From the “I-Told-You-So!” Files
Back in the heady days of the 1990’s (ah, when life was so much different than it is now, what with the economy strong, the job opportunities available,…), a former colleague of mine (Dr. Barbara Flood) and I did a series of colloquia trying to raise awareness about the growing assault on privacy, resulting in the ASIS (American Society of Information Scientists) 1997 Washington D.C. meeting. As part of that meeting, we submitted a paper (“Creeping Peoplebases”) and I, in turn, submitted this paper.
Written in 1997, much of the technological specifics are a little out of date, but this article did (in large part) lend to the creation of Lutz’s Law of Privacy: “There is an inverse relationship between privacy and convenience: the more you have of one, the less of the other.”
But the approach hasn’t changed – and, in fact, it’s only gotten worse. With the recent news of Verizon releasing user’s call logs to the U.S. Government, along with the growing list of other privacy ‘breeches’, it leaves one to wonder where all of this going?
Breaking open a time capsule, read this blast from the past of over sixteen – 16! years ago; see for yourself where we stand,…
1997 ASIS Mid-Year Meeting Preview
“Monitoring Your Movements”
by W.E. Lutz© 1997 ASIS
“Suppose I had a good friend here in the Bureau,” Mallory said.”Someone who admired me for my generous ways.” Tobias looked reluctant and a bit coy. “It ain’t a simple matter, sir. Every spinning-run is registered, and each request must have a sponsor. What we did today is done in Mr. Wakeﬁeld’s name, so there’ll be no trouble in that. But your friend would have to forge some sponsor’s name, and run the risk of that imposture. It is fraud, sir. An Engine-fraud, like credit-theft or stock-fraud, and punished just the same, when it’s found out.” “Very enlightening,” Mallory said. “I’ve found that one always proﬁts by talking to a technical man who truly knows his business. Let me give you my card.”
(From the book, “The Difference Engine” by William Gibson and Bruce Sterling)
We understand the many means by which our daily activities are accessed and used for speciﬁc purposes via transactional databases. We are also aware how databases from credit cards track our activities and movements and how magazine subscription listings betray our wants and desires. What we overlook, however, is how our image — our physical appearance — is accessed and employed without our consent or knowledge. Image processing, combined with routine databasing and commercially advanced tracking devices, add a new dimension to the erosion of our privacy. The routine access of personal information combined with the physical monitoring of movements creates a growing,dangerous threat to personal privacy.
The Power of Imaging Systems
Imaging systems are high-speed multi-processing portrait storage and retrieval systems. Portraits or images of individuals are taken via electronically scanning cameras, with any accompanying data ﬁles automatically linked to any computer-generated portrait. This combination of data ﬁle acquisition (ﬁngerprint, background information, prior history) with electronic mug-shot imaging offers a powerful tool for law enforcement agencies. The power of imaging systems cannot be underestimated. It is an uncomfortable fact that many police background checks for newly arrested suspects often take 24 hours. Suspects arrested for minor offenses often are released without the arresting law enforcement agency’s knowledge of the suspects prior criminal record, owing to delays associated with standard ﬁle checks (i.e., non-imaged police data systems). An average arrest takes approximately 60 to 90 minutes to process — ﬁngerprinting, mug shot, ﬁle processing and statement preparation. Cross referencing with state and federal databanks often requires a delay up to 24 hours. But, according to the Camden Police Department, the use of imaging systems can cut back the average arrest time to approximately 15 to 30 minutes. Imaging systems offer unprecedented portrait manipulation and rapid data retrieval of all associated ﬁle information for law enforcement. For a growing number of agencies, gone are the days of ink ﬁngerprints and the piles of tiresome mug shots. Imaging systems allow agencies to simply type in a rough description of a perpetrator based upon eyewitness account. In some imaging systems, simultaneous access to SCIC (State Crime Information Computers) and the FBI’s NCIC (National Crime Information Computer) is enabled, allowing direct link-up with any known federal or state suspect list within a matter of minutes.Imaging systems are becoming more prevalent outside of law enforcement. ATMs (Automatic Teller Machines) and surveillance cameras in convenience stores are another form of imaging documentation. Although a far cry from the imaging technology used in law enforcement, the potential is still present.
