Archive for the ‘privacy’ Category

Privacy, It’s All About Context

Recently, I engaged some friends in a discussion about privacy issues.  In some cases they didn't see the big deal around these until I began to articulate their importance with examples.  In going through this process and trying to figure out how to express the various tensions around these issues, it helped me gain some insights into why it's been challenging to subscribe to some of the notions about privacy that have been suggested by legislative and industry efforts.  Some of this may be basic to some, but for those trying to come to terms with privacy issues, I'm hoping the following post will be helpful.

Let me start by saying that privacy in all its glory, is about one thing, CONTEXT.  Whether we are talking about data or information, it's important to understand that without context, none of it has any value, whether good or bad or anything in between.  Words only get judged through the meaning we ascribe to them.  If Content is King, then Context is the Emperor, for data is not information without context, and information has no value without context.  Think about that.  By the same token, the context you apply to any data makes all the difference, it is this point that frequently confuses people. 

Let's start by talking about something as simple as one's name and address information.  This is information that most people believe to be indiscriminately personally identifiable information, the very thing that no marketer should ever get unless the person gives them explicit permission to have it.  Some people would go so far as to say that they "own" that information about themselves.  However, it's clear that this can't be.  In fact, the post office, your neighbors, anyone who finds your lost luggage, anyone who receives a "snail-mail" letter from you and all who see it pass by them, anyone you show your driver's license to, the previous tenants or owners of your home, and a host of other people, have or have had access to this information about you and can do what they wish with it.  For those people who have their names (or last names) on their mailboxes, that means that anyone walking by their home or apartment building lobby could also have access to and make use of this information.  So how could this information be owned by anyone?  Though perhaps the better question is what does ownership of information entitle since clearly it can be in many people's possession for good reason?  I won't address these questions here, though I personally don't believe information can be owned as property.  Instead, I'm going to touch on more fundamental issues.

In all of the examples of people who have your information, we should note that there are good reasons to let some of those people know or have access to this information even without your explicit permission.  Even in Facebook's recent announcements saying that they would allow developers to have access to their users' and their users' friends' addresses and phone numbers, they did this because new creative applications are able to provide users with better and more useful services if they have access to this information.  So there's nothing inherently wrong with anyone having this information, what becomes troubling is when this information appears or is used in a context that we did not permit, anticipate or have control over.

There's a company called Jigsaw, which was recently acquired by Salesforce.com.  The way the service worked is that sales people would enter business card information of their contacts into the system in order to gain credits which they could use to get contact information about prospects.  This was a service targeted to sales people.  The company took a lot of flack from the media and non-users (people who were not the target customers), because they felt violated by a service that encouraged sales people to provide their contacts databases in exchange for the contact information on people whom they did not know and might want to reach out to.  Imagine that you have a business meeting and all the participants exchange cards.  While you never really know what any of the people receiving your card is going to do with it, you assume that they will respect that you gave it to them with some sort of implied confidence.  The reality is that at least one (if not more than one) person at the meeting will eventually enter your information into their company's CRM (Customer Relationship Management) system.  This also means that everyone in their company will have access to your contact information.  In other words the context of giving your card to someone at a business meeting was fine, but in the context that it ends up on some random service's mailing list or contacts database makes this less palatable. 

Now let's take a slightly more extreme example, imagine getting into a fight with a friend and sending them an email where you say something to the effect of "eat shit and die".  By happenstance, a few days later your friend dies of a stroke due to some rare food allergy, but because the death happened under mysterious circumstances this leads investigators to check your friend's email account.  On its own and under the context that I'm pissed at my friend from an argument we had, "eat shit and die" is an understandable response.  The same words under the context that my friend ate something which killed them, take on a whole new meaning.  They certainly are cause for concern and place me as a suspect in my friend's death.  Note that in one circumstance (or context), the words were fine, albeit strong and even hurtful, under circumstances that I could never have foreseen the words become cause enough for me to look like a potential murderer.

Consider the recent events surrounding Wikileaks and the discomfort that governments officials are going through as a result of the release of the confidential cables, the pattern of behavior suggests that in the context of diplomatic communications, none of what was being said was of any serious consequence among the communicators and their intended audience.  However, once the context changed, and a critical public that has not had the benefit of understanding how diplomatic policy is conducted, the words now have to answer to some very different interpretations.  What they say about statistics, that "statistics can be made to prove anything, even the truth", can also be said about context.  What is worrisome to most is that we never know when someone will take known information about us and process it through a context that we are not aware of or in control of.

What these examples show is that information, in and of itself, is not the problem we are facing when we discuss privacy issues.  The problem is that there has been no way to know (or control) the context under which information about us will be viewed or used over time, and hence even the most seemingly innocent data or information about us in one context can become an indictment of our character or worse, when viewed under another.  When we give information about ourselves to someone or a company by virtue of also knowing what it will be used for, we control the context and we are comforted by that.  As soon more is done with this information about us, we lose that control and we lose that comfort.  The fact that there are services out there compiling and aggregating information about each of us has been happening for a long time, but most people were unaware or only mildly aware of this.  Most certainly aren't aware of the extent to which it has been happening.  Recently, Rapleaf shared some information about Microsoft and Google employee food buying habits.  They did this through the combination of the user data Rapleaf has, with user data kept by a loyalty card data aggregator.  We could probably venture to guess that neither the Microsoft or Google employees that made purchases using their loyalty cards expected that information about their purchases as it relates to their employment with these companies would be used in this way.  By extension, if an insurance company wanted to price their insurance to either of these companies based on this data, this would certainly make many people very uncomfortable.  Was the individual shopper's data private?  Not really, anyone at the supermarket could have seen what each one of these people purchased unless they placed a blanket over their shopping cart and at the checkout stand.  By virtue of using a loyalty card, the supermarket certainly had a record of the transaction which means that the shoppers willingly agreed to be tracked, likely in exchange for some food item discounts.  Combining this information with their email addresses in order to determine where these people worked, is not part of the context these users agreed to.

