Social Media & IoT - Turning People Into "Green" - What is our privacy worth?
Note: This is an update to a number of articles I have written over the past few years. - THIS IS CURRENTLY BEING UPDATED FOR THE 'POST' COVID 19 WORLD.
Look at this set of articles from the point of view of widespread tracking, DNA testing, digital passports and more. Now you might understand the impact to Privacy from the reaction to COVID19. And what can they do with even more data. If you think they controlled the Vertical and the Horizontal before...welcome to the Twilight Zone of COVID 19.
This article and all connected research on Research Gate
https://www.researchgate.net/publication/341694309_Are_we_the_new_Digital_Soylent_Green
Remember to eat your greens. Privacy and our Digital World.
Now back to your regularly scheduled 'programming' update. Get your daily 'bug' 'fix' and back to sleep. Welcome to Stepford, 1984 style. How a to program a population to accept the 'new normal'. Remember to eat your Soylent Greens.
We all worry about protecting our privacy but surprisingly we give it up daily without a second thought. We are providing access to every aspect of our personal and business lives to private companies at a level of intrusion that the Security Services would be hard pressed to achieve. We allow this data collection from smart speakers, smart thermostats, door bells, cameras, our phones and so much more. You don't even have to sign up or directly interact anymore. Just being in the vicinity or having your image or voice uploaded can contribute to your digital presence forming in the 'cloud'.
Now with the age of COVID 19, in less than three weeks, we went from Privacy champions with The GDPR, DPA 2018, ePR, PIPEDA, PIPA, FOIP and more, to handing over our digital souls without a squeak. Why would that be? FEAR... the greatest motivator ever imagined.
Were does it start?
Surfing the web, shopping online or even opening an email? Marketing tools that track just by looking at a website from Google Analytics to Google Fonts. Facebook Pixels to Transparent Gif's in your email. Even that innocuous branded SAFE and secure company logo at the at the bottom of an email could be tracking you without your knowledge. Imagine Fed Ex breaking into your house to leave a letter instead of asking for a signature!
So, what if these simple tasks felt more like having your house broken into?
Digital Burglary?
Enters any building (device) or part of a building (browser/email/app) as a trespasser (non consensual tracker) and with intent to commit (to track) any such offence (against Privacy Directive etc.)… You wouldn't accept 'Legitimate Interest' for Burglary? So, why accept it in stealth tracking email, websites or apps?
We have all heard of Cookies. They might taste nice but they shouldn't be hiding on your computer or mobile device without your permission. And yet, these stealth tracking mechanisms are everywhere, even in the very systems that claim to protect your privacy or hail to be 'GDPR Compliant'.
These hidden tracking devices are just the start of your digital profile. From here we enter the consensual process of giving away our very digital souls.
Why do we do this?
You stand at the checkout wondering if anyone can see that 4-digit PIN you tap in, protecting it like it is your first born. Yet, we discuss our most private details within earshot of our phones and smart speakers and post so much online without a second thought. If the checkout clerk 'liked' your PIN number, would you let that clerk or anyone else see it? Ironically, that PIN number has very little risk associated with it in comparison with Tap to Pay, the 'new normal' for the cashless society.
Add to this the dependency on social media for our minute by minute dopamine hit, the internet is grabbing and analyzing data about us on a scale that could not have been imagined even a few years ago. And now it has teamed up with governments world wide in the largest personal data grab the world is ever likely to see. All our movements, interactions and health information collected to 'save lives' under the fear induced government sanctioned mandates.
You sit down to watch the latest series on Netflix. You open your browser. You log onto Facebook. You check your email. You spit into that 23 & Me or Ancestry DNA test tube. Have you noticed how all of these companies know what you like, what you have been looking for and how targeted emails, suggestions and advertisements keep popping up? This isn't magic or coincidence. It is big data analytics, Machine Learning and AI all building a profile of your every digital breath, literally.
In the age of COVID 19, no longer are these practices to obtain DNA and the expanding digital footprint consentual, they are demanded and enacted by laws driven by fear. That fear allows the laws to be used with the appearance of consent.
But is consent obtained through fear, really consent?
23 & Me has become a COVID 19 test to qualify you for a COVID 19 passport, all to 'allow' you to go outside. Tracking cookies and pixels have become tracking/tracing apps with proximity alerts. We want these things so we can go outside, but what if you refused... would you be allowed? And who is helping to collect and analyze this information? Why the GAFA is of course (Google, Apple, Facebook, Amazon...etc.)
Tap and pay will soon become cryptocurrency so we can remove the untraceable 'dirty infected' money. Our every move, our every COVID 19 infected breath, tracked, quantified and fed into the ever growing digital footprint. Feeding the beast that is AI with the ever growing digital gluttony inducing big data.
We all have a digital footprint that is shared online. This can be used to cross reference all the information available to build bigger and better profiles. All in the name of marketing, 'saving lives' (and more). In some cases, it is even the absence of information that can help build a better profile. In my years analyzing redaction (the art of removing identifying information from documents etc.) or 'black lining' as it is sometimes called, I have seen how missing information is easily extrapolated. Remember a Dave sized hole, might a well have a "Dave was here" sign on it.
Without data, AI and Machine Learning would starve. So, they need more data to feed the beast. Luckily for them, we are happy to oblige and provide a veritable feast of personal information with abandon. In most cases we don't even know we are doing it. Social media and all the electronic devices we invite into our lives, are purposely designed to provide the feedback we all crave. We are what we do and say (or not) and we share that information without a thought.
This is why, in part, that the GDPR and other privacy legislation had expanded the view of protected data to include "Personal Information", not just a select set of data points in the old PII. But in the days of COVID 19, health trumps privacy … every time… but should it?
Now in the COVID 19 are we ready for the digital 'new normal' where data privacy has evaporated into the air like a cloud of COVID 19 microdroplets. Constant snapshots of our lives gobbled up faster than we can upload images to Facebook, Instagram or the next best platform.
Speaking of photographs. How many people really understand the mammoth amount of information even just a digital photograph contains? From the location, time taken, who you are with, type of camera/phone used and more. Upload that photo and it gets tagged to your own digital profile after which it is liked (or disliked etc.) connecting it to many more profiles.
With our current confinement and 'social distancing', we rely more than ever on the digital tools we were once so concerned about. Suddenly Facebook, Zoom and Google are our saviours. No longer are they untrusted platforms the security professionals warned about oh so long ago (well a few weeks back anyway). Now they are here to help... collecting all our ever growing information as we are unable to communicate any other way. No private social gatherings, no standing and talking in line, everything is now digital and managed by the tech giants we felt so much distrust of only a few short weeks ago.
They don't just control our output though, they now also control our input. From Facebook to YouTube, any attempt to discuss anything outside of the single (but ever changing) COVID 19 narrative has now been declared 'Harmful Content' and as such will (and has) been automatically removed from the platform... WHAT! Even world leaders discussing what is now becoming mainstream opinion through the medical and research community, is removed...
So all we are left with is our filtered view profiled individually and with targeted message like a laser guided missile, no longer just to sell the latest brand of toilet roll, but now with ever more insidious messaging. While all the time we continue those innocuous posts to Facebook, Twitter, Instagram and more. We provide detailed insight into every aspect of our lives with abandon. Political views, personal preferences, people and places we are connected to, all in a single photograph. Until recently, the text we typed was the primary target for profiling and this provided a wealth of data to add to our digital profile. Now we can analyze images and other 'structured data' (documents, pictures, video, audio etc.), read the metadata and more. This can be cross referenced to not only our own but every other digital profile in near real time. Imagine the wealth of data hidden in the random Snapchat image that really has no value to you, other than to allow you to text a message!
Consider the following example. Someone emails (or posts) a picture of you in front in a doorway holding a birthday cake saying "Happy 30th, Dave!" Maybe it is a photo taken on a smart phone weeks earlier. How much personal information does this innocuous image disclose?
- Name, age, date of birth (from the timestamp of the picture and the image of the cake), sex, eye colour (just zoom in), hair colour, approximate weight and height (just compare to the standard dimensions of that door frame), location (GPS data embedded in the picture)... the list goes on.
With enough data (easily obtained in our 'selfie-obsessed' age) and technologies such as point clouds i.e. Photosynth, we can even work out the exact spot the photographer was standing in and who else was in the room. If the room contains more people with their own data capture devices or IoT (camera's Alexa, Google Home and more), then the connections grow exponentially.
If anyone has watched 'The Circle', you may be shocked to know that even without those little cameras, your digital profile is working against you. Now add in the Internet of Things (IoT), voice and video enabled devices, tracking/tracing apps and we open ourselves to even more data collection. Ask Google for the local pizza store and suddenly you are bombarded with pizza coupons. Sometimes you don't even have to interact to be targeted. Walk to close to a suspected 'infected' or otherwise 'unfavorable' person and you could suddenly be locked up for another two weeks (or more). In some countries, the cell towers are weaponized for marketing. Just being in a location can trigger geolocation texts or COVID 19 alert in the near future. All of this information goes back to be stored and analyzed at a later date. As AI gets smarter, the information that can be gleaned grows exponentially. Sadly, even when the AI gets 'smarter' with its ever expanding data set, it also has a tendency to develop increasing and unexpected bias. In personal interactions such as Google Maps, you can Trust but Verify. However, how can you verify an outcome if you can't even understand how it came to the decision? This is why GDPR banned automated processing that has a legal impact. But where is that protection now? What about the COVID 19 data? Everything from that COVID 19 government loan or other payment from the government, now processed automatically without a single human interaction. Just press 1 to receive a payment into your bank from your local tax agency and not a person around to say hi, how are you. All automated, all seeing, all knowing all data collecting. Do you even know it is happening though? This automated large scale data collection can lead to many unintended (or intended) consequences from a wrong turn, to professional discrimination to things we can only imagine in our worst nightmares.
