The Metropolitan Police have invested in a new toy called GeoTime, which they can use to track and closely monitor people of interest, using data aggregated from social networks, blogs, messaging systems, and geolocation data posted on the Internet. This data is used to map relationships, analyse behaviours and track movements in real-time.
I’ve known about this type of relationship mapping/temporal analytics system for about six months now, having read about Recorded Futures, Rapleaf, Visible Technologies, etc. All are variations on the same thing.
The CIA had invested in Recorded Future, which enables the intelligence agencies to look at any event in the world and determine which entities were involved, the relationships between them, which entities had the most influence, and the most likely outcome of the event.
Rapleaf is used to profile targets based on all their information, behaviour and connections on social networks, and alledgedly it’s been used by credit checking agencies.
“We shouldn’t be tracked and traced and have pictures built by our own government and police for the benefit of commercial gain”, says Alex Hanff of Privacy International, who doesn’t seem to have grasped that social networks generated revenue by doing exactly that for the last five years or so. The only difference is the police are being open about it.
Whether we agree with it or not, what the police are doing here is technically quite legitimate, since we voluntarily provide our personal information and allowed it to become a commodity. Most of us are quite ignorant of where that information goes anyway. I’m more concerned about its potential use against protesters, which is something the Met hasn’t ruled out, and unfortunately for protesters, this could be one of those exceptions in which intelligence can be used as evidence, since the data remains on whatever server it’s been extracted from.
In the bigger scheme of things, the police and intelligence agencies pose little danger compared to the minority of hackers who see the databases of Web 2.0 services as prize targets. An even smaller minority of those hackers are employed by organised criminals. Various forms of identity theft, and the credit card fraud that led up to Operation Ore, are examples of how organised criminals can destroy peoples’ lives after stealing information. I fear the recent attacks on the PlayStation Network is only the beginning of something much worse.
The main thing that makes GeoTime or Recorded Future so effective is that people make public almost every trivial detail about their lives, without thinking of the implications and how it could eventually be used.
Sure, there are ‘privacy’ settings which many people still mistakenly believe provide any real privacy. It’s been discovered last week that third-party software can over-ride those settings, as several FaceBook applications have already been doing. Incidentally, another reason I’m not using FaceBook, apart from finding it rather creepy anyway, is because it removed the option to prevent people tagging each other in photos, which suggests there’s some facial recognition database being put together.
It’s also about making informed choices regarding the software and hardware we use. After numerous scandals involving tracking and spyware, it should be clear to everyone that some products are designed to broadcast personal information about their users whether they like it or not, and the less ethical software developers take advantage of that. A recent example was a common music player that functioned as spyware on mobile phones. There are countless applications out there doing pretty much the same thing, taking advantage of the fact some manufacturers, such as Apple, offer users very little control over their products. We can either boycott those products or accept them as a liability.
Securing our information here involves carefully choosing which mobile devices we carry, which software we use to access the Internet, and how carefully we configure these. As a general rule, if something’s capable of exchanging information over the Internet, the user should meticulously go through all the settings, change them accordingly and disable any services that aren’t needed.
Last, but not least, are the Application Programming Interfaces available for many of the main Web 2.0 services. These APIs allow other developers to create software that interacts and exhanges data with the service, or rather the underlying database, and it’s how things like messengers, browser extensions and Twitter clients work. APIs can essentially be used for anything, good or bad.
In the case of Recorded Future and GeoTime, the developers have created systems that can read all this data, then aggregate and abstract it into various forms. We can’t really complain about this, because the APIs are there for anyone who’s bothered to look, and they can legitimately be used by any developer for almost any purpose.
So, even though I’m against the idea of government agencies invading privacy, this particular situation is actually a straightforward matter of our choices as individuals, whether we’re careful or careless with our information, whether we opt for publicity or privacy.