In privacy and security circles, we typically think about threats and trends in the order of months or even years. We tend to forget that we are still very much in the nascent stages of the use of information technology, and that the decisions we make today – or fail to make today – can set up expectations of privacy in the decades to come.
If we take the path that the collection, storage, use and security of information should be determined solely by market forces, and that information “belongs” to those who collect or create it, then we will end up with a very different world than if we take the position that personal information “belongs” to the data subject, and that entities that collect, store and use it do so as a steward for the data subject. I am not opining on which way we will, or even should go – just that these are decisions that need to be made.
I was watching all the excitement about the new Microsoft Augmented Reality device, the HoloLens, and the fact that Google was redesigning its foray into a similar field through Google Glass.
While these are fundamentally different platforms for fundamentally different purposes, they each present the opportunity for developers to use them in ways that can impact not only privacy, but also the sense of what it means to be a person in the 21st Century and beyond.
Take Google Glass first. At its core the device has a camera, a computer (or a link to a computer) an input mechanism (“hey Google”) and an always on or always accessible display. It’s just hardware.
But this presents opportunities for continuous surveillance. Imagine if a sizeable percentage of the population wore the devices, and captured everything they (and everyone they could see) were doing. Instead of having your movements captured by cameras at the bank and the 7-11, you could be tracked everywhere you go – or more likely, you are tracking yourself.
Marketers, retailers, insurers, employers, parents, guardians, family members, and psychotic exes could then access this personal data stream. Stalkers would have a field day. So the technology is neutral. The data is neutral. But we have to make a decision as a society about the USE and accessibility of that data.
Is what goes on in “public” truly “public?” Or is the fact that we can collect, store, aggregate, analyze, cross-reference and otherwise share this information enough to change the character of that information?
Technology changes societal norms. If you live in a small town in the nineteenth century, everyone in the town knows your business. The grocer knows what foods you buy and when. When you walk down the street, people wave (or not.) And they talk behind your back.
All of this helps set up a norm for an expectation of privacy which considers the circumstances, norms, values and technology. Technology determines what can be collected, norms dictate what will be.
These technologies like Google Glass and HoloLens, especially when connected to other databases, dramatically alter this balance. An experiment in augmented reality almost a decade ago by Carnegie Mellon researchers captured images of people walking across campus.
Using facial recognition and links to both public and private databases, an augmented reality bubble would appear as someone crossed the quad. The bubble contained that person’s name, address, telephone number, social security number, credit card number, and a bunch of other personal information.
Even without resort to other databases, we can imagine a HoloLens user in public (yeah, I know, it’s not meant for use in public, but that will change) immediately having access to “public” data about someone – like when you met before, what you talked about, etc., as well as any time that person appeared (even in the background) when you were just walking around. “Hey, didn’t I see you walking into the grocery store three years ago?”
At least creepy to us early twenty-first century mortals. Who knows if that will be considered “quaint” by mid-twenty first century people? Just as we think it quaint to remember the days when you went to a library or called people on a payphone.
But privacy is different. Once surrendered, it is, for the most part surrendered for good. So at the end of the day, we have to ask what KIND of information age we want to live in.
And what kind of information age we want our kids to live in. Already posts, tweets and comments made by elementary and middle schoolers are reviewed by Colleges and Universities and potential employers. Data remains persistent and ubiquitous. And it’s just the beginning. Data should serve a purpose, and when that purpose is served the data should disappear. But again, that’s my mid-twentieth century perspective.
So when you slap on those augmented reality glasses, you have to wonder what was so bad about reality in the first place that it had to be “augmented?”