I’ve been writing about privacy for a long time. I wrote a series of articles about location tracking and a useful overview of data brokers and a long series of articles about privacy and trust. Most recently I wrote a cautionary article about why privacy concerns could doom augmented reality devices.
I can tell you with confidence that personal privacy is obsolete. At one time we had a certain amount of privacy in public or semi-private spaces because there was nothing recording most of our movements and actions. There were just people’s observations and memories, which are transient and incomplete.
That’s over now. Everything that happens in a public or semi-private space – and increasingly in supposedly private settings – is recorded in granular detail.
The fight for privacy is just about over, and so far we’ve lost.
I can only think of one way to recapture personal privacy, and hoo boy, is it a long shot. But HIPAA at least gives us an example to look at.
When you hear a reference to HIPAA, you don’t know the details but you instinctively think, ah, privacy, that’s the real thing! You feel safe. You know that doctors and health care systems can’t tell anyone anything about you. Everyone controlled by HIPAA takes it very seriously.
We’re going to imagine a hypothetical new law that extends that idea to all information about you.
It could happen if something awful comes to light that convinces everyone that our existing privacy regulations are just not enough – a “signal event.”
A signal event is a disaster that gives rise to new legislation after a public outcry against prevailing policies that were inadequate or incapable of addressing the event.
I’m going to make up an example so you can see what might generate such an outcry. Let’s write science fiction together, shall we?
Let’s say we find out that Facebook is using algorithms and AR data to track when each person is having sex – with whom, how long it lasts, how many people were involved, and whether it includes any other species. Algorithms are crunching location data to see when co-workers travel to the same hotel at lunch or leave a bar together and go to one of their houses. They’re analyzing pictures, studying posts, looking at browsing histories, and making inferences. Facebook is using the data to sell ads.
A disgruntled employee leaks the program along with a database of millions of sex encounters. CEOs resign, marriages fall apart, there is an embarrassing shakeup in religious leaders, and hotel bookings decline ten percent.
The public outcry is intense and only escalates when politicians are forced to admit that Facebook didn’t violate any existing regulations. Facebook was analyzing its own profiles and using data that is readily available to make inferences about what we’re up to.
Politicians and journalists pontificate about poor judgment, Congress investigates, Mark Zuckerberg apologizes, Facebook’s stock goes down, but the reality is that there’s not much the agencies can do.
It would create worldwide pressure to do something.
Politicians who normally can’t agree on anything quickly pass a new law. It’s poorly thought through and will have countless unexpected side effects, but it addresses the immediate crisis.
Our hypothetical new law is called DOPPA, the “Digital Online Privacy Protection Act.” It slices through all the confusing bits and says, the giant tech companies cannot save or use information about you. They can’t store information about your location or what you search for. They can’t use information about you to sell ads. They can’t analyze photos and videos and analyze them to see what you’ll do next or how you’ll vote. They can’t buy databases of facial photos and match them up to your profile. They can’t track your eye movements and save the places online where your eyes dilate, or whatever other creepy things are in the works. For 99.9% of what they do, the answer is, stop. No more digital surveillance.
Put in vast penalties – fines of quadrillions of dollars, mandatory company breakups, whatever will work to give it teeth. Current fines are absorbed by the giant tech companies as a cost of doing business. DOPPA would need dire consequences to be effective.
DOPPA should apply to everyone in a position to gather digital information about you – giant tech companies, companies that make apps for phones, data brokers, tiny websites, all of them. They can use your information to deliver a specific service and that’s all. They can’t save it. They can’t share it. They can’t monetize it.
You still have in mind this is hypothetical, right? I’m just making stuff up.
The first result is tremendous disruption and outcry. The modern internet is paid for with advertising, and advertising is built on following you around and analyzing everything you do. Taking that away threatens Facebook and Google especially. The flow of income from delivering you to advertisers based on your profiled data has made them two of the largest companies in the galaxy and they will be very irritated if they have to stop. Don’t underestimate the power of angry giant corporations.
There would be a mad rush of lobbyists to establish exceptions. For example, Google would need permission to analyze data about your location to supply traffic updates to Google Maps. But there would be strict rules about aggregating data. Google wouldn’t be allowed to save the personalized data about your journeys and show them to you on a map at the end of the month – and they wouldn’t be able to use the data about your trips to sell personalized ads.
