Worrying too much about privacy? (or not enough?)
I'm privacy minded. Perhaps a little obsessively; after all, I have very distinctive hair and I regularly hand out business cards with my address, email address and phone number on and our office number is in lots of journalist contact databases available commercially - yet I use a JavaScript obfuscator to stop spambots scraping my email address from our Web site and never publish photos showing the inside of our office.
It took me a while to realise that the name badges for the Google IO conference we went to the other week had QR codes on; which made sense of why various people who said to me 'feel free to get in touch' at the conference flapped their badges at me - at the time I though they were inviting me to remember their name and look them up online. Actually, if I’d scanned them with a smartphone with a QR app on, I'd have got at least their name and possibly their details. Having not paid quite as much attention as I might have, I only realised what the QR code was when I took off my badge and thought about recycling it. We scanned Simon's badge and got his name, address and phone number; he remembered ticking a box to share contact details that I hadn't ticked and scanning my code revealed only my name, with a Web search to look me up. Comparing the barcodes, it was obvious that there was far more information in Simon's barcode than in mine - it had far more shapes in the code.
I thought about tearing off the QR code, or shredding the badge; it turned out to be a thin plastic sheet rather than paper and was very hard to tear by hand (and I'm guessing it's not recyclable). And with just my name in - which is already printed on every conference badge I throw away - it wasn't worth worrying about. But it did make me think about how much information we routinely leave lying around in plain sight; addresses on luggage tags that we don't expect anyone to look at unless our luggage gets lost, contact details on conference badges that we expect to only get scanned by people we allow to get close enough to focus their phones on our badge. If I'm going to the trouble of taking a long-distance photo of your barcode with a good enough camera to be able to scan the bar code, I'm making enough effort that you shredding your conference badge isn't going to stop me. If I'm sufficiently motivated, you're going to have to go to extraordinary lengths to keep your privacy (as every celebrity who's seen a paparazzi shot of their private lives knows).
But if we want companies who can make a lot of money by correlating information about us to respect our privacy, we might have to start thinking a little more mindfully about the kind of details we routinely scatter in our wake. It used to be possible to have a private conversation in a public place because the likelihood of anyone who was interested being at the next table in the pub was vanishingly low; it still us, but when our public space is online it's very different. Online forums that feel like intimate, private spaces are public, indexed spaces - but we don't usually think of that when we post or tweet. We assume no-one cares about our details - and probably, unless you have a very strategic job or a celebrity career nobody does, unless they want to sell you something (or they're a creepy stalker ex). But your company might have something worth stealing, and social engineering is used by criminals every day in scams like pretending to be a friend stranded in a foreign country.
There are a lot of questions we're going to have to face as the next generation of technology arrives. As computer vision and facial recognition becomes more common and more powerful, how are we going to stop someone finding and tracking us in the real world? If we're going to start tracking our steps and diet and weight and medical status and analysing that, how public do we want it to be?
The real issue is that the balance has shifted, because it's just so easy to find information and make correlations. If I know where your car is parked at 3am several nights a week, I know where you live. If I have your name and postal code, I know exactly who you are. If I can see your Facebook account, I can probably find answers to the security questions it takes you reset your bank password in the quizzes you've answered… Probably none of this matters the vast majority of the time for the vast majority of people. But we should at least be thinking about whether it does - and allowing for the times when it does, without feeling that worrying about privacy is the step just before putting on the tin foil hat. Mary Branscombe