Forgot your password?
typodupeerror
Privacy EU

Internet of Things Demands New Social Contract To Protect Privacy 95

Posted by samzenpus
from the don't-harvest-my-data-bro dept.
chicksdaddy writes "Changes brought about by the Internet of Things demands the creation of a whole new social contract to enshrine the right to privacy and prevent the creation of technology-fueled Orwellian surveillance states in which individual privacy protections take a back seat to security and 'control.' That, according to an opinion piece penned by the head of the European Commission's Knowledge Sharing Unit. Gérald Santucci argues that technology advances, including the advent of wearable technology and the combination of inexpensive, remote sensors and Big Data analytics threaten to undermine long-held notions like personal privacy and the rights of individuals."
This discussion has been archived. No new comments can be posted.

Internet of Things Demands New Social Contract To Protect Privacy

Comments Filter:
  • by Anonymous Coward on Friday September 20, 2013 @12:39AM (#44899509)

    I reserve the right to disable the network connection and recording capabilities of any device in a public space with sensors capable of detecting or inferring my presence.

    • by Zontar The Mindless (9002) <plasticfish.info@nOSpAm.gmail.com> on Friday September 20, 2013 @12:41AM (#44899515)

      To which the only sane response is, "Good luck with that, Ace".

    • by Electricity Likes Me (1098643) on Friday September 20, 2013 @12:42AM (#44899521)

      So your plan is to go around to a lot of private businesses disabling their security cameras?

      Probably should help yourself to the till while you're at it - you know, compensation for the effort.

      • You know eventually it may boil down to that, I'd guess we'd head to three stereotypes...

        1) Acceptance; Either controlled and managed through educated mastery as much as possible or through uneducated disinterest people engage in and allow themselves to be monitored.
        2) Mediation; Attempting, regardless of success or even feasibility to allow only either partial or non-invasive monitoring.
        3) Rejection; Either active denial (through radio, electronic or electrical jamming, obfuscation or encryption) or signif

        • You're right-- these are extremes, and ways to polarize the question instead of attempting more cogent solutions to the problem(s) stated.

          In the strictest sense, you should own all of the information about you that isn't needed to function in a civilized society. We ought to start from there. This, of course, bucks and batters against the very foundations of Google's business model to undermine Microsoft's model. We're not all altruistic, and know that there are sacrifices for using free cloud-based apps (a

        • by X0563511 (793323)

          You forgot:
          4) Aggressive denial; physically damaging, vandalizing, or disabling recording devices/systems.

          Which brings me to think about those red-light cameras. How many replacements/cleanings would they go through before they just give up? Assuming the vandal was intelligent enough to not get caught.

    • by Anonymous Coward

      The parent's suggestion is quite similar in concept to the very popular electronic gadget TV-B-Gone [wikipedia.org] which turns off TVs.

    • "... with sensors capable of detecting or inferring my presence."

      And in this age of miniaturisation, how do you plan on detecting such sensors ace? By using sensors of your own? Which most probably have similar capabilities?

      Chicken and egg.

  • by Chrontius (654879) on Friday September 20, 2013 @12:43AM (#44899523)
    It's getting pretty hard to be an anonymous member of an unpopular minority these days.

    Hell, it took me thirty seconds to figure out how to prove someone plays D&D using Find My Friends and one flaky and/or gullible friend to expose location data. And zero budget. When all your crap is posting to Facebook on your behalf
    • by AmiMoJo (196126) * <mojo @ w orld3.net> on Friday September 20, 2013 @03:31AM (#44900061) Homepage

      I think there is a real danger that within a generation or two the concept of privacy will just go away. We will just come to accept that everything is recorded and monitored for our own safety. It's the age old conflict between people wanting privacy but also wanting there to be CCTV footage when someone dings their car.

