The case for and against personal surveillance

Bruce Schneier thinks an article in the London Review of Books is “nice”.

It’s hard to disagree with nice, but I will try. Take for example, this quote from the article about sharing mobile data:

Such services are obscure, and barely legal, but it’s about to be brought home to the majority of mobile users that what they’re up to isn’t private information

This needs some perspective.

I have heard from engineers working on this functionality for at least five years, and I first used Helio’s buddy finder system years ago.

At one evening social in 2004 I remember a bright young engineer from Berkeley who told me he was building a system that would reveal “hot spots” for dinner and nightlife by mapping the concentration of mobile devices. For example, he said you would want to go to the dance club once a certain threshold of people had arrived. Although I could imagine alerts based on certain conditions (e.g. Bob and Alice are on site, Charlie has not, therefore it is time/safe to arrive) I instead pointed out to him how I would game the system.

A restaurant, depending on his system’s authentication and authorization, could easily create high numbers of bogey attendees as a form of marketing. If people started showing up on site soon after, their presence would either confirm what they saw on the map or drive them to question the accuracy of the system. I asked him whether trust was critical to the success of his system.

He walked away with a worried look.

Perhaps more to the point I had to work extensively with an army of lawyers to build privacy protections into “public info” mobile services at least two years ago.

The pressure from mobile carriers to share user information is intense, because data is where the mobile companies and the software vendors derive and push value to you, the ever-demanding customer. They think you will buy more “stuff” from them if it can tell you more about your communities and friends.

While the author of this article dismisses the “approval” message control as insufficient, there is no mention of the usability balance (curse?). Most users are statistically challenged when it comes to security. They want ease-of-use and the mobile companies are all too willing to oblige.

A few people, like myself, are hired by software and mobile companies to argue on behalf of consumers. We say the usual things, such as privacy is paramount and controls need to be tough to circumvent.

In response, we inevitably are faced with a series of user feedback studies and support-queue reports that suggest the majority of users really just want the easiest interface possible (which also just happens to be the least cost solution to the provider) with a data-rich source at their fingertips.

I am not surprised that we are moving towards the capability of a private and open surveillance society. In fact, I think that has always been the trend. I am only surprised when people try to pretend that this is a new problem, and that there is no precedent or case to be made for giving people fair and balanced governance system. If you leave decisions to mob rule, or a benevolent dictator…hopefully you get the picture. I met with Motorola, Nokia, Sony, Helio and others about these issues years ago and it was always fun to draw upon concepts like economics, ethics and political systems to resolve the security disputes.

We’ve been here before. Designing protections against abuse related to mobile device data should be like designing the next wheel — new technology, same old concepts.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.