For example, in the Pepsi/hypodermic needle scare of 1993, the culprit was captured on a video camera in a Colorado convenience store. The public hears this and breathes a sigh of relief, knowing that yet another evil perpetrator has been captured. Note, however, that the capture was made after an intensive search through millions of video images taken from thousands of convenience stores nationwide. Out of all those thousands of convenience stores and from those million or so video shots, the single incriminating video still-shot of the crime was found! Based upon the single freeze-frame image, the perpetrator was caught and prosecuted.
The wonder of modern technology is renewed when one appreciates the amount of time and human resources such actions would have taken but ﬁve years ago. As video cameras are often used to monitor employees (casinos, high-security locales such as computer chip factories or other such industries), surveillance cameras are increasingly employed as a panacea for dealing with crime. Recent federal grant awards illustrate a growing trend of public housing authorities using video cameras to monitor and prevent illegal activities. DEA (Drug Enforcement Agency), FBI or the ATF (Alcohol, Tobacco and Firearms) account for a number of video cameras within high-crime locales, with criminal activity dramatically evaporating for fear of being captured on record. Local police agencies are not loath to spread rumors and gossip regarding potential locales as a means to further deter illegal activity — often when no such cameras or agencies are actually intended or involved.
Beyond Surveillance Cameras: Automobile Tracking Systems
Video cameras are not alone in tracking one’s physical movements. In New Jersey, a proposal for automatic toll collection by several previously non-linked authorities would allow motorists to open and maintain a common account with agencies participating in the automatic toll collection service (author’s note: this has long since been approved and is now active). Using strategically placed magnetic stickers, motorists could drive past automatic scanners without stopping to pay a toll collector or a cash receiving machine. The ﬂip side to this convenience is that the participating motorist could be readily tracked while driving through toll booths across the state. Other new vehicle tracking technology has also recently appeared. LoJacks, installed in standard passenger vehicles, are gaining in popular usage, particularly in New York, Boston, Newark and Los Angeles. LoJacked vehicles possess a speciﬁc signature signal identifying the vehicle identiﬁcation number (VIN). Each vehicle is thus uniquely identiﬁed so as to prevent confusion with other LoJack beacons. Upon the report of a stolen vehicle, police cars equipped with LoJack scanners cruise their assigned areas, literally homing in on the speciﬁc signal emitter (which ﬂashes a signal every ﬁfteen seconds) of the stolen car. In some areas, the installation of LoJacks is credited with a drop of up to 50% in vehicle thefts. The combination of imaging/picture tracking systems and powerful database sort/retrieval presents a new breach in the wall of privacy. It is no longer just a question of personal information being accessed by the varieties of databases, but rather how the average citizen is increasingly tracked in relation to this personal information. We know who you are, where you’ve been and what you’ve been doing. Soon, we will know speciﬁcally where you are at any given time.
Addressing Our Perceived Need for Security
As Pogo said, “We have met the enemy, and they is us.” Breaches of privacy are actively encouraged. Federal monies are offered to housing authorities for surveillance systems. We think nothing of cameras which record our every move in stores, shopping malls or at ATMs. Insurance companies offer discounts of up to 25% of annual rates for those who install LoJacks, while commuters welcome the convenience of rushing past time-consuming toll plazas. Privacy protection efforts are few and presently hold little promise. Many county sheriffs encourage families to image their children – that is, to store the personal characteristics, background information and images of children within law enforcement databanks to allow for ready and rapid retrieval if the children are kidnapped. Although one cannot argue against the safety of children, one should question the underlying premise of fear. Committing oneself and one’s children to any information system is an act fraught with long-term consequences and should be considered carefully.
Cable Television: Who Is Watching Whom?
