print ads in magazines – and a targeted video that is tuned to the user (using of course all the other bits we have discussed above) starts playing.However… now the ‘cloud’ knows exactly what you are looking at, what you like while you are there, etc. etc. And, BTW, do you know that ALL of the iPhone (and iPad) hardware is available to any app developer – just because you are using the rear-facing camera to run the AR app, for example, does not mean the little front-facing camera (that sees you!) cannot be turned on and used at the same time… and of course with facial recognition – and the fact that you are so close to the camera – sophisticated facial feature analysis algorithms can read your emotional state, track where your eyes are focused on the image (and since the image is being fed to you by the app, the app creator knows exactly what part of the image is catching your eye)… [big note: I am NOT saying that this particular app – Aursama – does this, nor do I even suspect that it does – just pointing out what is perfectly legal, feasible and possible today].
The above are just a few examples of how recent technological advancements have put real pressure on our sense of privacy and security. I am not advocating a return to kerosene lanterns and horses – I personally derive much benefit from these new features. I like the fact that I can just raise my phone and ask Siri “Is it going to rain today?” – no matter where I am – and with no other information provided directly by me – I get my answer in a few seconds. But we collectively must address these new ‘freedoms’ and figure out how to protect our ‘castles’ – even if they are made of virtual bits and not bricks.
I don’t yet have a plethora of answers for these challenges, nor am I sure I even have all the questions… but here are a few points for consideration:
- The definition of privacy has a lot to do with the concept of boundaries. The walls of your house are a boundary: police need a warrant to enter without invitation, defense against criminal entry is usually legal, etc. Even in public, the inside of your car is a boundary, again, any broach of this boundary without invitation is considered a breach of privacy. And that was recently extended by US Supreme Court to mean that police can’t stick a GPS tracking device on the outside of a car without a warrant…As a society, we must respect boundaries, both social, physical and moral. Without such respect, chaos ensues. Some boundaries are already accepted as ‘virtual’ – but well respected in both moral and legal realms. Even in a public place, if you go to kiss a girl and she says “No!” – you are most definitely crossing a boundary if you don’t respect that – and you will likely have significant consequences if you don’t…
- What then are the virtual ‘boundaries’ of data about our behavior? Who owns that data that is collected about our purchasing habits, travel preferences, musical likes, etc.? How do we collectively establish a normative acceptable protocol for targeted advertising that won’t creep out consumers (remember the Target scandal over pregnancy products pitches?) and yet at the same time prove effective so that company ad spends are seen to be worthwhile? Remember, that there is no such thing as free. Ever. Only alternatively funded. Every ‘free’ Google search you get to make is paid for by those pesky little ads at top and side of page. The internet that we know and love costs a LOT to run. Forbes estimates $200 billion per year. And that’s just operating expenses, not capital investment. While it’s really impossible to say, several sages that know much more than me about this have estimated a world-wide investment of $2 trillion is currently invested in the entire internet infrastructure. Now that’s enough cash to even get China’s attention… And most of us access this for a very small cost (just our data costs from internet provider) and pay nothing further for all the sites we visit (with small percentage of paying customers: porn and news are the two largest ‘paywalls’ on the ‘net). So we must all thank the advertisers. They pay for most of the rest.
- Assuming that at some point we come to a collective agreement on ‘what is ok and what is not’ in terms of virtual behavior (and this is not simple – the internet by it’s very nature has no effective ‘nation-state’ boundaries) then how do we police this? Today, with only very small exceptions (and even then mostly unenforceable) in the World Court, all legal redress is localized. Witness the tremendous difficulty that movie studios have with enforcing even egregious piracy actions from off-shore server farms. The combined forces of NSA, CIA, FBI, etc. etc. are frequently brought to bear on international money laundering, etc. – with many more failures than they will ever admit. If these boys, with their almost inexhaustable store of high-tech toys, can’t easily wrestle the beast of recalcitrant bits to the ground, what chance will the virtual equivalent of ‘small claims court’ have for the average citizen? These are real questions that must be resolved.