Slashdot Mirror
Internet of Things Demands New Social Contract To Protect Privacy
chicksdaddy writes "Changes brought about by the Internet of Things demands the creation of a whole new social contract to enshrine the right to privacy and prevent the creation of technology-fueled Orwellian surveillance states in which individual privacy protections take a back seat to security and 'control.' That, according to an opinion piece penned by the head of the European Commission's Knowledge Sharing Unit. Gérald Santucci argues that technology advances, including the advent of wearable technology and the combination of inexpensive, remote sensors and Big Data analytics threaten to undermine long-held notions like personal privacy and the rights of individuals."
I reserve the right to disable the network connection and recording capabilities of any device in a public space with sensors capable of detecting or inferring my presence.
It's getting pretty hard to be an anonymous member of an unpopular minority these days.
Hell, it took me thirty seconds to figure out how to prove someone plays D&D using Find My Friends and one flaky and/or gullible friend to expose location data. And zero budget. When all your crap is posting to Facebook on your behalf
Maybe "we" need more than platitudes. Maybe "we" need an original thought instead of bloated, vomit-inducing bureaucrat speak.
But "we" definitely need to find a new hair stylist, Mr. Santucci.
I think of all the current political terms out there, "social contract" has to be one of the most worthless. It's a "contract" that you "agree" with by not trying to destroy society hard enough. It doesn't actually exist in any concrete form. And the terms of the supposed contract mean whatever the speaker feels they mean at the moment.
Because that worked out so well for the rest of the internet.
We need to be much less tolerant of things that "phone home" to some headquarters. Or accept remote patches. We now have to assume that anything with a remote patch capability can be exploited.
You might think open source would be better. It's not. Even the Mozilla Foundation has become squishy-soft on enforcing their own privacy rules. Check out BlockSite, a Firefox add-on which used to just block requested sites. It was bought up by a company called WIPS, which buys up abandoned apps and puts in back-door tracking of every site visited. After a year of pressure from WIPS, Jorge Villalobos at Mozilla caved in and let them install tracking in an existing add-on and auto update it.
For Linux, Ubuntu pushes an awful lot of updates to supposedly "stable" versions. Is there a back door in there? Is anybody looking?
Its nice thinking and all that, but this will never happen, you might get governments to agree with this even, but Pandora's Box has been opened the vast wealth of information on the internet, and power of controlling it, is too much. When you send anything out in to the world, be it a physical package or ip packets, someone is at the very least going to record who you sent it to and when. Encryption just makes them want to look at that package even more.
The only way to make sure no one is watching is to not send it out on the public networks, unplug, don't go outside!
If you want them to tell you they are not watching, they can do that!
Globalisation
revolutions
intellectual framework
socio-economic system
intellectual framework (twice!)
paradigm
diverse
at stake
data driven
personal data
(he almost said corporation. But avoided it with company.)
The paragraph (now guess what it means!):
Driven by globalisation and technological revolutions, the world is changing fast but the intellectual framework that continues to inspire the current institutions surrounding our socio - economic system dates back to the agricultural and first in dustrial revolutions and the pioneering works of Thomas Hobbes (the “Leviathan” – 1651), Adam Smith (the “invisible hand” – 1776) and David Ricardo (“value comes from labour” – 1817). It is time we realise that a new intellectual framework, a new paradigm, is needed if we are to grasp the diverse complex issues at stake. The idea of connected devices of all sorts chatting away to one another is certainly attractive - most people want to enjoy the new, exciting services that a data - driven future can provide, but at the same time they do not trust companies and governments as regards the collection and processing of personal data.
"First they came for the slanderers and i said nothing."
If the samples being posted here are any indication, I can't read any of it without suffering from fatal government-speak overload. Followed by... the EC has a "knowledge sharing unit"??? What should we infer from that? That other agencies in the EC don't share knowledge, that they have to go therough the KSU if they want to share, or that the KSU is just someplace for the sons and daughters of well-connected officials to go and pick up some extra money over Summer break?
In any event, it just looks to me like government/academic/power elites are the same everywhere. This paper was obviously not written for us. It was written for their chattering class, so they could say they were at the meeting, so they could say they did something while the martinis and power-point rotted away a few million more brain cells on their way to retirement.
As far as I'm concerned, in my home a single entity that post on /. instead of doing the job that is paid for (that's me!) is more than enough.
I hereby do solemnly declare that my fridge doesn't and will never have any other option than to keep my food cool. Similar goes for all the other appliances I or will own (mobile phone included: a mobile phone is a phone , no photocam/GPS/gaming console or Internet-enabled-tracking-device... and it better stays this way dam'it, social contract or not).
Questions raise, answers kill. Raise questions to stay alive.
The parent's suggestion is quite similar in concept to the very popular electronic gadget TV-B-Gone which turns off TVs.
"Copyright on My Personal Information, Data and Meta-data"
All rights reserved
No part of this publication may be reproduced,
stored in a retrieval system, or transmitted in any form
without the prior permission of the publisher (myself),
nor circulated in any form without a similar condition
being imposed on any subsequent purchaser/user.
"My Personal Data"
~name
~address
~phone
~credit card details
~past purchases
~browsing history
~emails
~various meta-data
~location data
~log of events of your life
You would have to have your terms of use of personal data
very visible and present it to sites before you use their sites.
Now you hold all this data and anyone wishing to use your data asks permission
and you grant permission with whatever restrictions you want.
Using various websites usually allows them to commandeer your data
through their legal terms of use.
Whose legal rights would come first ???
Hopefully yours as you are the primary owner of the data.
Your data and meta-data is valuable,
now you can make money from its use,
or not as you see fit.
Now you never have to fill in a web form again.
A web site is given access for a restricted time
with restrictions on dissemination
to a restricted subset of your data as you see fit.
Go well
Don't connect your lightbulb to the internet.
im going to collect all the data i can from all the devices i can reach
then sell them to whoevers paying
and disregard everything else.
I have been wondering about this re my utility meters. Currently my teleswitch (http://en.wikipedia.org/wiki/Teleswitch) enabled electricity meter is read a few times a year, and these readings are clearly the properly of my provider. However in an IOT world my electricity consumption would be continuously available as part of maximising use of solar or off peak rates etc. But who owns my consumption data? No doubt my provider, who owns the meter, would find somebody to sell it to and equally, various 'security' agencies would insist they had to have full access to it. I am sure that careful examination it of could reveal tons of personal info.
The internet of things is a sad joke. There is no internet of things. There is no demand for it. There is no supply of it. It's all talk.
And to demonstrate European commitment to privacy, the plane of Bolivian President Evo Morales was refused permission to fly through the airspace of Spain, France, Portugal and Italy. The plane was later grounded for 13 hours and searched by Austrian police in Vienna. All in pursuit of that terrorist Edward Snowden. Clearly these were the first steps towards "the creation of a whole new social contract to enshrine the right to privacy and prevent the creation of technology-fueled Orwellian surveillance states in which individual privacy protections take a back seat to security and control."
OK, here's a radical thought for you: perhaps we don't need 'an internet of things'?
As it turns out, we also don't need to post our entire lives on Facebook or Twitter or whatever other "social network" is trendy right now. Nor is it necessary to supply them with metadata on every uploaded photo. I don't use these kinds of networks, and amazingly I haven't died yet, and neither has my social life. It'd be nice if they weren't so easily able to capture data about me anyway by encouraging people who know me to supply it against my will, though; there's something very shady about that kind of behaviour.
Something I've heard a lot recently that's interesting is that the younger generation are actually much less likely to use some of these tools, Facebook in particular, or at least to use it in the manner it wants (real name etc.). This is one of my few comforting thoughts when considering privacy in the age of modern communication and surveillance technologies: the idea that future generations will grow up without appreciating the value of privacy seems to be overstated.
A less comforting thought is that they might not get a choice anyway. If devices that have no need for this kind of intrusive technology start incorporating it routinely, you can't opt out without giving up a huge amount of quality of life. Worse, many useful tools can inherently be abused to track people: think of monitoring personal location via mobile phone connections or card payments or smartcards used to pay for public transport, or recording vehicle movements via ANPR cameras and automated systems for tolls etc.
IMNSHO, we need much stronger laws to prevent repurposing of these kinds of data or retaining it any longer than strictly necessary. I think a big part of the problem is that so many people don't even realise what can be done today and how much is being stored routinely without any good reason that there isn't enough political will to drive change, even though if you told people what was happening they might well object.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Most of this stuff is targeted at precisely the demographic of people who DO NOT CARE how its used.
As it turns out, there are many things we don't need to do, but that are nice to do nonetheless. Sharing one's life with one's friends via Facebook falls into that category.
10 years in the future, my scale is going to tell my refrigerator to not open the freezer "to keep that fatass away from the ice cream". so really the benevolence of thinking machines is what bugs me most.