Another vivid example of overlooking how convenience creates privacy invasion involves recent advances in cable television technology. Many cable companies employ a standard cable TV box manufactured by General Instrument (Jerrold boxes). The latest General Instrument development is the CFT2200, which, unlike most cable TV boxes, can both send and receive signals, thus facilitating pay-per-view without having to employ the telephone line or answering TV polls. Upon review, it would appear that the CFT2200 can employ home telephone lines for operation and would eventually allow for full usage of ISDN lines. Potentially, these boxes could allow for direct informational access
(i.e., Internet service providing Web TV) and may very well serve for the next wave of data access. What is disturbing about this development is the ability of cable companies to conduct real-time monitoring of viewer’s preference in TV entertainment and information access, offering simultaneous send/receive signals while the viewer is watching their shows. A detailed record of what, when and how long a viewer watched any particular show at any given moment is enhanced through new cable television technology. If the average consumer were aware of this fact prior to purchase, would so many readily accept? The difﬁculty lies in the average lay person understanding the power and extent of the technologies arrayed against the common person; it is this knowledge gap which makes resolving the issues surrounding the protection of privacy a formidable challenge. Many cannot readily appreciate the subtleties surrounding esoteric cable television services or imaging/monitoring technologies. As information professionals, we can share the vitality of an Internet search engine or personal communication system for common household usage while seeking out protection against privacy abuse. The question remains: where do we draw the line between the sublime and the extreme?
Options and Considerations
We are witness to the demise of our notions of privacy; this trend is congruent with rapid technological development. Luddites could argue that as technology grows, privacy dissipates; thus, technology must be curbed (so the argument goes). The genie is, however, well out of the bottle. Modern conveniences and economic advantages far outweigh any notions of denying the beneﬁts and comforts which we amply enjoy. The approach we must now initiate rests upon legislation and education.
Education and awareness on the part of those who know and understand the reality of their surroundings remains the key to ensuring privacy. Proprietary information will remain such, but the key to economic success will be that of creative dissemination of the uses of proprietary data and/or developments. If the general public is aggressively enlightened in the ways and means of information technology, then it follows that perhaps we can expect the general population to be more discriminating when it comes to privacy protection. Just as we speak of a green consumer culture, so too we might encourage the beginning of a privacy culture. True privacy could be an emerging marketing approach given the right impetus. Effective legislation must come into play if we are to prevent further erosion of privacy. Perhaps we should consider employing European laws as models for the control of personal information and the protection of privacy. Database access or use of one’s name or other personal information could be subject to the individuals’ prior approval and/or payment — similar to royalties — with violations subject to substantial monetary penalties. The logic is inescapable: if private/public entities gain a proﬁt from the sale and/or use of our personal information, then we should receive royalties, if we choose to participate. Those who seek not to participate in the sale and dissemination of their information should be permitted, under strict legislation, to opt out with strengthened privacy guarantees.
The time has come to reach out and enlighten legislators about the issues surrounding privacy. Some cultures hold that taking pictures of individuals and/or places robs the soul or essence of the place or person; arguably, this is now taking place. The act of taking pictures — regardless of public safety or security — constitutes an act of capturing our image without our permission. Similarly, when information is accessed — habits, purchases, proﬁles — could it not be argued that this is the theft of our truest proprietary data — our identities?
In the coming century, our identities will be how we appear on innumerable databases; our visage reﬂected in the hidden cameras and how we stand within society’s walls deﬁned in the roll calls of databases. The time is right, therefore, to educate both the public and legislators about the relationship between ourselves and the tools which gather information about us and our fellows. Given the prevalence of modern technology, it is time to recognize that our tools are but an extension of ourselves, the surveillance cameras reﬂecting back our images. How we view ourselves ultimately determines how we view and shape our future. How better than to smile into the camera with a conﬁdent cheer?
The original copy can be also found here: http://www.scribd.com/welutz
William E. Lutz is a professional consultant involved with matters pertaining to security, privacy as well a records management. More about his work can be found via his LinkedIn proﬁle of http:// http://www.linkedin.com/in/williamelutz as well as via his website of http:// http://www.welassociates.co.