A recent example of law enforcement databases combining their information with marketing databases has been unsettling, not least of which is because as we know, many of the marketing databases lack the integrity and accuracy we would expect of data that is to be co-mingled with law enforcement data about us.  Context matters, and our ability to control and maintain this information is important.  Note, there are likely many reasons that we would all provide more information about ourselves, which would also be more accurate, given the right value proposition.  If we understood how and when it would be used, we would be willing participants.  In the example above about the eating habits of employees being surreptitiously obtained, there are great inaccuracies and that's part of what would be upsetting if we ever found out an insurance company was using these methods to obtain information about our eating habits.  By contrast, if the insurance companies suggested that a healthy lifestyle would enable us to reduce our monthly health insurance bill (think Allstate's good driving record discount), then perhaps we would not only be more likely to maintain the accuracy of this information, but also motivated to provide it willingly.  All this, so long as we control that this is the only context under which that information would be put to use.

So where does that leave us?  Frankly, I'm not sure.  It's very hard to legislate or regulate the concept of context.  Heck, as it is our laws have very little notion of context.  If the contexts for exceptions to a law are not all considered in advance and written into the law, then the law is followed literally.  This is clearly unfortunate since new contexts emerge all the time and at a pace faster than laws can be changed to address these.  We see this all the time, generally in heart wrenching scenarios where the letter of the law is followed rather than the spirit of the law.  With privacy issues and the upcoming privacy bill, it feels like our legislators continue to play the game of trying to foresee all of the possible problematic contexts rather than understanding the need to establish frameworks that work for current unknowns.  As part of this framework, it's critical that we put people in control of their information.  I believe the result of doing this is that we will see the emergence of a new class of service provider that will help people manage their and interact with their information and those [companies or people] they interact with in ways that make this process easier.  Doc Searls over at the Harvard's Berkman Center For Internet & Society has been working on ProjectVRM which is working on addressing how people can more easily and effectively interact with the companies they do business with through the concept of Vendor Relationship Management.

There is a brave new world coming and we should not lose sight of what we mean and understand by privacy in order to move the ball forward in a positive direction for our social and commercial ecosystems.  This, with an understanding that commerce is only a part of that, not the center around which everything revolves.  Privacy is all about Context, remember that.  In a future post, I'll try to discuss Context Arbitrage, which is where I believe a lot of money is being made today and why we need to get a handle on it.

Advertisements

In Response to @AdamThierer on “Digital Sensors, Darknets, Hyper-Transparency & the Future of Privacy”

Adam Thierer (@adamthierer), a senior research fellow at the Mercatus Center at George Mason University, and regular and thoughful contributor to the conversation on privacy issues, wrote a piece titled “Digital Sensors, Darknets, Hyper-Transparency & the Future of Privacy” on The Technology Liberation Front blog.  After writing a fairly long comment that seemed to get accepted, the commenting system they use on the blog, DISQUS, appears not to have actually recorded or accepted the comment.  At first I thought a site manager had deleted my comment, but in refreshing the page and going into the DISQUS system to find my history of comments, I noticed that it wasn’t there.  With that said, I’m rewriting the response here.

<soapbox>

Adam, I’m not sure why you’re so enamored with targeted advertising given how weak it continues to be and the fact that people don’t have an insatiable need to be advertised to, even if it the products are supposedly “relevant” to them.  We don’t need to walk by a store at the mall and have it suggest what we might need.  Using behavioral advertising to justify the benefits for having information about us used by any organization in any way they choose is simply a red herring.  Let me also separately suggest that in the same way as those who advocate that privacy is dead do so from multiple perspectives, I find that not all “privacy advocates” would subscribe to every position you assigned to them.  This topic, as you know better than most, is chock full’o nuances, some of which you reflect in your positions, and if we are to use Prof. Daniel Solove’s taxonomy of privacy as a framework to explore the different issues, they very topic of privacy means different things to different people.  Sorry, but had to point this out since you seemed to use the term “privacy advocate” in a derogatory manner.

The fear being raised from the USA Today article you point out  and the “What They Know” series posted by the Wall St. Journal, is that in most aspects of society we have norms and rules in place that dictate the boundaries of various activities.  For example, we have rules for driving, we have rules for what the police is allowed to pull us over for, we have rules for what companies can say about their products, and so on.  However, as you correctly point out, the fall of practical obscurity has upset many apple carts.  Actually, it’s more than that.  The fact that the costs of collection, storage, aggregation/combination, and dissemination of data have dropped significantly, has disrupted our privacy expectations.  This same dynamic has turned the copyright business model on its head.  It’s forcing us to rethink the norms and the rules of the road so-to-speak.  Unfortunately, the development of technologies to leverage information about us continues to move ahead faster than we can get our arms around the important issues raised by it’s use.

