Tuesday, August 31, 2010

Privacy? We don't need no stinkin' privacy

The tug of war continues between privacy and network-enabled conveniences.  To support that thesis, herewith some clippings from my comment-sometime-on-this-stuff file.

Your cell phone (unless it's a many-years-old relic) reveals your location. That is: most cells contain GPS locators or accomplish the slightly less accurate equivalent by triangulating your position from nearby cell-phone towers. So, naturally, many online services want to track you. Think the only downside is too many discounts sent to your cell as you walk by stores? Read this PC World essay by security consultant Dan Tynan.

Love your smartphone? No doubt, but how secure is the data you store on it? Sure, there's sensitive data on your PC, too -- but it, hopefully, is behind a firewall. Mobileburn reports a major breach in the security of the new, popular Android OS for cell phones. So how sure are you about storing your credit-card info on your cell for shopping convenience?

My stories "The Day of the RFIDs" and "The Night of the RFIDs" looked ahead to the privacy risks inherent in smart wireless tags in, for example, clothing. (Ditto my nonfiction article, "Beyond This Point be RFIDs.") Far fetched? Actually, the future is here.  Last month Wal-Mart announced its plans to put RFID tags in individual garments.

One reason to worry about someone reading RFID tags is that neither privacy-centric public policy (should one ever emerge) nor the good intentions of data collectors assures data will be used only appropriately -- even assuming we could agree on uses that are appropriate. How secure are big data repositories? The National Security Agency's 'Perfect Citizen' program primarily worries about mayhem made possible by networked access to infrastructure (as did, in part, my 2008 novel Fools' Experiments), but it also begs the question of organized crime finding some data repositories too tempting to leave alone.

Yet to come on any large scale -- but eminently doable -- is RFID chips implanted in people. Some pets are already chipped, allowing them to be IDed if they roam. Chipping people offers some real advantages, such as a repository for medical records instantly available for patients who are unable to speak for, even to identify, themselves. But how secure will the data be on your chip? And will the chips all of us may someday carry become vectors for spreading malware to computers? The latter has already been done, at least as a stunt.

"Privacy is dead," we were told by Bill Joy, the Chief Technical Officer of (defunct) Sun Microsystems. Now Mark Zuckerberg, CEO of Facebook tells us the same thing. Having helped to kill it, so he should know.

We live in interesting times ...

2 comments:

Robert said...

With the advent of long range, and more reliable biometrics it will not take an implanted chip, or a key-fob to identify you. A fingerprint on a modified touch screen, a face on a camera, an audio recording of your face, all things that could identify you.

What would it take for you to register yourself with a voluntary National ID program?

Edward M. Lerner said...

Q: What would it take for you to register yourself with a voluntary National ID program?

A: A brain transplant.