James O'Neill's blog

Windows Platform, Virtualization and PowerShell with a little Photography for good measure.

Privacy again

Privacy again

  • Comments 17
  • Likes

I've managed to get a lot of my concerns about privacy down to a simple statement. "Databases of everything" worry me. Where we've been, what we've bought, who we've associated with. I alluded to a conversation I was in last week where we talked about the information that could be gathered by Live ID -  during that conversation someone made the observation that people stop worrying about privacy when they see utility.  Even with my paranoia I'm fairly happy for Amazon to tell me things I might like, because the know what I've bought in the past. I haven't bought many things - and some gifts I've bought lead to odd recommendations. But I don't use a supermarket loyalty card because (or even use the same credit/debit card each time I shop) because that's somehow the wrong side of the line.

I thought there might a place where everyone would draw the line... ?  For example implanting RFID into people is pure sci-fi, right ? Wrong: I thought when I read that doctors were talking doing just that to track patients with Alzheimer's - the technology comes from Verichip makers of "VeriGuard™ "the first radio frequency identification (RFID) security solution to combine access control [with] VeriChip's patented, human-implantable RFID microchip. "  

The BBC has previously reported on surveillance uses of RFID tags and last Friday they reported how RFID can be used in combination with Wifi : 
'Angelo Lamme, from Motorola, said tracking students on a campus could help during a fire or an emergency. "You would know where your people are at any given moment," he said. ' 
Yes. You'd know where they are every moment of every day - a classic "database of everything".  1.8 Million people signed the Downing Street Petition against tracking every vehicle movement for road-pricing - clearly this didn't offer enough utility to offset the loss of privacy. But the Motorola representative thinks Emergency protection does.

As I said, we were chatting informally about the Utility/Privacy trade-off and was it acceptable for Windows Live to be a database of everything ? Around the same time, Google's CEO, Eric Schmidt was telling to the press he has grander ambitions in that direction.. To quote the FT he said

Gathering more personal data was a key way for Google to expand and the company believes that is the logical extension of its stated mission to organize the world’s information. Asked how Google might look in five years’ time, Mr Schmidt said: “We are very early in the total information we have within Google. The algorithms will get better and we will get better at personalization. “The goal is to enable Google users to be able to ask the question such as ‘What shall I do tomorrow?’ and ‘What job shall I take?’ " 

Worrying for privacy or great utility ? The next day a piece by Mark Lawson in the Guardian was introduced with the words "Anyone stupid enough to do a computer's bidding is not losing civil liberties so much as their marbles" Over at ZDnet Andrew Keen really had a swing at Eric. He calls him "the Chauncey Gardiner of Silicon Valley" (twice) and "Google’s Chief Eccentric Officer" (also twice) ouch. "Eric" he says "I thought you were a businessman rather than a looney". I remember Eric's time in charge of Novell, so I've got a view on which he is. Andrew's colleague on ZDNet, Donna Bogatin - who posted a summary of my post on Google's stance on T-shirts - calls him "Harmless" with links to explanatory posts.

Plainly I'm not the only one worrying about databases of everything. It doesn't matter who it is. What I wonder, and would love your comments on, is just what privacy will people give up for utility ?

Technorati tags: , , ,
Comments
  • "databases of everything" scare me witless. Almost, but not quite, as much as the general acceptance of this - even the promotion of it by the general rabble.

    I keep hoping that the general populace (rather than the paranoid few) will finally get the fact that large collections of trivial data is actually a very very significant loss privacy, and in many ways a loss of freedom. But I fear that it will take very many decades before this sinks in

  • Although there's been a lot of press here in the UK at least about the CCTV culture and our rights to privacy, there's no where near enough pressure on the powers that be to drop future plans to use our data in more invasive ways. 1.8 million signatures (minus the bandwagon sheep) on a petition says it all to me - that's still quite a small percentage of the (internet using) UK population. Do the rest feel strongly enough about it? Probably not. At least not yet. Because I think the reality is that so many people are unaware of the dangers and disadvantages of privacy infringement. It took events of huge impact for people to realise the threats of terrorism, so it's going to take a heck of a lot more than an increase in spam and phishing emails for people to realise the pitfalls of frittering away our privacy. Maybe when Google start to send emails to customers recommending that next time they visit a public convenience they should take a different route and use the other cubicle, people will realise that it's going too far.

    And that's before we bring home security and finance into it! Keep up the fight, James!

  • This issue of trading your privacy for 'something' is fascinating.  I personally have a supermarket loyalty card that I use each time I visit this chain of supermarket or their petrol stations. I know that by my using this card, I'm handing over some really personal and valuable data.  For example, the supermarket has a good idea what I had for breakfast this morning, how much petrol is in my car right now, how likely I am to be persuaded by an 'organic' promotion, they could probably have a fair guess at my wage, they know my age, how far I commute, my general health etc.  In addition, I have a credit card from this supermarket that I use for a lot of my other spend outside of their stores, so they'll also know how often I eat out, what I do with my free time etc.  You can see that with a bit of clever analysis, this information builds up into a really personal picture of me as an individual.  So, the supermarket gets all this information and loyalty but what do I get in return from this deal?  Pretty simple: I've earned enough 'points' in a year to allow me take a holiday somewhere pretty spectacular - haven't decided yet but current options maybe Cuba or Japan; that's what this exchange of 'privacy' is worth to me.

    At least the concept of the loyalty card is pretty open; I give them info on my spending and they give me a reward.  It's pretty simple; if I wasn't happy with the reward for this 'data' exchange, I wouldn't have a loyalty card.

    On the other hand, lots of other organisations use your 'data' without your choice and with far less clear benefits to you as an individual.  For example, you say you use your credit/debit card: your bank, if they are smart, will have probably already drawn up a profile as you as a customer.  Unlike the loyalty card, they won't know whether you prefer orange juice with or without 'bits' but they know what you earn, where you live, what your house is worth, what you spend, what you do in your spare time.  They will probably have compared your profile to their database of other customers profiles so they know the likelihood of your wanting to take out a loan this year, when you are likely to move house, when you will retire and the rest just so that can pop a mailshot to you at a well guessed 'appropriate' time.  Petrol forecourts now routinely capture car registration numbers, CCTV is just about everywhere and this unavoidable volume of data that is being captured regarding you as an individual must be vast.  As far as the loyalty card data goes, its a question of choice - I'm personally happy with the supermarket knowing what breakfast cereal I buy. But, we don't really have any choice in providing the rest of this other data to all the other organisations.

  • Indeed. I have multiple credit cards (I'm a rate tart) so it's a lot harder for one organization to profile me. And my current account and Mortgage are with the same bank so they know the house information, but you can find it out in a few minutes at the land registry if you want to know.

    My car is registered in the name of a leasing company so there is a degree of seperation there. My mobile is registered to Microsoft seperation again.

    I've put the question to a couple of people, if you buy condoms in the supermarket, are you happy with how often you have sex being part of the profile they have on you. How confident are you that they don't share that information ?

  • Your car maybe registered to a leasing company but you know that if you commit a motoring offence, it's going to come back to you and your license.  The car is a good example... looks like we're probably set for this ANPR system here in the UK, we already have average speed traffic cameras (which capture number plate info), as I said, forecourts routinely capture this data and we already have cameras that check your number plate against the car tax database.  Plus the garage that services your car will have all it's details as will the company who puts tyres on it.  So, pretty much all that's being captured without our choice, whether we like it or not.  Aside from cars, I read an article a while ago about the systems in the new Bullring shopper centre in Birmingham which uniquely track visitors giving information on the number of visitors, how long individuals spend shopping, how long they look at the window displays etc.  With RFID and I guess one day face recognition, you can see how the 'Gap' advert in the film 'Minority Report' is coming.  Strikes me that unless you can ditch the car, internet, banks and live self sufficiently on a croft somewhere far far from CCTV then you don't have much choice about having your data 'out there'.

    So, since most of it's already out there, I don't think I am as concerned as you about keeping my life a secret.   I'm not sure we're heading for this Orwellian society just yet, although I have to say that the new 'Ministry of Justice' does sound slightly suspicious!

    I use a loyalty card so, like I said, I'm happy to hand over the detail of my spending choices to the supermarket on a plate.  Including condoms.  As a matter of fact, I buy dozens of packs with every shop just to brag to the 'dark forces' that are looking into my data!

  • I've written about APNR before. In the headless rider item.
    The intensification of surveillance of the motorist is set to expand rapidly. In March 2005, the Association of Chief Police Officers demanded a national network of Automatic Number Plate Recognition (ANPR) 'utilising police, local authority, Highways Agency, other partner and commercial sector cameras including the integration of the existing town centres and high street cameras, with a National ANPR Data Centre, with an operational capacity to process 35 million ANPR reads every day increasing to 50 million by 2008
    Here's the source. http://news.bbc.co.uk/1/shared/bsp/hi/pdfs/02_11_06_surveillance.pdf  (paragraph 9.5.5)

    Having a fuel card with the lease car my number is recorded hen I buy petrol.
    Forecourt cameras aren't yet linked into the database, but the car tax ones are. When you go through motorway speed checks enforced by SPECS that information goes in the database too.
    But with the lease company owning the car my indentity is held in Escrow - people can find the driver of the car, but they can't casually look up a car belonging to me and see where it has been. Ironically although there are checks to see if cars are taxed there is no database to say if they are insured.

