I’m off to Ottawa for the 2nd Annual Privacy Personas and Segmentation (PPS) Workshop which is being held in conjunction with the Symposium on Usable Privacy and Security (SOUPS).
The organizers selected me to give the keynote for the workshop, and I’ve produced a provocation for them. Here is the introduction:
Users are notoriously bad at safeguarding their online privacy. They do not read privacy policies, which in any case are mostly contracts of adhesion. They make over-optimistic assumptions about protections and dangers.[15] They use weak passwords (and repeat them), accept cookies, and leave their cell phones on thus facilitating location tracking, which is vastly more destructive to privacy than almost any user grasps. [8] Contrary to Alan Westin’s privacy segmentation analysis [31], most privacy choices are not knowing and deliberate because they are not within the user’s control (e.g. surveillance in public). Other ‘choices’ happen because users believe, correctly, that they in fact have no choice if they want the services (e.g. Google, mobile telephony) that large numbers of consumers consider necessary for modern life. [27]
The systematic exposure of the so-called “privacy vulnerable” user [27] suits important public and private interests. Marketers, law enforcement, and (as a result) hardware and software designers tend towards making technology surveillance-friendly and tend towards making communications and transactions easily linkable.
If we each have only one identity capable of transacting–even if it is mediated through multiple logins–and if our access to communications resources, such as ISPs and email, requires payment or authentication, then all too quickly everything we do online is at risk of being linked to one master dossier. The growth of real-world surveillance, and the ease with which cell phone tracking and face recognition will allow linkage to virtual identities, only adds to the size of that dossier. The consequences are that one is, effectively, always being watched as one speaks or reads, buys or sells, or joins with friends, colleagues, co-religionists, fellow activists, or hobbyists. In the long term, a world of near-total surveillance and endless record-keeping is likely to be one with less liberty, less experimentation, and certainly far less joy [16] (except maybe for the watchers). In a country such as the US where robust data-protection law is deeply unlikely, a technological solution is required if privacy is to continue to be relevant in the era of big data; one such, perhaps the best such, technological improvement would be to create an IMA designed to give every person multiple privacy-protective transaction-empowered digital personae. Roger Clarke provides a good working definition of the “digital persona” as “a model of an individual’s public personality based on data and maintained by transactions, and intended for use as a proxy for the individual.” [4]
Whereas Clarke presciently saw (and critiqued) the ‘dataveillance’ project as being an effort to create a single, increasingly accurate, digital persona connected to the person, the objective here is to undermine that linkage by having multiple personae that would not be as easy to link to each other or to the person.
(Updated to correct link to workshop.)
I have recently decided to forego the nominal savings offered by many retail establishments if I use their “members” card. The use of cash and no members card pretty much isolates me from their data harvesting. One home improvement chain often asks for a phone number in case something needs to be returned. I don’t refuse, but I don’t provide a real number either.
I usually have my cell phone location services turned off but I’m sure location can still be closely followed. When I start shaping tin foil hats I’ll know it’s gone too far.