If our privacy is going out of the window anyway, let’s go the whole hog! Why let the Big Data/Internet of Things future be a plethora of individual apps/processes when it could be just a simple ‘global identity’ for each of us? [‘tongue-in-cheek mode’ enabled]
Let’s concoct a future scenario (extended from a passage in the book) to work with … You’re out for an urban stroll. You buy a bottle of orange juice along your way, and drink it as you’re walking. Half a mile down the road, you throw the empty bottle in a bin. Not that inspiring? OK, let’s IoT/big data it up a bit …
Your exercise is being monitored as you walk. When you buy the bottle, the cost is automatically debited from your bank account. Also the juice’s nutritional information is fed into your fitness tracker along with your steps. At the same time, the juice/bottle’s carbon penalty is added to your personal carbon footprint. If you dispose of the empty bottle in an approved recycling bin, some of that carbon penalty is credited back to you. The balance is your carbon tax to pay, although this is mitigated by an adjustment against your health tax: calculated from your fitness tracker’s juice and steps data. The net cost is also taken directly from your bank.
So, how might that all work?
Well, most of the individual apps exist already so, with a bit of artistic licence, a crude patchwork would be this:
- You’re using (say) a FitBit to count your exercise/steps
- Pay for the juice with your contactless credit/debit card or (say) Apple Pay (and debit bank account)
- Scan the barcode into (say) your MyFitnessPal diet app
- Scan the barcode into your Carbon Footprint app (something like MyEarth, although it’s not quite clever enough for all this yet)
- Continue to record steps and scan the barcode again when you recycle the bottle
- Run another app to pull all the exercise, nutrition and environmental data together and calculate the tax to pay
- Debit again from bank account
But we’ve already gone beyond some of this, or we’re about to. There are a few obvious areas where we could slick this up a bit … now or soon:
- RFID (or similar) tags replacing barcodes (when they’re grown-up enough to work properly) to make reading the item easier
- Many fitness and diet apps already talk directly to each other, or replicate each other’s features – so the in/out calorie calculation is automatic
- Wait to perform a single bank transaction later, when the whole process is complete
But we’re still somehow reading the tag twice for the diet and carbon apps – and, come to think of it, the shopkeeper probably had to do that in the first place too – for their own systems. And how would we ‘prove’ that we’d disposed of the bottle correctly? Also there’s still a need for an ‘external’ calculation; and why would the Tax Office trust the calculation? All in all, it’s not really as ‘joined-up’ as the IoT ideal should be. Maybe that’s where the clue lies?
Let’s jump a few steps (years) ahead and think how we might ideally like this to work. How about this?
- You simply take the bottle from the shelf (no shopkeeper)
- Drink it and throw it away when you’re finished
- Er, everything else … just happens
OK, so how would we do that?
Well, there are probably lots of ways in all; but two, in particular, are interesting – sort of at opposite ends of the ‘distributed/centralised’ spectrum:
- A number of separate apps for each ‘domain’: bank, health, carbon, work, leisure, etc. (largely as now) but get them (all) talking directly to each other somehow, or
- One single app running all the processes for all the domains (across all the user’s devices)
(1.) is where we’re heading at present. But for how much longer? The number of apps isn’t viable if we’re going to get them all talking to each other. If there are a apps, all needing to talk to each other, then there are a(a-1)/2 potential inter-app data interactions. Although there might not have to be every one of these, in principle, each time a new app is added, it has to be written to talk to each of the a others, each of which need to be modified to talk to it. There will be huge levels of data/process duplication and the potential for loss of synchronisation would be enormous. And we still haven’t addressed the question of why the Tax Office would want to trust any of this.
An alternative would be to produce some sort of controlling ‘SuperApp’, which acted as intermediary among all the others. With a modular design, it could be written specifically with the required flexibility to welcome new domains/apps into the system. Each and every individual app, on the other hand would only need to be written to communicate with the SuperApp, and would be otherwise impervious to later additions. Moreover, the SuperApp could be an approved/certified/required government-issue to address the question of trust and reliability. Data would only be stored once for all apps and the SuperApp would manage domain access to it – including changes.
But, hang on a minute; if the SuperApp is going to control everything, what’s the point of the other apps at all? If all the apps are running together and sharing resources (hardware, and data), and the SuperApp is running an approved algorithm and verifying everything it’s getting from each of the others, across all devices, then why bother with so many individual apps in the first place? Why not just let the SuperApp collect and process all relevant data and process it internally as needed by each domain. We’ve arrived at (2.).
In terms of our scenario, it would work like this:
- Taking the bottle from the shelf triggers an RFID event for both the shop and the user (the tag is read once only)
- All relevant user data (bank, health, carbon, etc.) is read centrally by the SuperApp (which is already recording exercise)
- Disposing of the bottle past an RFID sensor triggers another event (in this case for the user and the recycling service) and all data is updated
- The SuperApp updates the user’s ‘personal ledger’ across all domains and relevant actions (payments, etc.) are made at the end of each day (say)
Of course, a SuperApp doing everything for us, processing all domains, sharing common data across platforms, approved by the relevant authorities, isn’t so much a single app as a global identity. Warning bells? Yes, there should be. Because what we would end up with would be a complete record of everything we’d ever done: a complete observation of our whole life. And, of course, not just for us but for everyone! It would include:
- A global receipt database of everything ever bought
- A global record of where everyone had ever gone– and when (see A Real “Marauder’s Map”?) and thus, in turn …
- Every human interaction that had ever been
(As a relevant aside, a passage from the book reads, “She was trying to distract herself with a court case for which she was to be called as an expert witness. A couple alleged to have had an extra-marital affair (not the central subject of the case but a ‘feature’) had both posted data from their fitness sensor watches on an open online repository. An aggrieved partner had located the data, run a series of analysis programs and shown a strong (almost certainly statistically improbable) correlation of intense physical activity, at intervals over time, between the two devices, even though their respective owners claimed to have been nowhere near each other. This ‘accidental’ or ‘de-anonymising’ use of big data analytics was becoming increasingly common and this one had all the hallmarks of a significant test case, not to mention the fun the media were having with it: ‘FitBit on the side!’ and other variations were rife.”)
Would we really sign up to a system like this?
Well, a knee-jerk reaction ‘NO’, is dangerous here because it’s not that simple. In practice, it would go a lot like internet banking and online shopping have over the years:
- In the early stages, some people wouldn’t for sure – but some would for the novelty (just like with current ‘innovations’) – particularly those from the simplistic “If you’ve nothing to hide, you’ve nothing to fear” brigade
- Those who felt the benefits outweighed the risks would be encouraged with further ‘conveniences’ to prove their value to others
- Slowly, more and more people would take it up
- Eventually, new developments would start to assume that people were ‘signed up’ to ‘the system’
- It would become difficult to operate outside of ‘the system’ – effectively difficult to go ‘off the grid’
- ‘The system’ becomes complete
And the global identity would have arrived.
And will it really happen? Well, the answer may be out of our control – and may be driven more by commerce than ethics. It’s not quite inevitable but, like many other future threats, it’s unfair to blame the technology. The technology’s coming, whether we like it or not. How it’s going to be used isn’t a technological question: it’s a political and economic one. To stop it, there will have to be much more fundamental changes to bigger underlying systems. That may be the unlikely bit.
Ultimately, when we talk about privacy in future, it’s not going to have much to do with what we choose to share on social media, etc. And it may not be something we have much control over anyway. We need to break out of this notion that citizens/consumers have individual autonomy – we never have had and we (possibly) never will. Choosing to give away our data isn’t a personal decision – it’s a political one – so we can only fight it together, not individually.
But, if we’re really happy to wave good-bye to every last shred of our privacy anyway – and we appear to be, … why not!?