Schneier on Security
A blog covering security and security technology.
« Defeating Caller ID Blocking |
| Friday Squid Blogging: Researching Squid Bacteria »
February 27, 2009
Privacy in the Age of Persistence
Note: This isn't the first time I have written about this topic, and it surely won't be the last. I think I did a particularly good job summarizing the issues this time, which is why I am reprinting it.
Welcome to the future, where everything about you is saved. A future where your actions are recorded, your movements are tracked, and your conversations are no longer ephemeral. A future brought to you not by some 1984-like dystopia, but by the natural tendencies of computers to produce data.
Data is the pollution of the information age. It's a natural byproduct of every computer-mediated interaction. It stays around forever, unless it's disposed of. It is valuable when reused, but it must be done carefully. Otherwise, its after effects are toxic.
And just as 100 years ago people ignored pollution in our rush to build the Industrial Age, today we're ignoring data in our rush to build the Information Age.
Increasingly, you leave a trail of digital footprints throughout your day. Once you walked into a bookstore and bought a book with cash. Now you visit Amazon, and all of your browsing and purchases are recorded. You used to buy a train ticket with coins; now your electronic fare card is tied to your bank account. Your store affinity cards give you discounts; merchants use the data on them to reveal detailed purchasing patterns.
Data about you is collected when you make a phone call, send an e-mail message, use a credit card, or visit a website. A national ID card will only exacerbate this.
More computerized systems are watching you. Cameras are ubiquitous in some cities, and eventually face recognition technology will be able to identify individuals. Automatic license plate scanners track vehicles in parking lots and cities. Color printers, digital cameras, and some photocopy machines have embedded identification codes. Aerial surveillance is used by cities to find building permit violators and by marketers to learn about home and garden size.
As RFID chips become more common, they'll be tracked, too. Already you can be followed by your cell phone, even if you never make a call. This is wholesale surveillance; not "follow that car," but "follow every car."
Computers are mediating conversation as well. Face-to-face conversations are ephemeral. Years ago, telephone companies might have known who you called and how long you talked, but not what you said. Today you chat in e-mail, by text message, and on social networking sites. You blog and you Twitter. These conversations – with family, friends, and colleagues – can be recorded and stored.
It used to be too expensive to save this data, but computer memory is now cheaper. Computer processing power is cheaper, too; more data is cross-indexed and correlated, and then used for secondary purposes. What was once ephemeral is now permanent.
Who collects and uses this data depends on local laws. In the US, corporations collect, then buy and sell, much of this information for marketing purposes. In Europe, governments collect more of it than corporations. On both continents, law enforcement wants access to as much of it as possible for both investigation and data mining.
Regardless of country, more organizations are collecting, storing, and sharing more of it.
More is coming. Keyboard logging programs and devices can already record everything you type; recording everything you say on your cell phone is only a few years away.
A "life recorder" you can clip to your lapel that'll record everything you see and hear isn't far behind. It'll be sold as a security device, so that no one can attack you without being recorded. When that happens, will not wearing a life recorder be used as evidence that someone is up to no good, just as prosecutors today use the fact that someone left his cell phone at home as evidence that he didn't want to be tracked?
You're living in a unique time in history: the technology is here, but it's not yet seamless. Identification checks are common, but you still have to show your ID. Soon it'll happen automatically, either by remotely querying a chip in your wallets or by recognizing your face on camera.
And all those cameras, now visible, will shrink to the point where you won't even see them. Ephemeral conversation will all but disappear, and you'll think it normal. Already your children live much more of their lives in public than you do. Your future has no privacy, not because of some police-state governmental tendencies or corporate malfeasance, but because computers naturally produce data.
Cardinal Richelieu famously said: "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." When all your words and actions can be saved for later examination, different rules have to apply.
Society works precisely because conversation is ephemeral; because people forget, and because people don't have to justify every word they utter.
Conversation is not the same thing as correspondence. Words uttered in haste over morning coffee, whether spoken in a coffee shop or thumbed on a BlackBerry, are not official correspondence. A data pattern indicating "terrorist tendencies" is no substitute for a real investigation. Being constantly scrutinized undermines our social norms; furthermore, it's creepy. Privacy isn't just about having something to hide; it's a basic right that has enormous value to democracy, liberty, and our humanity.
We're not going to stop the march of technology, just as we cannot un-invent the automobile or the coal furnace. We spent the industrial age relying on fossil fuels that polluted our air and transformed our climate. Now we are working to address the consequences. (While still using said fossil fuels, of course.) This time around, maybe we can be a little more proactive.
Just as we look back at the beginning of the previous century and shake our heads at how people could ignore the pollution they caused, future generations will look back at us – living in the early decades of the information age – and judge our solutions to the proliferation of data.
We must, all of us together, start discussing this major societal change and what it means. And we must work out a way to create a future that our grandchildren will be proud of.
This essay originally appeared on the BBC.com website.
Posted on February 27, 2009 at 6:13 AM
• 80 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Welcome to 1987.
This essay would have been useful then, before I and everyone I knew in college posted to Usenet with their real names, only to find it all archived, stored, recovered and indexed for all to see a decade later by DejaNews which is now part of the Google empire.
DejaNews changed my life, for the worse.
Followed, but less so, archive.org.
Great article Bruce. posted to reddit
I've always said that one should never put into electronic form anything that one does not want someone, somewhere, to eventually find. Because they will.
Excellent essay, but I would have liked to see two additional points made:
"Being constantly scrutinized undermines..."
It does more than that. It changes the way we behave =, and think. It generates self-censorship. It is anxiogenic. Monitoring of internet communications, especially surfing patterns, etc. very often are not linked to intend but used as if they were.
Furthermore, in an age of digital records, the evidence is easier to convincingly falsify, or often is considered reliable even when it is not (chip and pin and other digital signatures) very often reversing the burden of proof.
My biggest problem with all this, is how much of this data about us is all wrong.
It seems to me that the damage that can be done by others holding information on us is proportional to the power of that other.
A database of my spending habits is more dangerous in the hands of the government than it is in the hands of, say, my local corner shop.
"Once you walked into a bookstore and bought a book with cash. Now you visit Amazon, and all of your browsing and purchases are recorded." - actually I don't see much of a change there. Thirty years ago, long before they got computerized cash registers and barcode scanners, my bookstore clerk already greeted me "Hi Woo, I've just got some copies of $title in, I'm sure that fits your preferences.", and he did that for most of his customers.
Sure, today we have almost unlimited storage capacity, but data mining in the brains of a talented salesman is ages old.. and comparing the quality of the recommendations of Amazon to those of my bookstore, it actually declined.
"Being constantly scrutinized undermines our social norms; furthermore, it's creepy. Privacy isn't just about having something to hide; it's a basic right that has enormous value to democracy, liberty, and our humanity."
I also applaud the essay but would question the use of "creepy" in referring to this phenomenon; that word isn't as compelling as it needs to be. (But there is a link to Bruce's earlier essay on the value of privacy.)
And I think that Bruce does mean bbc.co.uk (and not BBC.com (that redirects to the former but isn't the normal BBC site)).
@Woo: Sure; I've had similar experiences with clerks at small bookstores. They knew my reading preferences. The information was normally kept inside one skull, not permanently recorded, and not matched with my other purchases or activities, or necessarily my address (although it was on my checks). There's a difference.
The other difference, of course, is that I can trust fellow people. I cannot trust a publicly held corporation in anywhere near the same way. If, say, science fiction readers were suddenly suspect, and somebody asked the clerk, the clerk might play dumb. On the other hand, Barnes & Noble has a long record of my purchases in computer-readable and (more importantly) subpoenable (sp?) format.
My only hope of obfuscation there is that I've bought a lot of books for Mom over time, and she's got considerably different tastes. (My wife's tastes are something of a subset of my own, and my son's can probably be picked out form mine.)
James Halperin's _The Truth Machine_ deals with the idea of a 'life recorder' somewhat (ancillary to the idea of an actually accurate 'lie detector'). Worth a read.
First let me say that I agree with your point, or at least I think I do. But I'm trying to think critically, and I have to say that this stuck out as a non-sequitur:
"Society works precisely because conversation is ephemeral; because people forget, and because people don't have to justify every word they utter."
Not only is this an overstatement (ephemeral communication is the singular thing that makes society work?), it's not supported by anything else in the text. Sure, the society we might have in 50 years if current trends go unchecked is very different from our own, or the past that you're idealizing, but there's no evidence in your essay that it wouldn't "work", that people couldn't live productive and fulfilling lives in it.
Also, did you read the entirety of the NYMag article that you linked to? It argues against a few of the points you're making here.
"My biggest problem with all this, is how much of this data about us is all wrong."
The more the better, I say. We can't turn pollution into harmlessness using anti-pollution, but we can use anti-data to turn databases into worthless piles of bits and bytes. It is in fact our only chance of defense when anything is recorded without the possibility of our intervention.
To quote Charlie Stross, "unwary speech may reap grim future rewards". I think that the Facebook generation don't believe it yet.
I agree that this could be a problem. Not everyone can guard everything they say and do. I at 50 am much different from who I was at 25. At 75 I will be different again.
Inaccuracies in the data make it worse. Various people want to "solve" the illegal immigration problem with a database of people who are allowed to work. With a 1% error rate in that's 100,000 people in Texas alone who have trouble getting or changing jobs. Imagine if somebody goes dataming and finds a rumor from 10 years ago.
The fellow at the bookstore cannot sell what he knows about you, either.
We cannot rely on the government to fix it. Look at the *stimulus* package. That package will only stimulate Congress. Any solution will have to work without government participation.
I wonder how many people who read this are on a watch list because their aggregated surfing/shopping/calling habits seem to fit the 'Terrorist Profile' I know I meet ThorpeGlen's suspicious profile (http://wikileaks.org/leak/thorpglen-spying-2008.pdf) because of my cellphone calling patterns. I wonder if I ever had my computer searched what they would have to say about Truecrypt being on my system along with source code implementations for every major cryptographic algorithm known to the general public. And I'm sure my search patterns are incredibly suspicious because I have a curious nature. That is easily misinterperted for being a terrorist nowadays. Anything outside of a very narrowly defined norm is 'terrorist' or 'suspicious'. Also, yes store clerks know what people buy and what they do but we are (usually) discreet about what we know. I know every alcholic is a 15-mile radius of where I work. I know everyone who is an idiotic racist in that same radius. I know everyone who is interested in firearms and knives and other weapons in that same radius and I know who is strongly antigovernment in that radius. I am not a queryable database that can make some idiotic profile fit. Most of them are either harmless or just really sad humans. If what I know was in a database forever people could be disqualified for jobs years from now because they used to drink everyday or because they said something really idiotic. They could endup on a watch list if the government saw all that. Some could even end up in prison for violating their parole by drinking while attending AA. I'm starting to ramble but to summarize what I am trying to say such databases are easily misinterperted, lend themselves to abuse, have no privacy controls to speak of in most cases and can be used to do anything a tyrrant could want without the need for an expensive and unpopular Big Brother. Little brothers are watching us, and they gossip alot.
> "Automatic license plate scanners track vehicles in parking lots and cities."
A week ago in Boston, I saw a police car with cameras mounted on either side of the trunk, just behind the rear window. The cameras were pointed about forty five degrees forward. It was driving slowly down the street, taking pictures of all the license plates of the parked cars.
A bit of google searching turns up:
I don't know whether I view this as good or bad.
The can of worms "Life Recorders" will open up is worthy of its own post.
One day it will be a felony to delete any part of your past.
@Fred X. Quimby
You're right about it will be a felony to delete any part of you past. And to me atleast that is more frightening than all the terrorists and criminals living today put together. But it will be for our safety of course.
"It stays around forever, unless it's disposed of."
I disagree with this premise. It takes action and intent to move data from volatile memory to storage. It takes action and intent to keep that storage accessible. The problem for privacy is that you don't control the entire chain.
Even if you *do* want to share data with Amazon with the intent of getting better recommendations, you have no real control over what their intent is with that data. If they share it with some "trusted business partner", you have no idea what *their* intent is. And if the *government* swarms Amazon's offices waving guns to get that data in the name of terrorism, your privacy is stuffed.
I wonder how close we are to feasibly reversing the identification process so that we *do* control our own information. Although the surveillance society would frown on it, I would very much like to see a lot of private data reduced to anonymized hashes. Not hashes *they* create, either, but ones *I* supply.
It's possible that in another 50 years this will lead to people learning to ignore "gotcha" quotes pulled out of context. But I wouldn't bet on it.
Ultimately, such a univerally accessible history os dangerous because even perfectly reasonable statements will find someone somewhere to disagree with them. Usually someone unstable. Only complete non-entities, or those who have managed to get their records scrubbed, will be safe in public life.
@Roboticus: Your post reminds me of an old AA saying. I shall adapt it:
"If you have to ask if you are on a terrorist watch list then you probably are."
First it will be for the protection of the children.
my colleagues and me call this professional honour.
"And all those cameras, now visible, will shrink to the point where you won't even see them..."
This is already happening. My late model mercedes has over a dozen cameras in it. Can you find them? I only know where some of them are because of knowledge from the engineering side. As a driver alone I would not have been able to count them all.
I see it as a couple issues, mixed together. One is persistence; the other audience. Anything I write is there forever (or at least till technological obsolescence renders it uneconomical to retrieve), and anything I write today tends to go to many different social groups at once. Either alone might be manageable, but the combination of the two will probably lead to high levels of self-censorship.
I want to preface this by saying that I'm 26 years old, a software developer (hobbyist since early teens, professionally since 18) mainly web-based, and in two punk/rock bands currently, although lived and breathed the subculture since I was in my pre-teens.
BTW: If you read the NYMag article Bruce linked to above (http://nymag.com/news/features/27341/), what I said is fairly relevant, otherwise it just sounds like glib nonsense.
Alright, so that said...
From the from the NYMag article:
"Kids today. They have no sense of shame. They have no sense of privacy. They are show-offs, fame whores, pornographic little loons who post their diaries, their phone numbers, their stupid poetry—for God’s sake, their dirty photos!—online. They have virtual friends instead of real ones. They talk in illiterate instant messages. They are interested only in attention—and yet they have zero attention span, flitting like hummingbirds from one virtual stage to another."
I am almost stunned at how amazingly insightful this statement was, albeit certainly a sweeping 'old-timey' generalization. I consider myself to be lumped in with the generation being marginalized here, but I agree to an incredible extent with what was said. Although I would've certainly added some kind of allusion to the insanely disproportionate and ill-deserved sense of entitlement I notice among people around my age. Of all the 'generation' labels out there (mtv, y, millennials, et al) for us (like '75-'86 or '82-'01 or whatever), my favorite is the 'ADD generation'. I'm no 'twixter', I was born right in the middle of that demographic, but they sure hit the nail on the head with this one. It's sad that I'll be lumped in there with it, but I agree whole heartedly, and frankly, am just as disgusted as the baby boomers about the whole 'digital revolution' in this sense.
The irony is that I've literally helped build these networking sites and their underlying idioms from the very beginning, the whole time harboring a mild feeling of guilt, possibly (although certainly nowhere near the magnitude) the kind of feeling Richard Feynman must have had while working on the atomic bomb. Yay for progress, nay for its ultimate use in a society ill-equipped to handle that progress with maturity and critical thought. Not only that, but it disgusts me on many levels that people of my generation have seemingly began trading meaningful life experiences and accomplishments for twitter numbers or myspace friend counts and the like.
The one, possibly most important thing I've learned in my years writing software for the web is that, while it is an extremely useful tool, unless you use it as such, say, to give yourself more time doing something meaningful, you're the one that ends up being the real tool.
Leary said "Turn on, tune in, drop out", I say he's an idiot. It should have been more like "Turn off, tone down, go outside".
todays biggest threats to your "lifelog" are buggy software and hackers - it could wipe out your whole existence, or turn you into a terrorist/wanted felon etc
i wonder how many datasets get corrupted when whole databases get sold and then merged with others
The flip side to this situation is information we want to stick around suddenly disappears because the entity that was collecting it is going out of business. Murphy's Law, what you need disappears, what you don't want recorded gets copied from database to database forever.
"A future brought to you not by some 1984-like dystopia, but by the natural tendencies of computers to produce data."
But that future, our future, and that dystopia is in fact brought about as a result of intent. Data in and of itself is simply data, much like electricity - it has no intent to power houses or fry criminals. It is the intent in the use of the data, by the data holders, that causes the problem and violation to privacy.
In the hands of companies, it allows them to target various demographics with sales; annoying to say the least, but not necessarily what I find dangerous. In the hands of a government already fighting the "war against terrorism", it does in fact bring about that evil future. The intent, by law-enforcement agencies, is to catch criminals/terrorists. Refering to the earlier quote from Cardinal Richelieu about hanging the most honest of men, you wind up with an intersection of access to vast amounts of dubiously-interpreted data, and the intent to catch criminals.
Not a good recipe.
> We must, all of us together, start discussing this major societal change and what it means.
Information accountability should be one aspect of this discussion.
Have people considered there are two extreams to this "data" issue and that it is only as you aproach the middle that life becomes difficult?
Think of it this way, if absolutly no data is held at all then your past can be as you would wish it to be, as there would be no evidence to the contry.
Likewise if every part of your life is recorded infalably and unaltarably then you will be entirely responsable for your future, and nothing you say or do could be taken out of context.
In either case no six lines could hang an inocent man.
However like the entropy curve as you aproach the mid point the possabilities of being harmed reach a maximum.
This is because there are no perfect records that act as witness to each other.
That is your "infalable record bears witness to others infalable records. All should mesh together, if they do not then somewhere there is one or more fake records that will be detectable.
Therfore what ever we as free people decide there can be no inbetweens it must for our own safety be all or nothing.
@ Teenage Lobotomy,
"Not only that, but it disgusts me on many levels that people of my generation have seemingly began trading meaningful life experiences and accomplishments for twitter numbers or myspace friend counts and the like."
Each and every generation has had it's own way of deciding "success" or "who is in and who is out" and it's own set of attendent metrics.
Think, are you more of a success because of the amount of money you have in the bank or the number of numbers in your little black book?
Then think why.
One way to measure your real worth is by how many lives you have touched for the better.
Another is to ask yourself this,
How many people do I know where if I said "I need help" would just assist me without reservation or judgment?
Each is a different measure each is more or less appropriate to individual personalities that is the nature of the world, life is at the end of the day as rewarding as the effort you put in.
I don't think people care much anymore. The company for which I work just hired four people fresh out of college. I took a look at their Facebook pages and ... well ... let's just say that they don't leave much to the imagination!
Perfectly good workers, by the way. I guess it will be normal in fifty years for kids to be saying, "So Grandma ... that was you going ... uh ... there ... with all of those friends and doing ... that? You were very flexible back then!"
Is there a reference to a case where "prosecutors use the fact that someone left his cell phone at home as evidence that he didn't want to be tracked?"
Quite simplistic, and coldly unimaginative (no offense). Life itself is an 'entropy curve'.
Infallibility in any sense regarding our humanity is a pipe dream that our evolution will almost certainly never live up to. Nearly everything but the order of nature itself (of which we are obviously a subset) on Earth is a creation, concept, interpretation or causal effect of human-kind, and until humans themselves ascend to some kind of infallible state of existence, everything we think, do, say, see, store, record, build and destroy will have some taint of our own imperfections (or 'humanity').
One might even say that the very nature of all existence, while possibly stemming from some incredibly larger order that we could never perceive, is purely trial-and-error. Certainly life on our planet has developed as such, and so must we. Being a fluke of consciousness in a sea of evolutionary mistakes, one might argue that our entire species is destined to repeat the same patterns of trial and error vis-a-vis our own survival, just as our planet has done, as well as our solar system, galaxy, and the universe itself, since the beginning of existence as we believe it to be.
Whether or not this is ideal is beside the point, it's almost certainly inescapable. We can't run from who we are, we can simply do our best to make it livable until we're gone, to use our gifts of thought and imagination to try to circumvent our inherent failings. But I wouldn't applaud deluding ourselves with striving for a perfection that the known universe itself appears to be incapable of achieving, as amazing as it is. There is nothing infallible about life, or anything concerning it, except for the prospect of death.
As an aside, I've long thought one of the largest failings of our kind is the arrogance in which we assume we even have the ability to answer unanswerable questions, the extreme variation on this being the claim of having the authoritative answer to any such question, which in turn has been the cause of more death and despair than probably any other single factor in our species' history. Case in point: religion. So in that sense, even the strive for infallibility, the ideal of perfection, has lead us down a path that looks a lot more like doomsday than perhaps simply accepting our own imperfect nature, and working with what we have to improve the lives we know in the lifetime we know ourselves to have.
@ Teenage Labotomy,
After reading your description of modern youth and their superficiality I found myself reminded of one of the late Douglas Adams throw away story lines in "The Restaurant at the end of the Galaxy".
It is worth repeating at this point the theories that Ford Prefect had come up with, on his first encounter with human beings, to account for their peculiar habit of continually stating and restating the very very obvious, as in 'It's a nice day," or "You're very tall," or "So this is it, we're going to die."
His first theory was that if human beings didn't keep exercising their lips, their mouths probably seized up.
After a few months of observation he had come up with a second theory, which was this — "If human beings don't keep exercising their lips, their brains start working."
In fact, this second theory is more literally true of the Belcebron people of Kakrafoon.
The Belcebron people used to cause great resentment and insecurity amongst neighboring races by being one of the most enlightened, accomplished, and above all quiet civilizations in the Galaxy.
As a punishment for this behaviour, which was held to be offensively self righteous and provocative, a Galactic Tribunal inflicted on them that most cruel of all social diseases, telepathy.
Consequently, in order to prevent themselves broadcasting every slightest thought that crossed their minds to anyone within a five mile radius, they now have to talk very loudly and continuously about the weather, their little aches and pains, the match this afternoon and what a noisy place Kakrafoon had suddenly become.
I don't know which would be worse socialy, telepathy or your entire past laid open to all like a cheap novel which the compleat storage of your life in the hands of others would be...
One of the most interesting aspects of all this that seem to get by everyone is "intellectual property". Your actions are yours in the same way that writing a book is yours. That others are capturing it and using it for monetary gain without compensation is a fundamental violation of the social contract. If I work at something and you make a profit from it, I have a right to a share in that profit.
In any sense, obviously any personal fulfillment or image of success is in the eye of the beholder, but I find it hard to swallow, with the enormity of existence, that popularity within one's fellowship-circle-jerk, or monetary 'success' by exploiting others (and let's be honest here, you can't obtain something without taking from somewhere/someone else, first law of thermodynamics) isn't somewhat meaningless beyond a boost in serotonin levels or the like.
Certainly, a philosophical discussion, but relevant nonetheless.
