Twenty years ago at a Silicon Valley product launch, Sun Microsystems CEO Scott McNealy dismissed concern about digital privacy as a red herring: “You have zero privacy anyway. Get over it.”
“Zero privacy” was meant to placate us, suggesting that we have a fixed amount of stuff about ourselves that we’d like to keep private. Once we realized that stuff had already been exposed and, yet, the world still turned, we would see that it was no big deal. But what poses as unsentimental truth telling isn’t cynical enough about the parlous state of our privacy.
That’s because the barrel of privacy invasion has no bottom. The rallying cry for privacy should begin with the strangely heartening fact that it can always get worse. Even now there’s something yet to lose, something often worth fiercely defending.
For a recent example, consider Clearview AI: a tiny, secretive startup that became the subject of a recent investigation by Kashmir Hill in The New York Times. According to the article, the company scraped billions of photos from social-networking and other sites on the web—without permission from the sites in question, or the users who submitted them—and built a comprehensive database of labeled faces primed for search by facial recognition. Their early customers included multiple police departments (and individual officers), which used the tool without warrants. Clearview has argued they have a right to the data because they’re “public.”
In general, searching by a face to gain a name and then other information is on the verge of wide availability: The Russian internet giant Yandex appears to have deployed facial-recognition technology in its image search tool. If you upload an unlabeled picture of my face into Google image search, it identifies me and then further searches my name, and I’m barely a public figure, if at all.
Given ever more refined surveillance, what might the world look like if we were to try to “get over” the loss of this privacy? Two very different extrapolations might allow us to glimpse some of the consequences of our privacy choices (or lack thereof) that are taking shape even today.
In one plausible future, many people routinely are offered, and use, technical tools to keep their identities obscure. Call it Pseudoworld. When controlling what is known about us is difficult, the natural path is pseudonymization: establishing online presence without using a real name. One recent study found that the more sensitive a topic is, the less likely people discussing it online are to use their real names. It recorded about one in five accounts on English-speaking Twitter as plainly using pseudonyms. In Pseudoworld, that will be far more common. There, to tweet or blog—or sign on to Facebook—under a real name will be seen as a puzzlingly risky thing to do. Just as universities remind students to lock their dorm-room doors, civic education will teach us how to obscure our identities so we can’t be traced online.
We get to Pseudoworld precisely by trying to take individual responsibility for our own privacy. Ten years ago, Joel Reidenberg, a professor at Fordham Law School, asked his students to find personal information online about Supreme Court Justice Antonin Scalia, whose remarks at a conference had hinted at McNealy-like skepticism about privacy concerns. Despite having no access to obvious sources such as a public Facebook account, the students were able to produce a 15-page dossier about the justice and his family, including his home address and his home phone number. Scalia was not pleased, calling the exercise “an example of perfectly legal, abominably poor judgment.”
Of course, Reidenberg’s students had gathered the information as an academic exercise and then moved along. But the assembly of someone’s personal information can turn into a “doxxing,” a public outing of once-obscure or concealed data, which can serve as the basis for online and offline harassment. The “get over it” theory of zero privacy serves to blame the victims of doxxing, suggesting that if they didn’t want the information getting out, they should not have so cavalierly shared it.
Tracking reputation will still be possible in Pseudoworld. People can simply establish track records under their pen names, and platforms (and other users) might choose to pay more attention to comments by those whose previous comments have been deemed constructive or engaging under whatever standard the platforms want to set. The science-fiction author Orson Scott Card imagined this in his book Ender’s Game, in which two preternaturally smart kids pseudonymously accrue great respect through their participation on global message boards, and from there influence the course of the world. Appropriate skepticism of the power of the pen aside, there are lots of Twitter influencers who fit this mold.
This drive for pseudonymity won’t stop at the porous borders of the online world. Recently, Kate Klonick, a professor at St. John’s University Law School, gave her students an assignment that was the reverse of Reidenberg’s: Instead of seeing what they could learn about a known person, Klonick’s students were to observe nearby strangers during spring break and see how many they could ID. Their results were successful in a way that was shocking but not surprising; a few snippets of overheard conversation, or a glance at something such as a luggage tag, were enough to seed a successful search.
As that kind of surveillance grows, catalyzed by free-range viral videos recorded wherever an embarrassing incident unfolds, coupled with a contest to name the bad actors and where they work, the demand for pseudonymity will require more than non-revealing Twitter handles. As yesterday’s locks are supplemented by today’s networked home-security cams, companies will market tools for us to secure the manifold ways in which our identities could leak. Nico Sell (which may or may not be her real name) has led the way: She’s a digital-security researcher who has worked hard to never be publicly photographed without wearing sunglasses. Researchers at Carnegie Mellon have designed special glasses to confuse facial recognition without requiring shades, and the artist Adam Harvey has pioneered an open tool kit of new fashions for the same purpose. Next up will be shoe inserts to stymie gait detection, and the commandeering of Auto-Tune to prevent voice recognition.
With its new morning routines of adjusting one’s voice disguiser, gait blocker, and special glasses, Pseudoworld has a lot of clear drawbacks. It requires personal vigilance to avoid identification, with lingering problems if one’s mask should slip. It portends daily social interactions that tilt more toward the configuration of a confessional booth—or a 4chan message board—than an exchange of pleasantries with a store clerk bearing a name tag, or an earnest discussion thread on Facebook with each participant’s home town, relatives, educational history, and favorite book voluntarily one click away.
In Pseudoworld, lots of data mining is still available to companies and governments. Anonymized data from Fitbits and iPhones can still be used to determine well ahead of time if, say, Cleveland is particularly restless one evening—and its people seem to be assembling in protest.
Pseudoworld will happen if the legal frameworks for protecting privacy aren’t updated. In the absence of public protection, and the presence of bandits, we’ll procure what private help we can afford to protect ourselves—and companies will cater to our paranoia. It’s the apotheosis of the internet-as-Wild-West cliché, one that goes at least as far back as internet-as-information-superhighway.
But let’s consider Pseudoworld’s near opposite.
What if the law were tightened up with more accountability for bad actors in an attempt to make us feel more comfortable sharing? Or perhaps Pseudoworld never worked, as the hydraulic pressure of disclosure overcame all the strategies of resistance? We could end up in Transcriptworld.
Here, Facebook’s real-name requirement will have become near universalized. Those who can’t or won’t identify themselves will be excluded. But identification, unlike pseudonymity, won’t be technically burdensome. It will be built into everything we do. An Uber or Lyft ride will record the ID of the driver and the passengers through a fingerprint or facial recognition (thanks, Apple!), along with the exact route they take and at what time. All other cars will too, especially self-driving ones, with such sensible biometrics as those we use to unlock our smartphones today. Indeed, identification will be belt-and-suspender: Even if the car doesn’t record who and where you are, your phone will, and you’re not giving up your phone. In Transcriptworld, high-profile privacy cases such as United States v. Jones, in which the police were required to get a warrant in order to place a tracking device on a vehicle, will be quaint, because vehicles will already have multiple tracking devices, and acquiring that information will be as easy as sending a business-records demand to the relevant companies, such as Apple, Tesla, and Verizon—or smaller and sketchier startups such as Clearview AI, designed solely to transact in data.
Doxxing someone in Transcriptworld will be even easier than it is today—Google’s database is hardly shrinking—but here, anyone in the country who engages in it, or harassment based upon it, will face swift and sure punishment in a newly energized legal system, especially because the bad actors’ own anonymity is so hard to maintain. (For those outside the country, it will be a different story.) And short of law enforcement, Transcriptworld will allow private platforms such as Facebook and Twitter to enforce permanent low visibility, or outright bans, for those said to be violating their terms of service, wherever they may be in the world. It’d be as easy as an airline banning an unruly (and vaping counts as unruly) passenger for life—and far less costly to the company.
To get to Transcriptworld from our current time, most alternatives of anonymity simply need to be removed for most transactions, online and offline. That could happen, as with the move to Pseudoworld, through commercial decisions as much as through government action: If identification can be made even easier, storefronts and social-media platforms might decide to try to help themselves to it through facial recognition and other involuntary tools, or require it before serving anyone, especially if identifiable data collection is part of their business model. Already we see a move in physical retail spaces toward the rejection of cash as more and more people have credit cards.
