In a recent article in the Huffington Post, John Whitehead asks this question:
What would happen if the most powerful technology company in the world and the largest clandestine spying agency in the world joined forces?
Similarly, a recent article in Politico asks – Who watches the watchers?
It’s perfectly reasonable to be concerned about the perceived Google – NSA axis of evil. However, our discussions about privacy seem to overlook the role of the individual.
Mr. Whitehead notes that:
… we’re helping Corporate America build a dossier for its government counterparts on who we know, what we think, how we spend our money, and how we spend our time.
By doing so, he’s really referring to the information we volunteer about ourselves.
What about information that we collect and disclose – information about other people? We’re collecting and disclosing a lot of that – in a lot of ways. You do it when you post a picture of your friends. You do it when you post a video that you take in public. Intentional or not, in many such cases we’re sharing personal information about those other people. (Remember, we don’t say personally identifiable information here at Big Data and the Law.)
Geo-location metadata is one way we might disclose people’s personal information – specifically, where the people are when their images are when their images are captured in a photo or video. This is how John McAfee (of the security software company McAfee) was found when he was a fugitive a few years ago. He let his picture be taken and posted online – with metadata that gave away his whereabouts. You would think he would know better.
Apparently he does now. McAfee (the company) later blogged about the risks of geo-location metadata. They say this:
For instance, you may not mind sharing your exact location with friends and family, but what about with people you don’t know? When your location is broadcast on social networks such as Facebook and Twitter, you lose control of the information. Anyone can see it. Say you check into a hotel while on vacation. A thief could see your check-in, do an online search for your home address and rob you while you’re away.
Or you could get arrested.
Face recognition technology provides the means to connect names and faces, and possibly places and times as well. It seems that the NSA is up on this technology. But then so is Facebook.
Now consider the many ways people are collecting images. More than just with our mobile devices and cameras – Google Glass for example.
In an article in The New York Times, Dr. Joseph Atick gets right at the issue of the consequences of individuals collecting people’s picture and the use of face image recognition technology:
Dr. Atick sees convenience in these kinds of uses as well. But he provides a cautionary counterexample to make his case. Just a few months back, he heard about NameTag, an app that, according to its news release, was available in an early form to people trying out Google Glass. Users had only to glance at a stranger and NameTag would instantly return a match complete with that stranger’s name, occupation and public Facebook profile information. “We are basically allowing our fellow citizens to surveil us,” Dr. Atick told me on the trade-show floor.
You can download the source code for face recognition software from CNET by the way. A face recognition app for Google Glass is also under development, although that app is supposed to be an unauthorized app.
With this in mind, it’s important to know what information we collect and disclose. Not everyone knows if or when their phones or cameras collect geo-location metadata. Not everyone knows that geo-location metadata are sometimes found where their pictures are posted or otherwise shared.
Some people don’t want their image posted on Facebook or YouTube. Do we get consent from everyone before we do that?
In the end, the problem with relying on personal responsibility is that there are so many different perspectives about what is right – as we have discussed here in the past.
So that’s the personal responsibility part. So what about the law?
When it comes to people collecting and disclosing personal information, the law is pretty spotty. For the most part, the law regarding privacy is focused upon businesses and their collection and disclosure (and use) practices. One reason for this is jurisdiction. For example, the Federal Trade Commission is the principal regulator of data privacy issues in the U.S. Federal Government. The FTC’s jurisdiction is very broad in some ways, but its jurisdiction is limited to business practices so the FTC can’t take on issues with respect to individuals.
So the law in this regard has developed on an issue-by-issue basis. Online bullying has received attention by lawmakers, as has revenge porn and some other things. But there is no broad – hey you can’t do that – kind of regulation of individual conduct.
People can be as angry as they want about corporate collection, use and disclosure – but this is where Mr. Whitehead is correct – that information comes from somewhere.
There is no reason why individual collection, use and disclosure of personal information can’t be regulated in some way. Intellectual property law applies to individual conduct and intellectual property certainly gets enforced.
When people, legislatures and regulators figure that out, there could be some movement on this issue. But it’s a reasonable assumption that it’s not going to happen. That kind of thing gets dealt with on an issue-by-issue basis because it typically takes a lot of issue-specific public outrage for anything to get done. So we’ll probably be waiting forever for the behavior of individual people to become subject to anything close to the scrutiny of the Googles of this world.