"Whenever I go into a restaurant, I order both a chicken and an egg to see which comes first"

Sunday, December 9, 2012

Internet Snooping - Absolutely Nothing Is Private Anymore

The Congress is about to consider a law restricting prying into private emails. However, it addresses only one aspect of a much larger issue. As reported in an Editorial in the New York Times (12.9.12)

The bill, an amendment to the outdated 1986 law that now governs e-mail access, the Electronic Communications Privacy Act, would require law enforcement agents to get a search warrant from a judge in order to obtain e-mail content from a communications service provider that holds private electronic messages, photos and other personal records, like Gmail or Facebook. This means having to show the court there is probable cause to believe that the sought-after records may reveal evidence of wrong-doing.

This legislation would prevent Government from requiring email service providers to release information about individual correspondence without a warrant. The FBI, for example, cannot go to Gmail and ask for all emails from a particular zip code, a particular email address or a particular computer.  It must show probable cause via court-issued authorization. While this is an important step in the right direction, it does not cover cell phone or GPS communications. If the FBI has reason to suspect that terrorist activity is occurring in a local mosque in Detroit, it can now mine data to find out who was at the mosque or in the vicinity.  Any law-abiding citizen who is just buying falafel or baklava in the Arab grocery nearby can get caught in a web of suspicion:

The government is taking advantage of outdated law on privacy and technology to track Americans like never before. As long as it is turned on, your mobile phone registers its position with cell towers every few minutes, whether the phone is being used or not – and mobile carriers are retaining location data on their customers.

As a result, government officials can learn a tremendous amount of detailed personal information about you by accessing your location history from your cell phone company, ranging from which friends you’re seeing to where you go to the doctor to how often you go to church. Law enforcement can get months’ worth of this information, without you ever knowing – and often without a warrant from a judge (ACLU.org Government Location Tracking)

Not only that, there is such legal confusion about the limits of privacy on cell phone voice and text messages, that law enforcement agencies now routinely ask for and often obtain data on individuals or groups they consider crime or terrorist threats:

“The courts are all over the place,” said Hanni Fakhoury, a criminal lawyer with the Electronic Frontier Foundation, a San Francisco-based civil liberties group. “They can’t even agree if there’s a reasonable expectation of privacy in text messages that would trigger Fourth Amendment protection.”

As technology races ahead of the law, courts and lawmakers are still trying to figure out how to think about the often intimate data that cellphones contain, said Peter P. Swire, a law professor at Ohio State University. Neither the 1986 statute nor the Constitution, he said, could have anticipated how much information cellphones may contain, including detailed records of people’s travels and diagrams of their friends. (NY Times, Bits, 11.26.12)

If this weren’t bad enough, vast amounts of data are being collected daily by retailers and marketers.  Facebook, for example, whose stock price fell because of its unconvincing marketing (money-making) plan.  It was neither generating sales from its web site advertising, nor was it capitalizing on consumer preferences suggested in the hundreds of millions of posts uploaded daily.  With the advent of ‘big data’ and advanced software able to mine vast amounts of data for information on consumer preferences and attitudes, Facebook and other social networking sites are now able to provide corporate retailers with high-quality, zip-code specific data. 

Every time you write a post on Facebook talking about your experience at a Hilton, for example, mentioning the lumpy beds, the indifferent service, and the dirty sinks – or the stellar personal attention, sumptuous and plentiful breakfasts – Facebook records the post, and using sophisticated software tracks your impressions, finally submitting all to Hilton.  If the experience was a bad one, Hilton might write you offering a night free during your next stay.  You didn’t tell Facebook that they could do this; nor did you write to Hilton with your complaint.  It was all done for you.

Gmail software tracks your correspondence, and Google can know if you are interested in Persian rugs, a new car, or kitty litter.  Thanks to mutually beneficial contracts with retailers, a personalized ad for rugs, cars, or pet products will pop up on your next Gmail screen.  Again, you didn’t ask to be profiled, nor did you ever explicitly ask for information about a particular product.  It was all done for you.

Recently, information about an ingenious scheme designed to match you with the best car has been developed by car manufacturers and their dealers in collaboration with Internet Service Providers.  If you have contacted as car showroom and provided them with any personal information, this can be matched with your recent Internet searches concerning cars.  Software algorithms can determine if a prospective customer is serious or just a middle-aged adolescent looking at the hot cars he could never have.  If the customer is serious, then a data profile is compiled and ready for use whenever he returns to the showroom.  The salesperson will know a lot about him, his driving habits, his color preferences. The customer didn’t have to tell him anything.  It was all done for him.  

These commercial examples represent the most serious threat to privacy because there are few complaints from the consumer.  ‘We love our cookies’ is the unspoken mantra of the busy shopper; and if our purchasing lives can be made simpler, we are happy.  Why search through endless book or movie reviews to find attractive, interesting items when Netflix and Amazon already know what you like from having tracked your past shopping history and, as above, your Internet searches and email traffic? 

So far, so good.  Both consumer and retailer are happy.  However, government is always ready and anxious to collect more and more data about everyone.  The Patriot Act and the various other legislation it has spawned has never been more permissive, all in the name of stopping the terrorist threat.  Because of ‘big data’, volumes of information can be collected, sifted, and organized about individuals, and profiles can be created.  John Doe, who lives at _______has bought X,Y,Z books; rented A, B, C films; stayed at the Silver Spring Marriott and the Dulles Airport Hilton; has bought falafel at Ahmed’s Bakery in Detroit, and loves cats.  The mining of 'big data’ costs very little, and even if only a tiny fraction of one percent of profile information turns out positive, the FBI has gotten its money’s worth. 

Think of Nigerian scammers.  Who on earth would ever fall for: “My name is Ibrahim N’Goloudou.  If you give me your bank account information, I will deposit $100,000 in your name for allowing me to deposit the rest of my inheritance at the same bank”?  A lawyer friend of mine investigating Internet fraud schemes for the Treasury Department answered: “You’d be surprised”.  Automated software generates hundreds of millions of emails to prospective marks; and even if a tiny fraction of one percent bites, the scammers have covered their investment and then some.

The mining of big data is big business today. Marketers are salivating over the prospect of highly reliable, useful information generated at almost no cost.  Analytical programs are becoming more and more intelligent and able to decipher subtleties of speech.  They can understand expressions of humor, irritation, frustration, satisfaction, displeasure, and anger. They can understand that the word ‘sick’ in hipster-speak means cool, not diseased; or that ‘quiet’ can mean dull in one sentence, but relaxing in another. 

The field of Artificial Intelligence has never been more promising because it has moved out of academia and into the world of commerce.  At a recent Artificial Intelligence Conference (MIT, May 2011 Brains, Minds, and Machines), traditionalists like Noam Chomsky who have labored for decades to figure out how the brain works to generate intelligent thought were marginalized in favor of the big data IT gurus who said, “Who cares how the brain works.  Let is look at what the brain does”.  He meant that by analyzing trillions of English sentences about billions of subjects, one could easily learn how linguistics works and just as easily teach a computer how to ‘think’.

I have written extensively about invasions of privacy in the Internet age, and have become active in trying to stem the tide, but to no avail.  Every week I read about new, sophisticated, and ingenious ways to mine data and to peer into my life; but only once in a blue moon do I read something like this Times editorial reporting on Congressional action.  Only the Europeans seem to be really exercised about the subject and have moved aggressively to close – or at least partially shut - the doors to Internet snooping.  We on the other hand are happily unconcerned.  “We love our cookies”.

1 comment:

  1. Everyone is talking about a violation of privacy, but how can you even expect to have any privacy on the most public place on the world?

    ReplyDelete