Seen. Recognised. Tracked.
Can you imagine trying to explain today’s privacy debate to your grandchildren?
I can. It’s awful. I’ll probably have to call it the 2010’s ‘Privacy Wars’ just to keep them on the rug. 2007 won’t be the year of the first iPhone for them, or the beginning of the age of the always-on-everythings that tracked grandpa and his friends around the world from space. They won’t understand what, if anything, about that was considered cause for alarm. Even when I explain what Ashley Madison was.
It will mean nothing to them that in September 2017, the daily number of daily connections to the anonymizing TOR network from the UK was somewhere between 70,000 and 80,000 per day. In 2014, the estimated value of the global Virtual Private Network (VPN) market was $45 billion – expected to grow to $70 billion by 2019. And if you plot the value of the Pound against the sort-of-but-not-quite-anonymous Bitcoin, a baby economist dies.
Privacy – both the protection and breaching thereof – is big business. But are we already further along than we think? What comes after that? What will we tell our grandchildren?
‘Broadcasting your identity to the world’
“In terms of surveillance of your communications, then there’s all sorts of information: which websites you’ve been visiting, who you’ve been phoning – that kind of thing,” says Dr. Joss Wright, of the Oxford Internet Institute. “That [data] is not so much in the physical realm, but there is increasing crossover: the signals – or ‘track-ability’ – of devices by [way of] the fact that they are broadcasting data and connecting to information.
“Your mobile phone, because it connects from cell tower to cell tower, can be localised to within a couple of miles based just on when your mobile phone was connected to a particular tower. Then there are Wi-Fi connections. Your phone is constantly spewing out ‘seeking packets’, to see what Wi-Fi networks might be available… Your phone tends to send out the names of networks that you’ve connected to before, to see if they’re around.
“So, if your phone is connected to [your home network] it also tends to be broadcasting the name of that network as you’re walking around, and obviously that can be traced. [And] if your device’s Bluetooth is on, it will often be sending out pings looking for local devices around.
“When your phone or your laptop is communicating over a wireless network or Bluetooth, it’s got a globally unique identifier – the MAC address. Which given that your phone tends to live on you almost 24 hours a day, means that you’ve got effectively a device that is broadcasting your identity to the world from a physical location, and any network that happens to be listening in a public space can locate that.”
Follow the money
After years of headlines, at least some of that will sound faintly familiar to most people. But putting your data about indiscriminately isn’t, in itself, a nefarious thing for your phone to be doing. What matters is who might be listening, and the businesses waking up to the idea that this could be an excellent new way to profile new customers.
“Where this could go looking forward, obviously a shopping centre or an advertiser is going to be very interested to know who is seeing their adverts,” Wright continues.
“[Say] you walked past a [billboard]. Did you pause for a couple of seconds to look at the advert that was being displayed? If so, they can infer that you had some interest in that advert, and then potentially that… could feed into a profile about you. The next step up [could be]: if your phone is detected passing an advertising board, perhaps they might display an advert that was of interest to you as you walk past. This is where it could go on the corporate side.”
OK: a little unnerving, maybe. But not exactly Dystopian, in isolation. But the commercial interest in tracking consumers movements won’t be in isolation: it will be in harvesting as much information, on as many people, to build as accurate a profile of each, as possible. And as the prevalence of smart devices shows, we seem to be tacitly OK with that.
“People have very counter-intuitive and gut-instinct-level concerns with privacy,” says Wright. “If you let somebody know that Google is watching their communications in a relatively abstract sense – if you say, ‘to improve our service to you we will give you this free service in order to [show] some relevant adverts to you,’ people tend to say, ‘Oh, yeah, that’s OK.’
“If you reframe it as, ‘We’re going to scan through all of your private e-mails and build a profile on you so that we can target you more effectively,’ people start to be a bit more concerned. And then obviously when a privacy breach happens – as a hypothetical example: a recording of your home gets leaked from one of these devices which has been hacked, or your private photos are posted on BitTorrent – then obviously there’s a huge [sense of] privacy invasion.”