Photo by Arvin Febry on Unsplash

Modern technology is eroding privacy with astonishing speeds, faster than society is able to cope with it.

It is troubling to hear that the personal information of millions of people was once again stolen from a government agency or a business. It is unnerving to see ads in web browsers for topics looked at earlier — especially if it is a sensitive personal subject. It is easy to become paranoid and wonder if devices are listening in on our conversations too.

An instinctive reaction to this may be to withdraw from the Internet, hide, and protect your information. Yet staying completely incognito is not practical in a highly interconnected society. You would need to hide in a sarcophagus to succeed. Even if you have never accessed the Internet, companies like Facebook and Google know you from the contacts information your friends and family members likely shared with social network providers.

“Shadow profiles…” https://www.theverge.com/2018/4/11/17225482/facebook-shadow-profiles-zuckerberg-congress-data-privacy

Even if you never submitted your DNA for analysis, a few of your dozens or hundreds of relatives probably already submitted theirs and hence you could be identified based on your DNA.

“Genome Hackers Show No One’s DNA Is Anonymous Anymore” https://www.wired.com/story/genome-hackers-show-no-ones-dna-is-anonymous-anymore/.

You have no choice but to reveal private information to prove identity, residence, or creditworthiness in order to participate in public life, interact with the government, health providers, government agencies, or get a job.

When you do venture outside and carry a smartphone, your phone reports on where you are at any time to the mobile provider and to any phone app permissioned to collect location data. Information on your purchases reveals more than you or your loved ones would realize.

“How Companies Learn Your Secrets” https://www.nytimes.com/2012/02/19/magazine/shopping-habits.html

Private data is everywhere and, like water, it leaks through the smallest of cracks. https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

How worried should you be? What are the consequences of mishandling and misusing private information? The news media focuses on data and privacy breaches but not on tangible damages caused by them. Nonetheless, consequences can be far-reaching.

Privacy covers too many things and — like an elephant — to six blind men it carries different meanings. Much depends on who you are, where you live, what you’ve done and do. An average adult, a teenager, a celebrity, a political or religious dissenter, or a pariah each have different privacy concerns.

A short list of concerns:

  • being defrauded
  • being besieged by unsolicited marketing
  • being unduly judged
  • being manipulated, coerced, or harassed
  • having restrained freedom of action and expression

One would think that achieving complete privacy is the goal. But not when privacy shields those who do bad things.

With the exception of identity fraud issues, it is not necessarily clear who is in the wrong or where the ideal privacy boundary lies. There is no obvious criminal activity and some intrusion and influence may be justified depending on the context.

Which is the bad or good party on this list?

  • Child / Parent
  • Married couple
  • Individual / General public
  • Colleagues
  • Employee / Employer
  • Citizen / Government
  • Parishioner / Clergy
  • Consumer / Corporation

Much depends on intent and degree. In a well-adjusted family, the parents would never intend to be abusive. Can technology turn good parents into bad parents? Can it make good government become bad? Certainly, excessive oversight and intrusion can become oppressive even when done with good intentions.

The Problem With ‘Sharenting’ https://www.nytimes.com/2019/06/05/opinion/children-internet-privacy.html

It is important to note that technology is an enabler of change. It is the cultural and individual moral compass that determines the direction of that change. When implementing political, legal, and technological policies this moral compass should be kept in check by limiting power and ensuring accountability — hopefully with informed social consensus. This, of course, applies in a generally stable environment for in the moment of crisis a mob mentality will throw the moral compass out the window.

Long term solutions would require decentralized information collection, storage, and control. It would require decentralized, sensible identity and reputational management frameworks. It would require automatic audits and reviews by impartial peers and outside interested parties. Not all identity and reputational artifacts, not every act or fact needs to be centrally collected or be permanent.

Similarly to how the United States Fourth Amendment was established to protect a person inside a household, there should be laws establishing privacy boundaries at every level — be that a smartphone, home, job, school, neighborhood, city, or state. Each should serve as an information perimeter across which information doesn’t travel seamlessly without permission by someone who is accountable for it.

Fourth Amendment by itself doesn’t seem to be sufficient.

“Telephone Technology versus the Fourth Amendment” https://www.americanbar.org/groups/judicial/publications/judges_journal/2016/spring/telephone_technology_versus_the_fourth_amendment/

Privacy is a vast and endless topic, but one has to start with concrete cases to discuss. Let’s consider how to reduce the power of personal data and how to impose accountability in the absence of identification.

Reducing the power of personal information

Would you publish your social security number, date of birth, and facts about your past and present that only a few people know? Personal data is kept everywhere, with no guarantee it will be secured for long. But it doesn’t have to be so. The spread of data and what you can do with it can be reduced. For example, the ubiquitous use of personal information for authentication purposes has enabled anyone who possesses it to indefinitely gain unlawful access, appropriate assets, intrude, harass, and manipulate. Like master keys, this information empowers indefinitely whoever gets hold of it and there is little accountability because identity fraud occurs remotely and anonymously. A simple way to limit the power of immutable personal data is by universally banning the use of it for all authentications. This would make this information worthless for committing fraud, and there will be no excuse for collecting it. https://medium.com/@jacobm_43109/how-to-make-private-information-completely-useless-for-committing-identity-fraud-44d0e1df26ae

All remote interactions would be authenticated with the use of asymmetric encryption keys initially established in person or via a trusted mediator be that a government agency or a business. Each ‘relationship’ would have its own set of keys and optionally expiration dates. The only trusted authentication without the pre-exiting relation keys or mediators would be the biometric information collected in-person at a trusted site. There is already a system to confirm trusted web site addresses. This would be expanded to the individuals. If banks were able to facilitate check clearing for the past two hundred years, they could certainly facilitate identity vouching.

Increasing accountability by paying for your action

Anonymity is a close cousin of privacy. In the wrong hands, it enables abuse by skirting accountability. Almost 50 billion robocalls were made in 2018 in the US causing major annoyance and inconvenience.

https://www.nytimes.com/2019/04/26/your-money/robocalls-spam-calls.html

Because the caller’s number can be faked, all calls are in-effect anonymous. There is no accountability for the caller. Phone companies are working on changing the protocol to ensure the caller’s number is authentic. This would help a lot but still would not identify the person/business initiating the call.

Consider the following trivial interim solution that would immediately raise the accountability of the caller without the need to identify who or what is behind the call. Have the phone company set up a system where any caller must automatically deposit some money before the call gets through. The called person can optionally keep the money as compensation. The caller could set the upper bound for the deposit that he is willing to pay. The receiver could vary the acceptable amount based on the time of day. Obviously, known verifiable contacts would not be subject to the deposit. Some people may actually welcome advertisements if they receive sufficient compensation for it.

Privacy solutions will not come in a phone app or delivered by a company because privacy issues can’t be localized to a product or service. To have maximum impact requires a global adoption of social standards. It involves politics.