In my latest Locus column, The Privacy Wars Are About to Get A Whole Lot Worse, I describe the history of the privacy wars to date, and the way that the fiction of “notice and consent” has provided cover for a reckless, deadly form of viral surveillance capitalism.
As bad as things have been, they’re about to get much, much worse: the burgeoning realm of the “Internet of Things” is filled with surveillance devices that you can’t even pretend to give your consent to.
It’s possible that we can prevent the proliferation of reckless overcollection and retention of data, maybe by the eventual success of a few ambitious class-action lawyers, but that will only happen if we stop the accompanying plague of “binding arbitration,” which takes away your right to seek justice for corporate malfeasance.
You will ‘‘interact’’ with hundreds, then thousands, then tens of thousands of computers every day. The vast majority of these interactions will be glancing, momentary, and with computers that have no way of displaying terms of service, much less presenting you with a button to click to give your ‘‘consent’’ to them. Every TV in the sportsbar where you go for a drink will have cameras and mics and will capture your image and process it through facial-recognition software and capture your speech and pass it back to a server for continuous speech recognition (to check whether you’re giving it a voice command). Every car that drives past you will have cameras that record your likeness and gait, that harvest the unique identifiers of your Bluetooth and other short-range radio devices, and send them to the cloud, where they’ll be merged and aggregated with other data from other sources.
In theory, if notice-and-consent was anything more than a polite fiction, none of this would happen. If notice-and-consent are necessary to make data-collection legal, then without notice-and-consent, the collection is illegal.
But that’s not the realpolitik of this stuff: the reality is that when every car has more sensors than a Google Streetview car, when every TV comes with a camera to let you control it with gestures, when every medical implant collects telemetry that is collected by a ‘‘services’’ business and sold to insurers and pharma companies, the argument will go, ‘‘All this stuff is both good and necessary – you can’t hold back progress!’’
It’s true that we can’t have self-driving cars that don’t look hard at their surroundings all the time, and pay especially close attention to humans to make sure that they’re not killing them. However, there’s nothing intrinsic to self-driving cars that says that the data they gather needs to be retained or further processed. Remember that for many years, the server logs that recorded all your interactions with the web were flushed as a matter of course, because no one could figure out what they were good for, apart from debugging problems when they occurred.
The Privacy Wars Are About to Get A Whole Lot Worse [Locus Magazine]