OSNews

Personally, though I'm a staunch privacy advocate, I would seriously consider spying on my sons when they're sixteen year-old drivers. I remember how I drove at that age. Personally, I don't believe that childeren have a right to privacy from their parents, past a certain point. And I would even consider letting my insurance company spy on me, particularly on my old pickup truck that I rarely drive, and slowly at that. How many others would sell their privacy to a private company to save some money? Or compromise their child's privacy to keep them safe. A majority, I'd suspect.

The car/GPS scenario is only one example of where it might be advantageous for an individual to allow a private company to violate their privacy to save money, achieve some convenience, or get some other benefit. Imagine if you could put your finger on a device that would monitor your body daily for substances or markers that would indicate health risks. Such a technology isn't too far off. Now imagine if your health or life insurance rate were tied to your commitment to allow your insurance company to monitor those results? What if your employer were to make submitting those results to them a precondition of employment (perhaps for an airline to monitor the health and sobriety of its pilots, for example).

One of the best things ever invented was EZ-Pass. If you're not familiar with it, it's an RFID-based toll road pass. Instead of stopping to fumble for change to cross a toll brigde or enter a toll highway, these kinds of passes let a driver go right through, sometimes at full speed, and the toll is debited from their account. It's incredibly convenient and most EZ-Pass users would never go back. But guess what? EZ-pass now has a record of where you've gone, and when, up to a point.

Taking the EZ-pass method to its logical extreme, the technology currently exists to use an RFID chip on a device you carry (or even embedded in your body), or use your phone's Bluetooth ID as a unique identifier as you go walking around on a typical day. A network could easily be built, using existing technology, that would identify you as you walk by various shops and service providers. Some of the benefits of this system would be quite useful and convenient: you could pay for transactions without opening your wallet, you could be admitted to private clubs or events without having to show ID, you could be text messaged with a special offer at the restaurant that you're just walking by.

Tivo and Netflix know which shows and movies I like to watch, and even how much I like them. Amazon knows what kinds of products I'm interested in buying. Doubleclick knows what web sites I read. My pharmacy, insurance company, and doctors all know various things about my health and medical treatment. The grocery store knows what I eat. My various financial and credit card companies all know a hell of a lot about what I do and where I do it.

Dozens of private companies already have massive amounts of data about various aspects of my life. For many of these, I have not entered into any meaningful, legally-binding contract, nor have I made any agreement with them about whether they can gather this information or what they can do about it.

Even if you leave surreptitiously-installed spyware and monitoring of office networks for another conversation, the average person's daily computer usage leaves them open to massive amounts of routine surveillance by private companies. Certainly, a savvy computer user can all but eliminate much of this surveillance, but at some cost of extra work and reduced convenience. Most people just don't bother, or don't know any better.

So what's the downside to all this commercial spying? I mean, if it saves you money on your insurance, keeps your dumb kid from killing himself, helps recommend great movies, lets your friends know what kinds of gifts you'd like, and helps the medical system prevent bad drug interactions, then what's the problem?

The most obvious problem is the opportunity for abuse. The news is full of stories of massive breaches of security by both public and private organizations. Databases containing sensitive personal data are routinely lost or stolen, and when this data makes it into the hands of scammers and criminals, the resulting identity thefts can cause huge problems for victims, including lost money, wasted time, and damage to credit ratings. In other cases, the possessors of this data abuse it on purpose. Employees of these firms have been known to root though personal data for curiosity or to sell to identity thieves.

RFID systems like the ones discussed above pose some interesting problems: because they can be read from a distance, you don't have any control over who's reading it. If the RFID only transmits a unique ID tag, then only subscribers to a service that identifies you could abuse that information (which could still be very annoying, if you have ever seen "Minority Report" and seen when they walk through the mall and all the stores are calling his name), but it's much more serious when you consider schemes like the US passport, which contains information about you that you might want to be able to be read from a distance, like, for example, "I'M A US CITIZEN, AND I HAVE A US PASSPORT IN MY POCKET, THAT IF YOU WERE TO STEAL FROM ME COULD BE SOLD EASILY FOR $100. AND BY THE WAY, GO AHEAD AND KILL ME WHEN YOU MUG ME SINCE YOU HATE AMERICANS!"

Another reason why we might not want to live in a high tech privatized surveillance society is that you never know when the data that's out there could be used to paint an inaccurate (but convincing) picture of you, or perhaps worse, an accurate one. There's the possibly-apocryphal story of the man who slipped and fell at a grocery store, and when he tried to sue the store, they brought out his club card readout showing the vast amounts of alcohol he bought at the store. Countless straying spouses have been busted by their cell phone bill. A GPS or other electronic monitor in your car could be used to establish fault in an automobile accident - which you might not want, if it was your fault. That same GPS or other monitor in your car (EZ-Pass) might prove very inconvenient during your divorce trial.

Perhaps the most mundane - and realistic - objection to companies stockpiling and reselling our ever-more-personal personal data is that the most likely outcome is that we will be inconvenienced and annoyed by additional "targeted" marketing as a result. All those trees cut down to make catalogs we don't want to choke our mailboxes. All those unwanted telemarketing calls. All those pre-approved credit offers that open us up to identity theft. So the deal works like this: companies sell the data, resulting in our inconvenience and annoyance, but they make the money. How unfair is that?

In an "innocent until proven guilty" legal system, often one of the main allies the accused has is a dearth of information on the part of prosecutors. The more mundane data presented in court (and data held by private companies could be demanded by subpoena for criminal and some civil cases). An innocent person could be convicted under a mountain of circumstantial evidence. With enough surveillance, and masterful editing, anyone could be made to look guilty of any crime.

The paranoid could say that all of this data out there in private hands could be manipulated to frame you. I'd say they've probably seen the movies "The Net" and "Enemy of the State" too many times, but it's certainly possible.

Privacy rights are a political issue, and have ping-ponged from the center to the fringes of the political world for decades. It's a debate that hasn't traditionally fallen along party lines. The liberal case for privacy from government snooping is straightforward: that the government exists to serve the people, not to subject and dominate the people. Similarly, corporations' impulses to own and exploit everything, including our personal data must be measured against the public interest.

For some reason, in the current political landscape, conservative lawmakers in many countries have been the ones who have supported the erosion of our rights to privacy, as far as giving government agencies a free reign to spy on citizens. I suppose it's because "national security" and being "tough on crime" has been interpreted as giving the intelligence community and law enforcement all of the tools they could ever ask for. Likewise, conservatives have generally been reluctant to burden businesses with regulations, so the kinds of corporation-on-consumer spying we've examined in this area has faced little opposition from conservatives. For me, this is a little puzzling, because I understand that limiting government's power over the individual is a pillar of conservatism. Likewise, private companies using your personal information in ways you don't approve of is actually a case of someone profiting from something that belongs to you, and there's a way of looking at personal information as a sort of property right that can be useful as a framework for examining this issue. (see this 1993 Cato Institute paper) Conservatives love property rights!

In conclusion, many of the assaults on our privacy made by private companies and the government, individually, look rather piddling and inconsequential. Only when viewed in the aggregate can the amount of our personal information floating out of our control look alarming. Even so, the most dire predictions of the 1984-ish surveillance society have not yet come to pass.

Some privacy advocates' first reaction to these scenarios may be to invoke the slippery slope theory. Generally, I'm skeptical of these reactions, because it seems like you can take anything to its most extreme conclusion and make it sound bad. Just because some outrageous abuse is theoretically possible, doesn't mean we should forego the benefits of a new technology to avoid it. It is valuable, however, to consider the possible negatives thouroughly.

Personally, I'm quite excited about some of the technologies that will require me selectively giving up tidbits of my personal data. When I walk by a new restaurant, I'd like it to recognize me as a cheapskate by my Bluetooth ID and TXT me a coupon for use immediately. I'd sign up for that service. I already said I intend to watch my teenage sons' driving via GPS. But I hate magazines that sell my address to catalogs, and want to keep a careful eye on the government's ability to maintain a Stasi-like dossier on all "potential terrorists," i.e. everybody.

If we want to turn back the tide of other people having more and more sensitive information about it in their databases, several things will have to happen: first, the average person will have to make the decision to sacrifice some measure of convenience for the sake of reduced exposure. Second, laws protecting citizens from routine electronic surveillance by their governments will need to be meticulously safeguarded, because law enforcement and intelligence services will always be pushing for greater surveillance powers to make their jobs easier. Third, ordinary people will have to retain some measure of authority, by law, over their own personal information, requiring that private firms that collect, store, sell, or otherwise use that information, be somehow accountable to the individual for their actions. As a people, we'll just have to decide how important privacy is.

1. 'The Spyware World, Page 1'
2. 'The Spyware World, Page 2'