Remember kids, if you're not paying for the service, YOU ARE THE PRODUCT THAT IS BEING SOLD.
Social contract = dirty socialists
Let the hate flow through you.
If your brain bucket lets you believe your favorite time waster site is following a 'social contract' then yes, this is the route for you.
If however you have not lost all ability to reason, why would you use facebook et al?
No brain, no pain.
For Linux, Ubuntu pushes an awful lot of updates to supposedly "stable" versions. Is there a back door in there? Is anybody looking?
You're asking the question for the wrong reasons. In the Linux world things are intentionally broken up into small pieces (according to the "an app should do one thing and do it well" philosophy) so the number of packages requiring an update is basically meaningless. Firefox is 2 or 3 packages while the QT framework is about 30. VLC with all its codec libraries is probably even more than that. Updating just one application can mean a whole slew of updated packages...or just one, depending on what it is.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Hive mind, and all that?
It's not really possible to "opt out" of public surveillance. Can you imagine the difficulty of claiming the right to "disappear" off of other people's Google Glass (maybe by broadcasting a disruptor signal of some sort saying "ignore me, nothing to see here, move along"?
And how do you assure privacy to those who deprive others of it, themselves?
If privacy is outlawed, only outlaws will have privacy...
New thought really is required. Not sure all the angles can be squared.
There is no such thing as a 'social contract', doesn't exist, never did never will.
People doesn't own the internet. A notion of taking up a so called social contract, respecting it or even being required to be bound to one is patently false.
The 'moral' aspect of so called social contracts with a party thought to expect something off someone else generally speaking, that moral aspect doesn't exist at all. There is really no choice and as such there is no moral issue as such, and no contract.
Contracts are specific things meant to clarify ones involvement in some enterprise by merit of taking part of it, as a willful action and of free will.
In law, there are even laws that makes null and void any agreement that demand unlawful things.
Let me see if I understand this correctly: the social contract that *did* exist failed with regard to privacy because private and public entities alike found it was in their best interests to break it, so the solution is to create a brand new one. There are multibillion dollar industries around large-scale analytics for commercial purposes, surveillance for military, intelligence and other purposes, and lots of money to be made by continuing to violate the contract. And for the most part, the overwhelming majority of corporations where this comes into play are all doing it and competing more efficiently as a result...so it's not like market forces have much of an option to go anywhere else. For that matter, a smaller competitor that started up with the goal of respecting the social contract would be at a significant competitive disadvantage. But we should just ignore all that, and just create a new one, instead of moving over to contracts of a more binding nature (like legislation around privacy, perhaps?)
Um...what?
For your security, this post has been encrypted with ROT-13, twice.
When it comes to childrens privacy there's no problem making effective laws and enforcing them. Politicians, companies, the public, everyone accepts and advocates it.
Maybe we'll be saved by thinking of the children.
Yes, I agree completely.
Already, I will not signon to any web page that requires my personal information, nor do I allow any scripts to run. If it does, I simply block the site, and find another.
Yahoo and Youtube recently started bugging people to enter their cell phone number. I'll stop using a service before I provide that information.
Many new TV sets and other hardware require an Internet connection before they will work. I got rid mine, years ago.
To my mind, TPMS is currently the leading candidate for poster child of loss of privacy due to devices leaking my data. Anyone with a little time and knowledge or a moderate amount of money can set up a single or network of detectors to track my car. With a little more time or money, someone could also spoof my tires' TPMS codes, so that my car appears to have been somewhere it wasn't.
Several people drew the line at Obamacare, which they will not go along with on any level. others will not register or recognize any of the "gun laws" which are all illegal anyways. Some people are talking about going after prosecutors for not doing their jobs.
Well.. Ubuntu nowadays does have quite some tracking. Remember the amazon shenanigans they built in to Ubuntu? You have to manually turn this off. How many casual users do you think know that it is even possible to turn this off? Or Ubuntu One? Or unity lenses? Or who assures me there is no back door in Zeitgeist?
Yeah Ubuntu's jumped the shark, I recommend Mint now (usually with MATE).
"When information is power, privacy is freedom" - Jah-Wren Ryel
See http://nabto.com P2P technology for Microcontrollers.
Connect to your your MCU design from everywhere using same technology as VoIP/Skype etc.
Since the connection is made directly peer-to-peer end-user is in full control over who can connect and get data for creating a web-interface (via a plugin to keep complexity on the device down) or for data-acquisition...
Posting ALL data from devices to a central server based on a timer from the lowest common denominator of the systems needing the data is a simple and very NAIVE design approach of such a system...
Other methods include using P2P technology as found in VoIP/Skype etc. systems. This way only data-sources that the end-user accept and authenticate can initiate remote data-acquisition. Yes this is possible even on the smallest MCU's.
What we seem to be having is a confusion between the concepts of privacy and anonymity. Things that occur in public are by definition not private, but we have become accustomed to assuming most of our actions are nearly anonymous. This is quickly becoming a poor assumption.
As it turns out, there are many things we don't need to do, but that are nice to do nonetheless.
Indeed. My point is not that the above isn't true, merely that there are also stronger needs that are impractical to do without and still live anything resembling a normal life in modern society. Safeguards aren't a luxury at that point, they are a necessity, which conveniently can also protect the things you don't need to do but that are nice to do nonetheless in exactly the same ways.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
But safeguards against what? Vacation pictures suddenly becoming public? I mean, if you have something to hide, don't put it on Facebook at all. Privacy settings and limited sharing on Facebook aren't for security or actual privacy, they are for politeness. I don't care whether anybody finds out that I'm a libertarian, but I know libertarian postings annoy my Obama-supporting friends, so I don't push those updates on them (and I expect them to spare me the drivel they post supporting Obama and the Democrats). I don't see what additional "safeguards" I need for social networks. I do need and want safeguards for E-mail, IM, text messages, and phone calls.
But safeguards against what? [...] I mean, if you have something to hide, don't put it on Facebook at all.
Well, we could start with safeguards against Facebook collecting personal data about you from your friends without your consent. For example, I don't understand how anyone could think it's OK for Facebook to grab and store entire address books, giving them e-mail addresses to match to names. It's obviously rude for friends to give up that information if it was shared in confidence, but that doesn't excuse actively soliciting it on a massive scale.
Indeed, the scale on which organisations like Facebook and Google aim to collect data is precisely why different standards need to be established to protect the principles and benefits of privacy today. Merely relying on rules and conventions that might have protected us adequately 20 years ago is no longer sufficient in the face of modern mass surveillance, data mining, and automated decision making technologies.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
IMNSHO, we need much stronger laws to prevent repurposing of these kinds of data or retaining it any longer than strictly necessary
Perhaps - I just can't see that it will make much difference. The problem is that law enforcement is hugely inefficient - just look at patent as an example: if there were enough competent patent clarks, we would probably not have even 10% of the patents registered that we have today. But there are't enough resources available, so what is basically a good mechanism meant to protect the interests of the clever inventor, has become simply a tool that big corporations use to bully those with less resources. In the same way, more legislation will simply become another way to bully those with less resources.
I'm not so worried about adverts - over time I have learned to ignore adverts even to the extent of making a point of not buying things that advertised agressively. I don't think I am the only one either.
It's the same with privacy - of course I don't enjoy the thought that some odious lowlife may be poring over my innermost secrets, but it's just part of life, whether we like it or not. And who knows, maybe one day we find a way to make it either pointless or hideously unattractive - I would imagine ogling me in the nude is already pretty close as it is.
Thank you for making such a strong argument that there should not be any further "safeguards" put in place; regulating this would be an unacceptable intrusion on private conduct.
You postulate nebulous threats and demonize a couple of companies that have never done you any harm. All of this vitriol against those companies distracts from who you really should be worried about: national governments and their spy agencies.
In fact, your views about data protection are so naive and distorted that it sounds to me like you might be European, because demonizing private companies while every government agency snoop through their data and giving up every private piece of information is just what they are doing.
regulating this would be an unacceptable intrusion on private conduct.
Well, if you really believe that someone should be free to tell anything about anyone to anyone else, regardless of how sensitive the information might be or whether it was provided in confidence, then I guess you and I just have very different views on socially acceptable behaviour.
You postulate nebulous threats and demonize a couple of companies that have never done you any harm.
The position I'm advocating here is not specific to Facebook or Google. They are just examples, and I also gave numerous other examples in my very first post to this thread. In fact, my main point here is that while you don't have to use Facebook or Google, there are other activities that are essential to living in modern society but carry similar risks of allowing surveillance as a side effect. If those risks aren't balanced, the system is open to abuse.
Also, you have no idea whether using Facebook or Google has ever done me, or you, or anyone else any harm. Given all the recent revelations about governmental abuse, anything you ever told Facebook or Google, or anything anyone else ever told them on your behalf, might be used against you in all kinds of ways. There have already been plenty of examples of people being arrested, prosecuted, sued, or otherwise attacked, and in several different countries, because of things they said on social networks or terms they put into search engines. (Some of those cases were probably legitimate, too, though others obviously weren't. I'm not judging the individuals here, just demonstrating the risk.)
In fact, your views about data protection are so naive and distorted that it sounds to me like you might be European
Was that supposed to be some sort of insult? I promise you that calling me names and insulting my background doesn't make your argument more convincing to me, and I doubt it's going to look good to anyone else reading this either.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
It's the same with privacy - of course I don't enjoy the thought that some odious lowlife may be poring over my innermost secrets, but it's just part of life, whether we like it or not.
Why? If that behaviour is against our moral values, what is to stop us from prohibiting it by law and punishing those who act in socially unacceptable ways?
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
We have the same views on socially acceptable behavior. But it isn't the government's business to regulate socially acceptable behavior. When we used to give it those sorts of powers, it used to penalize lots of behavior among consenting adults. It took a couple of centuries to put a stop to that, and we shouldn't start it again.
Yes, those are big problems. Arresting, prosecution, and lawsuits all involve governments and the legal system. Facebook and Google are only revealing this information because governments force them to do so. Telling Google or Facebook not to scan your E-mail for social network information is ineffective, because governments can (and do) just scan those E-mails themselves. So the problem there is with governments misusing the data, not with Facebook or Google.
No, it wasn't supposed to be an insult, it was an observation: your beliefs are similar to European beliefs, and the European beliefs about privacy are wrong and inconsistent. Apparently, my observation was correct. If that insults you, the problem is with you.
But it isn't the government's business to regulate socially acceptable behavior. When we used to give it those sorts of powers, it used to penalize lots of behavior among consenting adults.
The behaviour I described before is unacceptable precisely because it is not done with the subject's consent.
Facebook and Google are only revealing this information because governments force them to do so.
That may be true for those particular organisations and today, though it's already clear that plenty of commercial organisations have in fact provided sensitive data to governments without any legal obligation to do so. There are unfortunate systematic influences that clearly promote such behaviour in the absence of laws actively preventing it. ("Well, you don't have to give us this data without a warrant, but it'll be a shame for that multi-million dollar government contract you're bidding on if you don't.")
Moreover, there have already been reports of insurance companies trying to run background checks against applicants via less than clear channels, and then adjusting rates in light of what they find. If you're talking about something like car insurance without which you can't legally drive or health insurance without which you quite literally might not live at all, that is about as serious a privacy concern as I can imagine. This isn't anything that directly involves the government, though of course that government made the law that you need motor insurance to drive and set the policy on how healthcare is funded. And again, this sort of arrangement is likely to become more common, given that it is probably a mutually beneficial deal for all commercial parties involved, unless something actively stops them and protects the individuals whose data is involved.
No, it wasn't supposed to be an insult, it was an observation: your beliefs are similar to European beliefs, and the European beliefs about privacy are wrong and inconsistent.
FWIW, you have an interesting idea of "not an insult". I am British, so I am European, though also well aware that there is no single "European belief" on just about any political matter. That said, from my point of view, the European trend for preferring privacy to more liberal freedom of speech seems just fine. In fact, as I get older and hopefully wiser, I increasingly favour the view that strong privacy protection is essential to safeguard many other valuable freedoms, including the freedom to express your own political views and to associate with others who hold similar views, which I claim is self-evidently necessary to maintaining a functioning democracy.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
We agree that it is "(socially) unacceptable". But there is a big difference between "unacceptable" and "illegal".
Even if that were true, it is still governments that are abusing that information.
So, in essence, you want to entrust governments with enforcing data protection laws against corporations in order to keep corporations from giving data to governments because those governments would be abusing that information if they got it. And in order to let governments enforce those new privacy laws, they get even easier access to private data in order to be able to audit it. You don't see the folly in that?
And the problem with that is... what? I like my insurance companies to assess risk well; it lowers my rates and encourages others to behave better. If you have a clandestine drug habit or eat too much trans fats, and that's showing up in your grocery bills, yes, I hope your rates go up; way up, in fact. Why should you be able to socialize the costs of your bad behavior?
Free speech has nothing to do with anything we are discussing here.
Too bad that you and people like you are undermining our functioning democracy by giving ever more powers to governments, which then promptly turn around and abuse them.
What I said before was an observation. An insult is: "you are an ignorant fool". Consider yourself insulted now.