Once again, technologists confuse being in public with giving up one's right to privacy.
Today's Sydney Morning Herald reports on recent advances in automatic surveillance by facial recognition of people in public, especially airports. Now, I am not weighing into the public good argument; personally I would be delighted if this sort of technology thwarted terrorist plots. What worries me is the fundamental failure of technocrats to grasp privacy, and how this chronic blind spot biasses their work.
The subject of the article, Professor Brian Lovell, is quoted as saying 'people did not have the right to privacy in places such as airports'.
It's vital to appreciate that the concept of being "in public" doesn't actually figure in Australia's Privacy Act. What matters in our privacy regime, and in the Information Privacy law of many countries, is Personal Information -- that is, any information about someone whose identity is readily apparent -- and how that information is collected, used, shared and managed.
Traditional surveillance tapes of people in public places are retained for some months, and if suspicion arises, they're pored over by cops on a mission. People caught on tape who are not of interest remain anonymous. But automatic facial recognition of digital imagery converts otherwise anonymous data into PI, in real time and en masse, without discriminating between suspects and everyone else. Identifiable information is then converted into profiles and intelligence and probably retained 'just in case' a good deal longer than video tapes. After all, disk space is cheap.
It's worrying that technocrats seem so often to have a very limited and self-selected understanding of information privacy (see some more analysis of this gap at Public yet still private). They're not well equipped to have the crucial public good debate if they don't get how their technology works to create vast drifts of Personal Information where previously there was none.
A repeated refrain of Facebook’s apologists is that privacy is dead. People are supposed to know that anything on the Internet is up for grabs. It’s digital apartheid: the new digital Brown Shirts say if you’re so precious about your privacy, just stay offline.
But socialising and privacy are hardly mutually exclusive; we don’t walk around in public with our names tattooed on our foreheads. Why can't we participate in these networks in a measured, controlled way without submitting to the operators' rampant X-Ray vision? And why can’t the apologists see how they’re sucked into generating the vast fortunes of Zuckerberg et al? It's nothing inevitable about trading off privacy for conviviality -- it's just more lucrative that way for the PI robber-barons.
The privacy dangers of Facebook are real and present and run so much deeper than the self-harm done by some peoples’ overly enthusiastic sharing. The privacy of millions in the mainstream of Facebook is imperilled. Facebook crowd-sources the identification and constant surveillance of its members. With facial recognition, Facebook is building up detailed pictures of what people do, when, where and with whom. I can be tagged without consent in a photo that was not taken by me, and not uploaded by me. The majority of photos in the cloud were not uploaded for this purpose. And look closely: When you remove a tag, Facebook does not remove the underlying biometric template, nor do they undertake to stop using the template that has been gifted to them by innocents who just think tagging their mates is kinda cool.
It’s not cool, it's insidious! And it’s rapaciously commercial like everything else they do. Facebook places no limitations whatsoever on the secondary uses it makes of the Personally Identifiable Information it's generating (which in itself is at odds with European and other privacy law, hence the law suits now underway in Germany).
You know, if a government was stealing into our photo albums, labelling people and profiling them, there would be riots.