Most people won’t even notice a difference from today, where, in the absence of hard-to-deploy countermeasures, they’re already this traceable.Transcriptworld might then sound like an incremental change to what we have today—indeed, from what we had in 1999—except more bad actors are held to account. So isn’t it obviously more desirable than the constant, exhausting shadowboxing of Pseudoworld?
The Transcriptworld that’s emerging is a decoy, a scrim placed over the complex machinery that slices and dices personal data to multiple ends, invisible to us. It looks nothing like the world of 1999 where we “already” had zero privacy.
Surfing a website or using an app may feel like a solitary experience, but as a duck may coast serenely across a pond while invisibly paddling madly underneath, as soon as you press something—indeed, merely hover over it—more computing power is available to instantly scrutinize that single act than NASA spent sending Apollo 11 to the moon. Data from one place can be used to inform another. A car-insurance company discovers that “writing in short concrete sentences, using lists, and arranging to meet friends at a set time and place, rather than just ‘tonight’” is linked to better driving, and it can price rates accordingly, by cross-referencing applicants with their social-media accounts.
In the meantime, a playful quiz may be later used to try to hone specific political messages for your particular personality. Inferences can be made not only about you as a person, but about your state of mind at any given moment. Someone who’s recently quit drinking can be offered a drink—or, more subtly, shown a compelling drama whose noble characters just so happen to be hard drinking. Emotionally vulnerable because you lost your job and just had a fight with your spouse? It might be the perfect—or, for you, worst—time to offer you a scammy higher-education degree program, or a car you can’t afford, financed by a payday loan to make you think you can.
To be sure, all this can happen in Pseudoworld, too. So what’s really different? Well, background checks for sensitive jobs will include scrutiny of public and private behaviors, including seemingly quotidian ones such as liking tweets about alcohol or using four-letter words. The list of sensitive positions will grow. And, as a counterpart to Pseudoworld citizens’ development of identity-hiding technologies, people in Transcriptworld will seek advice and tools to help shape their behavior so that what’s associated with their identities suits their later job applications and dating prospects. The best companies—and governments—in the system will be a step ahead of people earnestly but still clumsily presenting themselves as different than they are.
Thus Transcriptworld may appear normal, but it’s really the Truman Show, a highly realistic but still completely tailored video game where nothing happens by chance. It’s a hall of mirrors whose horizons and features are digitally generated and honed for each person, in which even what constitutes “normal” is defined by the system: both in the type of world— violent or peaceful, pessimistic or hopeful—that’s presented, and in the ways that people will rapidly adjust to try to avoid the penalties of the system’s definition of negative behavior.
Transcriptworld is a lousy place even assuming, as we have so far, that government’s primary role there is to make sure that people don’t doxx and harass one another. And when government doesn’t embrace the rule of law, Transcriptworld provides the soil—fertilized by commercial data processing—in which to grow the authoritarian nightmares we’ve come to call Orwellian.
There have to be better alternatives than these. To find them, we must overcome the learned helplessness about the state of our privacy—a helplessness often abetted by technology leaders moving fast and breaking things. Privacy defenders have perhaps inadvertently encouraged the same sense of inevitability by speaking in generic apocalyptic terms. But this fight is not simply about keeping particular facts about people out of the public eye. Privacy now is as much about freedom, the freedom to maintain a boundary between ourselves and those who want to shape us.
We’ll need a combination of old-fashioned political pressure to situate and vindicate privacy rights in law, limiting data collection and use, and the forging of new technical tools to make compliance with that law easier. Restrictions on collection and use of data can bring up short the current race to the bottom, and a follow-on slide toward the paranoia of Pseudoworld. It should not only be that the lucky few can manage to buy and practice their way into a semblance of even the reduced privacy we enjoy today. Functional anonymity is as valuable in commerce as in speech. The burden shouldn’t be borne by those on whom these technologies are deployed. It must be shared by those who want to know all about us, and who would further subtly shape us according to their own imperatives.