      • by inking (2869053)

        See, I've never had an issue with CCTV. Essentially it's little more than just replacing some guard standing on a wall and watching his surroundings with a different guard who has a few additional pairs of eyes sitting in a room a bit further away. He's always vigilant outside and doesn't enter my room, like a policeman that doesn't enter my room unless I specifically call for help. We had an attempted kidnapping with the intent to rape at my university a year or so ago and eventually the guy got arrested b

        • by X0563511 (793323)

          Basically you are stating (correctly, IMO) that there's a big difference between mere observation, and active searching.

          • Amen to that one. There's a big difference in protecting assets vs this (virtual) panopticon.

            My day job mostly involves installing and maintaining security and surveillance equipment. Usually for government agencies. But what my job entails isn't much different than protecting your home or business with ADT, etc. Just on a large scale and a bigger budget...(and outdated regulations).

            Ie. It's a government facility. There is CCTV in use. There are security systems in use. Entering the installations is

  • by stenvar (2789879) on Friday September 20, 2013 @12:54AM (#44899553)

    Gérald Santucci – “We need new thinking and new concepts”“ ... What is at stake is the capability of the EU to integrate modern, adequate legal data protection into its socio-technical fabric, i.e. its hardware, software and the many associated protocols and standards that enable and constrain its affordances.”

    Maybe "we" need more than platitudes. Maybe "we" need an original thought instead of bloated, vomit-inducing bureaucrat speak.

    But "we" definitely need to find a new hair stylist, Mr. Santucci.

    • by macraig (621737)

      I was willing to listen to your particular bloviation right up until the end when you criticized his hair style. Which political office is your ambition?

    • by jandersen (462034)

      Maybe "we" need more than platitudes

      OK, here's a radical thought for you: perhaps we don't need 'an internet of things'? Personally, I can't for the life of me see why I need my fridge, telly or toothbrush to be directly visible on the open internet. Even if I felt I needed to be able to see what's in my fridge from the other side of the world, I am sure I could do that easily with existing technology.

      • OK, here's a radical thought for you: perhaps we don't need 'an internet of things'?

        As it turns out, we also don't need to post our entire lives on Facebook or Twitter or whatever other "social network" is trendy right now. Nor is it necessary to supply them with metadata on every uploaded photo. I don't use these kinds of networks, and amazingly I haven't died yet, and neither has my social life. It'd be nice if they weren't so easily able to capture data about me anyway by encouraging people who know me to supply it against my will, though; there's something very shady about that kind of

        • by stenvar (2789879)

          As it turns out, there are many things we don't need to do, but that are nice to do nonetheless. Sharing one's life with one's friends via Facebook falls into that category.

          • As it turns out, there are many things we don't need to do, but that are nice to do nonetheless.

            Indeed. My point is not that the above isn't true, merely that there are also stronger needs that are impractical to do without and still live anything resembling a normal life in modern society. Safeguards aren't a luxury at that point, they are a necessity, which conveniently can also protect the things you don't need to do but that are nice to do nonetheless in exactly the same ways.

            • by stenvar (2789879)

              But safeguards against what? Vacation pictures suddenly becoming public? I mean, if you have something to hide, don't put it on Facebook at all. Privacy settings and limited sharing on Facebook aren't for security or actual privacy, they are for politeness. I don't care whether anybody finds out that I'm a libertarian, but I know libertarian postings annoy my Obama-supporting friends, so I don't push those updates on them (and I expect them to spare me the drivel they post supporting Obama and the Democrats

              • But safeguards against what? [...] I mean, if you have something to hide, don't put it on Facebook at all.

                Well, we could start with safeguards against Facebook collecting personal data about you from your friends without your consent. For example, I don't understand how anyone could think it's OK for Facebook to grab and store entire address books, giving them e-mail addresses to match to names. It's obviously rude for friends to give up that information if it was shared in confidence, but that doesn't excuse actively soliciting it on a massive scale.

                Indeed, the scale on which organisations like Facebook and Go

                • by stenvar (2789879)

                  Well, we could start with safeguards against Facebook collecting personal data about you from your friends without your consent

                  Thank you for making such a strong argument that there should not be any further "safeguards" put in place; regulating this would be an unacceptable intrusion on private conduct.

                  Merely relying on rules and conventions that might have protected us adequately 20 years ago is no longer sufficient in the face of modern mass surveillance, data mining, and automated decision making techno

                  • regulating this would be an unacceptable intrusion on private conduct.

                    Well, if you really believe that someone should be free to tell anything about anyone to anyone else, regardless of how sensitive the information might be or whether it was provided in confidence, then I guess you and I just have very different views on socially acceptable behaviour.

                    You postulate nebulous threats and demonize a couple of companies that have never done you any harm.

                    The position I'm advocating here is not specific to Facebook or Google. They are just examples, and I also gave numerous other examples in my very first post to this thread. In fact, my main point here is that while you don't ha

                    • by stenvar (2789879)

                      Well, if you really believe that someone should be free to tell anything about anyone to anyone else, regardless of how sensitive the information might be or whether it was provided in confidence, then I guess you and I just have very different views on socially acceptable behaviour.

                      We have the same views on socially acceptable behavior. But it isn't the government's business to regulate socially acceptable behavior. When we used to give it those sorts of powers, it used to penalize lots of behavior among c

                    • But it isn't the government's business to regulate socially acceptable behavior. When we used to give it those sorts of powers, it used to penalize lots of behavior among consenting adults.

                      The behaviour I described before is unacceptable precisely because it is not done with the subject's consent.

                      Facebook and Google are only revealing this information because governments force them to do so.

                      That may be true for those particular organisations and today, though it's already clear that plenty of commercial organisations have in fact provided sensitive data to governments without any legal obligation to do so. There are unfortunate systematic influences that clearly promote such behaviour in the absence of laws actively preventing it. ("Well, you don't have to give us this data without a wa

                    • by stenvar (2789879)

                      The behaviour I described before is unacceptable precisely because it is not done with the subject's consent.

                      We agree that it is "(socially) unacceptable". But there is a big difference between "unacceptable" and "illegal".

                      That may be true for those particular organisations and today, though it's already clear that plenty of commercial organisations have in fact provided sensitive data to governments without any legal obligation to do so.

                      Even if that were true, it is still governments that are abusing that

        • by jandersen (462034)

          IMNSHO, we need much stronger laws to prevent repurposing of these kinds of data or retaining it any longer than strictly necessary

          Perhaps - I just can't see that it will make much difference. The problem is that law enforcement is hugely inefficient - just look at patent as an example: if there were enough competent patent clarks, we would probably not have even 10% of the patents registered that we have today. But there are't enough resources available, so what is basically a good mechanism meant to protect the interests of the clever inventor, has become simply a tool that big corporations use to bully those with less resources. In

          • It's the same with privacy - of course I don't enjoy the thought that some odious lowlife may be poring over my innermost secrets, but it's just part of life, whether we like it or not.

            Why? If that behaviour is against our moral values, what is to stop us from prohibiting it by law and punishing those who act in socially unacceptable ways?

      • by Anonymous Coward

        Posting Anonymous because I have moderated:

        One benficial use that I am aware of is using fridges as load balancing on the electrivity grid. Your fridge could cool morethan it needs over night, potentially on cheaper electricity and then cool less than it needs at times of high load on the grid.

  • by khallow (566160) on Friday September 20, 2013 @12:54AM (#44899555)
    I think of all the current political terms out there, "social contract" has to be one of the most worthless. It's a "contract" that you "agree" with by not trying to destroy society hard enough. It doesn't actually exist in any concrete form. And the terms of the supposed contract mean whatever the speaker feels they mean at the moment.
    • by Mashiki (184564)

      Okay there. You realize that a "social contract" in it's correct terms applies as: Society as a whole gives up specific rights/liberties, in exchange the state provides protection, and other protected rights/liberties. This whole new round of marketspeakish "social contract" stuff is nothing but bunk. What does need to happen is, the classical social contract needs to catch up with the digital era.