Look, as a privacy advocate, I also understand technology and the possibilities it offers but have also seen how its application in one area is deemed sufficiently successful to apply to other areas where the parameters are often very different, frequently with less than desirable outcomes.  For example, collaborative filtering technology to make product recommendations to users on web sites was being applied in some form under the Total Information Awareness program to determine likely terrorists.  Of course, it’s one thing if a product is wrongly proposed to me, it’s an entirely different thing if I’m falsely accused of being a terrorist because I share characteristics with known terrorists (especially given how little we actually know in advance, or even after, about such folks).  Note, the technology application is the same, but the parameters and tolerance for error, and the necessary recourse and remedies are completely different.  Unfortunately, we don’t always see the people and institutions applying the technology, sufficiently addressing the fidelity of their systems to address these issues.  This is also where the greatest dangers lie.  This issue of the use of these technologies for much more life impacting applications (ie. insurance (health, home, life, etc.)) has to be of concern to everyone.  Organizational transparency about how our information gets used, has to be forthcoming given that there already exists plenty of transparency on individuals’ data.  Online and offline data is quickly merging with so many sensors, but today use of our offline data is already more intrusive that most people can imagine.  There needs to be rules for what’s acceptable and benefits society, and what is not acceptable use.  Individuals should have some say in how information about them is used to their benefit or detriment.  What’s wrong with that?

While I completely agree that there are many legitimate benefits to the use of various targeting technologies, the temptation that such large databases of aggregated information about us pose for legislators and law enforcement, is frequently too great for them not to take advantage of these.  We already see an awful lot of one-way secrecy, where these databases are being accessed by law enforcement under orders of secrecy (ie. NSL request or 2703(d) order), or by companies without our knowledge for predatory behavior.  So the challenge becomes, how do we balance progress and the benefits that technology can afford us, with the need to better manage how and to whom, information about us is distributed.  I wouldn’t look at it as how we keep information about ourselves “secret”, since we never really did that in the past and would never be reasonably able to do that.  A secret tends to be information known to a small number of people (generally at least 2).  One could keep a secret, but there was never a guarantee it would remain so.  But the pace at which it could be shared was slow.  Technology has enabled that pace to change radically, which is what raises the urgency on needing to decide how we will better manage it.

On the point of “property-tizing” personal information, that has certainly been a position espoused by some in the U.S. privacy community, but in Europe and other parts of the world, the focus has been that information about us and its use should be dictated as a human rights issue where it cannot simply be traded away in the way property can.  While both frameworks aim to resolve similar issues, I believe the U.S. one is fraught with some of the paradoxes you refer to, which the international position does not have.  The same way that copyright as a business model is no longer seems effective (there are lots of better ways to monetize the value of content), I also don’t feel that information about us is definable in such a way that it can be “property-tized” 🙂  Because all of this information is so easily distributed and perfectly copied, property rights never seemed to make sense to me here.

Finally, on the point of transparency, there’s a difference between transparency and full unobstructed access to absolutely any information or knowledge about a person.  You began to list exceptions like medical information, but I believe that in different contexts there’s much more information that people would prefer not to share or brought to bear.  Hence, why transparency needs to come with norms and rules of engagement.  For example, when we place constraints on what sort of data employers may consider in their hiring decisions, that’s a reasonable contextual limitation.  Data or information without context can illicit people to react before they understand it, or can be used in ways for which it bears false witness to the facts.  There are many shortcomings to full unfettered access to information about us that we need to address before such widespread uses start happening.  It’s not about putting the genie back in the bottle, but setting up the right frameworks for acceptable uses of information about people (that’s us :).

</soapbox>

 

 

 

Privacy is Dead, Let’s Call the Whole Fourth Amendment Thing Off…and While We’re at it, Lose the First One Too

As a young man, I recall sharing with friends that while I held few principles (moral or otherwise), the few I held were dear to me.  In other words, I didn’t bother encumbering myself with lots of principles that I could never live up to.  This didn’t mean acting immorally, it just meant not taking absolute positions over moral or social issues since there were lots of imaginable circumstances under which I might not live up to such high ideals.  Perhaps it was my disdain for hypocrisy or simply being lazy about having to remember so many principles, but whatever it was, it made me feel better to come to terms with my humanity as someone with failings who wasn’t going to espouse moral superiority, especially on issues that I could imagine not living up to.

Over the past year, it has felt like a patriotic fervor and a heavy dose of superior morality, has crept into the political and legislative discourse.  Heck, the other night I heard the head of USDA on the Colbert Report say that childhood obesity is a national security issue.  He said this with all of the conviction that Janet Napolitano and John Pistole have shown when speaking on the fact that groping and aggressive pat-downs are necessary for our national security.  It’s now clear to me, that if you want to make any argument in our country the best way to do so is to explain that it is being done to “protect the children” or for “national security”.  By the way, if we were playing rock-paper-scissors and two of those were represented as “protect the children” and “national security”, “national security” trumps “protect the children” as exemplified by the groping of minors by the TSA.  Clearly an example where national security is more important than protecting the children, but I digress.

For all of the time that so many people and organizations (ie. the EFF (Electronic Frontier Foundation), the ACLU (American Civil Liberties Union), EPIC (Electronic Privacy Information Center), the CDT (Center for Democracy and Technology), the CCR (Center for Constitutional RIghts), et. al.) have spent fending off the government and commercial interests from violating our privacy, it seems that so many more people don’t seem to care about their privacy.  Never mind that we all have things that we would prefer to keep confidential or simply not share with the world, but when confronted many people are beginning to say that they have nothing to hide from anyone.  The number of people who have said that they don’t care about the TSA’s approach or that they understand the need for it, is simply staggering to me.

More recently, we have been seeing interviews with folks at bus stations going through the similar pat-downs as are happening at airports, and many respond in interviews that they’re OK with it because “I feel better knowing that I won’t get blown up”.  Combine this with the lack of sensitivity and understanding on these issues being displayed by the Fourth Estate.  While I can rationalize that the average person doesn’t have time to think through the issues, we also see CEOs of significant technology companies (with vested interests, but don’t let that get in the way), offer different but equally impassioned perspectives about the death of privacy.  From Bruce Schneier’s blog:


“In January, Facebook Chief Executive Mark Zuckerberg declared the age of privacy to be over. A month earlier, Google Chief Eric Schmidt expressed a similar sentiment. Add Scott McNealy’s and Larry Ellison’s comments from a few years earlier, and you’ve got a whole lot of tech CEOs proclaiming the death of privacy — especially when it comes to young people.”. (http://www.schneier.com/blog/archives/2010/04/privacy_and_con.html)

These are all people who should know better, and perhaps they do.

Our government, through its law enforcement agencies, is also constantly fighting to remove our privacies in the name of national security.  Of note here, are their efforts to require the least amount of oversight possible into its requests for cell location data.  Recently, conflicting opinions were given by the D.C. Circuit Court and the Third District Court which may land this issue in front of the Supreme Court for some meaningful resolution.  Commercial and educational institutions want to track everyone with RFID (Radio Frequency Identification).  If you combine this with government tracking laws being debated above, then the intrusions on our privacy become self-evident and complicit.

So the question that comes to my mind is why do we have the Fourth Amendment to the U.S. Constitution?  If industry and government find it inconvenient, and a significant number of people in the country don’t care about it, then why do we have it?  Why not just stop the hypocrisy and minimize the amount of stuff we claim is important to us and simply discard this, since clearly few find it important?  Let’s stop saying that we’re fighting wars and securing our nation to protect all of our Constitution, since that is clearly not true.  Maybe we care about some of the other amendments, but the Fourth ain’t one of them.  While we’re at it, let’s examine the controversies that suggest that we also don’t hold the First Amendment to the U.S. Constitution in high esteem.

Not too long ago, we saw much commotion around the Park 51 (aka. Cordoba House and “Ground Zero Mosque”), and whether the City of New York should allow its construction as a result of protests from conservative groups and plenty of liberals misdirecting their empathy.  This of course raised another First Amendment issue around the free exercise of religion.  It seemed like an awful lot of people were against this construction.

Most recently, law enforcement, specifically the Justice Department and the Immigration and Customs Enforcement decided not to wait for the ratification of the Combating Online Infringement and Counterfeits Act (aka. COICA) to pursue shutting down 82 Web sites that they considered illegal.  This took place under a forfeiture law.  However, in a few cases, the domains themselves were not infringing on any laws and were merely search engines that complied with the DMCA (Digital Millenium Copyright Act), though in some cases ended up pointing to sites that might have been infringing on copyrights.  Where sites were pointing to infringing ones, this is a First Amendment free (protected) speech issue, but no due process is being afforded to make these determinations.

As many have no doubt heard on the news or read online, Wikileaks released secret U.S. information relating to its role in both the Iraq and Afghanistan wars.  The latest release was relating to U.S. diplomatic cables.  Clearly, the release of all of this information has given us and the world, a rare glimpse into how our government has misled us and at times even claimed information to be of national security importance to justify its secrecy, when in reality it was for political expediency.  Rather than deal with the issues raised by these documents, our legislators and current and former government officials are calling for the blood of the messengers, (ie. “Rep. Peter King: Prosecute Wikileaks, Julian Assange“, “Wikileaks must be stopped“, “U.S. Senators call for Wikileaks to face criminal charges“).  Of course, the irony here is that the first people to have actually published information contained in the Wikileaks release for the public to see, were some mainstream media newspapers including the NY Times, Der Spiegel, El Pais, Le Monde, and The Guardian (UK), but we have yet to hear of any of them being accused of any wrongdoing.  That and the fact that Wikileaks was not the actual leaker of the releases they have made available.  This event clearly raises First Amendment issues around journalistic freedom and freedom of speech.  We did not see Woodward and Bernstein get accused of any wrongdoing during the leaks around Watergate, and Daniel Ellsberg still roams free despite the Pentagon Papers release, but it seems that Wikileaks has drawn the ire of the U.S. government.  Heck, Sen. Lieberman is using this as an opportunity to grandstand his cause celebre and to disembody the First Amendment.

With all of this effort, and the attempts to route around and through the First Amendment, it’s clear that it too is not highly valued.  The voices in support of Wikileaks are not nearly as loud as those who see their actions as criminal, at least in the U.S.  So there, we can now count another amendment of the U.S. Constitution that we could do without.  I’m not suggesting that people don’t try to live by these ideals, but why codify something that so few care about, believe in, or truly think that it is getting in the way of our…wait for it…national security.  I suppose that removing these amendments from our Constitution would go a long way towards reducing the hypocrisy behind the positions that our commercial and government organizations, and many of our fellow citizens, have taken.

The Elephant in the Room Relating to Privacy; We’ve Never Had Any

As always, I continue to explore the bounds of what we mean by privacy, what we expect by privacy and what the issues are surrounding privacy.  The more I have read about the subject from people far smarter on the subject, as well as seen the hype or heard lay people's visceral reactions to the topic, the more I've been forced to think about "what was this privacy thing" that we all seem to harken back to, to long for?".  What was in place before the digital world emerged with such forcefulness, that now in its seeming absence, makes us feel vulnerable to unseen powers and uncontrollable forces? 

I'm going to start with a simple example as this helps to contextualize the discussion in my head.  So let's say I share information about my salary with a good friend.  Specifically, I tell him how much I earn per month and what sorts of bonuses I receive at year-end based on my performance.  This friend does not work with me nor in my industry, and as far as I know, does not hang out with any of my business associates.  This may be information that I would not readily share with colleagues.  It's also information that I would consider private and hence not meant for public dissemination, but I *trust* my friend.  There's a good possibility that I would not feel the need to tell my friend not to share this information because implicitly I'd feel that he would understand not to discuss it with others.  More importantly, to the extent that I don't believe that he knows other colleagues of mine I'd see no real harm in sharing this information.  Now, jump forward a few months and my friend is at a party where he coincidentally meets one of my colleagues.  Over drinks and while establishing their friendship the discussion on how overpaid my colleague thinks some people are at our company comes up.  My friend, on purpose or inadvertently (it really doesn't matter), shares the information about my compensation, perhaps even in defense of me being fairly compensated.  Has he violated my privacy?  Not really, I violated my privacy by sharing that information with him in the first place.  Even if I had couched the conversation with him to not say anything, the fact that I chose to share this at all means that any privacy violation is on me.  

This is one example, but we can find millions of examples of how we have never really had as much privacy as we believed we did.  Whether it was buying whips and handcuffs at an S&M store, or picking up a prescription for a herpes drug at a pharmacy, or any number of embarrassing or socially awkward activities, the fact that we interact with another person or in a public place, means that at least one other person (the sales clerk or the pharmacist and doctor in these examples), knows that information.  We *trust* that they will not widely publicize this and for those who might want to embarrass us, there is a "practical obscurity" in them finding this out.  It's difficult information for them to find out because it would take constant surveillance and some investigative skills to find out about such activities.

If we think back to direct marketers in the 1970s and 1980s, they purchased lists that offered some basic segmentation and ways to filter for only those people whom they felt would make good prospects for their product offers.  Credit card companies have always been able market to us based on our purchases.  But for marketers and anyone else who wanted access to this information, the high costs associated with obtaining the needed information about us required them to have a solid return on investment model for proceeding with this.  Note, that violating the privacy of celebrities had value to the discloser because this made news and news outlets were willing to pay for any information that could help them sell more ads or more newspapers.

Now with the cost of collecting, storing, aggregating, combining and disseminating information having dropped so precipitously, it has become much easier for more constituencies to obtain information about us at little to no cost.  In other words, the ease of obtaining information about anyone is turning all of us, begrudgingly, into celebrities.  There are more and more ways to monetize information about just about anyone.  The practical obscurity we once enjoyed has been significantly reduced and since it is not only what we share that is collected, but what others share, it's hard to see a way to legitimately believe that we will ever enjoy the practical obscurity of the pre-digital days.  Like it or not, it does look like we are being forced into becoming more and more transparent about our lives, which will also require that we begin being more accepting and tolerant of what it means to be human, faults, blemishes and all.

From a legal perspective, the existing regulations around what is considered private versus public is very arbitrary given the advancements in technology.  For example, technology makes it possible to see what is happening behind walls through heat signatures.  But this technology is not usable on someone's home unless the government agents have a warrant for this.  The technology used in airport screening devices has now also made its way into vans that can drive up next to cars and peer inside of them.  These also require a warrant for their use, but should they be used without a warrant the information gathered by a government agent is not usable in court, but it doesn't change the fact that they were able to know or see whatever they wanted to.  An individual's phone logs are not considered private by the courts because a third party (the phone company) can see them at any time and so there's no expectation of privacy here.  Government agents (which includes the police) do not need a warrant to access this information.

At the end of the day, the real privacy issue is that the digitization of data about us has made it so cheap and easy to move, that the practical obscurity has been reduced to the point where it no longer offers any serious defenses against what can be known about us by any organization (or individual) that really wants to know.  The issue isn't that privacy no longer exists, it's that it only existed as an illusion and now nearly all pretense of that illusion has been removed.  I'm not trying to be fatalistic about all of this, nor conspiratorial, but I hope to write future posts about what it means to live in a world where practical obscurities are no longer there to keep our privacy illusions alive, and then begin to explore some likely paths of evolution.  We need to come to terms with where things are now, in order to begin forging a path for where we would like them to go.

Expectation of Privacy

How long before the Fourth Amendment to the United States Constitution becomes just a collection of empty words?  Recently there have been a couple of court cases that have provided conflicting guidance on the legal test for the applicability of privacy protections.  It’s worth reading the Wikipedia entry for Expectation of Privacy to get a very basic understanding of the legal tenets behind this.  In both cases the issue stems from the FBI’s use of GPS devices on suspects cars without a warrant.  In the first case, United States v. Maynard, the U.S. Court of Appeals for the District of Columbia decided against “always-on” surveillance and to uphold that there had been a Fourth Amendment violation.  In the second case, United States v. Pineda-Moreno, the U.S. Court of Appeals for the Ninth Circuit decided that the similar GPS tracking was not in violation of the Fourth Amendment.  Clearly, this looks like an issue that may need to get to the U.S. Supreme Court to more fully resolve.

However, what has gotten my attention in these cases is not so much the expectation of privacy issue per se, but that we may be loosing this expectation by virtue of some of the technologies that in some cases are being mounted on our property (ie. GPS devices under cars), and to what extent is that limited.  With the continuing growth of smart phones, most of which have some form of GPS embedded in all of them, does the U.S. v. Pineda-Moreno case imply that we are all slowly giving up our Fourth Amendment rights through the use of various technologies?

Recently, there has been a spate of stories about how RFID chips are being put to use for tracking various groups of people’s activities.  The first announcement was about how a school in California was going to provide jerseys to kids with RFID chips embedded in them to reduce the cost of tracking them under a program called Child Location, Observation and Utilization Data System (aka. CLOUDS).  Note, that the problem Contra Costa County is trying to solve seems valid and legitimate, but the unintended (or ignored) consequences could be significant (if my kid wears her jersey home and we go out for dinner, does that imply that I have given up my expectation of privacy?).

The next program is being deployed at Northern Arizona University.  This program is to track student attendance.  While I think that the administrators here have forgotten that this is a university, where the incentive to learn and graduate should have nothing to do with attendance, at issue is the fact that students are being tracked.  While the use here is clearly more speculative, one could rationalize its value to the university in terms of better understanding their resource deployment and utilization (ie. use smaller rooms for classes where most students tend not to attend).

The third program, which is deployed at a senior citizen caring facility in Milwaukee, WI, is meant to “allow designated officials caring for these senior citizens to know their whereabouts and activities”.  Can anyone argue with this use?  Probably not on the face of it.

All of these programs lead to the concern on how use of this information against the very citizens these applications are intended to serve, will be treated by the courts in support (or not) of our protections under the Fourth Amendment.  While I’m sure that there is a certain minimal amount of security standards that these systems are being held to, clearly the applications they are being used for would not warrant the sort of security one might expect from an RFID deployment on passports.  But to the extent that information from these devices can be used against us, then the cost and the need for paramount security rise accordingly.  As most security experts know, RFID chips can be tampered with.  If you don’t believe that, just ask the Germans who recently had the technology they are proposing to use for their citizens’ ID cards, compromised.

My point here is that we put a lot of trust into technologies for specific applications, but when the data that emanates from these systems is used for unintended purposes, the consequences can be severe.  Data from applications that make use of RFID chips, suffer the same privacy issues that are raised by how our other on and off-line information is collected, stored, combined and disseminated.  While there are loads of issues around those, when we begin to add on the legal ramifications around use of this information, then we really need to step back and more fully consider the consequences of these supposedly useful applications.

UPDATE: Looks like this topic is getting plenty of attention.  Just caught the following ABC News report titled “What Info Can Uncle Sam Dig Up About You?

UPDATE: Here’s another great analysis titled “GPS Monitoring Revisited” which goes over the two cases listed above in great detail about the rulings themselves.

UPDATE: Excellent analysis by Prof. Susan Freiwald comparing and contrasting the conflicting GPS tracking rulings mentioned above.

More thoughts on Privacy

While it some times shocks me that people pay so little attention to the privacy issues that are quickly overtaking us, I also realize that it’s no one’s fault.  It can be hard to see the imminent harm if you’re not spending time reading and understanding what’s happening with information about you.  We all have busy lives and the issues here frequently require more than a five minute primer to appreciate.  Who has the time?  More importantly, who cares if you’ve done nothing wrong or have nothing to be ashamed of?  Heck, if you are careful about what you say, the views and pictures you share, and appropriately set your various privacy settings online, what’s their to worry about?  There’s also of course, the fact that “so what if marketers know information about me to try sell me stuff”?  Few among us can point to anything having gone wrong with our online identities so what’s there really to worry about?

These questions reflect the refrains that are most frequently used around privacy issues, but are unfortunately narrow in their perspectives.

I suspect that most people lock the doors to their homes.  Not everyone does, but many people do.  Why is that?  Well, one might say it’s more of a security issue, protecting one’s home against burglars.  Another reason might include not wanting to have neighbors barge in unannounced, hence making it a bit more of a privacy issue.  The reality however is that most people know very few people that have had their homes involved in a burglary (whether they’ve been home or not), and it’s infrequent for neighbors these days to stop by unannounced.  And yet, we still lock our doors.  Yes, privacy and security remain important and we want some control over them.  You never know when crime will strike at your home so better safe than sorry, right?

When meeting someone for the first time, whether in a social or professional environment, if you were asked for your home address and social security number, it’s not likely that in most circumstances you would share this information.  Heck, some times we’re even nervous about giving our full names.  Why?  Well, for one thing, meeting someone for the first time doesn’t give you enough information to assess how they might use that information.  It’s a trust thing.  It’s also a privacy and security thing.  I wouldn’t want this new acquaintance knowing where I live, nor would I see any reason why they should have my social security number other than for nefarious uses.  As for my name, there’s some practical obscurity around the fact that if I didn’t provide much else then they might still have a difficult time finding me (*if* I didn’t want to be found by that person).

OK, now let’s explore three different type of scenarios.  In the first one, let’s say you had a perfect credit record to date and applied for home loan.  After a few days the bank came back to you and said that they declined your loan but offered no real reason for doing so other than you didn’t fit their risk profile.  You weren’t part of a minority group and you’ve never been arrested, so what else could possibly be at issue here?  Could it be that people who visit the same types of Web sites you do tend to default on their home loans more frequently?  

