Computer security expert and writer Bruce Schneier analyzes the trends of personal data collection and usage in the increasingly technological society.
The topic of this panel is: “What’s going on out there?” I thought I would list what’s going on out there, talking about several trends.
First it is the technological trends. We heard about this a little bit at the previous panel. Basically the way to think of what’s going on is that data is the by-product of the information society.
Everything we do that uses a computer creates a transaction record. When you pick up your cell phone, there’s a record of the call you made, there’s a record that I’m hearing the ringtone, there’s a record of my SMS messages, right? That’s all on the phone. Browsing the Internet creates records, and my ISP knows where I’m going. Google knows more about what I’m interested in than my wife does. And it’s true for all of you as well.
The commerce; as soon as I buy something – credit cards, affinity cards. I don’t know if they have it here in New Zealand, in United States we have automatic fare collection systems, where I’ll drive over a bridge and there’s a transponder. Instead of throwing a coin into a tollbooth, there’s a transponder, and a transaction record is generated – where I was, when I was. This naturally happens.
Data is also a by-product of information society and socialization. Nowadays computers and companies are mediating our social interactions, whether it’s e-mail, whether it’s SMS, whether it’s IM or social networking sites. There used to be conversations of two people talking to each other; they are now collected because there’s data associated with this. Again, this is natural.
And what we’re seeing is a sea change in the world of personal data. All this stuff is increasingly stored and increasingly searchable. Data storage drops to free, data processing drops to free, and stuff that even 5 years ago you would throw away, you save. Because the marginal value of saving it only has to be so low. We’ve all hit the point in our e-mail lives, where, while we used to only save the important stuff, we all stopped. Now we save everything. It’s easier to save everything and search it than is to figure out what to throw away. That’s exactly what’s happening in the world large.
So the result is we’re all leaving digital footprints throughout our lives. Big data knows exactly where I am, exactly what I’m doing and exactly who I’m doing it with. They know the dinner reservation I made tonight, they know everyone I’ve spoken to; it’s all out there. And this is not a question of malice; it’s just a natural by-product of computer technology.
Second – Legal trends. What can be done with this depends on local laws. In general, the trend is for laws not to mess with technology. In the U.S., at least, most of my information is not owned by me. Like Google or Hotmail owns my email; online merchants like Amazon own the books I buy; medical and credit reports, phone records – there are data bureaus that buy and sell this.
In the United States I have very little ownership and control of this. I can’t see a lot of it, I can’t correct a lot of it, I can’t delete any of it. If you go to Europe, things are a little bit better. Actually, in some cases it’s a lot better. You know, elsewhere it’s different. In general, the legal system is not keeping pace with technological improvements. At least, in the U.S. the laws that protect my paper mail don’t apply to e-mail; the laws that protect my phone conversations don’t apply to voice-over-IP. Even the laws that protected my videotape rentals don’t apply to streaming movies on the Internet.
It’s the business trends: this data has value. There’s value from marketing, like personalization. Let’s use Amazon, Amazon is a great personalization service. They recommend books I might want to buy based on the books I’ve bought. I like that, that’s process streamlining. One click and I get a book – it’s great. And control, security – my account is protected on Amazon based on personal data of mine. And there’s a primary and secondary market for this data: Amazon can use it for their own purposes, and they can sell it to somebody else. And again, that depends on local laws; Amazon is a U.S. company, so they’re going to sell my data to some broker who knows I’m buying a book on Tourism in New Zealand, and now they know I’m going there, so I get offers about hotels.
An enormous amount of revenue on the Internet is based on information, it’s an information market. Remember, you are not Google’s customers. You are Google’s product they sell to their customers. When you complain about Google not having the customer service, they actually have great customer service. Become a customer and you can use it! As long as you’re a product, you don’t get customer service, right? Shut up and enjoy your Internet.
All sorts of business models are enabled by this data: advertising, individual marketing, differential pricing. Lots of industries are moving to a very data-heavy business model: think of publishing, book publishing, music, mail-ordering everything, customer tracking at retailers.
And companies are moving towards more control over users. Think of the iPhone as compared to a normal operating system. Apple has a lot more control over this device: what I can put on it, what I can’t put on it, what I can do with it. They can erase things. I have a Kindle; Amazon can decide I no longer have a book and they can erase it without my knowledge or consent. We’re seeing much more control. These are all data driven systems.
We’re seeing some of the law enforcement trends; identification provides easy security. That’s one of the reasons law enforcement likes this data. It’s a substitute for authorization: “I sort of know who you are and I can sort of substitute that for what you can do.” It facilitates easy audit and judging people by their data shadows. You know, TSA watches that in the United States, determining how much of a terrorism risk I am based on my data. And then the notion of wholesale surveillance; I mean, there used to be surveillances “Follow that car”, now we can follow every car. There are cities in the U.S. that have put cameras and basically collect license plates, constantly. They know where every car is in town. There are a lot of airports that do that. Every night they’ll run a camera and know where every car is. We got surveillance backwards in time: if I save this data, I can now surveil you, what you did last year, not just what you’re doing now. These are new things.
And this has value not just for law enforcement – for marketing. Big change: systems that never forget. And we’re now going to live in the world where nobody forgets anything. That’s going to be an enormous social experiment. And one of the biggest worries I have is the amalgamation of business and law enforcement. In the U.S., data that is illegal for the government to collect, they buy from industry. And data that industry can’t get – they get from the government. And they’re back and forth; and we’re now seeing legislators proposing in the U.S. to make this data back and forth easier. I think it’s uniquely scary.