Why your friends' privacy settings matter more than yours

In the age of life-casting offered by Google Glass, you'll need to pick your friends wisely.

As the first of Google's goggles are dispatched, we're starting to see serious conversations arise about the implications of always-on feeds beaming every moment onto the cloud.  I've seen a few articles expressing alarm at the idea we'll be under constant surveillance by the people around us, and the necessary etiquette frameworks that will need to be hashed out as this kind of device becomes more commonplace.  Seattle's 5 Point Cafe became the first to ban the goggles, although this was more a savvy PR move than response to a legitimate concern.  It's not a particularly  new idea - anyone who's visited one of London's private member clubs will already be familiar with no-phone policies.

However, even as we struggle to get to grips with our own privacy settings on various social networks, we should spare a thought for whether our friends are following suit. It's not unusual for journalists to befriend someone on Facebook in order to access pictures of their celebrity friend, a leapfrog manoeuvre that my own pal fell victim to (not that it was me these hacks were looking for!). Life-casting promises to dramatically ramp up the sheer volume of data collected about you - locations, movements, activities, and if we want to stretch our imaginations a little, mood, partners, weight, social status...  Facebook's facial recognition ability should already have made it clear that you don't necessarily need to be tagged in a picture for Facebook (or anyone else) to work out that it's you. Unfortunately, many companies still insist on using terrible verification methods (*cough* Apple *cough*) to identify yourself - a weak system that can be exploited by the easy availability of personal data. I mean, postcode? birthdate? phone number? Who on Earth thought those were secure pieces of information? So your friends' data protection policies should be borne in mind. Are they being sensible about the way they share data that includes you? Can you invite a known loose-hand to a private event?

I thought about this today as I was setting up some encryption on my computers - a long overdue task. Because the content of my hard drive does not only concern me. To give an example, a close friend and avid urban explorers has, despite some close scrapes, managed to avoid attracting the attention of police despite finding his way into hundreds of forbidden areas, including a number of sensitive government-controlled sites.  However, when another group of explorers found themselves staring down the barrels of CO19's sub-machine guns during an ill-advised jaunt into a disused London tube station, their cameras and hard drives were confiscated and picked over by the authorities. Although my friend has been careful to avoid direct contact with police, these hard drives contain plenty of photos of him from shared trips. Now, should he ever be picked up, it would be easy for diligent police officer to connect him with a number of other trespasses. Ideally, everyone involved should have been encrypting their hard drives and taking stringent data-protection measures, but aside from being impossible to enforce, it would only take a single weak link to expose the group, making such efforts rather fragile.

So, if you're anything less than a model citizen, the question is: are your friends taking privacy as seriously as you?

Tags

More like this

You should be deeply concerned even if you are a so-called "model citizen", simply because what constitutes a model citizen today will not necessarily hold true tomorrow, next year, or next decade.

But surely this goes way beyond encryption because encryption can be broken. The question of how your friends have to protect your data (or data that concerns you) is an important one and changing it will involve changing behaviours.

By Khalil A (@not… (not verified) on 12 Apr 2013 #permalink

Khalil - yes, absolutely life casting (and increased recording of social data in general) will require us to develop new etiquettes, and I think that's a fascinating thing to ponder. Where, for example, will always-on devices such as Google Goggles fall in spectrum between overt recording (such as taking a photo) which we are comfortable with, and covert recording (such as a dictaphone) which we find suspicious?

Even a model citizen could have data that could be misconsrued by a zealous prosecutor. They get known and promoted for conviction rates around here. A simple case of a friend involved in something about which I know nothing, but the data tie leads them to me. And whatever that tie is can be enough "evidence" to get you treated as a suspect.

In the end it may turn out that people who make themselves into volunteer surveillance drones or walking telescreens for Google, end up regarded as insufferable arseholes, in a manner similar to people who drive drunk or light up in nonsmoking areas.

I'm hardly as worried about the police, as I am about the private sector. If you're suspected of a crime, you have due process rights. But current and future employers, financial institutions, and so on, have no such checks and balances on their power. For example in many parts of the US, there is no protection from discrimination based on political beliefs: and people have been fired from their jobs for things as innocent as Obama stickers on their personal cars.

Now we also see employers attempting to get at their employees' health data (CVS pharmacy), and attempting to spy on their employees' grocery store purchases (first with "incentives" to "eat healthy", but in time, with penalties).

These kinds of things: Google Glass, "predict and control," "nudge," and the rest, are basically private-sectorized forms of totalitarianism: East Germany wrapped up in consumer packaging.

Enough was enough long ago. And those who forget history are rushing headlong like lemmings to repeat it.

For now our best bet is to make Google Glass as unacceptable as smoking in elevators.