In the second scenario, imagine your health insurance plan raising your rates (oh yeah, that would be a surprise ;).  What if it turns out that the health insurance provider has been buying data about their customers’ transactions and correlating these with local loyalty programs data for “marketing” purposes?  Further, what if as part of their analysis they also realized that based on the foods you buy (mmm, chocolate) you fall into a high-risk group for health issues in the next few of years of your life.  This example could also work at a higher aggregated level, in other words people in your zip code tend to be less healthy than those in a neighboring zip code, but who knew?  More importantly, who would tell you or how would you find out about these practices?

In the third scenario, you are interviewing for a job and share everything you think is relevant with the prospective employer.  But do you know if that’s all *they* find relevant?  Well you can go here to see all of the services that offer credit report and other forms of screening for prospective employees.  There’s some efforts to curb the allowed uses for reviewing job seekers’ credit reports, but with the amount of new data becoming available about people, credit reports may not be necessary to effectively allow prospective employers to dig into your life as they determine to be relevant.

One more example of yet a different sort.  Imagine you have been able to successfully keep yourself from joining any social networks despite the behest of many of your friends and a general social pressure around doing so.  But, you remain a social person with friends and neighbors and have been known to enjoy going to a BBQ or two.  On several occasions, as people are apt to do these days, pictures are taken and you appear in several.  No more than pictures of you at these BBQs.  However, your friends tag you even though you’re not on the social network, which means you never find out that your picture is up online.  Now, because you’ve been tagged in a section designated for people’s names the service knows you’re a person and that you’re related in some way to the other people that appear in the pics.  Given how much the service knows about the other people in the pics, how hard do you think it would be to determine who you are based on looking you up in one of several people search engines or using services like Rapleaf, Lexis-Nexis, Experian, et. al.?  Because of the information that is available about the other people around you, several assumptions can begin to take place.  Perhaps simply looking for people with your name in the same city and state as the others.  In other words, privacy isn’t just an issue that affects those who are online, the ability to now collect, store, combine and disseminate data so easily is proving a good way to capture every one into these databases whether they have chosen to participate in the open sharing of their information or not.

These examples point to the crux of some of our privacy problems.  It’s the high level of trust that many companies are putting in technologies like network analysis, collaborative filtering and behavioral analysis.  An interesting piece in The Economist talks about how some of these technologies are being put to use.  What’s challenging to deal with however, is that statistics don’t account for the original purpose that each data set was collected to serve, and where they try to remain devoid of the original context of the data collected, they miss obvious mistakes.  In the context of ad targeting, it doesn’t really matter if the wrong soap was advertised to me, but in the context of areas that are much more meaningful to our lives, things like home ownership, health concerns, safety and security, these technologies do not yet have the necessary throttles and easy ways for user intervention in order that we may keep their results in check.  Too much faith is being put into the hands of these technologies without consideration for the human impact.

Equally important however is the lack of transparency around all of these uses.  Today’s privacy regulations don’t enable individuals to understand the extent to which data about them is sent to other services, or how their existing services are using data from other sources in making decisions that will affect them.  Some of these effects will be financial, others will in the sorts of opportunities made available to them.

My goal here is not to sound conspiratorial as I don’t believe a conspiracy is going on.  What I believe is that lots of people are doing their jobs, but due to a lack of coordination and balancing between the interests of users and the interests of organizations, we’re headed for a collision course that most people are not prepared for.  A rude awakening of sorts.  When I think of the person at the bank who decides to explore the correlations between Web viewing habits and loan defaulting dead beats, I believe that person is doing their job.  They are trying to reduce the risk for their employer.  They are thinking “out of the box” in terms of what other possible signals they could use to increase the likelihood that the bank gets back the money it loans out.  Same with the analyst at the insurance company that begins to dabble with transactional and loyalty program data.  In both cases, these folks are dealing with esoteric statistics and data clustering problems, but the impact that this information has on us is significant and we need to bring about the same sort of transparency that is being demanded of our lives, to the organizations and the processes they use to analyze information about us.

Clearly, all this gets even more unnerving when we hear of government making use of similar commercial data sources and technologies in trying to predict who among us is an “evil doer”.  OK, that’s enough for this episode.  Hope to share a little bit about how we got to this point and why things have changed so much.  As well, I see common thread between privacy, security, intellectual property issues and organizational transparency that is being enabled by the fact that so much is turning into easily copiable and transportable bits of information, which I also want to explore further.

End of Privacy

A little rambling on some thoughts that have been on my mind in relationship to privacy issues.  In saying the "end of privacy", I'm trying to imagine what the effect of loosing what we understand today as being control over our personal information.  Loosing control in effect means opening up the can of externalities that take place as soon as we can no longer determine who is seeing our information or what uses our information is put to.  Imagine that anything I write to anyone can be seen by everyone, any where I go can be known to anyone at any time, anything I say can make it into the public record, and as soon as someone believes they can actually map my thoughts, those too will be knowable to others.  If you think about it, many of the technologists working to make these things happen are moving us closer and closer to this new world.  Where it would be nice to have all of this coordinated by a rational independent authority so that we stay focused on the impact to the individual first, because there's no master architect it's unlikely to be the primary consideration.  The focus on the individual will be the sizzle not the steak.  All of the technologists behind the various services are busily making these things happen, each of course, is doing so with the best of intentions.  Not to mention, that I'm not sure I see the business in privacy, as a stated in a previous post, versus the economic interests aligned against it.

