The Internet of Things That Talk About You Behind Your Back
Your computerized things are talking about you behind your back, and for the most part you can’t stop them—or even learn what they’re saying.
Your computerized things are talking about you behind your back, and for the most part you can't stop them—or even learn what they're saying.
This isn't new, but it's getting worse.
Surveillance is the business model of the internet, and the more these companies know about the intimate details of your life, the more they can profit from it. Already there are dozens of companies that secretly spy on you as you browse the internet, connecting your behavior on different sites and using that information to target advertisements. You know it when you search for something like a Hawaiian vacation, and ads for similar vacations follow you around the internet for weeks. Companies like Google and Facebook make an enormous profit connecting the things you write about and are interested in with companies trying to sell you things.
We need to think about the ethics of our surveillance economy
Cross-device tracking is the latest obsession for internet marketers. You probably use multiple internet devices: your computer, your smartphone, your tablet, maybe your internet-enabled television—and, increasingly, "Internet of Things" devices like smart thermostats and appliances. All of these devices are spying on you, but the different spies are largely unaware of each other. Start-up companies like SilverPush, 4Info, Drawbridge, Flurry, and Cross Screen Consultants, as well as the big players like Google, Facebook, and Yahoo, are all experimenting with different technologies to "fix" this problem.
Retailers want this information very much. They want to know whether their television advertising causes people to search for their products on the internet. They want to correlate people's web searching on their smartphones with their buying behavior on their computers. They want to track people's locations using the surveillance capabilities of their smartphones, and use that information to send geographically targeted ads to their computers. They want the surveillance data from smart appliances correlated with everything else.
This is where the Internet of Things makes the problem worse. As computers get embedded into more of the objects we live with and use, and permeate more aspects of our lives, more companies want to use them to spy on us without out knowledge or consent.
Technically, of course, we did consent. The license agreement we didn't read but legally agreed to when we unthinkingly clicked "I agree" on a screen, or opened a package we purchased, gives all of those companies the legal right to conduct all of this surveillance. And the way US privacy law is currently written, they own all of that data and don't need to allow us to see it.
We accept all of this internet surveillance because we don't really think about it. If there were a dozen people from internet marketing companies with pens and clipboards peering over our shoulders as we sent our Gmails and browsed the internet, most of us would object immediately. If the companies that made our smartphone apps actually followed us around all day, or if the companies that collected our license plate data could be seen as we drove, we would demand they stop. And if our televisions, computer, and mobile devices talked about us and coordinated their behavior in a way we could hear, we would be creeped out.
The Federal Trade Commission is looking at cross-device tracking technologies, with an eye to regulating them. But if recent history is a guide, any regulations will be minor and largely ineffective at addressing the larger problem.
We need to do better. We need to have a conversation about the privacy implications of cross-device tracking, but—more importantly—we need to think about the ethics of our surveillance economy. Do we want companies knowing the intimate details of our lives, and being able to store that data forever? Do we truly believe that we have no rights to see the data that's collected about us, to correct data that's wrong, or to have data deleted that's personal or embarrassing? At a minimum, we need limits on the behavioral data that can legally be collected about us and how long it can be stored, a right to download data collected about us, and a ban on third-party ad tracking. The last one is vital: it's the companies that spy on us from website to website, or from device to device, that are doing the most damage to our privacy.
The internet surveillance economy is less than 20 years old, and emerged because there was no regulation limiting any of this behavior. It's now a powerful industry, and it's expanding past computers and smartphones into every aspect of our lives. It's long past time we set limits on what these computers, and the companies that control them, can say about us and do to us behind our backs.
Bruce Schneier is a security technologist and author. He is the CTO of Resilient Systems, Inc., and his latest book is Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. He blogs at schneier.com.