Google would say, hang on, this undermines the very concept of Google searches. They are based on aggregated information about what everyone searches for and they’re individualized based on your search history. No one will want to give up Google searches. Some exception will be carved out.
Facebook and Twitter and TikTok would complain that their businesses are built on analyzing a vast amount of personal data so their algorithms can deliver the content that fascinates you and keeps you engaged. DOPPA is a brick wall and there would be no exception for the social networks. Reclaiming our privacy will have some trade-offs. The social networks would be less engaging. Fierce arguments would erupt about whether this is good or bad. They would cut back and focus on one-to-one communication while they sort out what it means to work without knowing much about you.
There would be a lot more nuance like that, but so it goes. There are a lot of niggly details about HIPAA, too. (Also some frustrating exceptions.) The important thing is that everyone would instinctively get the main thrust of DOPPA: individual data about you is private. It can’t be saved or analyzed or shared without a really compelling exception.
Data brokers that package your personal profile and sell it in the shadows would go out of business and no one will miss them or cry tears for their untimely demise.
A lot of apps would dry up and disappear. Companies built on personal data would go out of business – and that’s more companies than you realize.
Some of the side effects would be sad or frustrating or disruptive.
But flowers of innovation would bloom.
Restoring our personal privacy might facilitate the next generation of technology, financed by something besides increasingly creepy ads.
Augmented reality devices would come on the market without sparking fear of new privacy invasions. You could use your AR glasses to contact your friends and watch movies and get directions without worrying that a big tech company is looking through your eyes.
We could voluntarily turn on an AR placard that displays our name without worrying that it is being transmitted to a database by everyone who sees it.
No one would freak out if you wore AR glasses into the bathroom because by definition the images from the cameras are not being saved. DOPPA might mean that the cameras in AR glasses could not be used to take snapshots or videos, period – and maybe that would help them be accepted.
There are a thousand problems with my imaginary law, but it has a couple of advantages that might carry the day.
It cuts across party lines.
It’s easy to explain.
We’ll never turn our surveillance world around with a two thousand page law created by committees. Our systems are held captive by armies of lobbyists working to maintain the status quo, and politicians who are so divided by partisan posturing that we are stuck in a weird stalemate. The simplicity of DOPPA would expose politicians who talk about privacy and freedom but whose only true guiding principle is to make large companies larger.
Privacy may be rising in people’s minds as something that demands action. Maybe it won’t take a signal event, although our current partisan divide makes it hard to imagine doing anything sweeping without some disaster to prompt it.
This is the only way I can imagine regaining any privacy in our surveillance world. It probably can’t happen. Dare to dream! Because without it our lives are an open book.
We need DOPPA.
All of this surveillance has already contributed heavily to the erosion of our democratic republic. The mining of political, religious, economic information on each of us helped bring about the joining of like minded insurrectionists. It has not (as far as I can tell) joined up bands of kind, liberal, free speech, democratic minded individuals to answer the call to demand change and rally behind the Constitution. So your scenario is not really science fiction — it’s the natural progression of the erosion of our privacy and unfortunately I can’t see a “natural” reaction to it by the “gangs” of liberals to demand regulation. So, Crap is right!!
Include government too?
As long as the tech companies accumulate data, governments and law enforcement agencies will insist on having access to it. HIPAA doesn’t stop subpoenas or warrants for medical records data, and under those laws, doctors are able to share medical information if they suspect a crime has occurred. That’s why there’s starting to be concern that medical records may be accessed to enforce laws in anti-abortion states.
It would be interesting if the tech companies simply stopped collecting or storing any data, either voluntarily or compulsorily. They can’t give up what they don’t have. Governments and law enforcement have their own sources of data – public cameras and the like – but a lot of data comes from private companies, cell phone carriers or Google or the like. Imagine if the data just wasn’t there.
They would, of course, scream bloody murder. Law enforcement wants to make end-to-end encryption illegal so any conversation can be decoded. They hate the idea of phones that Apple can’t unlock. We’d hear a lot about protecting children, because they always pretend it’s about protecting children when nothing else comes to mind.
That’s one of many reasons this probably can’t happen. We’re hosed. We’re all living public lives at all times. Crap!