Thoughts about opt-in surveillance technologies
Unforgettable Face
I just lately came across this cool website called Riya. Riya is an image search engine that doesn’t only search the data associated with the image, but actually searches the image content itself. Riya recognizes text in the images and through it’s OCR (Optical Character Recognition) and human faces through it’s impressive face recognition technology. You can train Riya to know that a specific face belongs to a specific name. While image storage and managing services such as Flickr require the user to tag the images with metadata, Riya is smart, it can learn, and it can put a name to a face.
All excited I have gone and tried it, and uploaded some images of my favorite pop-star. Riya advised me to upload a couple thousands so the search can become smarter. I decided 50 will do for starters. I have gone through the images, in which Riya was able to find every face and wait for me to tell it who it is. I gave Riya tips on 5 images, so it will recognize my idol when it sees him in the rest of my album. Though obviously not an easy case of face recognition, Riya did quite a good job and managed to recognize most of the images as portraying the face of the King of Pop.Riya also kindly offered to scan my address book for people it already knows. I had loads of fun, but then I decided I had enough and that maybe it would not be so good to have my name, e-mail, and images scanned and available for public search. I tried to delete my account, but couldn’t find anywhere on the site where I could do so. I decided I’ll delete all my photos, but the option of deleting an album was unavailable. The only option for deleting an image was going through each picture, scrolling to the bottom of the page where the delete icon is, clicking it, confirming the fact you really want to delete the image, and then this alert-message appeared: “Riya has received your request to delete this photos. If Riya is really busy, it may take several minutes.” Unlike any other part of the site that used sophisticated automation and cutting edge user interface, the deleting process was not very officiant.
Luckily I uploaded only about 50 images, which means that hopefully in an hour or so of browsing-scrolling-clicking-confirming-waiting I’ll be done, and this adventure will be behind me. But would it?
I checked Riya’s Privacy Policy and they didn’t mention anything about deleting an account or deleting my data. My short affair with Riya was intense and exciting, but I’m not built for relationship right now. Riya should forget all about me, forget my face, forget my e-mail, forget my age and all the rest of the data that it has been storing. Again, no mention of complete deletion of data. It seems this short affair will be unforgettable.
I decided to address this as question in the sites Q&A wiki page only to find I’m not the first one to be concerned about Riya’s privacy issues. Here are a couple of Q&A highlights I picked up in the section devoted to the privacy policy:
Are you concerned that the government is going to use this to spy on us?
- We at Riya are aware of how technology can change society. Strictly speaking, these issues existed upon the invention of the camera, but weren’t brought into the limelight until the advent of the Internet and search engines, blogs, photo-sharing services, and photo metadata. Fundamentally, this is about the rights of the person in the photo vs. the right of the person who owns the photo, and we would like to remain neutral on this and allow our users to ultimately decide what ends up in the public search.
Suppose I never want to be identified by Riya. Is there any way I can do this?
- Non-Riya comment: “You can’t stop people uploading photos of you to any photo site just as you can’t stop (private) people adding you to their address books. There’s no law (in any country) that would forbid doing so as far as I know. But Riya gives a twist to this issue by sharing the “digital fingerprint” of your face with whoever has your email address. I think that the system should ask a permission before doing so. And this permission should be asked from *you* (they have your email address), not the person who initially entered you email address and IDd you to Riya.”
I’m a woman and am really not comfortable with my full name being listed on the site. Since my friends will have my email address and will be identifying me by that, how can I remove my family/last name from my profile? I just want my first name to be viewed by the public. If I can’t do this, I won’t be using this service. Full name+pictures+friends full names+locations=stalker’s paradise!
- No comment was made to that last question.
Obviously the information Riya posts online can easily fall (i.e. Is already falling) into the wrong hands. May it be government spying or corporate data mining. But Riya is only an example to this wide phenomenon of opt-in surveillance.
After all Flickr holds a lot of information about it’s users even without using face recognition automations (speaking of which the Riya interface to Flickr was announced to be coming soon). Why doesn’t Google allow it’s user to know how much it knows about them? What is Gmail interest to really eliminate the e-mails we ask it to delete? Is the fact that these services are data-mining for advertising and not governmental reasons, makes it more legitimate? What happens in cases such as China’s famous use of corporate data-mining to enforce it’s anti human rights policies?
Privacy is Stupid
So, what is ‘Opt-In Surveillance’? How is it any different than any other form of surveillance technology?
I have recently sat on some presentations made by the new trend of tagging yourself with an RFID (Radio Frequency Identification) chip. The phenomenon started in the late nineties and was used as a security measure for accessing sensitive data, for allowing VIP entrance to nightclubs and as a general geeky exploration form of technology. The tagged hype is spreading the last couple of years, more and more technologists insert the RFID chips (originally made for tracking animals) under their skins. The RFID tag is read by a corresponding reader, it doesn’t require power and it constantly transmits it’s radio signal. There is no on/off switch.
While I agree people should be free to do whatever they want with their body, I see this hype actually endangering that freedom. The growing Tagged community is advocating opt-in surveillance, and non of the members I confronted on this issue managed to convince me they are truly sensitive to the overall impact of their actions.
One might say the Bluetooth modules we have installed on our cell phones are much more powerful than the RFID chips under some geek’s skin. I agree, but I insist there’s a fundamental difference in the form of the on/off switch. Advocation of unreversible opt-in surveillance technologies is an advocation of the elimination of privacy.
And maybe it’s a lost battle?
In ‘Life Sharing‘ 0100101110101101.org, a new media art group, denounce privacy altogether. For three years they have opened their private computers to be browsed through the web by everybody, all their personal information including private documents and e-mails were public. They concluded their artist statement by the words “Privacy is stupid.”
Of Four Brothers
The discourse of data-surveillance speaks of four characters: One Alice, one Bob, one Eve and one Mallory.
Alice and Bob tries to speak between themselves.
Eve is eavesdropping on them without taking action.
Mallory is both eavesdropping and maliciously interrupting the communication by modifying it.
With opt-in surveillance Alice and Bob give up their privacy in advance. They know they are exposed and just ignore it, or not concern themselves with privacy issues. It’s a give and take relationship – give your privacy and get technological services.
So why should we worry about privacy anyway?
After all in order for the government to do a good job protecting it’s citizens, it should be able to keep track of their activities. If I’m a law abiding citizen, I shouldn’t nothing to worry about. But what if I’m a citizen of China? Or what if the government’s perspective of my activities changes? It’s a classic heaven or hell theological paradigm – if you’re good you’ll go to Heaven and you have nothing to worry about Hell. But it seems that the place of the all seeing eye of the almighty have been switched by the all computing processor of the almighty big-brother.
When we give in to corporate surveillance we allow our identities to be reduced to mere subjects of the corporate moral system. This system that is obviously the strongest governance system of the 21st Century uses our information to remotely classify us into socio-economic classes. This information is the one that would determine our legibility for loans, for insurance rates and bureaucratically assigns us specific rights and duties in consumer culture.
When we out of our free-will choose to give up choice and free-will we are being trapped in a Stockholm Syndrome – though we are aware of being hostages to the technology, we are loyal to it. Our emotional attachment prevents us from being critical of a systematic process through which we are losing control over our lives.
40 Years in the Desert?
When the people of Israel has fled Pharaoh and fled out of Egypt towards the promise land, god had to walk them for 40 years in the desert of Sinai before reaching the promised land. The generation that was born in Egypt and lived as slaves had to make way to a new generation, born into freedom. Slavery was not only a political condition but a state of mind.
Should we metaphorically walk in the desert? Should we give up our Flickr, Gmail and MySpace accounts? Should we practically give up most of the social software services out there? The business model behind most of these web-services is specifically based on data-mining. Whenever a small web based service is being bought by a big corporation the privacy alarm should turn on. That was the case with Flickr and Del.icio.us and lately is the case with Writely and Sketchup. So how should we act upon it?
I don’t believe we’re capable of opting out of opt-in surveillance, maybe individually yes, but not as a whole and not in numbers that will be relevant as a fundamental change. Consumerism keeps us always purchase more than we can consume, the same happens with media, but the resource of attention span is limited (in a clearer way than other resources). I don’t think a violent proletariat revolution will change consumer culture. We are already in a phase we can’t turn back from, what we should do is go forward. While promoting privacy as still being an important demand of technology, we should develop competing technologies that would keep the user’s privacy. The only way users will opt out of one technology at this step is through opting in to another one.
I believe open-source technology is the proletariat’s way of seizing control over production technologies, and as we can see in cases such as Wikipedia, Firefox, Linux and Open Office, these technologies become major powers in the industry and in many cases (like WordPress for example) become stronger than their commercial competitors. What makes open-source technology flourish is usually the fact that it’s mostly free, and the fact that being ‘open’ they are fully customizable. These two values are well appreciated by the media-market, but to some degree privacy isn’t. Privacy is in a way the opposite mindset than authorship and sharing, it has a certain conservative feel to it that is not appreciated by the openness manifests of the web, and as we saw some people just regard it as ‘stupid’. Privacy needs a change of reputation in order to become a valuable asset. Until then, open source developers will have to compete with commercial services in their own turf. Since most of these services are free anyway and quite customizable through well documented APIs, features that are not necessarily open source based will be the way to win back the users. For example the blogging platform WordPress got so big and ate a big chunk of Movable Type‘s market, not because it was open source, but because it was simply a good platform that was easier to install.
If I had to suggest something to start from I would say Peer to Peer technology will be a gateway for changing the insignificant/conservative reputation of privacy and seizing our information back. Privacy issues are already being widely discussed through the discourse of file sharing vs. intellectual property. Users are being snooped by the music and film industries and are being prosecuted for their digital activities. Privacy seems to be the main feature of peer to peer file sharing technologies. Privacy is also one of Skype‘s leading features as a leading P2P Internet telephony service. Skype is based on Kazaa’s P2P technology and is a good example how a P2P can migrate and be relevant for different applications, and how though being a commercial product, has embraced privacy as a feature. (China has declared Skype illegal which can say only good things about Skype’s privacy features)
As storage becomes cheaper and connectivity become wider, we can start developing more open source technologies that will be based on users serving their information from their own machines. We should allow users to decide just like in the case of file sharing, to whom, when, what, and how much they are willing to surrender their privacy. Maybe we can call it ‘privacy sharing’.
* The title for this article is taken from Saul Williams ‘Penny for a Thought’