The impact of having comments shared that were meant for one intended recipient manifested themselves with email many moons ago, and we quickly realized that if it's written electronically it can easily be copied or forwarded and be shared with others.  Actually, email used to have another more devilish feature (which some email readers still support) similar to "Forward" called "Redirect" where you could redirect a document to another person, but any response from that person would go directly back to the originator of the email.  This created much confusion and more than one "faux pas" or snarky response intended for the person that redirected the email, actually going to the original sender…d'oh!…but I digress.

Facebook broke us down some more by creating an environment they purported as being safe for communicating with only people you know in the physical world, but then extending (exploiting) our use of their service by opening our comments and pictures up to people we didn't know and didn't necessarily want to share these with.  Eventually allowing more and more of our information, that which we might have considered to be private, to be shared with total strangers and making us more discoverable in the process, than most people had intended to be.  In Mark Zuckerberg's opinion, it's what we want, in the opinion of people who had legitimate concerns for their safety and security, or in some cases their job prospects, this was been disastrous.  There is a tinge of irony here since what we supposedly want also lines up with furthering Facebook's business model, but I'll leave that for another time.

Location-based services have been the next bastion of assault on our privacy.  In some cases these are "opt-in" in others they are "opt-out" (and in some cases you have no choice), and the applications use game mechanics to make them more fun, keeping us distracted from the data collection they are doing.  Many of these so-called "free" services are not free at all, they just monetize our data in ways not immediately evident to users.  Other methods used to get at this information have been through services offered by the wireless phone providers to protect "the children".  A friend recently explained to me how he busted his son for lying about his whereabouts and going to a party for which he had not received permission to attend.  I laughed and asked why his son hadn't figured out he would get caught, to which he explained that the phone is too integral a part of his son's life to be away from it, so he was willing to take the chance that his parents wouldn't check up on him.  If you can do this with your kids, it won't be long until friends do it (that's what Loopt and Google Latitude are all about).  Heck, why stop there, it shouldn't be technologically difficult to enable even acquaintances that sort of access, then it's probably just easier to open it to everyone.  This certainly follows the logic of the social networks.

So where am I going with this?  Well, in a world without privacy it occurs to me that we would have to become fully accountable for all of our actions.  There would be no hiding behind the veil of politeness, there would be no more little white lies for us to get away with, or tailoring of our conversation to the audience we're addressing.  We in effect become fully transparent.  Context of our statements and of our locations would be difficult if not impossible to incorporate which is a considerable down side, but for all of the discussion around this issue, I see no slow down in the adoption of services that dispense with our privacy or the feverish pace of new services emerging.  Clearly, lack of context is not holding anyone up to opening up our information.  Perhaps this is what's needed at a time when trust is at an all time low, call it the shock treatment of trust enabling.  A high level of trust is important to a functioning society, be it on an economic level or on a political one, and increasing transparency may force the matter.  People becoming trustworthy, not necessarily because they wanted to be but because they have to be.

For all of this redefining (or dismantling) of privacy, there are clearly some other benefits which is what is enticing so many people to use these services.  Knowing that my friends are nearby, looking for a product or service near where I am *now*, making a coupon or an offer available to me at the time I'm near the establishment, keeping the kids safe, and locating my lost phone, are all certainly valuable services.  The fact that these come at a price that has not fully been digested by most is what worries me.  But a part of me also feels that perhaps the transparency pendulum has to swing to an extreme so that we all become aware of the risks of too little privacy.  Already Facebook has been making some changes and enables users to post links, photos and status updates to user created lists rather than to everyone.  As of today, they are also apparently testing the ability to delete accounts (not just deactivate as is currently possible).  Perhaps we are going through the bumps in the road necessary to learn how to deal with these new issues.

This weekend's release of classified U.S. war related documents by Wikileaks demonstrates the potential transparency can have on accountability.  While this was about the transparency in government, I believe we are on the threshold of similar things happening to individuals.  Both Jeff Jarvis on his blog BuzzMachine and Jay Rosen on PressThink raise some very interesting points organizational transparency.  In the case of Jeff he discusses the struggle between transparency and keeping secrets when trust is low.  Jay talks more about the world's first stateless news organization and the impact it will have news reporting.  What was interesting about the Wikileaks document release, is that they made a lot of documents available, hence enabling some level of context setting to occur.  Had they just released a few choice documents, the context might have been blurred.

So the question I struggle with is, will the loosing of our individual privacy be part of the age of accountability?  Sure, people claim to be accountable but in the past two years seeing the happenings in government, the financial industry, the oil and gas industry and several other areas, it feels like our systems are so complex that responsibility has been diluted.  In other words, no one is singularly responsible for anything any more.  Take the recent economic crisis stemming from mortgage-backed securities.  There were so many institutional players (and individuals within each of these) involved and a system built around passing "the hot potato", that it's difficult to point to any single actor or organization as being guilty of fraud or any other misdeeds.  Even the homeowners who were sold on the harmlessness of the mortgages they were signing up for had a role to play.  Transparency in this system might have helped us better assess where it all started to go wrong and the relative roles all of the players in this Theater of the Absurd.

Anyway, lots to digest here and clearly a need to break down the issues further, but thought this brain dump might be an interesting way to get thoughts out of my head 🙂