This month there’s a fair bit about advertising and the power which combining disparate buckets of information about you offers to the world’s advertising companies, large and small. The Irish state’s continued quest to issue three million biometric-capable identity cards it signed a contract for without explaining why it thinks these cards are needed is covered. Also covered, yet again, why giving complete strangers a licence to use your DNA, and that of your family isn’t a good idea.
1. Whatever You Do Don’t Call It An Identity Card
Enamoured. Entranced. Enraptured. These are some good words for the Irish state’s continued love affair with building databases in the hope they’ll provide a simple fix to hard problems. Or in this case the state will build a national identity register without really addressing what problem it thinks this database will solve. The latest database to slouch its way into the spotlight is the one that powers the Public Services Card. We wrote a long thing about it after there was significant coverage in the Irish Times (links below) and people talking about it on the wireless.
Notes for humans
A card per se isn’t a bad thing. We’ve had all manner of public body-issued cards for many years. None of those have prevented identity fraud. Nor has identity fraud been ended in countries which currently have mandatory national identity cards.
This type of card with the capacity to hold biometric information is entirely new in Ireland. It shouldn’t be implemented without a very public debate in which the departments make their case for the card and the identity register that lurks behind it. The services which require a card to gain access to can be switched on and off remotely whenever the departments please. The people who can access the information in the register will change over time. The future uses and misuses of this kind of database are impossible to even list. For example, just last month the Trump administration published a database which included searchable personal information of abuse survivors.
They have one of these national identity schemes in India in India called Aadhaar. It leaked a lot of people’s personal information at the start of May. The personal details of somewhere in the region of 17% of the population. In Ireland that would be roughly 809,000 people.
+ ‘Privacy campaigners concerned over ‘national ID card by stealth’’, Irish Times
+ ‘State faces €60m bill for public services cards by end of year’, Irish Times
+ ‘Passport applicants will have to have State’s public services card’, Irish Times
+ ‘Government urged to declare if it wants mandatory ID cards’, Irish Times
+ ‘Public services card a ‘gross breach’ of citizens’ trust’, Irish Times
2. Poor Facebook
Facebook had a very bad month. It was caught pitching its ability to target vulnerable teens in Australia. It was fined in Italy – the fine was levied on WhatsApp but they’re the same thing. It was fined in France. The Belgian Privacy Commission issued a recommendation indicating that Facebook still wasn’t behaving the way the Commission had told them to. IT was fined by the European Commission. These fines were for breaches of data protection laws, privacy laws, competition laws and fibbing.
Notes for humans
Facebook is not your friend. Facebook’s objective is to sell more advertising to advertisers. The more it knows about you the more radically it can parcel up your digital life and what it knows about your offline life and sell it to advertisers. All else is secondary to Facebook’s mission. Facebook knows an awful lot about you already.
3. The Orb
While much of the world was transfixed last month by the mysterious orb that Donald Trump and the Saudi king pressed in the most peculiar press photo of the Trump presidency another orb hove into view, this time up around Camden Street. Youssef Sarhan discovered there were some digital billboards around Dublin with cameras perched atop them and wrote about it.
The Data Protection Commissioner took the unusual step of issuing a statement on the matter. Unusual because the office of the Data Protection Commissioner may well have to adjudicate on a complaint to her office about this type of technology in the future. The statement itself deployed a logic that could possibly be described as overrefined, relying on a careful distinction between facial detection and facial recognition. If one becomes the other, as is eminently possible, the DPC will have another look at it.
Notes for humans
Everybody in the advertising world is chasing the goal of presenting the right ad to you at the right time in the hope that this will make you do what the advertiser wants. The more extraordinary claims the sellers of advertising technology make the more advertising slots they will be able to sell. New and improved, right? At least until the advertisers paying premium prices for these slots realise it is quite unlikely a small camera looking out the window of a burger joint will be able to accurately assess your mood as you pass by, and adjust the amount they are willing to pay for these ad units downwards. Nevertheless it provides a timely reminder that this intrusive surveillance is happening offline as well as online in the name of commerce as well as security.
4. Google Is Watching What You Buy Offline
Google held its annual conference for marketing types in San Francisco and announced that the focus on the unblinking lens it scrutinises humanity with had been upgraded. Now Google would like to show you ads through the multiple channels it has at its disposal and track whether those ads influenced you to purchase something by having a poke through your credit card purchase history. Google proudly boasts that, through partnerships, it is aware of over two-thirds of all credit and debit card purchases in the United States.
Notes for humans
As noted above, showing the right ads to the right people at the right time is very important to advertising platforms of all sizes, and they don’t come any bigger than Google. Connecting the amount spent on advertising to the amount of revenue generated in sales by that advertising has been of keen interest to anyone with an advertising budget ever since someone first attached a piece of papyrus promoting their goods and services to a wall in ancient Egypt.
Google feels that it is close to achieving this. Therefore Google will not stop in its quest to acquire ever more information about you so you can be more perfectly packaged and presented to advertisers as a bundle of potential dollars.
+ ‘Google Following Your Offline Credit Card Spending To Tell Advertisers If Their Ads Work’, Consumerist
+ ‘Google now tracks your credit card purchases and connects them to its online profile of you’, MIT Technology Review
+ ‘What does Google know about you?’, Privacy Kit
5. Ancestry.com, Again
A widely shared article by Joel Winton points out, yet again, that you should always read the terms and conditions. For sensitive matters like your finances and your health you should definitely read the terms and conditions of any service you’re planning on using. For issues such as granting a company ownership of your DNA you should read the terms and conditions really, really carefully and probably just say no.
Ancestry.com gets to use or distribute your DNA for any research or commercial purpose it decides and doesn’t have to pay you, or your heirs, a dime. Furthermore, Ancestry.com takes this royalty-free license in perpetuity (for all time) and can distribute the results of your DNA tests anywhere in the world and with any technology that exists, or will ever be invented. With this single contractual provision, customers are granting Ancestry.com the broadest possible rights to own and exploit their genetic information.
Notes for humans
Don’t do this unless you’re really, really sure you want Ancestry.com to own your DNA. We’ve written about this before in August, October, January and March. We’ll no doubt still be writing about it next year.
- Some eagle-eyed folks spotted there appears to have been an uptick in lobbying of the Data Protection Commissioner. Of course, the office of the Data Protection Commissioner doesn’t have to disclose lobbying by the firms it’s regulating these days.
- The Indo reported that Facebook were rather interested in the appointment of the current Data Protection Commissioner, even getting in touch with Enda to make sure everybody involved had internalised Facebook’s concerns, whatever that might mean. The office of the Data Protection Commissioner is supposed to operate entirely independently of government. Facebook were naturally altruistically concerned that this should be the case. Nice to see one of the largest companies in the world coming out in support of strong independent regulators.
- The US senate approved the use of encrypted messaging app Signal for staff. Meanwhile in the UK the government has started looking for backdoors again. Breaking encryption makes communications less secure for everyone.
- A German court ruled that IP addresses are personal information and require all the same privacy protections as any other personal information.
- Since we were talking a fair bit about Facebook up above it’s only fair to acknowledge that even Facebook has to bow before the power of unelected monarchs. Maybe. That the monarch in this case is wearing a crop top and fake tattoos should in no way detract from the significance of this development.
[Title image credit: Derick Anies on Unsplash]