**This article was featured by the Mobile Ecosystem Forum, March 29, 2019.**
Last week I stumbled across two articles that got me thinking. The first article was a summary of the "2019 State of Password and Authentication Security Behaviors Report," released by Ponemon Institute, sponsored by Yubico. The second article was released by Wired March 8, 2019, "You May have Forgotten Foursquare, but it Didn't Forget you," written by Paris
The Yubico report investigates individuals' beliefs and behaviors surrounding password management and authentication practices at home and work. The Wired article talks about Foursquare's
The Ponemom study asked people an important question, "Why are you more concerned about your privacy?" The number one answer, government surveillance; 59% report that they are concerned about government surveillance.
George Orwell popularized the concern for government surveillance, aka "big brother," and the harms that can come from it with the release of "1984" in 1948. The worries from government overwatch suggested by Orwell continue to this day, especially with events like Snowden exposing NSA data mining practices in the United States. However, as objectionable as government surveillance may feel, is this really where people should direct their focus of concern? Perhaps not.
It is not government surveillance that we should be worried about, but rather the growing practice of surveillance capitalism. Surveillance capitalism is a term introduced by Shoshana Zuboff in a 2014 paper "A Digital Declaration." Zuboff suggests that surveillance capitalism is the practice of industry players capitalizing on the collection, refinement, and monetization of peoples digital exhaust, their physical and digital behaviors. In just the last couple of months, as evidenced by a Google Trends search, an awareness for surveillance capitalism is taking hold.
The Foursquare Hypertrending app is a perfect example of surveillance capitalism. Foursquare's location APIs are integrated into a wide-ranging number of apps. Through this network of apps, Foursquare is collecting peoples data, which is then being used and monetized in ways the majority of people can't really fathom. Moreover, these same people are missing out on the opportunity to share in the wealth generated from their data being contributed to the pool. In other words, people are the workers producing the supply and goods enriching industry, but they're not getting paid for their effort.
It is easy to call out Google, Amazon, Facebook Microsoft, Apple, or even Foursquare as the driving forces behind surveillance capitalism, but this would be too easy. The reality is nearly every industry and tens of thousands of companies around the globe are feeding off of peoples identity and personal information to infuse their business models and product offerings.
Surveillance capitalism inherently is not a
Consider the 2017 Equifax breach, for instance; two-thirds of the United States population through one incident become a victim of identity theft because a commercial company, which most people are not even aware of, mishandled their personal data. Or, consider the Facebook Cambridge Analytica debacle that breached peoples trust and data, which has had a huge impact across all industries and is a debate that rages on to this day. These are just two major incidents that easily come mind when we think of the harms of surveillance capitalism, but there are more. Let's not forget Yahoo!'s breach of 3 billion accounts in 2013/14, Marriott's breach of 500 million accounts in 2018, Adult Friend Finder's breach of 412 million accounts in 2014, eBay's breach 145 million accounts in 2016, and more. According to Gemalto, over 14 billion data records have been breached since 2013, and only 4% of the data was secure, i.e. encrypted. But, it is not just data breaches that should concern us. Foursquare has not breached our data with the Hypertrending app. I'm confident they have the legal rights to do what they're doing. But, I'm not confident that people really understand the service or that they agree with the idea that a single commercial company has such intimate knowledge of their every physical movement and uses this knowledge in ways they did not explicitly agree to? It is hard to tell. Even the Foursquare CEO, according to Martineu, is not sure, he does not know if people will find what they're doing cool or creepy, but they're doing it anyway. This is surveillance capitalism.
According to Daniel Solove (2006) there are sixteen categories of harm that people may be exposed to when their privacy is infringed and their identity and personal information
Here's the thing, our system does not really protect the individual for when something goes bad. For instance, if a service breaches a person's data and trust, in the short-term the person may get some support, e.g. a free credit monitoring service, but in the long-term, they won't be covered. The true effect of the data misuse may not materialize for years, in which case the victimized individual is left cleaning up the mess themselves, years later, and is unable to hold the entity that caused the harm accountable. Identity analysts suggest that it may take anywhere from eight hours to as 200 hours, six months or more, and $10,000 to recover from identity theft.
So, what do people do with their concern? What actions can and should they take to protect themselves in the face of surveillance capitalism? The first step is not to panic. There is a lot of good out there. In fact, I believe the good far outweighs the potential bad. The sky is not falling, the boogeyman is not going to get us all. In fact, the vast majority of industry players are there to be of service to people, not to harm them. But, again, there are real risks, and harms that should be recognized, managed and mitigated, and opportunities realized. To accomplish this, people must start taking actions into their own hands. Each and every one of us must,
- nurture and develop an understanding and awareness of really what's going on; take the effort to know how our identity and personal information are fueling the world's economies at both macro and micro levels
- be willing to change our intent and behaviors to mitigate risk an optimize opportunity
- secure insurance and professional help for when they're needed
- enact our individual industry and government identity and personal data rights; demand our digital sovereignty when at all possible; in other words, use it or lose it, as the saying goes
- adopt active and passive technologies (e.g. password managers, ad blockers and tracker managers, antivirus software, VPNs, encrypted messaging, secure devices, personal data stores, etc.)
I'll write more on the above actions later, a group of actions I refer to as the five-pillars to digital sovereignty.
In reflection to all the above, I'd like to encourage us all to take a step back and consider that neither government surveillance nor surveillance capitalism should be our greatest concern, rather our greatest concern is that lack of an identity and personal information equilibrium within society. We are lacking a balance of power and access around how an individual's identity and personal information is used throughout society and the world's economies. To address this concern we need to find the Identity Nexus, an equilibrium between how governments, commercial entities, and individuals themselves exchange identity and personal information. It is within the Identity Nexus that we'll all have the greatest opportunity to thrive. Governments will be able to nurture growth and protect their citizens, organizations will be able to innovate and grow, and people will be able to maintain free will, sovereignty, find and maintain joy.
No Comments.