In Daniel Suarez's book "Freedom," he describes a world in which members of a revolutionary "darknet" use glasses with heads-up displays to literally visualize the publicly available information about every person on earth.
It floats above them as a callout: Social Security numbers, bank balances, cell phone numbers, addresses, purchasing history, baby pictures, social network posts. That data is visible by anyone with the means to harvest it, and it can be manipulated at will by malicious hackers (like Loki, the Suarez character who "data curse" on someone who annoys him), by governments, and by companies.
Hopefully, you've all realized that Suarez's vision is hardly one of the future: it's a vision of the present. Welcome to the age of data. It's time to get control of your assets.
This week's iPhone location tracking scandal is just the latest glaring spotlight on how much of your personal information is gushing out the door, whether unprotected on your own devices and ripe for the picking, or into corporate and botnet servers worldwide. And despite reports of a Steve Jobs e-mail declaring that Apple doesn't track anyone, Apple's general counsel told a congressional inquiry in June 2010 that "(t)o provide the high-quality products and services that its customers demand, Apple must have access to the comprehensive location-based information."
Apple is hardly alone in demanding this level of comprehensive personal information. The iOS location-tracking revelations come on the heels of a federal investigation into mobile application data sharing. Investigators charge that seemingly harmless apps like Pandora are, while they're streaming you highly customized media, are also sending "age, gender, location and phone identifiers to various ad networks," according to the Wall Street Journal. The Journal report found that the majority of the 101 apps it tested sent some personal information to a third-party data broker, largely without your knowledge.
Subsequent investigations found that most Android phones transmit some user information, including location data, back to the mother ship, as well, with Google saying only that the data wasn't "traceable to a specific user." (The merits of that argument are up for debate, to say the least.) Even Microsoft is gathering location data on Windows phones.
Sadly, this informational espionage should hardly come as a surprise.
The new cost of "free"
Personal information is the currency of the post-technological age, and the cost of "free" has never been higher. Your data, on an increasingly minute and personal level, powers every Web or network-based company, from start-up to monolith.
Google maintains literally acres of servers dedicated to storing your communications--from e-mail to texts to the transcripts of your voice mail; your browsing and shopping habits; your blog posts; your photos; your calendar appointments; and of course, your intensely personal search histories. If you're logged in to a Google service, that information is all tied to your IP address. Only the thinnest of artificial technical barriers--a sort of loose privacy honor system--keeps Google from combining the data into a scarily accurate digital version of you (like the first digital Cylon, if you will).
But pity poor Google, which must gather all this information by increasingly intrusive means, like the DoubleClick ad cookie that tracks your browsing all across the Web, surreptitious Wi-Fi sniffing, and sending location information about you back to its data centers even when you're not running location apps.
On the other side of the aisle lies Facebook, which has cleverly cajoled 500 million users (and growing) into giving up virtually all the same information for free. Profiles, Places, Deals, and of course, the ever-present Like button, which lets you easily record your preferences for everything from opinions to shoes to celebrities and bands...you can almost imagine Facebook whispering a little "thank you" every time you click that little blue button.
Want to understand why Google is so desperate to get into social that it's tied part of every employee's bonus to the success or failure of that strategy in 2011? It has nothing to do with helping you share your photos and restaurant check-ins, and everything to do with data collection--and data connections.
The real magic of the new world of data collection is far more than just hoovering up reams of anonymous or semi-anonymous information. The real magic is in using that data to draw connections between action and reaction, consideration and purchase, brand and affinity, and to sip from the holiest of all commerce grails: recommendation.
The Web as real-time recommendation engine is the ultimate goal of initiatives ranging from the Amazon recommendation queue to Netflix's $1 million prize to the team who improved its recommendation algorithm by 10 percent or more to Facebook's original Beacon program.
Foursquare is working hard to integrate recommendations into its check-in service; Yahoo just spent a reported $20 million to $30 million on a TV check-in and recommendation service called IntoNow that's just 12 weeks old. It's a pretty simple equation: if they can figure out what you like, they can sell you more of what you like.
And the key to recommendation is scale. You can't do the math until you aggregate as many likes, dislikes, check-ins, one, two, and four stars as possible. All of these services depend, first and foremost, on you providing the data for them to crunch. And thanks to your life online, and, increasingly, the phone in your pocket, that data is as ever-present as the air we breathe.
See, but Google, Facebook, and Apple are the companies we "trust," like we trusted that Pandora was just delivering great '80s tunes on my now-dusty Bon Jovi station. So, where's all our information going? To a silent but deadly collection of data brokers, marketers, and data aggregation services.
These ranks include Epsilon, recently the subject of what Computer World called "the hack of the century." No one knows how many e-mail addresses were exposed in the Epsilon breach, or the full scope of what else may have been revealed, but it has more than 2,000 clients and handles 40 billion e-mails a year. Its database of active shoppers (which included those who opted out but were retained in the database, if not actively emailed) was a gold mine for hackers and spear phishers, and there are 25 more companies where they came from--and that's just email marketing.
What should you do?
What can you do? The short answer is, not a lot. Sure, you can go opt out of every data broker on the list, you can stay off the grid, you can give false names and live on cash. But the real question is: do you need to? Or, should we accept that we're in the age of data and embrace--nay, demand--that the data transparency go both ways?
The real problem is not just that our data is hung out there like underpants on a camp flagpole. It's that the data sharing is, right now, largely a one-way street. The new economy is a data vampire: sucking us dry one overshare at a time. But like blindfolded cows at a slaughterhouse, we have no idea what happens next. Some sites won't give the information back, like the way some online galleries would take your photos and not let you download them again, while others refuse to play nice with each other, like Facebook and Google and their ongoing data sharing spat.
It's time to take control of your data. It's valuable and it's time to stop giving away the milk without at least examining the milker. Sure, these companies will argue that you get something in return: real-time traffic data from the location aggregation, ads so personalized it's like they psychically knew you were in the market for the perfect pair of nude pumps, and of course, the fun of looking up old high school friends on Facebook, the free email, the astoundingly accurate search results, and the really great Bon Jovi Internet radio station. That's all true. You get that. But they get billions of dollars (at least Google does and Facebook will and everyone else is hoping to). You don't. So, let's have a little quid pro quo, here, ok?
This is what we will demand. We will demand true opt-out on an app by app basis, and I for one won't use the mobile version of Pandora again until I have an e-mail from Pandora offering me said opt-out and an upgrade to the paid version. Don't tell me a complete data sellout is the price of free services: this is the first world, guys. I can live without Pandora, and I can afford to pay for it if that's the alternative. We will demand transparent terms of service that explicitly tell us who's buying our data. We will create legions of dummy e-mail addresses that forward to our real ones, and we'll give them to Banana Republic, TiVo, Chase, Macy's, and Wal-Mart.
Oh, and Apple? You will 'fess up to why you're creating location logs that would make a cartographer (or the NSA) cry, and you will either explain why we should continue to allow these phones and iPads in our homes, or you'll let us opt out. For real.
Take the time to own your own data and clear the Web of any information you'd rather not be out there--you can at least try to opt out of sites like Spokeo and other aggregators, if only to protect the most sensitive information. And you don't have to trust the cloud. Ironically, despite its aggregation of information at a scale that would make Skynet envious, Google has engineers in-house who've created the Data Liberation Front, which lets you freely export your own information from the big G. Facebook lets you download everything you've ever posted (surprising, right?).
If you just want to back up and retain your data, services like Backupify index your cloud data and back it up, while Greplin lets you index the cloud services and search them, too (yes, I'm aware that both sites may engage in the same kind of ad targeting or data brokering I'm complaining about: read your terms of service, folks!).
And hey, as long as start-ups are making money brokering data, I'd like to see one that lets you see, say, your Data Score. If Greplin or Backupify can index your cloud information, why can't a company index it and parse it? A Data Score could tell you how risky your overshares are: does it make you unemployable, or just questionable? It could tell you what data is unintentionally public, like the cell phone number you thought you were hiding behind Facebook's byzantine wall of privacy settings. It could even perform a TurboTax like audit, and warn you when publicly available information about you might lead to easy identity theft or obvious phishing attempts.
The best disaster mitigation is preparedness. At some point, data trading is the new information economy, our privacy expectations will adjust accordingly, and yes, there are benefits. But we shouldn't stumble blindly into it--we ought to at least be willing and informed partners in managing our digital identities. Then we can click the ad for those perfect nude pumps in relative peace. After all, they do go with everything.