Is technology killing privacy?

As you read this, armies of skilled professionals are rummaging through various digital dossiers they have collected on you. They’ve acquired an impressive array of data points, and they are trying out different algorithms to characterize and predict your behavior. These people don’t work for some shadowy government agency, although some of them do wear dark glasses, ear buds, and black trench coats. Others wear frumpy sweaters, pocket protectors and high waters. And still others wear the latest gear in the summer line at The Gap. They work for the corporations we interact with every day: online retailers, search engines, banks, credit card companies, investment firms, and HMOs. Their work is entirely legal, lightly regulated, and rapidly growing in breadth and sophistication. The professionals who mine and manipulate your data, programmers like me, statisticians, marketers, PhDs and consultants of every flavor, have vast warehouses of information, petabytes of data in total, and they are developing intricate models of your behavior.

Welcome to the information economy, where your information makes other people rich. Companies like Google make billions off of your data. Your behavior powers their advertising engines, and that is their primary avenue of revenue. If you use gmail, sophisticated algorithms analyze the text of your emails to serve up “smart” ads. In fact, virtually all of your online behavior, in the form of your “click-stream” data, is captured, merged, and analyzed for patterns. The sales, risk, and marketing departments of the world’s businesses have always tried to understand their customers, but today the data are there to really dig in deep. Companies don’t just want your credit history anymore; they want to get to know you personally. That’s why social software and so-called “Web 2.0” sites are such hot sellers right now. Even Rupert Murdoch wants to get to know you. Companies like The Acxiom Corporation specialize in collecting, aggregating, and selling “consumer” data from an ever-deepening reservoir of information. Your profile is their product.

Imagine a world where the details of your daily life could be easily and automatically reconstructed from the little bits of data swirling around you. Most of the data points are already floating around and stored in disparate databases. What remains to be done is to fill in the gaps and connect the dots. Unless our information loses its market value, the law of supply and demand will continue to drive companies to acquire our data and analyze it. It isn’t so far fetched to imagine a world where our personalities and behavior are modeled fairly accurately, and duplicated, with slight differences, in most of the places where we do business.

Is this really that big of a deal? These organizations’ aim is ultimately fairly benign: they want to get me to buy their stuff. It’s not like they are part of some big eugenic conspiracy to wipe out populations based on their cyber profile, right? They are just looking to boost the bottom line, not bring on the final solution. Besides, if giving a peek into my mind means less spam in my mailbox, better recommendations on Amazon, and personalized media, maybe the trade off is a fair one. Maybe these modeling techniques will get so sophisticated that companies will realize I don’t want any of their shit shoved in my face in the first place. I’m a proponent of technology getting smarter and more ubiquitous. I would even go so far as to suggest that technological evolution is more likely to be our savior than our downfall.

I readily endorse much of my data being used to bring me tailor-made services and recommendations. I use most of the “Web 2.0” applications I can find, even though I know the revenue model uses my information to make money. I look forward to having a GPS-equipped phone and even smarter technology. I’m even ready to pre-order my Nike+ sneakers and kit to track my workouts and eventually serve up appropriate music from my iPod based on my exertion level. I’m kind of like a tech whore. You give me my technology, and you take what you want, big daddy.

While I am generally inclined to be optimistic about the promises of technology, I also think there are real privacy implications of my information being so exposed, so accessible and so coveted by so many. To be honest, I’m more concerned about private companies having all of my data than I am about government agencies having it. When the government collects and uses information about us, there are laws in place to protect us. Very strict confidentiality guidelines govern large government data centers like the Census Bureau’s, and the fourth amendment, at least on paper, protects our personal data from peering government eyes. But when companies do the same, the confidentiality rules are different, outdated, and difficult to enforce, and there is no fourth amendment protection. The government can’t spy on you, but companies pretty much can. They can also do the job better. They have the resources, experience, and incentives to build out the infrastructure and develop the necessary models.

I’m less concerned about government surveillance because I feel protected by laws, but suppose we didn’t have the laws to protect us from government surveillance. Suppose, by some far-fetched, wacky turn of events, the government decided it could spy on you. Therein lies another real risk in having companies collect and store my information, as the recent AT&T/NSA litigation illustrates.

And even if we could guarantee that our data were safe from malicious identity thieves or shady non-warrant-having NSA types, what about all the stuff being done to our data legally? Where are the appropriate boundaries for the use of our information? If the ultimate goal of building models from our data is to create actionable maps of our psychological composition, how is that different from what a psychiatrist might endeavor to determine? I am assured of privacy and confidentiality when I entrust my doctor with this information, but not so when it is collected and mined by highly skilled, highly educated statistical modelers. And suppose organizations consult with psychiatrists as they develop their algorithms? What are my rights then? At the very least, it strikes me as creepy to imagine strangers trying to pry open my mind to predict or modify my behavior in the future.

