Privacy is an illusion

Welcome to the ant farm

If you want to understand human kind’s current relationship with privacy, buy an ant farm.

For around $20, you can purchase a slim, tall, and translucent ant colony home and then watch with fascination as dozens of ants go about their rather complex and hierarchical lives, oblivious to your gaze. It’s more mirror than science project. Like the ants, we go about our lives no less ignorant of the countless constant watchful eyes gazing back at us.

We should be more aware of privacy than less. Our concerns are greater and, without question, our relationship with digital privacy has never been more complicated or experienced more changes.

We obsess, with good reason, over how Internet and social media companies like Facebook, Instagram, Twitter, Google and YouTube are using our personal data.

Yet, we’re constantly sharing new information on social media.

We’re convinced that our smart devices are listening to private conversations and sharing valuable insights with advertisers.

Yet we gladly mail our own DNA-filled saliva to DNA-testing companies.

We’re deeply distrustful of most technology companies.

Yet we carry our location-tracking phones with us everywhere we go.

And where we go, there are cameras watching.

We’re in the middle of a tug-of-war between our need for privacy and desire for personal connection. Perhaps upcoming sea changes in digital privacy rules will help shift the balance.

Big changes

Recently, a tidal wave of Terms of Service change updates flooded my inbox. Virtually every online service I ever used is alerting me to significant privacy policy changes that go into effect on May 25. Facebook, Google, LinkedIn, Twitter, Sonos, every one of my newsletter subscriptions, they’re all updating privacy policies and requesting the right to continue service and content delivery. These companies are not changing because it’s the right thing to do. They’re doing it to comply with the European Union’s updated General Data Protection Regulation (GDPR).

The GDPR includes some of the strictest user privacy and data control policies I’ve ever seen and touches virtually every technology company that serves consumers in the EU. It doesn’t matter where they’re based. According to EUGDPR.org:

GPDR … will apply to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not.

Hiding behind lawyers and law book terms is not an option:

Companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent.”

The GDPR has equally strict rules about the right to be forgotten, opting out, ending memberships and access to data.

These are incredible changes that will help people feel better about their engagement with Facebook, Google and others.

But we won’t be any more private.

Privacy treadmill

First, the privacy train left the station ages ago. Unless you’re a newborn, your personal data is littered across the web like feathers from a busted pillow. It’s in every search, like, tweet, Netflix binge, Amazon purchase, Google Search, over-stuffed email inbox, and GPS-enabled trip. Obviously, a lot of it is anonymized, but certainly not all of it. To scrub your personal data footprint from the Internet would take a herculean effort. If you ever spent any time trying to clean up your high school and college social media profiles before you entered the adult working world, you have some idea of what it takes and how embarrassing bits and pieces, like comments you left on a blog post, can get stuck in the nooks and crannies of the World Wide Web.

Let’s say, for the sake of argument, you’re successful. You downloaded your data and deleted Facebook. You stopped using Google, exited Twitter, and cleared your browser history. You also, somehow, convinced your ISP to delete all their records of your activities. You deleted old texts and had your contacts do the same (I’m sure they’ll comply with a smile on their face).

You block all cookies and ads on every web site.

All the information social media, search and Internet companies have on you is now vapor. Even with a subpoena, no Internet company could hand anything over because they have nothing. That should cover it, right?

You’re still the ant in the farm, so, no.

Even if you stop shopping on Amazon and spend all your money in brick and mortar retailers, most will keep track of what you buy with them.

You left your phone behind, but your car has built-in GPS and if your drive on any toll roads or over a bridge using E-ZPass, it’s easy to track your comings and goings.

And then there are the cameras. They’re in every device, outside homes and on doorbells, on more and more car dashboards, on every street corner and in most buildings and elevators. Back in 2010, CCTVs in the UK were credited with helping solve almost six crimes a day. In China, we’re seeing the logical conclusion of all this surveillance: The ability to create a social score based on, at least in part, your activities and behavior in front of all these surveillance cameras.

Even without all this surveillance technology, humans have a habit of eagerly delivering their private data when they perceive a benefit or payoff. The relatively recent proliferation of personal DNA tests services like 23andMe, Helix (where I sent my DNA and learned — surprise! — I’m 99% Eastern European Jewish diaspora), and Ancestry.com is driven both by the availability of affordable technology for DNA testing and by a deep-seated need to understand our place in this world. Ancestry.com’s commercials also show a 20-second journey of self-discovery as, for instance, a man who believed he had German ancestors learns through DNA testing that he’s 100% Scottish. I’ve often wondered how one could know so little about their near- and distance relatives to get their ancestry so wrong.

These sites promise to not share your data, but some will encourage you to do so with the juicy carrot of finding long-lost relatives. 23andMe’s Relative Finder tool will connect you with others’ sharing their DNA-data on the service, based on how they match with your own DNA. I can imagine this is a godsend for siblings split up by adoption, or family lines severed by tragedy.

Recently, investigators used a similar genetic matching service called GEDMatch to track down the Golden State Killer. Unlike 23andMe and Ancestry.com, GEDMatch doesn’t collect original samples to analyze DNA. Instead it uses the data from these services to identify family matches. Police used DNA from one of the crime scenes and uploaded the DNA data into the GEDMatch system to find Golden State Killer family matches from other people who’d loaded data into the service.

It’s not entirely clear how the Golden State Killer’s relatives’ DNA data got in the system, but, for me at least, it’s just another reminder of how much of our critical data is out there and available for analysis.

My suggestion is not to try and scrub all your personal data from the Internet (it’s the ultimate Sisyphean task), but to ensure that what’s out there is at least an accurate description of your role in the ant farm.

And smile for all the cameras.