      • Am I the only person thinking that we used to call these social contracts "laws"?

        • Or a "constitution". "Contract" suggests two pre-existing entities -- the people, and the powerful who lord over them.

          It is born in a world that is already a political philosophy faure. You should start with the people, who create a constitution, which creates a governmemt, with limited, well-defined powers and, explicitely, none others. If they need more, the people can go through a deliberative and deliberately laborious process to grant additional powers. Laborious because most people should agree to

          • by pmontra (738736)

            "Contract" suggests two pre-existing entities -- the people, and the powerful who lord over them.

            The existence of a "lord" is accidental. There might be contract between peers with no one more powerful than the others. However I'm afraid that this works better in small communities. Remember that democracy was born in small Greek city states as "direct democracy". Basically everybody switched to representative democracy when the number of people became too large, and a "lord" emerged. The Internet might enable going back to "direct" but who knows how that would work.

    • by AmiMoJo (196126) *

      The EU does tend to legislate to back up social contracts. All it means is that society needs to figure out what kind of relationship with device manufacturers it wants, and then force them to comply with a strong regulator that can intervene if they ignore the spirit of the law.

      Mobile phone chargers are a good example. We decided they were all going to be USB, and now they are.

    • by AlecC (512609)

      I think the "Social Contract" exists, but I agree that it is a problem, but also an advantage, that it is not written down. There is an implicit contract between all of us on how society works: that we give up some freedoms, as do our fellow citizens, in order to make society work. The fact that it is not written down means that we can actually have different views of what is actually in the contract - and privacy is a golden example of that. On the other hand, being unwritten allows it to evolve. Writing t

      • by khallow (566160)

        There is an implicit contract between all of us on how society works: that we give up some freedoms, as do our fellow citizens, in order to make society work.

        I'm willing to call it a "cooperation". A "contract" implies things that don't exist here such as explicit terms and agreement to those terms.

        The fact that it is not written down means that we can actually have different views of what is actually in the contract

        Well, as long as we all agree on what that is, that's ok. Else this unwritten contract isn't worth the paper it's written on.

        Writing things down fixes them, while society changes.

        So what? There's no indication here that the cooperative aspects of our society changes. For example, the concerns of privacy haven't changed despite the changes in technology.

        A prime example here is the Second Amendment: while not saying it is right or wrong, I am certain those who wrote and passed it did not foresee current firearms technology.

        I think that's a dubious claim to make. All that has happened is tha

        • by jp10558 (748604)

          I think that's a dubious claim to make. All that has happened is that such firearms have become lighter, more reliable, and have a much faster firing rate. In other words, they've become better at the job they do. That's not hard to predict. And I'm fairly certain that the technology hasn't advanced to the point where original backers would have changed their minds.

          Yes, but I wonder if they were also thinking about the much higher population density and different sort of working situations. It was easy for

          • by khallow (566160)

            Did the founding fathers really deal with or consider single perpetrator mass shootings? The closest thing I could think of would be bombings, and I don't know that the Second Amendment had anything in there about explosives.

            They would have been aware of Guy Fawkes and the attempted bombing of the UK Parliament. And it's worth noting here that single perpetrator mass shootings don't actually kill that many people - especially when the would-be victims happen to be armed.

            Of course, if we were that OK with the level of death, we shouldn't be anywhere near as freaked out about terrorism as we seem to be.

            Well, I'm not particularly "freaked out", though I should note that the US has lost about as many people to the 911 terrorist attacks as to single perpetrator mass shootings.

            • by jp10558 (748604)

              Both of your replies were kind of my point. They were aware of Guy Fawkes. Did they condone violence against "innocents"? I think they might have, they did just fight an armed rebellion against their government, and explicitly had the second amendment there to allow similar rebellions in the future.

