Over the last three decades and as the internet blossomed into a normal part of everyday life, public concern over individual privacy has grown exponentially in significance. The topic started creeping into board room discussions which gave way to formal company policies and eventually became so ubiquitous that legislation now governs the use, storage, and transmission of all personally identifiable information (PII) companies collect. With modern privacy laws targeting corporations and other reckless actors, one might also reasonably expect to feel that our privacy is a little safer and more protected, but wisely, most of us really don’t.
As early as 1996 before most people even knew what a website was, congress passed the HIPAA act which included the HIPAA Privacy Rule. The rule was, among other things, designed to provide standards for maintaining patient confidentiality and remains a cornerstone of privacy rights today. Meanwhile, other bodies have passed sweeping legislation protecting all aspects of consumer data including its retention, transmission, accessibility, and transferability. This would include, for example, the EU’s GDPR regulation and similar laws in the US and elsewhere. Violators can pay heavy fines under the regulation reaching well into 8 figures.
It’s against this backdrop of privacy legislation and supposed corporate efforts to protect consumers we find ourselves both satiated yet terrified. Why? Because at the same time that were working furiously to guard our private data, we’re also freely giving most of it away to the biggest and least accountable organizations in the country. It’s a giant contradiction and in any case, protecting privacy in today’s world is something of a fool’s errand. It’s like trying to hold back the fog. Your PII is already out there in numerous ways and stunning detail, and there’s really very little you can do to shield it.
Consider Google, Microsoft, and Apple, the ‘big 3’ of risk factors to your privacy. Microsoft and Apple create the operating systems on most personal computers in today’s world, and Google and Apple create the operating systems on most tablets and phones. Simply put, they have theoretical access to everything you do online or off. These are private companies, folks, and as such are rarely subject to any type of public inspection or oversight like a government entity would be. All decisions including those that affect consumer privacy are made by unelected corporate officers behind closed doors and with the ultimate goal of making a profit. Whether or not they take unsavory liberties with your private data, it’s important to note that they can if they want. And we’re all just basically required to agree to trust them completely or not use a computer. Let that sink in for a moment.
Their access includes all your connected physical devices and the information stored within – which translates to everything you do on your computer or phone. That means nearly every email you’ve ever written or ever will write, every file you download, every video you watch, and everything you create or invent. All three companies make their own browsers and have access to every website you’ve ever visited, all your online communications, and everything else you’ve ever seen or done online. I’m not saying they take advantage of this access, of course. I’m merely pointing out that they could if they wanted to. Worse, they’d enjoy little chance of being discovered.
And you’re not just depending on these 3 company to behave nicely. Each company has thousands of employees, many with access to your PII, and any of whom may be the loose cannon that abuses that access. Then there are dozens of other companies in addition to the big 3 that have varying amounts of your PII stored on their servers around the world – often on servers that fall short of data privacy law compliance, even if merely a result of their misinterpretation of governing regulations. In other words, the laws that govern privacy are so complex these days, many companies don’t even realize what they need to do to be in compliance – especially the smaller ones. The same is often true of their security posture.
If the risks of having your entire digital life subject to scrutiny by unaccountable people at private companies isn’t scary enough, there’s more. Let’s turn our attention to the your cell phone carrier. We all love our cell phones, right? I freely admit I love mine. I take it everywhere as it has become unthinkable to leave it behind. But at what cost to privacy? The device has a microphone, a high resolution video camera, and a GPS chip. I’ve not only bugged myself with a more-than-adequate audio/video device, but I’m also carrying around a tracking beacon that gives yet another private company my real-time location 24 hours a day. Many cell phone carriers store this data meaning that if someone wanted to put together a comprehensive record of everywhere I’ve been last year, it’s probably possible without breaking a sweat. Again, we’re required to simply trust the phone carrier with this information, or refrain from using a normal phone.
So, with countless details of our lives freely handed over to an array of private companies and their employees, we can now turn our attention to the topic of government data collection and storage. As we all know, the government tracks each citizen literally from birth to death with various licenses and certificates. The DMV, for instance, tracks a considerable amount of our PII including our past and present addresses, our physical characteristics like height and eye color, and even some medical information. And of course, there are many other government entities at all levels that track PII. Even the plans to my home are tracked by the local government along with a detailed terrain map of the property. It goes without saying that the government also knows how much we all earn, how we earn it, and can even audit our financials if they decide they want to.
Privacy vulnerabilities don’t even end there. While we mostly enjoy using social media, it’s also important to remember that with every post, we’ve grown accustomed to sharing private details of our lives and thoughts with more private company like Facebook, TikTok, and Twitter (sorry, the letter formerly known as Twitter) for the world at large to consume. And while we’re posting pictures of ourselves visiting Aunt Tess, we’re also being photographed any number of times since Cameras are so ubiquitous. In fact, it’s virtually impossible to avoid being photographed multiple times during any excursion from one’s home even if it’s just by the cameras installed above stoplights.
Enter artificial intelligence. As if the many threats to personal data privacy detailed above aren’t enough to convince you that privacy is probably dead, AI has come along just in time. AI isn’t just for writing high school book reports anymore. It can be used to steal a person’s essence. Yeah, I know how that sounds, but it’s kind of true. With just a few seconds of analysis, new AI engines are capable of recreating a person’s voice complete with personalized intonations. A random stranger is now able to synthesize audio of me speaking, sometimes realistically enough to fool someone who knows me.
So yeah, we’re all screwed and we mostly do it to ourselves. If all the information we’ve shared about ourselves is ever compiled into a single source, those with access would probably know just about everything there is to know about a person. And with some handy AI, they could probably even create a better (electronic) version of me than I ever could be!