The Privacy Paradox: Is the End of Privacy Inevitable?

The Price of Convenience

Imagine you’re commuting to work on the subway and you notice someone taking a photo of you. Kind of odd, but seems harmless, so you keep reading the news on your smartphone and don’t give it much thought.

But what if that photo is enough to identify you? 21-year-old Russian photographer Egor Tsvetkov took photos of 100 strangers on the Saint Petersburg subway, in a social experiment he dubbed Your Face is Big Data. He uploaded the photos into the FindFace facial-recognition app, which works by allowing anyone to search for anyone else using a photo, rather than a name. The results were startling:

Using open source software, Tsvetkov was able to identify about 70% of the people in his photos on social media.

found you!

“This experiment highlights the disconnect between individuals believing they are sharing personal information and pictures only with friends, family, and colleagues, when in reality such information is virtually public. It is critical that we should retain control of the information we put online.”

— Christopher Weatherhead, technologist for Privacy International

We give up anonymity online to stay relevant, keep in touch, and promote our personal brands. We opt for the convenience of a platform where our friends already are, like Instagram or Facebook. When we impulsively post a photo on social media, the immediate gratification received in the form of likes and comments disguises the potential risk of your personal privacy in the future. As privacy economist Alessandro Acquisti puts it, “We tend to gratify our current self, and we push cost on our future self.”

Privacy Paradox

In the midst of fears about Big Brother watching or hacks that leak sensitive information, researchers have noticed a privacy paradox — we say care about privacy, but we don’t do anything about it. Our actions rarely echo our words.

In addition to the personal information that we share online willingly, there is a vast amount of data that’s collected passively — known as Big Data. When we shop, search, socialize, and work online, we leave behind a trail of digital breadcrumbs that reveal our personal preferences and behaviors — what websites we’ve been to, what we search for, which products we add to cart and forget about, even what we type and delete.

The benefits of Big Data for businesses are numerous, with the most compelling opportunities focused on the ability to offer personalized content and better targeting:

• Customized ad targeting: companies can target potential users of their product or service with greater accuracy, and track the ROI of specific campaigns
• Personalization: with personalized digital profiles, you’ll be more likely to see content that you’re interested in, and you can save time specifying your preferences
• Better products: insights from analytics data can help inform companies how people use their product or content, and identify areas of opportunity to improve

However, most people are not aware of the extent that they’re being tracked, and a lack of transparency can damage trust with a brand. There’s an undeniably creepy factor of ads that follow you around the web after you look at a product on Amazon. When you read an article on Huffington Post, you likely don’t realize that there are 28 different trackers trying to grab bits of info about you, or that HuffPo is collecting your data to sell to third-parties.

While some people may prefer the benefits of personalized ads or content that this data sharing allows, more explicit opt-ins and easily digestible privacy policies can help alleviate the sense of unwanted spying.

“Arguing that you don’t care about the right to privacy because you have nothing to hide, is no different than saying you don’t care about free speech because you have nothing to say.” — Edward Snowden

Home Invasion

Jumping from the online world into the physical, the explosion of cognified objects introduces a new dimension to the debate over personal privacy.

In the Internet of Things, smart devices that can connect to the internet and embed AI introduce an infinite amount of new data to track. Personal activity trackers like Fitbit, connected toothbrushes that teach healthy habits, and self-learning thermostats like Nest are just the beginning.

Gartner estimates that 4 billion connected things were used by consumers in 2016, and expects the number will reach 13.5 billion in 2020. Other analysts predict there will be as many as 22.5 billion IoT devices in 2021, or have even greater impact.

Smart home devices lead to fears of Big Brother snooping on you; the thought police in this case being the AI that learns from your usage of it.

Virtual home assistants that chime in and remind you that they’re always listening have recently re-ignited privacy concerns. Lauded for the convenience of a voice interface with no screens or buttons, smart speakers like Amazon’s Echo and Google Home constantly listen for their cue, a wake word such as “Alexa” or “OK Google,” then jump in and help answer a question or perform a simple task. Skeptics are concerned that these devices are spying on all of their conversations, though the companies insist that the devices are not constantly recording, only passively listening for their trigger.

Are you recording this?

There is a potential risk in transmitting your voice commands to the cloud to process (until AI can handle it locally). In effect, though, the data collected from voice assistants is not different then any other data that your smartphone already tracks, and faces the same security concerns as anything stored in the cloud.

What’s different is the level of comfort with a device that’s ‘always listening’ in your home. Voice UI is a very different mental model then we’re used to with computers or smartphones, and there are some legitimate questions about privacy.

Forrester tech analyst James McQuiver reminds us in an interview with Wired magazine that the concern about spying voice assistants may only be short-term: “I bet every single one of those people, when they first heard about online shopping, wouldn’t have done that either.”

How can we embrace the benefits of new technology, while maintaining our sense of privacy and security?

Opting Out

At this rate, privacy as it’s currently defined will end: there will be fewer places online we can go without being observed by trackers or disturbed by ads, and the more we share online the more we expose ourselves to public attention. Big data collection is ubiquitous, and continued growth is inevitable. Holding companies and organizations accountable for data security is crucial.

The tech podcast Note to Self challenged its listeners to a series of challenges to learn more about where their data goes. They found that after 5 days, almost 90% of participants had learned about privacy invasions they didn’t know existed, and over 70% were subsequently evangelized to push for protection of digital rights.

• Take Note to Self’s 5-day digital privacy challenge, or check out their Tip Sheet for some great resources on how to protect your personal info.
• See what Google is tracking on you, and update what they can collect, at: https://myactivity.google.com/myactivity
• Browser extensions, such as those offered by Ghostery, Disconnect, or Privacy Badger show when websites are collecting your data, and block hidden trackers.
• A website called Internet Noise aims to obscure your real browsing data among the noise of fake search history (created in response to the law passed by congress on March 28th, 2017, which makes it legal for your Internet Service Providers (ISP) to track and sell your personal activity online).

Appendix: All Things Tracking

To get an idea of the type of data currently being tracked, here’s a great rundown from Kevin Kelly’s 2016 book The Inevitable:

• Car movements — Every car since 2006 contains a chip that records your speed, braking, turns, mileage, accidents whenever you start your car.
• Highway traffic — Cameras on poles and sensors buried in highways record the location of cars by license plates and fast-track badges. Seventy million plates are recorded each month.
• Ride-share taxis — Uber, Lyft, and other decentralized rides record your trips.
• Long-distance travel — Your travel itinerary for air flights and trains is recorded.
• Drone surveillance — Along U.S. borders, Predator drones monitor and record outdoor activities.
• Postal mail — The exterior of every piece of paper mail you send or receive is scanned and digitized.
• Utilities — Your power and water usage patterns are kept by utilities. (Garbage is not cataloged, yet.)
• Cell phone location and call logs — Where, when, and who you call (metadata) is stored for months. Some phone carriers routinely store the contents of calls and messages for days to years.
• Civic cameras — Cameras record your activities 24/ 7 in most city downtowns in the U.S. Commercial and private spaces — Today 68 percent of public employers, 59 percent of private employers, 98 percent of banks, 64 percent of public schools, and 16 percent of homeowners live or work under cameras.
• Smart home — Smart thermostats (like Nest) detect your presence and behavior patterns and transmit these to the cloud. Smart electrical outlets (like Belkin) monitor power consumption and usage times shared to the cloud.
• Home surveillance — Installed video cameras document your activity inside
• Interactive devices — Your voice commands and messages from phones (Siri, Now, Cortana), consoles (Kinect), smart TVs, and ambient microphones (Amazon Echo) are recorded and processed on the cloud.
• Grocery loyalty cards — Supermarkets track which items you purchase and when.
• E-retailers — Retailers like Amazon track not only what you purchase, but what you look at and even think about buying.
• IRS — Tracks your financial situation all your life. Credit cards — Of course, every purchase is tracked. Also mined deeply with sophisticated AI for patterns that reveal your personality, ethnicity, idiosyncrasies, politics, and preferences.
• E-wallets and e-banks — Aggregators like Mint track your entire financial situation from loans, mortgages, and investments. Wallets like Square and PayPal track all purchases.
• Photo face recognition — Facebook and Google can identify (tag) you in pictures taken by others posted on the web. The location of pictures can identify your location history.
• Web activities — Web advertising cookies track your movements across the web. More than 80 percent of the top thousand sites employ web cookies that follow you wherever you go on the web. Through agreements with ad networks, even sites you did not visit can get information about your viewing history.
• Social media — Can identify family members, friends, and friends of friends. Can identify and track your former employers and your current work mates. And how you spend your free time.
• Search browsers — By default Google saves every question you’ve ever asked forever.
• Streaming services — What movies (Netflix), music (Spotify), video (YouTube) you consume and when, and what you rate them. This includes cable companies; your watching history is recorded.
• Book reading — Public libraries record your borrowings for about a month. Amazon records book purchases forever. Kindle monitors your reading patterns on ebooks — where you are in the book, how long you take to read each page, where you stop.
• Fitness trackers — Your physical activity, time of day, sometimes location, often tracked all 24 hours, including when you sleep and when you are awake each day.

Whew! (If you want more of that kind of thing, I’d highly recommend checking out The Inevitable for some great insights. And give me some claps!)