Have We Already Lost the Individual Privacy Battle?

portable

Have we already lost the individual privacy battle? The combination of the enormous amount of information that is gathered on an individual (big data) and the use of artificial intelligence (AI)-driven analytics means that almost any organization knows far more about us than we likely realize.

Let's just look at how information is gathered today:

  • Some we willingly surrender or must provide to access various services
  • Some information is automatically gathered from our daily routines (social media posts)
  • We unknowingly expose more information, such as when visiting web pages that track activities, leverage cookies, and gather stored information
  • We are sometimes duped into providing critical information
  • Information about you can be gathered from others you know or with whom you have shared electronic communications, when their data is mined
  • Sites that are supposed to be secure repositories of our personal data are hacked at an alarming rate

Then there is the surveillance aspect of our daily lives:

  • The nearly ubiquitous presence of cameras, some of which are feeding facial recognition software
  • Devices such as the home assistant units that listen to everything said (in case it is called upon to respond)
  • Smartphones that know everywhere we go via surreptitious monitoring
  • If your phone's Wi-Fi is on, you're constantly broadcasting a unique address and a history of past Wi-Fi connections

A Worsening Problem

This privacy situation only seems to be getting worse. Lest we forget about Facebook's data privacy scandal with Cambridge Analytica earlier this year, there was also the recent Associated Press investigation that revealed several Google apps and websites store user location data even if users have turned off "Location History" in their settings.

In response to the investigation, Google updated its help page to now state that "some location data may be saved as part of your activity on other services, like Search and Maps." But the help page makes no mention of the setting called "Web & App Activity," which can be turned off to stop recording location data. And Google's site also notes that "even when this setting is paused, Google may temporarily use information from recent searches in order to improve the quality of the active search session."

It used to be that you could set your browser to accept only "first-party cookies." But now many websites require you to accept third-party cookies to use the site, which may also include third-party scripts that capture everything. A study funded by Princeton University showed that even well-known websites such as HP and Costco, and also provider websites such as Comcast, CenturyLink, Frontier, etc., are using session-tracking software that detects and records everything -- even mouse movement while on the page. Plus, as of 2017, ISPs can legally share your browsing history with third parties.

portable

Contributing to the Problem

Individual cookie management and installing special anti-tracking software has never been a common activity, so the majority of users continue to contribute to the collection of personalized data, even if it makes most of us uneasy. We don't trust most Internet sites, but we use them anyway. Pew Research Center wrote about the fate of online trust and summarized that many experts doubt the possibility of progress, saying "people are insured to risk, addicted to convenience, and will not be offered alternatives to online interactions."

Unfortunately, we have generally given our permission for much of this. The omnipresent End User License Agreement (EULA) is presented as a non-negotiable barrier to loading or using an application or website. Buried in the fine print, often written to be deliberately obscure, are the details that allow data gathering, location tracking, and often identity information. Most of us don't read the privacy policies, which are sometimes hidden as a separate (linked) document. Some have estimated that reading all of the privacy notices for the average user would take about 30 days per year. But, as my colleague and fellow No Jitter contributor Martha Buyer told me, most EULAs are "contracts of adhesion" and are not open to negotiation anyway. So we just click, without reading, even when we are giving away our first-born child.

Occasionally, EULAs will state your information may be sold to others. Many of the free or inexpensive games derive more value from the data collected than in-game purchases. As users hand over access to their phones' precise locations, storage, and sometimes cameras to play, the firms behind the games may reserve the right to share the data it collects with third parties. For example, Pokémon Go's privacy agreement describes how Niantic might share both users' general and personally identifiable information with other parties. The agreement says Pokémon Go collects data about its users as a "business asset." This includes data used to personally identify players such as email addresses and other information pulled from Google and Facebook accounts players use to sign up for the game.

The "why" for all of this is clear: There is money to be made from this knowledge. Research from BIA/Kelsey showed that in 2017, marketers spent $16 billion on location-based ads. This is separate from all of those targeted ads you may receive while browsing, and the text and email offers you might be sent.

Certainly, personalization can have some benefits. In the contact center, once a contact/caller has been identified, it takes only about 40 milliseconds to scour the Web and know more about an individual than he or she probably realizes. Then, call analytics can be applied to detect additional information (which may include current mood or sentiment) and match callers to the most appropriate agent. Companies such as SATMAP have offered personality matching for years; NICE claims the recent acquisition of Mattersight "brings together behavioral and cloud analytics innovators to provide smarter connections between customers and organizations." But it still seems like the benefits are geared more toward the organization than to the users.

Collectively, it feels like there is little that can be done, unless you desire to drop off the grid entirely. The current regulatory momentum appears to favor the providers and businesses, even as misdeeds come to light. But the analytics tools and source data will not go away, so the best way to move forward is to demand better security and be more personally diligent. And choose who you do business with wisely, even if it's just a "silly game."

"SCTC Perspectives" is written by members of the Society of Communications Technology Consultants, an international organization of independent information and communications technology professionals serving clients in all business sectors and government worldwide.

Related content: