Many in the tech community have been concerned for a while- quite a long while- that privacy as we used to know it is a rapidly disappearing concept. Year after year, they've been dismissed as alarmists, radicals, and so forth.
It is now becoming increasingly obvious that those "alarmists" were right. Whenever we interact with anything involving a networked computer, we leave a digital trail that can and will be mined for someone else's financial benefit.
The surveillance state, version 2013
Well-known security consultant Bruce Schneier, arguably one of the world's leading experts on information security, recently claimed on CNN that the Internet is a surveillance state. It's not becoming one, it's not in danger of becoming one. It already is one, and has been for some time now.
If this comes as a surprise to you, I have to ask what rock you've been hiding under for the last few years. (Really, I want some of that rock- evidently it's some seriously good shielding.) When I try to read the front page of today's Toronto Star, the site asks my browser to run programs from no less than 14 different domains, at least four of which are dedicated primarily to tracking what I look at and what I click on. Every query I run on Google, along with every search result I click on, is added to my permanent file in that company's massive disk banks. Amazon knows just about everything about my discretionary spending- even if I didn't buy a particular item from them, the odds are I price-checked them at some point, and that's logged. And don't get me started on Facebook.
Even if you avoid the online giants, details of your habits are in the databases of many shadowy corporations. if you have any dealings with a developed nation's banking system, your banker is almost certainly reporting your financial history to the likes of Experian, TransUnion and Equifax, whose detailed records will determine the terms of engagement in your future financial dealings. You undoubtedly have a friend who's tagged you on Facebook despite you not having an account; those records can be linked to rapidly growing facial recognition databases. And if smartphone and CCTV video weren't commonplace enough already, we'll soon have Google Glass to deal with.
Like it or not, your activities, interests, habits, whereabouts, communications and financial dealings are being studiously logged and archived for the financial benefit of others.
Finding patterns in chaotic data
A few years ago, concerns about such tracking could be easily dismissed: "Nobody cares that much about little old me." Or "but it's just an automated system for ad targeting, nobody actually reads it".
This is 2013, though- the era of Hadoop, EdgeRank, Autonomy and other incredibly sophisticated tools designed specifically to turn vast amounts of unstructured data into financially meaningful decision points. Building a detailed profile of an individual's activities, communications, social circles, buying habits and other personal information is no longer the domain of highly qualified CIA specialists- it can be automated on a population-wide scale, millions of people at a time.
Let's work through an example. I use the break room computer to check Gmail over lunch, and see that a friend has tagged me in a Facebook post about a mental health awareness rally. I check the Facebook link, leave a comment, and log out of both FB and Gmail. I take a look at a list of side effects for sertraline hydrochloride and briefly wonder why the drug info page has a "like on Facebook" button. Next it's off to Ebay and Amazon to track down a replacement graphics card (why are the new ones so damned expensive? I'll take a previous-generation Nvidia, thanks) before getting back to work.
From that brief bit of surfing, what can be inferred? Facebook and Google both saw me comment on the mental health rally and visit the drug site (both can track me even when I'm logged out) and can therefore figure out that I'm probably suffering from depression, am taking Zoloft and not doing so well on it, and might therefore be a good target for ads about Eli Lilly Co.'s Prozac. Amazon knows from my IP address that I work at a steel mill, and since I therefore don't need that graphics card for work, I must be a gamer. Since I looked at (but didn't buy) the latest model, I'm probably either frugal or short on cash, and since the shipping address is in a first-quartile income district, it's probably the latter. Google scans the Amazon receipt email and now has enough information to build a pretty complete picture of my situation.
All of that can be easily inferred from the data collected by a few major companies in just a few minutes of idle browsing, with no prior knowledge. Consider what information can be inferred when you extend the observing time to months or years, or when you add a smartphone or Google Glass to the mix. This is not an Orwellian fantasy; this is happening now, in real time, to all of us.
(The details above are, of course, completely fake- realistic, yes, but they're not mine or those of anyone I know.)
What can you do about it?
Do Nothing. That's what most folks are doing, and- on the surface- it appears to have no ill effects. I can't recommend it, though. This kind of widespread, pervasive surveillance is becoming (or perhaps already is) a true existential threat to the fundamentals of our way of life. If we want to retain privacy as one of our major social rules, we cannot stand by and do nothing.
Fight back with technology. This can go a long way towards protecting your privacy, but there's some learning involved. Step one is to lose your fear of unknown technology: you're about to jump into jargon stew, a bizarre mix of XSS, browser extensions, SSL, Tor, PGP and VPNs. It's all well within the ability of any computer user to comprehend, but it won't be intuitively obvious and you have to be willing to learn.
Technical solutions aren't perfect. With NoScript, Adblock, PGP and an occasional dusting of proxies, you can screw up the tracking companies' data well enough that their files on you will be all but useless. The FBI, though, will have little trouble cutting through the mess if they really want to find you.
Fight back with law. The businesses that profit from this kind of tracking are wealthy, they're powerful, and they're very good at helping out politicians when it comes to two key tasks: reviewing draft legislation and funding re-election campaigns. This results in a distinct lack of enthusiasm for enhanced privacy legislation in the governing bodies of many countries.
Only if large numbers of citizens pressure their governments, peacefully, to strengthen and enforce privacy protections in law- among them, the cruical and nearly brand-new legal concept of "public but ephemeral" information- will corporations see any incentive not to wantonly violate individuals' privacy.
Fight back with culture. Modern Western culture places considerable value on privacy, secrecy and a rather strict separation between different forums of human interaction. We've all heard stories about a human resources department rejecting applicants on the basis of college party photos snagged from Facebook, even though it's blindingly obvious that almost anyone with an advanced degree must have been to at least a few college parties. Another worrisome (and remarkably common) scenario is someone being fired for expressing the wrong political views, or indulging in off-duty activities deemed controversial by the powers that be in that office. Being accused of viewing kiddie porn- even if the court eventually finds that the cops acted on bad intel and you didn't actually do it- is a career-ending stigma that never goes away. Pervasive, automated tracking all but guarantees that some corporation, somewhere, knows information about you that you'd rather not share. (Google, for example, surely knows everyone's tastes in pornography.)
We are free to choose to change our culture so that we do not need to hide so many things about ourselves. We can say, to ourselves and to those we know, "I will not judge anyone on such grounds, and I will not tolerate you doing so either." It would be a rather dramatic change in the way we, as individuals, interact with each other, and certainly not something that would be easy for all of us to do- many among the older generation, I'm sorry to say, would likely be unwilling to even consider it. And changing the rules of society so that we don't need to rely on strict privacy to preserve our reputations wouldn't do anything to stop the loss of said privacy. But it's something we must discuss, as- unless the politicians of a hundred nations suddenly come to their senses or we can get everyone hooked on Blowfish- there may be no alternative.