              My point is that I'm saddened that we will fight so hard to keep open the violent guns part of the constitution, but keep rolling over on the trampling of other amendments in the name of security.

              To paraphrase th

              • by khallow (566160)
                I think my comments kind of weren't your point. For example, you're babbling about "condone violence against 'innocents'" on the basis that someone just fought a war and thought they might need to again.

                We do have many historical examples of violence against innocents, including a few from the US's Revolutionary War. But most war is not of that sort. It's violence that involves innocents, but it doesn't target them. For if it did, there'd be a lot more dead innocents than there have been.

                My point is that I'm saddened that we will fight so hard to keep open the violent guns part of the constitution, but keep rolling over on the trampling of other amendments in the name of security.

                While some peopl

    • It exists in the acceptance and use of economic systems. I mean, what gives money value? Even criminals in the hardcore underground use paper money - because they can use the social contract to their advantage when they possess it (e.g. public goods of real value can be traded for it). All that the social contract means is that you are participating with the understanding that there are rules. What the rules are, and what it means to you, are formed by your associations and the company you keep, as well as

  • Because that worked out so well for the rest of the internet.
  • by Animats (122034) on Friday September 20, 2013 @01:22AM (#44899631) Homepage

    We need to be much less tolerant of things that "phone home" to some headquarters. Or accept remote patches. We now have to assume that anything with a remote patch capability can be exploited.

    You might think open source would be better. It's not. Even the Mozilla Foundation has become squishy-soft on enforcing their own privacy rules. Check out BlockSite [mozilla.org], a Firefox add-on which used to just block requested sites. It was bought up by a company called WIPS, which buys up abandoned apps and puts in back-door tracking of every site visited. After a year of pressure from WIPS, Jorge Villalobos at Mozilla caved in and let them install tracking in an existing add-on and auto update it.

    For Linux, Ubuntu pushes an awful lot of updates to supposedly "stable" versions. Is there a back door in there? Is anybody looking?

    • For Linux, Ubuntu pushes an awful lot of updates to supposedly "stable" versions. Is there a back door in there? Is anybody looking?

      You're asking the question for the wrong reasons. In the Linux world things are intentionally broken up into small pieces (according to the "an app should do one thing and do it well" philosophy) so the number of packages requiring an update is basically meaningless. Firefox is 2 or 3 packages while the QT framework is about 30. VLC with all its codec libraries is probably even more than that. Updating just one application can mean a whole slew of updated packages...or just one, depending on what it is.

      • Well.. Ubuntu nowadays does have quite some tracking. Remember the amazon shenanigans they built in to Ubuntu? You have to manually turn this off. How many casual users do you think know that it is even possible to turn this off? Or Ubuntu One? Or unity lenses? Or who assures me there is no back door in Zeitgeist?
  • Its nice thinking and all that, but this will never happen, you might get governments to agree with this even, but Pandora's Box has been opened the vast wealth of information on the internet, and power of controlling it, is too much. When you send anything out in to the world, be it a physical package or ip packets, someone is at the very least going to record who you sent it to and when. Encryption just makes them want to look at that package even more.
    The only way to make sure no one is watching is to no

  • by phantomfive (622387) on Friday September 20, 2013 @01:23AM (#44899635) Journal
    Here's my attempt from a particularly delicious paragraph from the paper:

    Globalisation
    revolutions
    intellectual framework
    socio-economic system
    intellectual framework (twice!)
    paradigm
    diverse
    at stake
    data driven
    personal data
    (he almost said corporation. But avoided it with company.)