    As for facial recognition, why do you think the governement wants to capture that data as part of the ID cards scheme if not to link it to CCTV ?

    Don't stop buying the condoms, because they will notice. If there is a sex attack near your home you might get a visit because the patterns of your sex life have changed.

    There's clearly a spectrum with people who would sleepwalk into the Orwellian society at one end and those who are just plain paranoid at the other. (I'm fond of saying "The thing with Paranoid people is they survive".).

    What's interesting to me is whether there is much agreement on "Never", "Only if I get something out of it" and "Why worry" groups of data.

  • I'll be pleased if the Police investigate a sex attack with whatever data they can get their hands on: I'm fairly confident on the whole with the UK justice system.  I wonder if it's only people with things to hide that are so worried about this loss of privacy?

  • I'm happy for the Police to pickup on suspicious changes in shopping habit.  I understand that some standard household chemicals are commonly used by terrorists in bomb making; if I had a legitimate reason to go purchasing a suspicious amount of these chemicals, I'd be happy for the Police to question my purchase .  I'd be even more happy to the Police to question folks who don't have a legitimate reason: perhaps tracking this kind of suspicious activity might help reduce the number of future events like the 7th of July bombings?

    The Director of CEOP was on the BBC news this morning saying that the flow of information regarding online paedophilia was up 1000%.  Whilst this is a shocking statistic, I am delighted that this information is being gathered.  I think that any successful prosecutions brought as a result of this information will be a triumph for 'big databases'.

    I'm not sure where your quote "The thing with Paranoid people is they survive" come from, but it sounds like one of Fox Mulder's closing lines on the 'x-files'!  It's worth noting that paranoia is a disorder, and I think the definition on answers.com pretty much sums it up...

    1: A psychotic disorder characterized by delusions of persecution with or without grandeur, often strenuously defended with apparent logic and reason.

    2: Extreme, irrational distrust of others.

    So, the paranoid might 'survive' but their living in 'paranoia' with fears of alien abduction, secret agencies, black helicopters and the like hardly sounds like 'living' to me.  Perhaps you will allow me to give my take on the quote... "the paranoid survive, the normal thrive".

  • Ben, you've gone from possible Troll not many days ago to sounding like a Daily Mail reader :-).

    Confidence in the Justice system - hmmm. Stephen Downing, Sally Clark, the Birmingham 6 and Guildford 4; all convicted of crimes their didn't commit. Then go read Inspector Gadget on the guilty people who don't even reach the courts.

    The paranoid surviving bit comes from Andy Grove of Intel. His famous quote was "Only the paranoid survive" - he used it as the title of his book. Of course he's at odds with Keynes' "in the long run, we are all dead".

    You're basically arguing FOR a police state,  the former East Germany, Iraq under Saddam, China, and North Korea didn't / don't have much of a problem with Terrorism.

    And there's the rub. One job of the state is to defend the way of life of its people. If you live in a liberal democracy, becoming a police state is a suitable defence is it.

    As Benjamin Franklyn said "He who trades liberty for security desrves neither and will lose both".

  • Nice quote, but I think you're confused; trading privacy on my shopping habits isn't the same as trading liberty!  You've jumped to a whole load of other extremes either.  I've no idea what the daily mail dig is about, I never read it.  I'm not arguing for a Police or terrorist run state either!  I'm saying that if you lived next door to a sex attacker, you'd probably like the police to catch them?

  • Of course I'd like the police to catch a sex attacker. But would I want them to read my post, or monitor my internet use, or my shopping habbits, or where I drive or who I phone to decide if *I* was a sex attacker ? No.

    You see, if all you want is to catch every Sex attacker (etc) that's one thing. And you accept that a certain number of innocent people go to jail too. (If the innocent never go jail then some of the guilty go free too).  

    But I want the state to keep within acceptable limits when it does things in the name of keeping me and my family acceptably safe (and we are far more at risk from speeding motorists than Sex attackers). Are we acceptably safe already ? Very possibly. In which case does the state need to encroach any further ?

    The Daily Mail "dig" is simply a reference to the "all Aliens, perverts and subversives must be shot" school of editorial writing. You know, the kind that thinks it would be a good idea if asylum seekers had to wear an easy to spot insignia, if only the idea hadn't got such a bad press in 1930's Germany.

  • I'm not believing my eyes! Innocent people going to jail as a result *them* monitoring loyalty card usage?!  Come off it!

    In a UK court, guilt of an offence must be proved beyond 'reasonable doubt'.  Currently, not even phone tap evidence is acceptable in UK courts.  I can't see the logic behind this great metal leap of yours that will allow ANY loyalty card purchase history to convict someone of a crime.  If your neighbour was to go and buy a knife, parcel tape and gallons of a known bomb making household chemical, the Police would have to provide evidence firstly that they purchased the goods , AND that they intended to use these for malicious purposes before it reaches a court.  Then the court have to assess this evidence to determine whether it proves beyond 'reasonable doubt' that a crime was committed.  A loyalty card history couldn't alone be used to prove who purchased the goods; my 'number' is shared with the family and anyone could 'forge' a card using a photocopier and the self-serve tills.  Any evidence is more likely to come from CCTV, the payment record and any store witnesses. Same goes for the 'vehicle tracking'; lets say your car is fitted with GPS tracking equipment.  Last week you could have taken the dog for a walk in the woods.  That wood might have been the location for some heinous crime at a similar time to your visit.  So the GPS records could prove that your car was at a location at a certain time but that's not enough to convict and jail you for the crime!

    Anyway, I can't be bothered to go on any more because I'll probably only be accused of being a trogg or a Daily Mail reader or something.

    We've strayed into some wacky territory like Saddam ruling the country and the potential of my being a sex attacker because I did/didn't buy condoms but my original point is this:

    I have a loyalty card and I'm happy to use it.  I'm aware that this gives insight into my shopping habits.  If anyone isn't happy with that 'trade of privacy' my advice was/is that they don't use a loyalty card.

    So, I have a loyalty card, am worry-free about using it and have a 'free' holiday.  You don't have the loyalty card and have the 'worry'.  Perhaps 'only the paranoid survive' but where's the fun in a lifetime of worry?!

  • Ben, that isn't what I said.

    1. The Justice system is imperfect Witness various people jailed for IRA crimes with no more evidence than possesion of an Irish accent. And when you think it couldn't happen again, Sally Clark comes along to show that juries can be convinced by an "expert" who doesn't accept that having one person in a family die of something makes it more likely someone else in the family will.

    2. If you want to change the number of people locked up you move the equilibrium point. A justice system which convicted the people  (for example) beleived to have killed Stephen Lawrance, would have put a greater number of innocent people away.

    3. I beleive I should have the right not to be spied on. Whether that's by supermarkets or the state or anyone else. You can opt in or opt out of the Supermarket scheme at will - you're trading a little privacy for a free holiday and that's a pretty good return. And it's under your control. If you're going to bury a body pay cash when you buy the spade !

    (By the way I've got a free holiday on my British Airways loyalty card. Since the Home office know where I've used my passport I don't see any harm in BA being able to tell me from other J O'Neills who might fly with them).

    But you won't be able to opt out of the database state. If you don't go to a home office facility and give your fingerprints, DNA, Iris scan and Facial recognition data you won't be able to leave the country, drive a car, use the health service, put your children through school.

    My question is not "Aren't you afraid that if you stop buying condoms you'll be picked up as a rapist". That's plainly absurd. Rather I'm asking is there any point where you say "that monitoring is too intrusive ?" Is everyone as happy as you to live in a police state ?

  • I'm glad to hear you have traded some privacy for a 'free' holiday but I can see why you'd be reluctant to actually take it.  I can't think of many other places where your personal, newly established human right; the 'right not to be spied on' (goodbye MI5, GCHQ and the rest) would be more infringed upon than at the airport.  Imagine, this is a place where you'll be subject to CCTV monitoring constantly starting the minute you approach the boundary.  This is a place where you'll have to produce personal documents containing photographic ID and even, if you have a recent passport, biometric information.  Your bags will be x-rayed and can be subject to searching.  There is a fair chance you will be asked to remove your shoes and you may be frisked.  The airport will have armed Police walking around and they will be employing staff to monitor the CCTV for suspicious behaviour.  I know of someone who is employed to lipread the passengers in the CCTV footage to establish whether their conversations with other passengers or on mobiles is a threat.  You can be held at the airport and your mental and physical state will be taken into account before you are allowed to board.  Then you'll have to think about your destination; Greece is a popular destination but then again, remember the British 'plane spotters' that were held accused of spying.  Perhaps the US?  Surely they wouldn't keep people in detention without trial?!  Regarding the handful of examples you have brought up about failures in the UK justice system (incidentally, none of them related to big databases), I could go on for pages quoting successful cases like Craig Harman, the killer of the lorry driver Michael Little who was identified by the national DNA database and admitted his guilt of the crime of manslaughter.  Yes, you can quote exceptions but I'm my opinion, the UK Justice system works and is still pretty much the envy of the rest of the world.

    So, if a loyalty card is 'too intrusive', goodness knows what the security at the airport is!  Sorry O'Neill family, it looks like the caravan again!

  • And Ben, everywhere will be like that soon.

    Whether a loyalty card is too intrusive or not depends not just on what's gathered but who has access to it.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment