The recently passed, but not particularly publicly discussed, Australian Privacy Principles (APP), in part say that:
… an APP entity that collects personal information about an individual to take reasonable steps either to notify the individual of certain matters or to ensure the individual is aware of those matters (generally referred to in this chapter as ‘APP 5 matters’). The term ‘collects’ is discussed in Chapter B (Key concepts). Reasonable steps must be taken at or before the time of collection, or as soon as practicable afterwards. ~ APP 5.1
So here’s part of the privacy problem to ponder.
Once upon a time we had sovereign boundaries and had sovereign laws. These laws included, still include, privacy legislation such as the APPs.
Such laws have been good, bad, ignored or abused. But we have them and they are ours to live with or to change.
Enter the internet.
Connectivity is a great thing. The global village is a great thing. Cheap Chinese tellies are a great thing,
iStuff is a lot of great things but, these days, increasingly we have no idea of where we, the state, our e-Stuff, or any other legal boundary actually begins or ends.
And let’s add to the mix the ideas of the Internet of Things, ‘big data’ and the ‘quantified self’. Many more scholarly folk than I can talk about the pros and cons of these upon our society.
But what I really want to explore is how these tech-things may (or may not) assist us to maintain our privacy.
First let’s look at some numbers that may, one day, underpin the Internet of Things.
A neat little tech-thing called IPv6
To misquote Douglas Adams, IPv6 is big.
You just won’t believe how vastly, hugely, mind-bogglingly big it is.
I mean, you may think it’s a long way down the road to the chemist’s, but that’s just peanuts to IPv6.
A decade or so ago, the size of this problem came home to me when I was reading the detailed draft specification for IPv6.
From memory, and I freely admit that I may have the numbers out by a zero or two, IPv6 is capable of supporting a device density of some 2.9 x 1015 per square metre of the entire Earth’s surface.
Others have said:
… we could assign an IPv6 address to every atom on the surface of the earth, and still have enough addresses left to do another 100+ earths ~ Steve Liebson
At the moment, we probably have, say, 10–20 devices in a single westerner’s house.
My assumption is that everyone lives in the inner-city of Sydney and, to keep my maths simple, we’ll also assume a modest house size of 100m2. My next assumption is that all the outside space that doesn’t have houses (covered with trees, cows and water), has a lot less internet devices (for the moment, anyhow).
Let’s take my dodgy numbers and assume that every 100m2 house has two people using 10 devices each. That gives us a current yield of one device per square metre.
More importantly, each of those 10 devices are capable of telling the world about us, our spending habits, what we watch, when we watch it, what we might want for dinner tomorrow and that the milk is about to reach its use-by date. All good so far.
Now if you’re still reading this, I’m assuming that you’re a bit of a technologist and know about changing default passwords, etc.
But many, many more within our community either don’t know, or don’t want to know because of the general complexity or a promise that using device x will provide you with a ‘free’ service and in return all you need to do is to give ‘them’ some of that innocuous, amorphous data about the quantified you.
As we get more devices, the complexity expands as our cereal packages and clothes come with Wi-Fi, etc.
Last week I bought myself a new toy.
It’s an LED E27 light bulb with a Bluetooth speaker in it — an invention that I had been waiting a decade or so to arrive, as my ensuite bathroom has a concrete ceiling and I had no way, short of chasing a channel into the concrete, to get decent quality speakers installed.
Yes, OK, it’s a first-world problem, but the technology genie solved it for me, and all for under fifty bucks, delivered to the door!
So as our light bulbs, fridges, socks, undies, books, paint and every other atom on our planet is registered on the Internet of Things, our ability to track, control and monitor our devices will quickly approach zero for the majority of the populace and reach a point of diminishing return even for the most zealous.
To be fair, we may never lose a sock again as we will be able to zero in on it using its location services, so there’s always an upside.
What will these thousands or millions of devices collect? Well, probably, a lot
Our metadata, geodata and just about everything else can either be collected directly or inferred by heuristic big data algorithms by who knows who and where.
Yes, there will be government operatives (friend and foe), but the corporates will (and do) also use this data to market directly into the patterns that you probably don’t even recognise in yourself.
The temptation is to think that the big data generated will keep us safe, as no one will be able to pump through such an amount of data in any meaningful way.
Of course, this is not true.
Take the SKA (square kilometre array).
This ‘telescope’ will be gathering exabytes of data by 2020.
Now, how much is in an exabyte?
Put simply, the SKA alone will generate the same volume of data in a day that we are currently generating in a year (i.e. not electronic data but all data, including each word uttered by all seven billion of us).
This will mean that we (or someone) will have to collect, shunt and store orders-of-magnitude more data and make sense of it before the sun burns out.
As individuals, or small populations, we are facing an asymmetric power play.
The data collection arms race may be already lost at the individual level.
Who’s left to fight the good fight then? Well, that’s a good question
We have strong privacy legislation, a strong culture of privacy and a healthy stick-it-to-the-man finger in the face of authority, right?
Maybe. But it’s become moot when our lives overflow with data leakage which flows across borders and extends logically around the world where personal privacy is actively scorned or legally compromised.
Good governance, policy and legislation will assist, but I’m not seeing any international commitment to protecting an individual’s privacy. I don’t have an answer, but I do know that we need to have the conversation — and have it quickly.
So for now, lets go back to first principles.
We (well, someone) has to actually understand and articulate the issues, then begin a national and then international conversation that speaks to our fundamental rights to control our own digital destiny.
Can it be done? Probably.
Is there the political or commercial will do to it? Probably not.
In the absence of a credible debate, the tsunami of ‘free’ services will continue to overwhelm us as we are dragged into the tumultuous ocean of compromised data — the value of which we don’t even know we’re giving away.
In short, it’s depressing and it’s probably time to dust off my Nokia 8210.