The NSA's former general counsel told the world's largest gathering of privacy professionals last year that the privacy laws they're championing are "stupid" and futile. Facebook's Mark Zuckerberg recently described privacy as a social norm we've evolved away from, and Google's Eric Schmidt famously proposed that the only people who need privacy are those with something to hide.
Are they right? Is privacy passé?
2013 privacy recap
Several developments in the past year definitely point in that direction. We all can't keep up anymore with all of the new digital innovations hitting the streets, such as Google Glass, wearable health-monitoring sensors and Ancestry.com's new DNA-linked family trees. Less and less of our personal information each day seems to be "off the grid."
At the same time, 2013 was the year we lost track of the limits of big-data analytics. Many of us saw the story about the researchers who could use your Facebook likes alone to predict with 88% to 95% accuracy whether you're black, gay or a Democrat. We saw the story about the newspaper that published a map of 33,000 gun-permit holders in two New York counties. We'd earlier read about the retailer that predicted a teenager was pregnant before her father knew it, merely by changes in her purchases of a group of 25 products. In 2013 we became fascinated with the different apps and TED talks that used data in ways we never thought possible.
But more than anything, this year we learned about the vast capabilities of the National Security Agency, which seemed to leave nothing digital out its hearing range.
When Sun Microsystems co-founder Scott McNealy boldly proclaimed in 1999, "You have zero privacy anyway. Get over it," was he a prophet preparing us for the inevitable?
Imagining a world without privacy
When the common wisdom is moving in one direction, there's often a lot of money to be made going against it. That's what I think is happening with privacy. The rumors of privacy's demise are premature. Privacy isn't even halfway dead, and if and when we see privacy's death on the horizon, we'll know then how much we're willing to pay to reverse course.
If you think I'm too naive or optimistic, take a minute to imagine what the world would look like with zero privacy. I suggest there'd be three telltale features of life in that day:
1) ubiquitous, inescapable collection of personal data;
2) near-perfect predictive capability of that data; and
3) mandatory availability of that data.
In other words, in a world without privacy, anyone would know anything there is to know about you on demand. Moreover, that information would tell anyone what you're going to do next and how you'd react to different scenarios and stimuli.
In a zero-privacy world, not all data would be created equal. I think six data vectors would stand out as the most valuable:
1) Our health capacity, including predicted longevity and strengths and weaknesses in our DNA. Prospective mates, employers, healthcare providers and insurers would flock to this data set if it materialized.
2) Our productivity capacity, including our natural aptitudes and predicted earnings potential. Match.com users and employers would top the list of customers for this data.
3) Our consumption instinct, such as what do we like to buy, how much, when and why, and our credit worthiness. Marketers are already paying for this data, but in an increasingly borderless world, tax authorities will find it easier to tax consumption than income and will also seek this data.
4) Our behavior instinct, including our public and private statements, beliefs, politics and capacity to act outside social norms. National-security and law enforcement agencies will seek this data, as will politicians.
5) Our social graph, including past and present family, friends, neighbors, classmates and colleagues. Marketers, criminals, national security and law enforcement will put this data on the top-six list.
6) Our location and predicted movement, potentially sought by marketers, the military and police.
These data sets would be the currency of life in a "total information-awareness" world, where people would be systematically and in real time classified into how valuable they were and how risky they were. With this information readily available, deviations from social norms would face immediate social and monetary penalties. Great deviations could face immediate reductions in liberty.
You could imagine without too much difficulty the following scenario unfolding in a total information-awareness world:
At 6:10 a.m., your "full night's sleep" app generates an alarm that also indicates you have no health reason to sleep further. You rise promptly, because you know doing so will prevent your lifetime productivity index from falling by about $1,000 per minute. From the kitchen, you spot the drone from your wellness coach landing on the table outside. It's carrying a breakfast of fresh local ingredients tailor-made to your DNA and body-mass goals. Minutes later, you don your Windows Glasses and dart outside for a half-hour jog. This exercise will boost your predicted lifetime longevity by four hours and reduce projected lifetime healthcare costs by $2,000, rates that will slightly diminish tomorrow. On the running path, you pass a throng of people also wearing Google Glasses and iGlasses. As you pass each one, a "friend" or "foe" icon pops up in your vision. A filter also pops up alerts for prospective spouses, business partners and criminals from your prefigured criteria. A left-eyelid blink would drill into their health and productivity profile, belief matrix and social graph, while a right blink would pull up suggested conversation starters. You pass a man wearing no glasses whose facial image is generating conflicting data in your screen. He's a "birther," a term that has evolved to describe the group of people trying to live off the grid who generally harbor conspiratorial views and religious beliefs contrary to the governing order. You pass a woman who isn't attractive to you, but your glasses say she's available and has the highest predicted children's IQ for your DNA that you've ever seen. You know that all of these fellow joggers, as well as your employer and all government agencies, can see all of this information about you too. You avoid darting off the path up an undeveloped hill, because that would boost your nonconformity rating tracked by law enforcement. As you turn onto a street -- populated by vehicles autodriven to preprogrammed destinations -- a startup wellness cafe delivers an ad to your glasses. The promotion offers to pay you $100 in Bitcoins to try the cafe's nutrient booster, which it projects it would recoup in just two months if you change your break routine and become a regular. The cafe should update its algorithm, you think, because your price for veering off course and alerting attention of the grid is probably closer to $10,000.
If this sounds like a far-fetched sci-fi novel, it should. The technical and legal apparatus needed to make it happen are present today only in an embryonic state. Many more technical advances would be required to produce that scenario, as well as a significant erosion in the laws that the NSA's former top lawyer calls stupid.
This is not to say the lovers of privacy and liberty are wrong in their concerns. I just think they're ahead of their time when they suggest that things have crossed a tipping point and are out of control.
But how far down the path to privacy oblivion are we? To help answer that question, I'd like to propose a privacy death index. It maps the three features of a zero-privacy world with the six high-impact data vectors outlined above. Then it assigns a simple numeric value to each of the 18 intersections -- or "privacy-threat vectors" -- based on what's happening in the current state.
In the table below, I've proposed values for the U.S. on Sept. 10, 2001, compared with the U.S. in 2014. But this model could be applied to any country.
If this table is anywhere in the ballpark, what does it tell us? Both sides of the privacy-is-dead debate will find that it buttresses their own argument. Converting these scores to a 100-point scale, the U.S. Privacy Death Index stood at a mere 13 prior to the 9/11 attacks and subsequent passage of the Patriot Act. In 2014, that index is perched at 37, a near tripling. Privacy hawks are right to sense that we've moved a long ways in the past decade.
But 37 isn't even halfway toward 100, and not one of the 18 privacy-threat vectors has hit the high-impact level 3. Nearly all of the easy advances appear to have been made, driven by the adoption of mobile devices, social media and big data.
Looking ahead, improvements in big-data analytics should take us closer to the midpoint of 50 on the privacy death index. But the path from 50 to 100 -- the death of privacy -- is littered with legal and constitutional obstacles. Traveling this path would require a governmental encroachment into the personal space not seen even in revolutionary colonial times.
I agree that some privacy laws are stupid and poorly written. But the vast majority of them compose the architecture of trust that is essential for American technical innovations to thrive.