Over on Radar O’Reilly there is this entry about Schneier’s wholesale surveillance concept, with some excerpts focusing on the privacy issues/concerns of this increasingly common practice. I wrote some comments on the site, which I’ve reproduced here:
“Isn’t this more about anonymity than privacy?
Anonymity is the ability to interact with society without being recognized or having your actions be attributed to you. In contrast, privacy is the expectation that your activities outside of society are unobserved and uncatalogued. Since the Internet and the Web are abstract environments frequently instantiated in solitude and under a pseudonym, there is a perception that they are private places and a blanket of anonymity covers what one does there and what is stored there.
It seems that Schneier’s point is to ask whether we should be focused on protecting the observability of our actions outside of society or should we be working to assure the accuracy of the attributions of our interactions with society. It also seems that the accuracy of any given catalog of attributions is currently uncertain and has relatively few reasons to be opened up for validation by the collectors and controllers of the data.
There isn’t much of a market force (yet) to cause a business to vouch for the accuracy of any information shared with another. The Market would, I expect, want this to be decided by the Market, whereas there are some who would think that this is squarely in the domain of the State. I think that if there continues to be negligent releases of consumer information at frequent and regular intervals the patience of citizens and customers will wane and some sort of forced reaction.“
As I think about this a little more, some other things come to mind:
- the cataloging of movements and activities an individual does while submerged in the ocean of humanity used to be hard, which made it easy to protect anonymity, but now it is easier. It shouldn’t be too easy. The crux of the issue is that most of this information isn’t being collected by government, it is being collected by businesses, and if pro-regulation folks wanted to do something useful, they would be banning the commerce of consumer information – take away the ability to profit from sharing databases of consumer activities and identities. Yes, there would still be value to be had by keeping databases of CRM info, but it would have to be collected by every business that wanted it, not collected once then sold or shared. Yes that makes the vulnerability of a given information bit higher because it is being collected and stored more often, but maybe not any more than it already is being distributed.
- another regulatory stance could be that any query by the government of an aggregate data set constitutes a search that requires probable cause and the full force of the Fourth Amendment applies. I personally don’t see that surviving judicial review, but we don’t know until we try.
- a market stance could be for the individual to license the data being collected to the collector. This then makes the collector the licensee and therefore accountable to the terms of the license.