There's plenty of rightful indignation over the revelation that AT&T and Sprint have installed monitoring apps (purportedly to detect network and performance issues) on the millions of cellphones and smartphones they sell, using software from a company called Carrier IQ. But technologies such as Carrier IQ, GM's continued tracking of OnStar customers who had cancelled service, and the tracking software used by some malls over the Thanksgiving holidays are relatively benign compared to what people are not talking about: software and devices that not only monitor individuals but feed that data to insurers and others who could use it to determine rates, deny coverage, and otherwise control people's behavior.
This year has seen much teeth-gnashing over anonymized tracking tools such as Carrier IQ, the capture of smartphone location information, and the mall-tracking devices. Despite the uproar, these technologies don't invade individual privacy because they don't know who the person is. The data is anonymized or correlated to a device, not a person.
It's true that such tools can be combined with other information to figure out who the user might be -- Carnegie Mellon University researchers have proved that 87 percent of U.S. citizens can be identified just by knowing their ZIP code, gender, and birthdate. In the case of the mall tracking or Carrier IQ monitoring, correlating cellphone hardware IDs and the like to actual people usually requires access to information that the phone companies and others have historically protected. Thus, the risk here has historically been small. Likewise, credit card firms that routinely mine your transaction data and direct mail services that correlate and sell insights on your interests historically have limited the use of their snooping to pitching products and services.
However, there are reports that Carrier IQ's software may in fact log and transmit keystrokes that would clearly invade privacy, which if true could make it illegal wiretapping software, a former Justice Dept. official told Information Week. Then there are the many companies (often online providers of "free" services epitomized by Facebook, Klout, and Gmail) whose privacy commitments are unclear or, in Facebook's case, proven untrustworthy.
That's why a greater risk comes from the likes of Facebook, which uses its service to learn about its users, their friends, their family members, and their colleagues, then sells that information to advertisers. Facebook has apologized multiple times for such activities, but hasn't put a stop to them. It claims it protects user identities, so vendors don't know specifically who their ads are targeting, just that they are the appropriate audience. Most media companies do this as well, but Facebook's deep access to personal information and its pattern of exploiting that data rightfully causes concern. I'm amazed that people let themselves be farmed by Facebook; they should at least get paid to be used this way. Just this week, it agreed to pay huge fines for its latest privacy invasions and to be monitored for 20 years by the feds for future misbehavior -- which you just know will occur.
But the worst risk is what people aren't talking about: Big Brother-type technology used to monitor specific individuals and shape their behavior through penalties and rewards. If the government were doing this, we'd have people in the streets, but in the hands of private companies, these seductive methods convince people to naively agree to being controlled.
Take, for example, Progressive Insurance's program of offering tracking devices to monitor how you drive. If you drive safely, as determined by Progressive, you get an discount. If you're determined to be unsafe, you pay the "normal" rate.
Given insurance companies' business model -- pay out as little as possible, take in as much as possible -- the long-term result is obvious: "Unsafe" drivers will pay more, or they won't be eligible for insurance. The insurance industry is notorious for redlining neighborhoods and denying coverage to people's existing health issues, determined by a mix of publicly available data (for redlining) and personal information (for coverage exclusion). Many of these practices have been banned or curtailed, but they persist in the guise of "discounts" that make individuals feel OK about being controlled.