The Information Mosaic
"If you have nothing to hide, you have nothing to fear"
You've likely heard this before, you may even have voiced the notion yourself. I am here to tell you why, and how, this seemingly logical statement is full of more bullshit than I, or any other computing professional with a moral conscious, can stand. To begin. here's a story:
A former professor of journalism at Columbia University, Peter Kimball, was denied government posts, academic appointments, and applications for passports. Why? Because a comment from a referee snowballed into a massive document portraying Kimball as a communist sympathizer and an undesirable citizen. All it took was two events, an application to a government position where one reference questioned his political views, and rejecting a government position in favor of one at a newspaper. A few small pieces of information, and over the course of 30 years, this man's file showed up on the desk of J. Edgar Hoover.
The worst part? Kimball didn't even know that allegations had been made against him. Only a Freedom of Information Act revealed the history of surveillance that plagued nearly his entire career. He wrote a book, The File which you can read if you're interested. Kimball didn't try to hide anything, yet hidden from him were deliberate distortions of his character. Ask yourself now, did Kimball try to hide anything? did he have anything to fear?. In my opinion, being classified as: a "dangerous national security risk of doubtful loyalty to the U.S. government and institutions" would concern me, I would be afraid of how the government would want to deal with this "danger". Yet, nothing was hidden, and still he was seen as suspect and guilty.
But it's not always targeted surveillance that causes problems for individuals, and it's not always applications to government positions either. No, sometimes the person being affected is "the little guy", and all they did was match a record stored on a computer somewhere. Any type of record keeping on citizens can lead to error, and can lead to matters of personal security.
The Department of Motor Vehicles has a list of addresses for citizens, sometimes for a fee, sometimes for free, these addresses can be acquired. Rebecca Schaeffer of California was murdered by an obsessed fan who used the DMV records to find where she lived. Nothing to hide, nothing to fear, except for your life in this instance.
But that's an actress you say, no way could that happen to me, to "the little guy". Martin Lee Dement spent two years in Los Angeles County jail because the Automated Latent Print System that matches fingerprints matched his to a suspected criminal. If it wasn't for manual checks done to another suspect's fingerprints he wouldn't have been cleared. Incorrect records of finger prints, something which can be done for jobs, misdemeanors, or military service, resulted in a man losing 2 years of his life for nothing. Nothing to hide, nothing to fear.
Government positions, public records, and mismatched database records aren't a common occurence you say? You're still not convinced? Ok. Here's the scenario I paint for friends who I talk to about these types of things in order to sketch the gravity of information. You've been employed for a number of years by MegaCorp Incorporate. Recently, you had your annual check up and were diagnosed with cancer. It's not benign and your doctor informs you that you'll need chemotherapy to fight it.
Work's been really busy lately so you've been using your company laptop for private correspondence and to tell your mother about these things when you had a chance. However, you don't want to tell your friends quite yet. You've done a few searches online for information about cancer and purchased a book about it. To avoid the concern from friends, you also buy a wig to avoid questions about your hair loss. Once you've been on chemotherapy for a while, you've lost some weight and take more sick days than usual.
When taken individually, a book purchase, an internet search, a wig purchase, increased sick days, and weight loss mean little. After all, a book purchase on cancer could be interest, or perhaps for a friend. A search could be prompted by an article or passing curiousity. A wig purchase could be part of a halloween costume, or if out of season, a convention or costumed event. An increase in sick days could be a result of sickness going around your child's school, or a bug in the office. And weight loss could be the result of exercise or diet.
But when taken in context. A book about cancer and a wig is suspicious. An increase in sick days combined with this? An increase in interest of dealing with cancer or finding support groups online? This type of information mosaic combines to create a full picture of an individual struggling to deal with a new illness. And one which they would have preferred to keep private.
Yet, when it comes to the internet, government collection of records, and advertisement related tracking, this type of monitoring is exactly what's being built. The ability to harvest and monitor behavior online, and to build profiles of individuals, is sold to the highest bidder, with 0 oversight into how the information is used. If you've ever read anything about privacy you've no doubt heard the phrase: "You are the product". When it comes to Facebook, the reason your profile is free is because your data can be sold. It is used by advertisers, and despite their protests, the government can request the information on users and tell the company to be quiet about the request itself.
You might think that searching for something online can't be tracked back to you. After all, so many people request information all the time. There's no way that it could be shown to be coming from you, right? No. In order to "deliver you the most useful and relevant ads" Google will use your search queries, sites you visit, and other Google Account information to show you more relevant ads. This data collection in order to serve you advertisements is what powers most of the profit on the web. Companies pay top dollar to get their ads in front of you, when you click them, or you click that inflamatory headline that leads you one step closer to them. you leave a trail of information behind you. Individually, these pieces mean nothing, just like in the cancer patient case, but together? Together your internet usage can paint a clean enough picture that a marketing agent can tell your political leanings, they can tell what your interests are, where you might have traveled, what food you like to eat, your age group, your gender.
If two incidents in the life of Peter Kimball, pre-internet era, can result in 30 years of suspicion, what does a decade of spying on innocent americans enable? When a government can force the marketing data attached to your name, your personal google profile, that contains sites you visit, search queries, and mail contents from a company by request, without informing you, what file is being built for you? With the era of information technology allowing instant querying of gigabytes of information against these databases, is it paranoia to be concerned?
It is not a question of whether or not you have anything to hide, but if it is even possible to hide in the first place. In 1971 the National Security Agency requested a high-temperature incinerator to dispose of the printouts and documents it generated each day. The incinerator was capable of destroying six tons of paper per hour. And was required to be capable of destroying thirty six tons in any eight hour shift. At that time, the agency was able to intercept and analyze 70% of all telephone, telex, data, and radio transmissions generated on Earth. As the internet came into existence this number dropped, but with the amount of governments focused on surveillance, it surely has been rising, perhaps one of the most notable cases being the recording of every cell phone call in the bahamas.
One might ask, why? What justifies these actions? The age old excuse is security. And to some extent, surveillance can legitimately help track drug dealers and cartels, but the cost of these procedures is huge. Even if the databases created during these times are purged after their use, the information is shared between agencies. It is duplicated. Any good system administrator will create back ups, and just because we think of government websites as incompetant doesn't mean that they are. There are good people working there, and many take their job very seriously. Once the data is made in one agency, it will flow to others in the form of "tips", and there is no stopping that.
A Call to my fellow Computer Scientists
The only way we can do anything about it is through an overhaul of the system. Clear guidelines and channels of communication, more transparency, and above all else, to stop treating human beings as numbers in a database. An ID number or social security number is not a person, and it's easy to forget these things when dealing with large volumes of data. The ACM Code of Ethics and Professional Conduct section 2.7 states:
Improve public understanding of computing and its consequences Computing professionals have a responsibility to share technical knowledge with the public by encouraging understanding of computing, including the impacts of computer systems and their limiations. This imperative implies an obligation to counter any false views related to computing.
To any person who dares call themself a member of the Computer Science community, this simple section demands we inform our friends, families, and anyone who will listen about the impact of our work. An obligation to counter false narratives or corporate and government agents who seek to undermine the 4th amendment and reduce our humanity to an entry in a database. More so, the ACM Code explicitly states in section 1.7:
Respect the privacy of others Computing and communications technology enables the collection and exchange of personal information on a scale unprecedented in the history of civilization. Thus there is increased potential for violating the privacy of individuals and groups. It is the responsibility of professionals to maintain the privacy and integrity of data describing invididuals...
We are torn everyday between our jobs, pressure from management, and our conscious. As engineers we have a duty to our employers, and we have a duty to our fellow people. Advertisement problems might be fascinating, but losing site of the human element in favor of trying new technology is tantamount to casting aside moral judgement. Capturing the data flowing in and out of an entire country poses a unique and fascinating set of challenges, but curiousity and the desire to see if we can do it should never override the rights of another human being.
Information technologies enable the creation of the information mosaic, but they must also put the glass around the painting and protect the pieces from harm and prying eyes. The ACM has guidelines and a code of ethics, this should be read by everyone who enters into the computing field. I have stood in the way of a marketing department before and refused to implement changes based on this code. And I expect anyone who cares for others, and for the consequences of their actions to do the same. Empowerment of the user is something many developers often tote, it's time that we fight for the user.
This is not a call to protest in the streets, it is simply a request to have integrity in your day to day work. And through collective effort, the industry can be made more aware and these issues mitigated so that the average citizen can be a background piece in the painting, and not the subject.comments powered by Disqus