Privacy Commissioners Discuss Ubiquitous Tracking

by Larry Magid

PUNTA DEL ESTE, Uruguay — I’m writing today’s column from the International Conference of Data Protection and Privacy Commissioners, where privacy regulators from around the world are meeting with representatives from companies like Google , Microsoft and Facebook as well as nonprofit organizations such as the Electronic Privacy Information Center (EPIC) and the Center for Democracy and Technology.

As a speaker at the event, my travel expenses were paid by the conference organizers.

My workshop explored the implications of ubiquitous tracking on the Web, via our mobile phones and even while driving or shopping in stores, which can be used to generate an enormous database that can be used to not just track us, but predict and potentially influence our behavior.

My fellow panelist Clara Guerra, Portugal’s national data protection commissioner, questioned whether tracking and profiling along with biometrics (technology that automatically recognizes who you are) might someday lead to your being approached by salespeople in stores who are ready to sell you products based on prior knowledge of your likes and what you might be looking for.

Other panelists worried that the sheer amount of data about us — when correlatedfrom a variety of sources — could lead to an incredibly precise profile of who we are and how we’re likely to act.

Wonderful New World

I laid out what I imagine to be the successor to the World Wide Web that I call WNW — “Wonderful New World.” In this world all of your needs are met automatically. You don’t have to search because the Web will already know what you’re looking for. You don’t have to go out of your way to make new friends because your mobile phone will link you up with like-minded strangers and arrange places for you to eat or watch movies together based on your common tastes. The moment you get into your driverless car, it will take you where it already knows you want to go. And when it’s time to catch up on the news, you’ll be presented only with the topics that your smart agent knows you’re interested in.

Two big brothers

Of course that Wonderful New World has its downsides. We expose ourselves to surveillance by two big brothers: government and corporations. And even if we trust our current government and the corporations we deal with, we can’ know for sure who will run them in the future and what they will do with all that information. I only have to think back to J. Edgar Hoover, who ran the FBI from 1935 till his death in 1972. Even without modern computers, he maintained files on countless Americans, including thousands of antiwar and civil rights activists who broke no laws other than perhaps engaging in sit-ins and other nonviolent protests. Can you imagine what Hoover could do with today’s technology?

Today’s corporations, including major Web and tech companies, are amassing massive amounts of information about us and even if we assume (as I do in most cases) that their intentions are honorable, I worry about who might be running these companies in the future or whether their data could someday get into the hands of criminals or a malevolent government.

Biometric data

One workshop I found to be particular interesting focused on the privacy implications of biometric data, including fingerprinting, finger vein scanning, retina scanning and facial recognition.

Panelist Lillie Coney, associate director of EPIC, pointed out that while this technology was crude and ineffective just a few years ago, it has gotten much more accurate because of enormous research and development efforts funded by the private sector and by the U.S. and other governments. “For facial recognition to work,” she said, “you need a database of photos to compare it to.”

And, thanks to social networks, we now have those databases. Facebook alone has billions of photos that are tagged so that the faces and names can be matched.

In its early stages, facial recognition required that the pictures be taken from similar angles but that’s no longer necessary. In fairness, Facebook says that it only uses facial recognition to help users tag their friends by suggesting a name and not to identify random people. Other companies, including Google, Yahoo and Apple have similar systems for their own photo services.

Panelist Gus Hosein, executive director of Privacy International, said that biometric technology is being used extensively in the developing world by governments and relief agencies, including in refugee camps and for voter registration purposes. Aid organizations funded by the United Nations, the World Bank and various Western governments, he said, are investing hundreds of millions of dollars to bring this technology to the developing world.

The big question for those gathered here is finding the right mix between government regulations, industry’s best practices and consumer education. In a speech at the conference, Microsoft general counsel and executive vice president Brad Smith agreed that some regulations are necessary to create a level playing field and a clear set of rules for big and small companies to follow while regulators like Portugal’s Clara Guerra acknowledged that big government can’t solve all the risks associated with big data. It’s a shared responsibility and it requires consumer awareness starting with privacy education programs aimed at children as well as adults.

This post first appeared in the San Jose Mercury News