Jay Cline: Is privacy dead?

The NSA's former general counsel told the world's largest gathering of privacy professionals last year that the privacy laws they're championing are "stupid" and futile. Facebook's Mark Zuckerberg recently described privacy as a social norm we've evolved away from, and Google's Eric Schmidt famously proposed that the only people who need privacy are those with something to hide.

Are they right? Is privacy pass?

2013 privacy recap

Several developments in the past year definitely point in that direction. We all can't keep up anymore with all of the new digital innovations hitting the streets, such as Google Glass, wearable health-monitoring sensors and Ancestry.com's new DNA-linked family trees. Less and less of our personal information each day seems to be "off the grid."

At the same time, 2013 was the year we lost track of the limits of big-data analytics. Many of us saw the story about the researchers who could use your Facebook likes alone to predict with 88% to 95% accuracy whether you're black, gay or a Democrat. We saw the story about the newspaper that published a map of 33,000 gun-permit holders in two New York counties. We'd earlier read about the retailer that predicted a teenager was pregnant before her father knew it, merely by changes in her purchases of a group of 25 products. In 2013 we became fascinated with the different apps and TED talks that used data in ways we never thought possible.

But more than anything, this year we learned about the vast capabilities of the National Security Agency, which seemed to leave nothing digital out its hearing range.

When Sun Microsystems co-founder Scott McNealy boldly proclaimed in 1999, "You have zero privacy anyway. Get over it," was he a prophet preparing us for the inevitable?

Imagining a world without privacy

When the common wisdom is moving in one direction, there's often a lot of money to be made going against it. That's what I think is happening with privacy. The rumors of privacy's demise are premature. Privacy isn't even halfway dead, and if and when we see privacy's death on the horizon, we'll know then how much we're willing to pay to reverse course.

If you think I'm too naive or optimistic, take a minute to imagine what the world would look like with zero privacy. I suggest there'd be three telltale features of life in that day:

1) ubiquitous, inescapable collection of personal data;

2) near-perfect predictive capability of that data; and

3) mandatory availability of that data.

In other words, in a world without privacy, anyone would know anything there is to know about you on demand. Moreover, that information would tell anyone what you're going to do next and how you'd react to different scenarios and stimuli.

In a zero-privacy world, not all data would be created equal. I think six data vectors would stand out as the most valuable:

1) Our health capacity, including predicted longevity and strengths and weaknesses in our DNA. Prospective mates, employers, healthcare providers and insurers would flock to this data set if it materialized.

2) Our productivity capacity, including our natural aptitudes and predicted earnings potential. Match.com users and employers would top the list of customers for this data.

3) Our consumption instinct, such as what do we like to buy, how much, when and why, and our credit worthiness. Marketers are already paying for this data, but in an increasingly borderless world, tax authorities will find it easier to tax consumption than income and will also seek this data.

4) Our behavior instinct, including our public and private statements, beliefs, politics and capacity to act outside social norms. National-security and law enforcement agencies will seek this data, as will politicians.

5) Our social graph, including past and present family, friends, neighbors, classmates and colleagues. Marketers, criminals, national security and law enforcement will put this data on the top-six list.

6) Our location and predicted movement, potentially sought by marketers, the military and police.

These data sets would be the currency of life in a "total information-awareness" world, where people would be systematically and in real time classified into how valuable they were and how risky they were. With this information readily available, deviations from social norms would face immediate social and monetary penalties. Great deviations could face immediate reductions in liberty.

You could imagine without too much difficulty the following scenario unfolding in a total information-awareness world:

At 6:10 a.m., your "full night's sleep" app generates an alarm that also indicates you have no health reason to sleep further. You rise promptly, because you know doing so will prevent your lifetime productivity index from falling by about $1,000 per minute. From the kitchen, you spot the drone from your wellness coach landing on the table outside. It's carrying a breakfast of fresh local ingredients tailor-made to your DNA and body-mass goals. Minutes later, you don your Windows Glasses and dart outside for a half-hour jog. This exercise will boost your predicted lifetime longevity by four hours and reduce projected lifetime healthcare costs by $2,000, rates that will slightly diminish tomorrow. On the running path, you pass a throng of people also wearing Google Glasses and iGlasses. As you pass each one, a "friend" or "foe" icon pops up in your vision. A filter also pops up alerts for prospective spouses, business partners and criminals from your prefigured criteria. A left-eyelid blink would drill into their health and productivity profile, belief matrix and social graph, while a right blink would pull up suggested conversation starters. You pass a man wearing no glasses whose facial image is generating conflicting data in your screen. He's a "birther," a term that has evolved to describe the group of people trying to live off the grid who generally harbor conspiratorial views and religious beliefs contrary to the governing order. You pass a woman who isn't attractive to you, but your glasses say she's available and has the highest predicted children's IQ for your DNA that you've ever seen. You know that all of these fellow joggers, as well as your employer and all government agencies, can see all of this information about you too. You avoid darting off the path up an undeveloped hill, because that would boost your nonconformity rating tracked by law enforcement. As you turn onto a street -- populated by vehicles autodriven to preprogrammed destinations -- a startup wellness cafe delivers an ad to your glasses. The promotion offers to pay you $100 in Bitcoins to try the cafe's nutrient booster, which it projects it would recoup in just two months if you change your break routine and become a regular. The cafe should update its algorithm, you think, because your price for veering off course and alerting attention of the grid is probably closer to $10,000.

If this sounds like a far-fetched sci-fi novel, it should. The technical and legal apparatus needed to make it happen are present today only in an embryonic state. Many more technical advances would be required to produce that scenario, as well as a significant erosion in the laws that the NSA's former top lawyer calls stupid.

This is not to say the lovers of privacy and liberty are wrong in their concerns. I just think they're ahead of their time when they suggest that things have crossed a tipping point and are out of control.

But how far down the path to privacy oblivion are we? To help answer that question, I'd like to propose a privacy death index. It maps the three features of a zero-privacy world with the six high-impact data vectors outlined above. Then it assigns a simple numeric value to each of the 18 intersections -- or "privacy-threat vectors" -- based on what's happening in the current state.

In the table below, I've proposed values for the U.S. on Sept. 10, 2001, compared with the U.S. in 2014. But this model could be applied to any country.

If this table is anywhere in the ballpark, what does it tell us? Both sides of the privacy-is-dead debate will find that it buttresses their own argument. Converting these scores to a 100-point scale, the U.S. Privacy Death Index stood at a mere 13 prior to the 9/11 attacks and subsequent passage of the Patriot Act. In 2014, that index is perched at 37, a near tripling. Privacy hawks are right to sense that we've moved a long ways in the past decade.

But 37 isn't even halfway toward 100, and not one of the 18 privacy-threat vectors has hit the high-impact level 3. Nearly all of the easy advances appear to have been made, driven by the adoption of mobile devices, social media and big data.

Looking ahead, improvements in big-data analytics should take us closer to the midpoint of 50 on the privacy death index. But the path from 50 to 100 -- the death of privacy -- is littered with legal and constitutional obstacles. Traveling this path would require a governmental encroachment into the personal space not seen even in revolutionary colonial times.

I agree that some privacy laws are stupid and poorly written. But the vast majority of them compose the architecture of trust that is essential for American technical innovations to thrive.

Jay Cline is president of Minnesota Privacy Consultants. You can reach him at cwprivacy@computerworld.com. See more by Jay Cline

Read more about privacy in Computerworld's Privacy Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags GooglesecuritynsaAncestry.comprivacyFacebook

More about FacebookGoogleMatch.comNSAScott CorporationSun MicrosystemsTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jay Cline

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts