I bet there are thousands of blog posts advocating privacy and explaining why people should resist governments and companies collecting personal data. I dare to write yet another one because I would like to make a couple of points that I have never seen made before. This post will discuss one of these two points: the unknown risk.
A couple of years ago, I made one point, which I have never yet seen repeated by anyone, although I still insist that it holds. I stressed, in this post that enabling advertising that is better targeted implies higher return on investment in unsolicited mail. This increase leads to more money being diverted to spam campaigns; money that will eventually feed resources that fight spam fighting. The only reason that spam has not made digital communication useless, is that it is reasonably mitigated, that is, filtered. If spam becomes effective enough (by becoming better targeted, thanks to our collected data) to be worth more money to advertisers, this will be money spent on countering our spam filters; the filters thanks to which we can still use e-mail.
I would like to make another novel (I think) point on this risk, explaining why a decent person should not allow data to be gathered on him.
What is the risk that a law abiding person faces by having dossiers of private information collected on him? There is only one right answer, and I wonder why I don't hear it. The answer is that we just don't know. Cory Doctorow once compared this data to plutonium. Once it was collected, there is no way to get rid of it. With storage available at an ever decreasing price, there is no reason for any company or agency to ever delete anything. Data about you that is collected today is available forever, and only degrades to the level that its relevance degrades. The future holds new options for both the collection and the correlation of data; options that we just cannot foresee today, but which will apply to today's data also, and which will be enabled by the data collection habits we cultivate today.
The risk you face by private information gathering into the future is simply unknown. Call it a “2nd-order risk”.
It is widely acknowledged that we tend to overestimate technological progress of the next year, but underestimate progress in a decade. A decade ago, we could not foresee the data collected by Facebook, Twitter, Apple, etc., and even the collection of location data was limited to cellular operators and had just little context to enhance its usability. Back then, we were still concerned with the logs that credit card companies kept on our purchases, as if that was the biggest privacy leak ever.
In ten years, the data collected on you today, which will refuse to die, will be joined by more information, context and correlation tools, which we cannot imagine now. What will be your privacy risk by allowing data-collection habits for companies and governments today? We truly have no idea. We can only tell that it will be a larger risk than of today, because data never goes away, but we don't know how it will grow. If risk is “unsure damage”, then this unknown risk is “unsure unsure damage”. Let us call it “2nd-order risk”.
I have nothing to hide, but if you put me at an added risk, along with risk that cannot be properly managed for its being undefinable, then you shall be able to explain what I, or society, gain in return.
Right. Big data mining is a technology evolving at astonishing speed. The future sure holds some surprising capabilities there…