Welcome to the post COVID 19 world of privacy...
Can't we anonymize the data or maybe even use tokens? GDPR thought of that too (and so have Google, Facebook et al.).
“…Personal data which have undergone pseudonymisation, which could be attributed to a natural person by the use of additional information should be considered to be information on an identifiable natural person…”
"...However, a second team within the organisation ... For this, the identification of the individual is unnecessary. Therefore, the firm ensures that the second team can only access the data in a form that makes it not possible to identify the individual couriers. It pseudonymises this data by replacing identifiers ... with a non-identifying equivalent such as a reference number... The members of this second team can only access this pseudonymised information. Whilst the second team cannot identify any individual, the organisation itself can, as the controller, link that material back to the identified individuals...".
Pseudonymisation, anonymization or tokenization. Call it what you want. If information can be traced back to an individual, then it is personal data. Wondering how much can be gained from apparently disconnected or innocuous information? Maybe try The Einstein Puzzle Rebooted [link].
At present, it isn't perfect because multiple people can use multiple devices. I, for one, would rather not have Netflix assume I am an avid Paw Patrol watcher. However, when my grand-daughter comes to stay, Paw Patrol rules! These nuances on whose data belongs to whom will soon be extrapolated as more data is analyzed and AI learns. In the meantime, we are exposed to potentially unfair bias, misleading (and annoying) advertisements and suggested posts/shows. What if that misinformation gets tagged to your credit score though (spoiler alert… it already has to some extent)? Now what happens when there is yet another security breach?
We trust that all that data is secure. We assume it is unusable beyond its original purpose for disclosure. However, large companies and governments are looking at ever more creative ways to use that data to build a better profile. These profiles are more valuable than the best Cryptocurrency in circulation. The more detail they contain, the more valuable they are. It is frightening enough just thinking what a marketing team might use these profiles for (toilet paper anyone)… what about your insurance company?
Now what about all those data breaches that keep happening?
What if your whole life is stolen and becomes available? You can change your credit card number, you might even be able to get new ID or even a new gender but can you really change the fundamental way you are and how you behave?
Imagine you are using Facebook and Google for the first time. You provide both with an email address and password. At this point they know nothing about you…or do they? They will know where you logged in from, what type of devices you use and have access to the history of the devices including websites, apps and more. This is before you even send an email or make your first post. Fill in the complete profiles they ask for and they already have enough information to fill out more than just a basic credit card application.
What if you use a different email and password for each? Do you also use different devices? The answer is probably no. So, the digital profiles get connected and now even more information about you is connected. At this point you still haven't done anything.
However, once that first email comes back, you get a warm fuzzy feeling… “somebody cares about me”. Post your first photo or status and wait for the likes. The feedback starts to become addictive, as it was designed. How do I get more likes? Make more posts, provide more information, make controversial statements. Each of these adds to the detailed picture of you. Then you like someone else’s post and suddenly you are seeing posts that are similar in your daily feed. You see one that says, “So and So likes Diply”. Did you like that post because they liked it? Did you notice that it didn’t say “So and So likes this specific post”? Probably not. However, the system now knows a little bit more. Sometimes you ignore the feed it gives you. That provides a wealth of information about you also. As these systems talk to each other and exchange information they get to know you piece by piece. But they provide anonymous data, I hear the professionals say. I will again point to the exercise in redaction. If enough information is shared, you don’t need an obvious Personally Identifiable Information (PII) connection to have exposed your "Personal Information".
So, how did we get here?
From the First Industrial Revolution to the The First Digital Evolution [Link].
In the 18th and early 19th century, we automated and collaborated with machines to change the way society worked. This was assisted by the introduction of the steam engine. The 19th and early 20th century, saw the expansion of automation and the harnessing of electricity, steel and other technologies expanding the power of industry to meet the needs of the people i.e. customers and workers. These focused on industry. The new machines and tools were not available for home use or home-based businesses. Starting mid-late 20th century until the early 21st century, computers and digital technology expanded at a rapid rate. Although some of these tools were put in the hands of the public, the primary focus for new technology was industry. Access to some of the resulting technology helped spark the next revolution as the public started to gain access to tools and knowledge that had, to this point, been restricted. This was indeed an Digital Revolution, not restricted anymore to just industrial forces. Technology, biotechnology, computing power, software and manufacturing is now being targeted at industry and people simultaneously. This is no longer an Industrial Revolution as its focus is not just on industry. It is no longer just a revolution as we move into AI, Biotechnology and more. We are hurtling towards the First Digital Evolution [Link].
During the Third Industrial Revolution, the most powerful men in the world met to prevent an escalation of power and divide that brought us closer than ever to annihilation.In a world that was facing a rapid evolution of digital technology, people made the ultimate decisions. That meeting of East and West gave us the famous words 'Trust but Verify' [Link]. This is something we should remember as we put our everyday lives in the hands of the unknown box we call AI. Be it Alexa or Google, from Search to Maps, thermostats to door bells, these devices are connected and collecting our digital profiles to turn us into their ever growing pile of cryptocurrency 'green'.
Digital profiling is like the world's biggest game of Clue (or Cluedo for the Brits out there). No-one knows who is in the envelope but if you ask enough questions you can narrow it down really quickly. Now imagine the wealth of information attached to some of the most sophisticated analytical systems imaginable and it is easy to see how vulnerable we can be.
AI and Machine Learning is now taking that one step further in order to 'guess' what you will do next, even before you do it. A company recently created a profiling system to 'guess' if a realtor's contact is likely to sell their house soon. All the realtor has to do is upload his contact list. Did his contacts (maybe not all clients) give him permission for that? Now suddenly they are receiving posts on house renovations, moving companies and more. They have no idea where these came from though.
So, before you make that next post, upload that next picture, speak around Google, Alexa or Siri, or even send that next email, consider what you are giving up. Read those privacy policies a little more carefully. Even if the company that collects the data does no harm, when a security breach occurs, the new possessor of your information probably didn't read the privacy policy either. They may also have breached multiple systems so are able to build digital profiles more sophisticated than even Google or Facebook could dream of.
We are in a time where this is no longer just about the collection of data. This information can now be used to manipulate our everyday lives. Using techniques such as the micro push, it is possible to nudge our purchasing decisions and even manipulate our political choices.
Wondering how easy it is to manipulate our decisions and even our memory? Just take a look at Derran Brown and Simon Pegg [Link]. Now think about that gift you just gave or received this holiday season. Is it what you wanted, or what was 'pushed' through the power of Social Media and IoT driven data?
What does 'Stay Safe, Stay Home' really mean... in the age of the Behavioral Priming [Link].
Is Google, Alexa the MSM or government giving you what YOU want, or what 'THEY' want you to want?
Take this a step further and watch Derran Brown's further works including "The Push" (not for the faint of heart).
1 - Derren Brown Advertising Agency Task - Perception Without Awareness Stage 1
2 - How to control a Nation - Perception Without Awareness Stage 2 [Link]
3 - Heist - What would you do - how far would you go? [Link]
4 - Sacrifice - Would you sacrifice yourself for your worst unimaginable enemy? [Link]
5 - The Push - Could You Kill Someone? [Link].
6 - Apocalypse - COVID 19 - Is it all real or is this the next Derran Brown special we are living through? Part 1[Link] , Part 2 [Link].
Even if these companies and government cry out “We are Compliant”, “this is for your safety” you have to ask, would you have consented in the true sense of the word to what they are doing? We have to hope that these companies and government will work with the three wise monkeys of Cybersecurity, Compliance and Consent. But don't hold your breath or you may end up breathing your last on a ventilator, becoming the latest statistic for the glowing red maps.
Sadly, everything would suggest they might not be working in our best interest after all. Even professionals we trust might not get it right all the time (or even at all). Is that secure email solution doing what you think or is it creating more issues? Is Blockchain or Cryptocurrency really providing the solution you expected or is there a simpler solution? Does that 'new' COVID 19 model make any sense? Just because it is new, shiny or red and scary, doesn't make it the best solution. In some cases, our reliance on technology is making us less smart.
In all of this, not only do we have a lack of privacy but our security is not always top of mind either. In a lot of cases, this is due to a focus on one or the other (or neither). We have to remember that with Cyber security and Privacy - it's a partnership, not a competition.
The genie is out of the bottle and is not likely to be put back anytime soon. It is critical that we have enforceable privacy, compliance and security in place to protect the ever growing knowledge pool about every digital breath you take...
Now that the world of Digital Soylent Green has come to pass as a result of COVID 19. Take all of the above and the steps the government, with the help of Silicon Valley, is doing and ask yourself... How did we get here, before a Digital Soylent Green isn't just digital anymore.
As the media fiddles, we are watching Rome burn. Who will rise from the ashes. So, don't be a Nero. Join the conversation beyond the four corners of your TV and help us climb out of this hole before it is too late. #COVID19, #RomeIsBurning, #ABetterPlan, #jointheconversation