Bulk data collection and privacy

NSA whistleblower Edward Snowden said that when crossing a busy road he instinctively looked away from oncoming traffic for fear of having his image captured on a dashcam. People are more easily recognised face-on than in profile.

That short observation from his book Permanent Record delineates some salient themes in the so-called smart city: risk, paranoia and surveillance.

Nobody is listening

What he and other insiders revealed was that the NSA was able to obtain wholesale communications data from every citizen on the phone network (in the USA and abroad). The initial revelation in The Guardian published on 6 June 2013, stated that for telephone communications

“the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls.”

The NSA was not requesting from the communications service providers the content of conversations, but the meta data.

Contentless data

We normally think of secret service investigations as directed at key targets, but here the data is collected for everyone on the system whether or not they are suspects. The data is stored in bulk on vast servers ready to be mined as needed. Links can be traced and patterns found. The collection is automated, and no human being need ever see the data — unless they are authorised to investigate particular individuals.

Snowden and others have argued that much about a person’s life can be harvested from such meta data, including networks of contacts, lifestyle, activities and competencies. The information field is even more revealing if you include the bulk collection of email metadata, browser histories, debit card transactions and travel data, especially if linked.

A blog by IT law lecturer Paul Bernal explains the problem of identifying when surveillance actually happens. There are three key moments:

“the gathering or collecting of data, the automated analysis of the data (including algorithmic filtering), and then the ‘human’ examination of the results of that analysis of filtering.”

Does surveillance happen when the bulk data is collected, or when humans inspect the data?

Surveillance or privacy risk

Bernal explains that the main question is when privacy is put at risk. He writes in terms of privacy invasion. I prefer “risk” as I don’t want to presume that there’s such a thing as complete privacy, all of the time, in all places and relating to every aspect of a person’s life.

According to Bernal, the privacy risk is obvious in the case of installing CCTV cameras in someone’s home connected to some outside agent. The placement of the cameras would strike most  people as already providing an extreme risk to personal privacy.

The privacy question arises immediately the moment the surveillance system is set up, when there’s the means for someone (a relative, the landlord, the boss, a law enforcement official) to see what the camera sees, even if they don’t ever take the opportunity. Bernal puts the emphasis on privacy, about which there are rights and laws, rather than surveillance.

By that analogy, setting up a bulk data collection facility initiates the risk to privacy, whether or not surveillance actually happens. Bernal also highlights the intermediate algorithmic processes, which are now assuming greater power and prominence. No human being may ever inspect the data, but will only see the outcome of algorithmic pattern detection. In that case the installation of these algorithms plays a major part in privacy risk as well.

By this reading, urban infrastructures designed to soak up communications data are already complicit in the privacy challenge. That’s sobering in the context of smart city infrastructures. See post: Reverse Analytics.



Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.