Borders UK and privacy

Tue Aug 28 09:17:57 PDT 2001

> > BORDERS U.K. USES FACE-RECOGNITION TECHNOLOGY TO MONITOR CUSTOMERS
> > Borders Books in the U.K. is employing SmartFace technology to compare

Slashdot is reporting that they've backed off in response
to negative public pressure.
So for the moment you don't need to wear a mask to shop there,
though they're probably still using cameras,
and in many parts of the UK the local government is
also videotaping the street.

David Brin's book "The Transparent Society" suggests that you
might as well get used to it.  Technological change driven by
the Moore's Law effects in computing power are making
video cameras and computer image processing get cheaper rapidly,
so the marginal benefit of using them doesn't have to be very high
to outweigh the marginal cost.  The real issues are still getting data,
but the costs of sharing data are low and getting lower,
and the government intervention that forces everyone to use
picture ID to do almost anything makes it easier.
Brin's conclusion is that since we won't be able to stop it,
we should work to make sure government activities are
open and watchable by the public.

Similarly, the cost of correlating non-image data has decreased rapidly -
many of the information collection practices used today date from
the 1960s and 1970s, when a "mainframe" might have a megabyte of RAM,
less than 10 MIPS of CPU, 100MB of fast disk drive, and everything else
was tapes and punchcards, and it required a large staff of people to feed it.
These days you can get pocket computers with ten times that capacity,
and a $5000 desktop Personal Computer can have a gigabyte of RAM and
a terabyte of disk drive with the Internet to feed it data;
that's enough for the name and address of everybody on Earth,
or a few KB on every American, and online queries are much faster than
the traditional methods requiring offline data sets.
That means that not only can governments and a few big companies decide
to correlate pre-planned sets of data about people, but almost anybody
can do ad-hoc queries on any data it's convenient for them to get,
whether they're individuals or employees of small or large businesses.

So if there's any data about you out there, don't expect it to stay private -
even data that previously wasn't a risk because correlating it was hard.
European-style data privacy laws aren't much help - they're structured for a
world in which computers and databases were big things run by big companies,
rather than everyday tools used by everyone in their personal lives,
and rules requiring making them accessible to the public can be turned around
into rules allowing the government to audit your mobile phone and
your pocket organizer in case there might be databases on them.

American-style data privacy laws are seriously flawed also -
not the fluffy attempts at positive protection for privacy that
liberal Nader types and occasional paranoid conservatives propose,
but the real laws which require increasing collection of data
in ways that are easy to correlate, such as the use of a single Taxpayer ID
for employers, bank accounts, drivers' licenses, and medical records,
"Know Your Customer" laws, national databases of people permitted to work,
documentation proving you're not an illegal alien, etc.
There's lots more data that would be readily available, but the
bureaucrats that collect it restrict access or charge fees that
reflect the pre-computer costs of providing the information.
If you need a reminder, go buy a house and look at the junk mail you get,
or have your neighbor's deadbeat kid register his car with your
apartment number instead of his and see what shows up.