So, is privacy dying a miserable death? It seems to me that if it is, privacy must be a perennial beast, dying and then being reborn on some long-range cycle. The scenario I describe above isn’t so different from living in a small town a hundred years ago, when everybody knew everybody and talked about you behind your back. Maybe technology isn’t so much eroding our rights to privacy as simply making the world much smaller, returning us from the anonymity that earlier technologies afforded us. I don’t really have any answers to the questions I’ve posed here, but I do think we need to increase the dialogue about what privacy means in the digital era, and what it means when there are armies of professionals building little soft copies of our behavior, for whatever reason they dream up. I’m quite grateful for all of the organizations that are studying this issue and trying to protect our interests and rights. But I also think we need to spend some time figuring out what our interests and rights are. Until then, keep in mind that you are being watched.

12 responses to “Is technology killing privacy?”

  1. Trixie says:

    Great post, Brooke.
    Do you think anyone is working on software that people could install on their computers that would scramble that date somehow so that it was unusable? A paper shredder for the virtual clickstream data?
    That nike setup is pretty sweet. You can get me that for my birthday.
    ps welcome to TGW! I like your photo on the about page.

  2. Trixie says:

    i meant data, not date. of course

  3. Trixie Honeycups says:

    and one more thing.
    dave, how come i can’t edit my own comments?
    i need that wiggle room, yo.

  4. farrell says:

    Is there anyway to mask or eliminate a “click stream” while surfing on the internet? besides, say, using someone elses computer when you’re visiting them (sucka!) i don’t like the idea of people being able to follow my websurfing trail. isn’t there some portal of anomymity you could enter before browsing?

  5. Dave says:

    Trixie — Get it right the first time, yo.

    Brooke — I used to not worry about this very much, but in light of the NSA shit that has come to light I’m a lot more leery. When private companies have data about me, they’re almost always going to try to use it to sell me more stuff. They’re already trying very hard, and our culture is already mostly a radioactively commercial wasteland, but that is not the fault of Web 2.0, etc. But we’ve seen that Verizon and other companies have been quite happy to fudge on their (admittedly very vague) contractual promises of privacy to their customers and give loads of data to the Feds when all Ashcroft had to say was “pretty please.” And we’ve seen that the Feds have then used that information to spy on journalists they didn’t like, if spying on all of us wasn’t enough. So my worry now is that when commercial entities collect these masses of data, it’s bad because it’s very easy for the government to get ahold of it and then use it for bad ends. Of course if everyone involved had pure motives there wouldn’t be a problem, but history has shown time and again that almost nobody has pure motives, and given a bit of power and a bit of secrecy people tend to do very bad things. The current, deplorable state of privacy protections makes me feel very vulnerable to bad things.

  6. brooke says:

    Trixie – Thanks for the welcome! There are ways to anonymize or at least obfuscate one’s online activity that makes it more difficult for a website or a service provider to tie that data directly to you. For example, tor is a free, open source application that can “anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol.” This isn’t exactly a paper shredder for the digital age, but it does make it difficult to track what you are up to online.

    As for eliminating click stream data, Farrell, it is possible using something like tor to make it difficult to know it was *you* performing some action on a website, but most e-commerce sites build in click stream capturing functionality, so once you hit a landing page, they can track where you went from there. If you are using some anonymous method of browsing, they might not know the actual IP address of the machine that originated the request, so you can frustrate the data collection techniques to some extent. But this anonymity is not available in certain contexts — like when you are paying bills online. The folks at the bank know who you are, since you logged into their site. And most businesses, banks included, like to flesh out their profiles of you buy buying overlay data from companies like Acxiom.

    There are other ways to make your data less exposed. For example, encrypt your emails, be careful about spyware and malware, contact the businesses you interact with and ‘opt-out’ of their data sharing and marketing campaigns, read the privacy policies of businesses and don’t work with them if their privacy policies suck.

    All of these things help when we are talking about entities that don’t have permission to work with your data, but many new applications do have permission, implicit or explicit, to make use of your data ‘to serve you better.’ But I’ve been around marketers long enough to know that pretty much anything they do with your data, within the law, is ‘serving you better’ by their definition. And the laws and regulations about what they are allowed to do are strikingly absent. These organizations more or less self-regulate.

    Dave — I agree that government intrusion into these rich datamarts is one of the more frightening and timely issues to consider. Identity theft from private and public data stewards is another glaring problem. Today I read a wonderful policy paper from the Center for Democracy and Technology called “Digital Search & Seizure: Updating Privacy Protections to Keep Pace with Technology” (PDF). This paper touched on some of your concerns, and also gives a great overview to the current state of the laws, precedents and proposed legislative solutions to the problem of government surveillance.

    And now that my comments are as long as my article, I’m going to shut up. Thanks!

  7. Trixie Honeycups says:

    shit yo,
    just asking a simple question.
    am i going to have to fuck your shit up?

  8. Lisa Parrish says:

    Trixie, the federal government knows when you’re using threatening language.

  9. Dave says:

    You want a piece of me?

  10. trixie says:

    i’ll take my chances, but yeah.
    i want a piece of that soft white ass, bitch

  11. Dave says:

    Oh yeah? Well, you’re, ah, gonna have to catch me first.

    Wait. I mean, bring it, chica.