Personally, I believe our lives are a journey to find a true feeling of self-fulfillment, narcissistic as that may sound, the fact is that we were born alone and we will die alone, no matter how many hands we hold along the way. Since I don't believe anyone alive or dead has had the answer to what that fulfillment is or how to obtain it, what we're left with is a curious set of human behaviors used to fill the hole left behind, one way or another, adapting themselves to their surroundings. Of course I have my own opinion on what constitutes itself as a more or less meaningful approach to finding said fulfillment, the least of which is money, power, viral videos, friend counts, flame wars, or social elitism of any ilk. Not only that, but I tend to admire more the sincerity involved in human accomplishments beyond a certain level, and by my own generation's admissions "you tend to be more aware of what you say and do when you know that 3,000+ people are paying attention". You can call that a healthy check and balance all you want, but I call it amateur hour at the online theater. I definitely don't call it sincerity, unless you're describing it as sincere performance art. In the US at least, we worship the professional liars in Hollywood over the most sincere of well-meaning advocates of humanity, which I think sheds some light on this due to the fact that this environment was the foundation for my entire generation.
At any rate, I'm basically saying that I'm sad to see so many of my generation acting like a Paris Hilton Barbie Doll sans the bankroll.
And like what you seemed to be alluding to in your first response to me with "life is at the end of the day as rewarding as the effort you put in", I have grown to detest the idea that something you do is only meaningful if enough other people see it too, and 'add it to their favorites' or whatever metaphor you want to use.
Sadly, the lifeblood of the world is currently (seemingly) run with the underlying idiom that "it's all who you know", so in that sense online networking is basically going to be as ubiquitous as high fructose corn syrup, for better or worse. I just hope that we don't lose sight of other avenues of the human experience. Living a cerebral and electronic life is probably very satisfying, but so is a heroin addiction with a steady, cheap, reliable and clean supply chain.
It's too bad the stuff you put up on the internet can't be removed permanently. No social networking site has such a facility. In fact, 99.999% of the web is like that. It's a shame, really.
> Is there a reference to a case where "prosecutors use the fact that someone left his cell phone at home as evidence that he didn't want to be tracked?"
Don't know about "prosecutors" and "cell phones", but in the ol' world it has been considered, at least on two occasions, an element of guilt for someone not to carry his mobile phone.
In Germany, in 2007:
"The fact that he – allegedly intentionally -- did not take his mobile phone with him to a meeting is considered as “conspiratorial behavior”"
In France, in 2008:
The government said those arrested did not have mobile phones in order to avoid being detected. Their supporters said there was poor network coverage in the area and they shunned mobile phones as consumerist.
I'd also be interested to hear about cases in the US and other cases elsewhere.
Nice article. We can talk about privacy until the cows come home. Help me with this one though - when people say, "I've got nothing to hide so it doesn't matter" doesn't that just get under your skin?!
I think this article, (I am hoping) that they will realise privacy is more than just 'hiding.'
We need to better define the boundary between the real and the virtual. People should never be convicted or judged or discriminated against based on something that is virtual. It should require evidence from the realm of the real to do that.
I have finally stopped trying to get friends to regularly swap grocery store cards; that seemed the most effective way to reduce the data. Unfortunately, all I got was a reputation for paranoia.
If companies who collect data on individuals became legally liable for any misinformation contained therein, or at least communicated to another deliberately or inadvertently, there would be a financial incentive to properly protect the databases. Further, vetting the data would become the responsibility of the collector, not a suggestion that those of us who would prefer not to be in a database to regularly review their data to see if it is correct.
Great article, as many from Bruce. Thanks again.
IMHO, there are big differences between bookstore clerks who remember your favorite books, and electronic breadcrumbs of your life at e.g. Amazon. First, the clerk is likely to forget you if you move to another town (might take some years, but his memories will dissipate eventually). The latter is here to stay, and is of course easily processed by automation. And automated searches don't bet bored, are perfectly content with doing the same task over and over again, and ... the performance doesn't degrade; more likely it will improve over time with processing capabilities.
So with electronic breadcrumbs of our lives all over the place, there is a new dimension to the availability of data: a temporal aspect. Our data gets stored and may be used at a later time (Against us? In our favor? Who can say?) It's mainly this temporal aspect that scares me: In 2009, we may well "agree" to have our data stored by miscellaneous parties (because we think the parties can be trusted, because someone tells us it's the War on Terrorism and/or the War on Child Pornography, or maybe because we don't care yet). But implicitly we are stating that we will also trust these parties for the years to come - maybe 10 years, maybe longer. Should we place a future trust in commercial companies? Foreign governments? Our own governments? Who can honestly pledge to trust their own government in 10 or 20 years? To make this even more paranoid: If we think that *today* having source code to encryption algorithms on your hard drive might be questionable, who can say what officials will say in 10 years, that one had such code available back in 2009? Will that be more or less questionable?
Do we want to find out?
Having someone store a trail of of our electronic breadcrumbs - in any format, concerning any subject - without a good reason and without a warrant, is just wrong, and plain evil. We should confront the ones who store such data with the argument: "Why should we state today, that we will trust you in 10 or 20 years? What guarantees can you possibly give us not to misuse our data? What penalties are agreed upon against your misuse of our data in the next 20 years to come?" We should educate our children in the same manner: It's not just what you say that counts, but it's also how long it will be around and who will maybe have access to it.
As we embark on the era I describe as the End of Forgetting, I think that information /flux/ might be still be something we can proactively influence and control.
Here is an idea for how we might work to shape our future, by controlling our past:
Becoming Your Own Big Brother: A Paradoxical Approach for Retaining Control of Personal Freedom http://pocketknowledge.tc.columbia.edu/home.php/...
Unforgettable in Every Way: Personal and Social Implications of Pervasive Omniscient Surveillance
@ Teenage Lobotomy,
"Personally, I believe our lives are a journey to find a true feeling of self-fulfillment, narcissistic as that may sound, the fact is that we were born alone and we will die alone, no matter how many hands we hold along the way."
That is true for all of us in one way or another.
Without going into the ins and outs of human emotional development in any depth very broadly we reach a stage around 7years old where our awarness of others feelings start to have meaning.
Basicaly we start to learn why we need a private and public self, and also how to communicate emotions.
We also develop an awarness of "our place in the world" and more importantly "with respect to time". As we get older immortality starts to have significance.
For nearly all of us we only have two routes to immortality through our genetics and through the memory of our social circle.
For a very few our "deeds and actions" are such that thay become part of recorded history. But importantly not "us" as we see ourselves or as seen by our "loved ones".
For reasons that I suspect are to do with our "monkey brain" that makes us run up trees when danger presents we remember the bad more than the good. Which might account for why as far as newspapers etc where concerned "there is no news like bad news".
If you then bring in the sense of "ego" we are in our own heads the most important person in the universe. And most of us know "we are human" and have failings. Being aware of others failings make us feel superiour to others and justify our self importance to ourselves. It is why we gossip and what the majority of jokes are realy about (others pain and belittlement). And in turn this might account for our interest in Paris Hilton etc. We don't want to know about "them" we want to know about "their failings". Which probably accounts for "celeb gosip", "Z-list celebs" and "reality TV" amongst many others.
As I said earlier our "worth" or self importance has to be "measured" in some way otherwise how would we "know we are better".
The question is by what "scale"...
It appears that to be creative in the abstract or physical sense or to be a "genius" requires us to have "savant" abilities.
But to be suscessfull in the human sense requires very high degrees of social skills.
This gives rise indirectly to the concept of "where we live" be it "inside our heads" or "inside others heads".
Which brings up the subject of Broad Spectrum Autisum.
Those with autistic tendencies tend to "live in their heads" those with strong social skills "inside others heads".
Engineers, architects, scientists, artists and those we think of as being "creative" or "genius" nearly all have social skill issues and it has been sugested are to an extent autistic.
Then there is our level of intelect etc. The higher this is the less we live "in the body" the more we live "in the head". This level of intelect -v- sensation appear to be orthaganol to savant -v- social. This gives rise to the notion of a plane of human existance.
Therefore how you see yourself and others depends on where you are on that plane. And it is likly you are going to understand those closest to you on the plane and in your polar vector.
And yes it appears there is a degree of nature and nurture (genetic &&/|| learn) to both of those scales and therfore the plain. That is the tendency of left handedness in engineers, architects and other creative types. Which is a path psycologists fear to tread.
However it apears that the creative intelects and the accountants have won (for now), the engineers are by their very "deed" "inheriting the earth" not by aquisition but by moving it into "their world" and recording the "actuality" for the accountants.
That is "data" and the ability to process it is "in head" not "in body" and easily captures "creativity" and "actuality" not "social" and "ephemeral".
The fact that we will shortly have our lives recorded as data means that we will have immortality of "deed" and "actuality" for all of us but not immortality of the (forever?) "ephemeral" "soul"...
Dante was wrong in his "Divine Comedy" the ultimate hell is not his inferno...
It is to be condemed to the immortal world of the account your every deed weighed measured and recorded in your life's ledger. Your soul forever expunged.
The final grim joke we that value the freedom to think and let our thoughts take flight built the shackless by which we will be forever teathered in their hell.
Perhaps we could wrangle a "Disaster Area" concert out of the deal somehow...
Meanwhile, I'm off to deposit my penny in a savings account to pay for my dinner at Milliways. Care to join me?
PS: It's sad his light has gone out of our universe. Without him life has been considerably less weird.
@ Teenage Lobotomy,
A minor niggle,
"(and let's be honest here, you can't obtain something without taking from somewhere/someone else, first law of thermodynamics)"
Only in the sense of matter/energy and the forces they and time give rise to.
Choice or possability is the very essense of entropy.
My fav example (because my seven year old son "gets it") is,
When they are all stuck together you have a model (rocket/space shuttle/plane etc). All you can do with it is move it around it's center of gravity.
When they are appart they each have their own center of gravity and can freely move around each other. But there is no model it is disorganised cahotic. But importantly you have the freedom the possability to give meaning to it to make any model you want.
But by applying that order the possabilities decrease steadily.
"But I wouldn't applaud deluding ourselves with striving for a perfection that the known universe itself appears to be incapable of achieving, as amazing as it is."
Ahh this is the fun one.
The universe consists of energy/matter constrained by time to give us the forces of nature. And from these we get fields, for which every one should have a particle (or so the theory says) hence the LHC looking for the "God particle" Higgs boson.
But is there anything else?
Information or data is ultimatly about forces and matter/energy. And importantly it is recorded by the same forces and matter/energy we are ourselves constrained by (somebody at IBM once worked out the minimum energy of a "bit").
But what about the "permutations" or choices that the matter can be in which is what entropy is all about?
Entrapy is not a force it is not constrained by time, and it requires no matter/energy.
Is it bounded well both yes and no... Each choice is instansiated by the matter/energy in the entire universe for an infinimatesamle moment in time, therfore the can be only one at any one time, but the number of choices is infinate.
Thought can be seen as applying choice to achieve a desired outcome. That is a directed not probablistic selection from all the choices.
Importantly due to Gödel (second incompleteness theorem), Heisenberg (uncertainty principle) and Church - Turing (undecidabirity theorem) we are (reasonably) certain we cannot both be in and recognise the state of perfection...
But what is "reasonable" we don't know, and like the cat our curiosity is sure to get us into trouble 8)
"Meanwhile, I'm off to deposit my penny in a savings account to pay for my dinner at Milliways. Care to join me?"
Can we make it breakfast?
That way we have time to argue the Bistro bill and make it somebody elses problem before we join the monks for lunch, then we can pop back for the concert.
Oh and please leave Marvin downstairs he is even more depressing when legless, and it is just not what we English call cricket.
funes memorius.... it will die of consumptive congestion.
The following sums up a lot of the anxiety posted here:
"You're right about it will be a felony to delete any part of you past."
But this is only true if you let that happen. Most of the posters here live in democracies. Governments in democracies tend to do what their voters want. So if they start to harass innocent citizens, most of their voters should be be OK with that.
Bruce is right to point out the developments, but it is clearly completely wrong to just extrapolate current trends to their fatal end. EVERY trend ends in disaster if extrapolated far enough.
It is simply the "law of the false positives". Given the large number of innocent people, almost all evidence will point to innocent people, ie, it will be false positives. The courts will learn that very fast.
If everyone will say something "damning" sometimes, saying the wrong things will lose its power as evidence in court. If you can track down all 1000 people who were in the neighborhood of a crime, that will make their presence alone very weak evidence, indeed.
you may change your view on the virtues of wrong data once it made you spend a few weeks in Guantanamo or a similar place. I know people who were woken up and pinned to the wall by SWAT teams at 5 a.m., because police data about them fit some terrorist profiles. Of course it was all wrong. But police would not go around and explain that to your neighbors, employers ...
And where the accuracy of data has been checked, error rates have been shockingly high.
Thanks. I'd like to take this opportunity to have it stored on the internet forever that I hear God's Own Voice directly, and am compelled to obey ANY instructions He gives me. This has absolutely NOTHING to do with any future plans to fight redlight-camera tickets with an insanity plea.
521 Frederick Chilton Drive
The first word that comes to mind when I read this essay is "inevitable". As you say data is something that computers generate not incidentally, that is in fact their power. On example that you mentioned was "life recording", well I'm not sure what security type applications you refer to but there are already numerous efforts in the Mediated Reality research field (www.eyetap.org for example) to that end. In those applications that data is in fact the entire purpose.
Imagine for a moment the advantages of being able to replay every moment that you have lived of your life? Can you imagine the benefits of that? Two I would mention are infinite memory and greatly expanded individual knowledge (Knowledge as opposed to intelligence that is).
With computers being more and more ubiquitous in our lives it takes a lot less than advances as above to provide some of the same benefits. However all depend on one thing: data.
That comes back to my original though; that it's inevitable.
So how will society have to adapt to deal with this? Well I think we already are in fact, for example; how many times have you chosen not to send an email because after consideration you realised that what you wrote was not something you would like permanently filed away by someone? It's far more difficult in face to face communication however is that such a bad thing if we all have to learn to think a little more about what we say and do?
Interesting points, and a fascinating topic of discussion.
This essay was written in 1987; perhaps not by Bruce, but there were many other people saying the same things in 1987 and even earlier.
Don't blame them because you didn't get the message.
Bruce: "And we must work out a way to create a future that our grandchildren will be proud of."
If our grandchildren don't make a big fuss about everyone knowing everything, and simply take that for granted, it will make me proud of them.
The solution is not in some paranoid search for privacy, which in an era of sufficient technology cannot persist anyway. The solution is in relaxing our social norms to take it for granted that people will do stuff and say stuff that might as well be ignored.
As long as leaders have no privilege of privacy either, a society where everything is disclosed will be nicer to live in than one where it's not.
I also would appreciate a cite to cases in which US prosecutors used absence of a cell phone to imply guilt.
In the Guardian news source ( http://guardian.co.uk ) there is an article, "Bebo kids will value privacy when they see adults do too" (written by Cory Doctrow, dated October 31, 2008) that may be of interest. From what the article says, adults are concerned about kids who do not seem to value privacy. At the same time, however, adults condone things that may hurt the privacy of kids, such as merchants' CCTV cameras, among other things.
Arthur C. Clarke imagined a world with what you might call the ultimate life recorder: WormCams that could see anywhere at any time, in The Light of Other Days.
I see many of you claiming that computers "generate data" throughout the discussions. This is blatantly incorrect. Computers do not "generate" anything. They are rather simple tools that merely arrange and process input.
You have disconnected the source of the data (humans) from the tool that processes it (computers) and began a nascent form of machine worship. To imply that computers are the sole source of the "data" even to the point of "generating" it also serves to misdirect blame for "undesirable data" from the people whose actions created the data to the computers that merely store it.
Several good science fiction stories and what I like to think of as "science-future stories" are just waiting to be hammered together from what I have read here.
I truly believe that I am witnessing an incredibly rich signal to noise ratio of potential future situations and dramas being sketched out and postulated upon here, not only by the original author of the article but also by thoughtful people posting comments.
I would not be surprised if the next great dystopian story or three will be generated from the ideas and projections that are presented right in this blog and its associated comments.
@Geoffrey - Vernor Vinge has already written ubiquitous security devices into a novel. A Deepness In the Sky has "Larsen Localisers". They're basically a multi spectral networked sensor the size of a dust mote. They, or their equivalent, lead to the collapse of whatever civilisation implements them.
Check out the book, it's a fantastic read - as is the sequel, A Fire Upon the Deep, which came out first.
"And all those cameras, now visible, will shrink to the point where you won't even see them"
Probably not true:
- An effective audit function requires adequate resolution.
- Deterrent requires visibility.
The resolution of a Camera is a function of the size of the optics (aperture) and the wavelength of light it's sensitive to. Bigger is better.
It's physics, and applies irrespective of the number of pixels a CCD can support (what most people inaccurately consider as 'resolution' - Megapixels).
Future - There are passive techniques to create synthetic apertures by combining the light of several devices (c.f. Keck Telescope), or even active devices to create a 3D+time image - but the foot print of these are large, and the jury out on shrinkage.
Ok enough, nobody reads message number 60+. :(
Great article as always Bruce. Its amazing how much information people willingly give away, but also how much information company's want to take from you for even the simplest of transaction.
Your point around data being the new environmentalism issue is also referenced in this rather humorous article.
Seems as if more and more people are becoming aware of the real danger of too many company's / governments holding too much information.
"Society works precisely because conversation is ephemeral; because people forget, and because people don't have to justify every word they utter."
Back when most people were illiterate, I think they had much better memories for conversations. And no one living in a small community expects much privacy. I think privacy is a (temporary) urban phenomenon.
