In my Empoprise-BI business blog, I recently introduced one possible solution to the tension between freedom and privacy.
So let me present my Empoprises Rule Regarding Recording Freedom and Privacy:
I am allowed to record anything that I want.
No one, however, is allowed to record me unless I say that it’s OK.
For some reason, some of you may think that this is not a good rule to apply to society. However, I don’t see any problem with it myself.
James Ulvog doubts that my proposal would work if it were universally adopted.
I think there may be a few little implementation issues if he ever is around another person who has also adopted his rule.
So I’ve continued to search for a better solution. My search is not only motivated by the recent discussion of Google Glass, but also because this conversation impacts upon my day job. (Needless to say, the opinions expressed in this post do not necessarily reflect the views of my employer MorphoTrak, who offers facial recognition products.)
And facial recognition, one of the technologies that happens to be offered by my employer, has popped up in a couple of instances over the last few days.
If you follow Jesse Stay on Google+, you may have noticed that he asked the following question a few days ago:
…any devs with strong facial recognition and object scanning tech experience interested in partnering on building something with my Google Glass?
In a post published today, Stay shared a possible solution:
In your Google+ account settings there’s an option to notify you if someone “Shares a photo or video with me that I might be in.” Enable that and even set it to send you an SMS when it happens. When someone takes a picture of you via Google Glass and shares it to Google+, it should notify you. Approve that, and now they know who you are.
Of course, it’s a bit of a hack, and the person you’re taking a picture of must be using Google+ and have this enabled to work, but it is a way to know who you are taking pictures of.
Basically Stay has taken two separate technologies and hacked them together to come up with a solution. The fact that both technologies are Google technologies is a happy accident; it could just as easily been technologies from different companies.
Of course, Stay’s solution only works if both people have opted in. But you may not necessarily have to opt in yourself for your data to be available to facial recognition software. This was reinforced in a recent 60 Minutes report that described an experiment by Carnegie Mellon’s Professor Alessandro Acquisti:
He photographed random students on the campus and in short order, not only identified several of them, but in a number of cases found their personal information, including social security numbers, just using a facial recognition program he downloaded for free.
And all of the protections that you personally implement regarding your data may be for naught. One example:
“One of the participants, before doing the experiment, told us, ‘You’re not going to find me because I’m very careful about my photos online.’ And we found him,” says Acquisti, “Because someone else had uploaded a photo of him.”
And that applies to other information about you, some of which is either public by design (home sales information) or public by accident (when a U.S. company accidentally leaks customer ID numbers when the numbers are in the form nnn-nn-nnnn).
Which returns us to our initial question – what is a workable way to strike a balance between freedom and privacy?
Last October Seth Colaner noted that the U.S. Federal Trade Commission (FTC) was working on the problem, and had issued a report entitled Facing Facts: Best Practices for Common Uses of Facial Recognition Technologies. According to Colaner, the report presents an issue that many of you already know – because of the combination of technology and data, it is possible to identify people who were previously anonymous.
Now the FTC does not have the power to legislate – only Congress can do that. (And, of course, it goes without saying that neither the FTC nor Congress has any legal standing outside of the United States.) But the FTC can certainly recommend, as Colaner notes.
The FTC report boils the above down into three short and sweet principles:
1. Privacy by Design: Companies should build in privacy at every stage of product development.
2. Simplified Consumer Choice: For practices that are not consistent with the context of a transaction or a consumer’s relationship with a business, companies should provide consumers with choices at a relevant time and context.
3. Transparency: Companies should make information collection and use practices transparent.
While the FTC’s recommendations are laudable, there’s another tension that prohibits wide adoption of them. And that’s not the need to strike a balance between freedom and privacy. It’s the need to strike a balance between profit and transparency.