Schneier has a great article here on the many ways you are being tracked, but I think overlooks the fact that much of this record keeping happened prior to the internet. Almost all public activity generates a paper trail, and before the internet, your phone company, bank, grocery store, even your VHS rentals and public library, were keeping records on you. The internet makes it far far more efficient, but it didn't invent the collection of such records.
I think the focus shouldn't be on the unavoidable "information radiation wake" you give off as you move through the world living your life, but on the ways people utilize this information. The government, and private entities, need to be constrained in how this information can be legally used, not in the collection of it, which I think is impossible.
Consider health records, which lots of people are paranoid about. There's a lot of diseases we might be able to treat if people's health records were available to researchers. One might be able to detect correlations in disease from these records of millions of individual cases. But insurance companies and employers could potentially discriminate against you based on these records, so it is in your interest to keep your medical conditions secret. In cases, if you have a communicable disease, it is understandable you'd want privacy too.
Point being, the biggest danger of loss of privacy is abuse by the state or other private entities, and if we could build safeguards against that, the fact that your phone signals give away your location, or your subway card shows where you've been, might not be so threatening.
> Almost all public activity generates a paper trail, and before the internet, your phone company, bank, grocery store, even your VHS rentals and public library, were keeping records on you. The internet makes it far far more efficient, but it didn't invent the collection of such records.
In addition to efficient, it also made it more convenient and secure to do so. This aspect is huge.
The local video tape rental place may have kept records of every movie you rented, but an agency wasn't going to go in and demand your records from the scumbag owner unless it had a really pressing reason to, as it would potentially blow their investigation/operational security. Scumbag owner would have some guys in dark suits visit him and it'd be all over town in a matter of hours. The end result is that they probably wouldn't sift through your rental records.
Now, with the proliferation of the Internet, the government doesn't even need active participation of the records custodian, they can pull traffic off the wire and warehouse it themselves.
And if it does require active participation from the data custodian, they have nice National Security Letters with highly-threatening gag orders, which have proven to be quite effective.
> And if it does require active participation from the data custodian, they have nice National Security Letters with highly-threatening gag orders, which have proven to be quite effective.
But they don't need NSL's to get the data. Just as a plain old warrant or subpoena would have been enough to get your local video tape rental place's records of the movies you watch, it's enough to get Netflix's records of those movies.
The data offered by my old local video place, though, was pretty minor, and they were small enough that honestly I don't think anyone higher than the local police in the food chain cared.
If you can get Netflix, it suddenly justifies the effort to mine that data and weave it into a larger tapestry.
The internet makes it far far more efficient, but it didn't invent the collection of such records.
This reminds me of a quote attributed to Joseph Stalin, "Quantity has a quality all its own."
The collection of data is not new. However, the extraordinary amount of data now collected, and the ease with which those data can be cross-referenced or otherwise mined, create a phenomenon that seems qualitatively new.
Please strike "public library" from the list of people who keep records for any length of time. This is a topic that libraries have known about for a long time, and most libraries have policies like "privacy of library users is and must be inviolable", and to "destroy [patron records] when no longer needed."
(Technically, "keep" includes "keep until the book is returned", but you mean "keep" in the sense of longer document retention, and I feel it's unfair to lump libraries into the same category as a bank, which has a legal obligation to keep long-term records.)
I remember talking with friends after we had seen the movie "Seven" in 1995 (seems like a lifetime ago). They all freaked out about the part where they said the FBI keeps records on what books people check out from the library.
Nobody would bat an eye about it today though. . .
Modeling each individual in a population the size of America based on a 1000 variables would be the realm of fantasy in the 1990s. The manpower requirements to even gather, organize and group large volumes of data made profiling, or things like Obama's campaign the things of science fiction.
Now the system has shifted dramatically. Not only is such analysis is possible, it is constant. While the models are not perfect, they managed to get Obama to 1.5 % of the final poll numbers.
Practically - this is a difference between bronze age weaponry and Iron age weaponry, and only one side has the ability to use these weapons. Normal citizens will not be able to run similar models on government.
Normal citizens dont have access to databases of such data, nor can they in turn stay one step ahead of the government.
Earlier the barrier for a government to collude against its populace meant that a strong civil rights movement could halt nascent programs because of the runway required for them to take off (Years and large manpower requirements just to record data).
Ideally at this stage, people need to know what is being predicted about them, how the data is being used. People need to be mutually armed and aware.
>I think the focus shouldn't be on the unavoidable "information radiation wake" you give off as you move through the world living your life, but on the ways people utilize this information. The government, and private entities, need to be constrained in how this information can be legally used, not in the collection of it, which I think is impossible.
You clearly describe two options: preventing collection, and limiting utilization. I agree that preventing collection is impossible, but I don't think simply limiting utilization is enough. I think limiting utilization and retention is key. As long as the data exist, it can be utilized in the future.
> I think limiting utilization and retention is key.
I think the retention point is valuable. But it also seems sort of impossible in some arenas.
Take Facebook. Say that the government can only retain information it collects for 6 months. Fine; but they could re-request that same data 6 months later.
I suppose there is always a way around this (no extensions without a warrant), but in principle retention seems both critical and a minefield of potential confusion. I'd be interested to hear others' thoughts on the topic.
Well, if the government had to 'redownload the entire Internet' every 6 months, then they might decide to curb their information habits (or like a junkie they might just look for ways to skit the rules).
>but I think overlooks the fact that much of this record keeping happened prior to the internet. Almost all public activity generates a paper trail, and before the internet, your phone company, bank, grocery store, even your VHS rentals and public library, were keeping records on you.
I think you would've had a very hard time tracking someone through these records.
As an NYer, tapping John Gotti was very traditional compared to the blanket tracking of US citizens that has been granted by FISA.
As for Schneier's link to the Atlantic's article, I think we're moving to a new era where we trust developers and not the popularity or the design of the app itself. I'm sure one will be tracked when you don't have to pay anything for it.
Real time tracking, yes. But during investigation, no. The intelligence agencies and police states weren't blind before the invention of the internet, or even digitization of records.
In some cases, organizations simply had to actively file reports with government agencies via snail mail when certain suspicious activity was encountered, sort of an active, HUMINT client-side filter.
Best examples are one-way ticket purchases, or cash transfers at banks over $5000, or Western Union telegrams, these were activity monitored via human labor and dead tree paperwork.
I just posted this a few days ago, before all of this leaked, and I argued that this is a political issue. Right now there's nothing stopping anyone in a position of power from controlling you other than the social pushback. Who gives a damn about tracking you if the powerful can just scare you into submission? But we don't allow that. That's not kosher in today's world.
I feel the same thing goes for all the data we create. That data can be seen as an important tool for law enforcement (which I no doubt think that some of it is), but we cannot let it be use as as reason for subjugation. We need make that unacceptable.
Well, before the Internet, the police could get a warrant with just cause, and tap your phone. That would end up as a box of reel-to-reel tapes that someone would have to listen to and transcribe.
Now, in the electronic age, they could demand that the phone company keep records of every phone call made by every single customer of theirs, and have it uploaded to the NSA computers for real-time analysis using AI. Different scope entirely.
I think the focus shouldn't be on the unavoidable "information radiation wake" you give off as you move through the world living your life, but on the ways people utilize this information. The government, and private entities, need to be constrained in how this information can be legally used, not in the collection of it, which I think is impossible.
Consider health records, which lots of people are paranoid about. There's a lot of diseases we might be able to treat if people's health records were available to researchers. One might be able to detect correlations in disease from these records of millions of individual cases. But insurance companies and employers could potentially discriminate against you based on these records, so it is in your interest to keep your medical conditions secret. In cases, if you have a communicable disease, it is understandable you'd want privacy too.
Point being, the biggest danger of loss of privacy is abuse by the state or other private entities, and if we could build safeguards against that, the fact that your phone signals give away your location, or your subway card shows where you've been, might not be so threatening.