3 privacy violations you shouldn't worry about

Real privacy invasions abound, but people are freaking out about three so-called privacy violations that simply aren't

In the past few years, the public has been confronted with hitherto unimaginable levels of personal privacy invasions.

We've learned that the NSA has been aggressively scooping up phone metadata and even building a giant data center in Utah called "Bumblehive" for the purpose of recording every phone call and much more. The facility is so massive that it will be able to store a yottabyte of surveillance data -- an amount of data so large you may not have heard of the number before. (A yottabyte is 1 trillion terabytes.)

And we learned this month that a flaw called Heartbleed in the security layer of two-thirds of all encrypted websites potentially puts all of our information at risk of being exposed -- and that includes our passwords and even our encryption certificates.

And we just learned this week that the FBI's face-recognition database is on an incredible growth spurt. The database contained 13.6 million images last summer and is on track to contain 52 million by next year. The database links faces to names, addresses, phone numbers and other personal data. Law enforcement agencies will be able to take pictures from store security systems or ATMs -- or any photo -- and run it through the database and know exactly who you are. The FBI's own documents show that millions of these images have nothing to do with crimes or criminals.

So the people who are worried about threats to their privacy are justified in their anxiety.

The trouble is, far too many people are freaked out about the wrong things.

I'm going to give you examples of three technologies that are regarded as threats to our privacy -- technologies that a great many people seem to be vexed about, but only because of muddled or misinformed thinking -- and then I'm going to spell out why they're nothing to worry about.

Here they are:

1. Apple iBeacon

Apple's iBeacon, also known as "indoor GPS," is designed to provide very accurate information about a user's location, indoors or outdoors, for a variety of purposes. Apple, for example, uses iBeacon with its Apple Store app. If you're standing in the iPad section, it can pop up information and promotions for iPads.

Museums are using iBeacon for guided tours via smartphone. Stadiums are using iBeacon to tell people stuck in long beer lines where they can find a shorter line. And, of course, department stores are using it to promote products and provide customer information and customer service.

Beacon technology in general, and Apple's iBeacon in particular, doesn't get the attention and mindshare that it deserves. It's a transformative idea that will change everything. But to the extent that people do pay attention, they tend to oppose it as yet another encroachment upon our personal privacy.

The unexamined myth about iBeacon is that it senses the presence of your smartphone, from which it learns your identity, then records or transmits this information to who knows where.

But that's not how iBeacon, or any beacon technology, works. The systems work with low-cost, low-power beacons that are placed at specific locations and use Bluetooth LE to broadcast identifiers over short distances.

Here's why it's not the privacy invasion people think it is: Beacons can't receive data; they can only send data.

If the user has voluntarily downloaded and installed an iBeacon-supporting app (on either iOS or Android, by the way), and has granted permission for the app to interact with beacons, then the phone will receive the beacon data and the app can do things with that information.

As an oversimplified example, a beacon at Macy's department store might sit there and transmit data that essentially says: "Hi, this is Macy's beacon No. 13." If the Macy's app receives that information, it will learn both the beacon's location and the distance between the phone and the beacon. The creators of that app know where Macy's beacon No. 13 is in the store. And the app could, of course, relay this location information to a remote server.

It's an important distinction to understand that the smartphone is perceiving the beacon, not the other way around. It's the smartphone connecting with the outside world, not the beacon tracking the user's phone. It's the user who controls this activity, not the beacon or the store that installed the beacon.

A real privacy violation is a situation where you're not in control. But with iBeacon systems, you are in control of your own participation with the application.

Besides, the knowledge that you're in the shoe department at Macy's isn't significantly more of a privacy violation than the knowledge that you're at Macy's generally -- information that is already being collected by, at a minimum, your wireless carrier.

2. Gmail scanning

Google this week updated its terms of service to clarify the longstanding practice of scanning Gmail messages in order to provide customized advertising. The new document is Google's attempt to satisfy critics -- and Judge Lucy H. Koh, who told Google that its terms of service and privacy policies weren't explicit enough.

The idea that specific messages in Gmail may be accompanied by ads that reflect the content of those messages can freak people out.

Say you're planning a camping trip with a friend via email, and right next to your message is an ad for tents and sleeping bags. You might say, "Google is reading my email!"

Microsoft capitalized on this hysteria in its "Scroogled" marketing campaign. "Don't Get Scroogled by Gmail," Microsoft declared, boasting that its Outlook email doesn't scan messages for the purpose of delivering custom ads. (The company may have canceled the "Scroogled" campaign this week.)

1 2 Page
From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies