I recently read Dave Eggers' brilliant and frightening novel The Circle, his modern take on Orwell. In 1984 the totalitarian state was the enemy of freedom, a hard tyranny motivated by the state's desire to crush all opposition. Eggers thinks we are headed for a much softer tyranny, one dominated by do-gooder Silicon Valley business types determined to eliminate—indeed, undermine the justification for—any attempt at privacy. 1984 has come and gone; the world of The Circle careens towards us at high speed.
The sphere of privacy continues to shrink. If it even is a sphere anymore; sometimes it seems shriveled to a point that is no longer three dimensional, almost a bodiless mathematical concept. Hardly a day goes by without some new assault, or potential assault, finding its way into the news. Some examples are from the scientific literature, and some from current politics, but the vector is always the same: towards an era where privacy ceases to exist.
Much of this is technology-driven. That technology affects privacy rights is nothing new. Previous generations had to deal with wiretapping and listening devices, after all. But this seems both quantitatively and qualitatively different.
Here are a few I've collected in the last year. What impresses is the sheer variety of attacks on privacy, coming from every degree of the compass:
- An article in PNAS demonstrates that your Facebook “likes” could do a pretty good job of defining your sexual orientation (85% predictive ability for male homosexuality), race, and political identity.
- The FBI recently announced that it had deployed drones on American soil four times in recent years. Police departments are considering doing the same in American cities, supplementing the now ubiquitous closed-circuit (CC)TV cameras.
- A group of Harvard engineers recently created a quarter-sized “fly,” a robotic insect capable of controlled flight (for a first look at the future look at http://bit.ly/1lK6qie. Give it some “eyes,” deploy a few hundred, and then imagine some hovering outside your bedroom window. Flutter, flutter, buzz, buzz. Is that a mosquito I just slapped, or some investigator's eyeballs?
And while I could not exist anymore without Google, the company has been the great destroyer of privacy. If you want to know someone's life history, it is probably out there somewhere on a server farm. Try a little experiment: Starting with a colleague's name, see how much personal information you can find in an hour. Next, imagine how much of that information you could have found in an hour a decade or two ago. You would be amazed.
Maybe that's a good thing: it depends on who's searching, and why. If you don't want to date a convicted felon, going online is a good way to avoid that particular mishap. But it is, of course, much more than just that. Every little thing about you can end up out there. When I was a teenager we used to laugh at school administrators who claimed that some minor infraction would “become part of your permanent record.” Not anymore: the record is not only permanent, it is global. In some important way there are no second chances anymore.
Google (don't be evil) is responsible for other transgressions. We now know that Google StreetView collected more than pictures of your front door: they went behind the door to collect passwords, email, and medical and financial records, as the company admitted in court. The court fined the company a half-day of its profits, which I suppose tells you how much the courts value your privacy. Google also promised to go and sin no more, which I know will reassure us all. And they will now require employees to take the computer industry equivalent of a HIPAA course. All right, I admit, cruel and unusual punishment.
These Internet assaults are layered on top of other privacy intrusion: ubiquitous CCTV's following you down city streets, your cell phone movements describing where you have travelled with great precision, your credit card history demonstrating a financial phenotype, your checkout at the grocery story generating targeted advertising on the back of the receipt, and your web history now the technological equivalent of a trash can, to be sorted through by private investigators digging for dirt.
Sometime in the last decade privacy became a fossil word. The expectation of privacy is disappearing from public discourse.
About the only data that doesn't want to be free is personal health information, and that only because accessing it is a felony. How long before technology effectively eliminates medical privacy? For the moment, at least, medicine remains Privacy Island. Sort of, anyway: all around us the sharks circle, waiting to strike. Don't step too far off the shore.
- An article in Science showed that one could, by merging publically available “de-identified” data from the 1000 Genomes project with popular online genealogy data, re-identify the source individuals.
- If a patient accesses a free online health website for information on “cancer” or “herpes” or “depression,” according to Marco Huesch of USC, that information will, on average, be shared with six or seven third-party elements.
I used to think that conspiracy theorists were crackpots, with their ideas of the government tracking us via RFID-encoded greenbacks through airport security checkpoints. It turns out that the crackpots were right, though wrong about the purveyor (the TSA? Seriously? The dysfunctional guys who still can't stop people from carrying box cutters through security checkpoints?).
It's much closer to home than that, as I've recently discovered. Hospitals are taking a deep dive into something called RTLS, or Real Time Location Services. I found out about this technology (as usual, I am the last to know) through service on a committee overseeing the building of a new hospital. RTLS places RFIDs on every large object (in RTLS-speak, “assets”) as well as on patients and hospital employees. It can then localize all of these to within three feet, via carefully placed receivers scattered throughout the building. Several companies (Versus, CenTrak) have sprung up to commercialize this technology.
These devices have real uses. They keep large, expensive pieces of equipment from walking out the door, or at least allow you to track which door they walked through. Recently a hospital in Munster, Indiana suffered an outbreak of MERS. Because hospital employees were tracked through Versus RTLS technology, the hospital was able to hand CDC investigators a list of everyone who had come in contact with the patient. Sounds great, right? An epidemiologist's dream.
Perhaps. The cynic in me says that sometime in the near future some hospital administrator will use the technology to decide, and chastise, employees who spend too much time in the bathroom. Administrators just can't help themselves.
RTLS is part of the larger “Internet of Things,” or IoT as it has come to be called. A recent article in The Economist suggests that by 2020 some 26 billion devices will be connected to the Cloud. Consider IoT's potential. Will I end up with a brilliant toaster, one that knows exactly how long to brown my bread? A mattress that diagnoses sleep apnea? A lawn mower whose handles sends my pulse and blood pressure to my internist? A microwave oven that refuses to zap hot dogs when I go over my fat gram budget for the day? Maybe I'll be healthier. I'll certainly be crankier: the soft tyranny of the IoT will drive me off the deep end in a hurry.
The bottom line, though, is this: we are entering an era of ubiquitous monitoring, and it is here to stay. I wish I was (just) being paranoid. Here are the words of a recently released government report entitled Big Data: Seizing Opportunities, Preserving Values: “Signals from home WiFi networks reveal how many people are in a room and where they are seated. Power consumption data collected from demand-response systems show when you move about your house. Facial recognition technologies can identify you in pictures online and as soon as you step outside. Always-on wearable technologies with voice and video interfaces and the arrival of whole classes of networked devices will only expand information collection still further. This sea of ubiquitous sensors, each of which has legitimate uses, make the notion of limiting information collection challenging, if not impossible.”
Discussions on privacy are frequently cadged in terms of crime or terrorism: wouldn't you prefer to give up another bitty little piece of your soul, a loss you would hardly notice, to avoid another 9/11 or even an armed robbery? The security state, adept at guarding or criminalizing the release of information harmful to its reputation, cannot imagine its citizens deserving or even wanting the same protections. One is reminded of Ben Franklin's prescient statement: “They who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”
But government intrusions are becoming almost irrelevant. I doubt the TSA or NSA or FBI or CIA or any other of the alphabet soup of government agencies really cares very much about my Internet history. It is, rather, the Pacific ocean of data being collected, and the certainty that it will be shared with, well, everyone. Remember the words of that government report? “This sea of ubiquitous sensors, each of which has legitimate uses, make the notion of limiting information collection challenging, if not impossible.” Challenging, if not impossible: I'll opt for impossible.
And will we care? I doubt it, so long as the data theft remains quietly in the background, being used for purposes no more nefarious than designing advertising strategy or predicting sales.
More from George Sledge on His OT Blog!
Read and comment at http://bit.ly/OT-Sledge