What about the flip side? Massive quantities of heat are being produce, literally and metaphorically, which erases all the information below a certain threshold.
Now in the future, NO information is being stored because the environmental kT is so high. What looks like information is just noise -- aliasing effects allow us to delude ourselves.
I know that I could find much more information on the net in '95 than today.
@ Mad Crazy
Change your name. Problem solved.
Makes me think of Philip K Dick's 'The Unreconstructed M'.
These are his notes:
If my main theme throughout my writing is, "Can we consider the universe real, and if so, in what way?" my secondary theme would be, "Are we all humans?" Here a machine does not imitate a human being, but instead fakes evidence of a human being, a given human being. Fakery is a topic which absolutely fascinates me; I am convinced that anything can be faked, or anyhow evidence pointing to any given thing. Spurious clues can lead us to believe anything they want us to believe. There is really no theoretical upper limit to this. Once you have mentally opened the door to reception of the notion of fake, you are ready to think yourself into another kind of reality entirely. It's a trip from which you never return. And, I think, a healthy trip... unless you take it too seriously.
Well despite the lowered costs of data storage I think a recession and lowered profit margins could help clear out some of that old data. I know some old webpages and social networking accounts I am just itching to see disappear.
Google will still be around though so I don't think my old posts on usenet are going anywhere though :(
We are providing location based services for travellers. I guess it would help at least if the little companies (not to mention the biggies like Google and Yahoo) would actively discard log and user info they don't need to perform their main task.
All to often logs and other information is stored without a second thought. We actively destroy information at the earliest moment possible - which helps in many situations - ranging from security breach to interested snoopers.
Robert J. Sawyer gives a fair shake to the implications of recording your entire existence in his trilogy, The Neanderthal Parallax. The premise is that a society develops the technology of an implanted computer "companion" that, in addition to being a wireless network device, records every aspect of a person's life. The records are kept remotely, in a central archive facility.
The existence of these recordings make for a peaceful society, since no crime goes un-solved. When someone is out of radio link, he becomes an object of suspicion.
Sawyer explores several angles of this idea, in pretty good detail. This isn't the only issue dealt with in the books, by any means. They even explore some other intriguing security questions. They are well written and a good read. I recommend them!
"My biggest problem with all this, is how much of this data about us is all wrong.
Posted by: greg at February 27, 2009 7:54 AM"
Or worse: conclusions based on data. (Partly) false data, or not. On which conclusions are made. Which are used in statistics.
I think someone else has already mentioned it, but "The light of other days" is an excellent book that explores a vision of a society where total lack of privacy becomes the norm.
Well worth reading.
There are two inter-related problems as well: The "latency of punishments," and the difficulty of including government employees of various stripes in the surveillance society.
By "latency of punishments," I mean that when there is a 1:10,000 chance of catching someone, say, going through a red light, then there is some logic to the idea that in order to be an effective deterrent that the fine for being caught doing so has to be very high. However, if you reduce the chance of catching someone running a red light to 1:2 because you place automatic cameras at half the intersections in a city, then leaving the fine at $400 becomes grossly disproportionate to the crime.
If one starts with the assumption that the purpose of the existence of government is to insure the smooth running of society, then the most minimal intrusions by the government necessary to curb anti-social behavior are certainly acceptable. But when the government discovers that it can use Panopticon-like surveillance technology to "pump up its profits" by maintaining fines and penalties at rates predicated on uncertain abilities of detecting such behavior, while increasing its efficiency at detection by orders of magnitude, then the amount of power being shifted from the people to the government is extremely large.
Which leads to the second problem – the attitude by those in government and public service that the public's every movement should be recorded and monitored – but that their own actions should not be. In the blog, "Photography is Not a Crime", http://carlosmiller.com Miller keeps track of incidents where people are arrested for the interesting crime of merely photographing public servants in public places. Obviously some videos do make it to the internet – often after having been obtained by defense attorneys under court orders – but society would be vastly different (and government a lot more efficient, less abusive, and less intrusive) if the public could log into real-time video surveillance of government workers organizing their desks for hours, or inside police stations and scrutinize their actions as closely as they wish to scrutinize the public's in public spaces.
One of the interesting ramifications of a ubiquitous “life recorder” society is, of course, that when someone is beat up by or shot by police, ALL the actions get recorded by someone – much as in the recent BART train shooting where 30-40 videos of the incident were recorded and surfaced on the internet.
It always beats me how journos and politicos manage to keep a straight face whenever they do actually make a pretense of warning us of "another step towards a 1984 like scenario" - as if it hadn't happened ages ago already.
Nor is this about potentially "avoidable" technology that could yet be nixed by being prudent and privacy conscious enough. How to avoid your car plates being electronically scanned and that data being stored away? (Or, what's worse, being synched with tons of other stuff the powers that be - whoever they are, currently or at some other point in time - have collected about you and other?)
I've recently posted an article on "The Data Kraken - Google’s Deadly Sins - and What They Mean to You" and on how ubiquitous and all-pervasive their operation has become:
The point being that their salami tactics of "little steps", one useful app, another free service there, yet another killer script as a followup etc. has successfully managed to cloak the fact that in aggregate they constitute something far bigger (and way more threatening and malevolent) than the mere sum of its parts.
This is someting people notoriously fail to understand let alone buy into. Obviously it's a lot easier to roll out the time worn "tin foil hat" and "conspiracy theory" invectives rather than adopt a sober, technical and objective (as in "verifiable") view of matters.
As a consequence, more than ever before, we need to establish strict controls over the use/abuse of our legal system.
Sad fact is anyone today can craft a legal attack on anyone else using such available "data", effectively spending nickels to create tens of thousands of dollars of anti-competitive "weaponry". Merely defending against such a claim is hugely expensive (no matter how erroneous it might be).
We need a new definition of "frivolous" to manage the system's inability to keep pace with the reality of today's Internet-enabled world.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.