    The paragraph (now guess what it means!):

    Driven by globalisation and technological revolutions, the world is changing fast but the intellectual framework that continues to inspire the current institutions surrounding our socio - economic system dates back to the agricultural and first in dustrial revolutions and the pioneering works of Thomas Hobbes (the “Leviathan” – 1651), Adam Smith (the “invisible hand” – 1776) and David Ricardo (“value comes from labour” – 1817). It is time we realise that a new intellectual framework, a new paradigm, is needed if we are to grasp the diverse complex issues at stake. The idea of connected devices of all sorts chatting away to one another is certainly attractive - most people want to enjoy the new, exciting services that a data - driven future can provide, but at the same time they do not trust companies and governments as regards the collection and processing of personal data.

    • David Ricardo (“value comes from labour” – 1817).

      Also, I'm not sure I would characterize David Ricardo with that quote, I would probably say his philosophy was closer to, "all laborers have value," since everyone can work where they find their competitive advantage (something like that).

  • As far as I'm concerned, in my home a single entity that post on /. instead of doing the job that is paid for (that's me!) is more than enough.

    I hereby do solemnly declare that my fridge doesn't and will never have any other option than to keep my food cool. Similar goes for all the other appliances I or will own (mobile phone included: a mobile phone is a phone [dvice.com], no photocam/GPS/gaming console or Internet-enabled-tracking-device... and it better stays this way dam'it, social contract or not).

  • "Copyright on My Personal Information, Data and Meta-data"

    All rights reserved
    No part of this publication may be reproduced,
    stored in a retrieval system, or transmitted in any form
    without the prior permission of the publisher (myself),
    nor circulated in any form without a similar condition
    being imposed on any subsequent purchaser/user.

    "My Personal Data"
    ~name
    ~address
    ~phone
    ~credit card details
    ~past purchases
    ~browsing history
    ~emails
    ~various meta-data
    ~location data
    ~log of events of your life

    You would have to have

    • by Anonymous Coward

      The problem is that those EULAs usually grant the company all rights and remove all uour rights. And since you really really want to get started with using that application you dont care about the terms... until later. I think it would be an interesting thought experiment having a law that gave each person non-transferable rights to certain information. Slavery is still forbidden, right? so you can put "We own you " in an EULA but it would not hold up in court. What if this was extended to include more aspe

  • Here's an idea (Score:2, Insightful)

    by Anonymous Coward

    Don't connect your lightbulb to the internet.

    • by Dogtanian (588974)

      Don't connect your lightbulb to the internet.

      Yes, seriously... what *really* does this obsession with the "Internet of Things" actually offer us?

      Right now, it comes across as something being pushed by for-the-sake-of-it technological fetishists meeting control freak tendencies, both playing into the hands of authoritarians everywhere.

  • by mcmf (3134063) on Friday September 20, 2013 @04:18AM (#44900277)
    I have been wondering about this re my utility meters. Currently my teleswitch (http://en.wikipedia.org/wiki/Teleswitch) enabled electricity meter is read a few times a year, and these readings are clearly the properly of my provider. However in an IOT world my electricity consumption would be continuously available as part of maximising use of solar or off peak rates etc. But who owns my consumption data? No doubt my provider, who owns the meter, would find somebody to sell it to and equally, various 'security' agencies would insist they had to have full access to it. I am sure that careful examination it of could reveal tons of personal info.
    • Just your overall usage level sure could (like what times you're at home, when you charge your EV and how much you put in it, for example) but with modern Smart Grid technology, individual devices are accessible to the power company, opening up limitless possibilities for loss of privacy and greater corporate power.

      The best you could do, while staying on the (smart) grid, would be to use a huge battery as a buffer and "firewall" for the whole house, effectively airgapping your home devices from the Smart Gr

  • And to demonstrate European commitment to privacy, the plane of Bolivian President Evo Morales was refused permission to fly through the airspace of Spain, France, Portugal and Italy. The plane was later grounded for 13 hours and searched by Austrian police in Vienna. All in pursuit of that terrorist Edward Snowden. Clearly these were the first steps towards "the creation of a whole new social contract to enshrine the right to privacy and prevent the creation of technology-fueled Orwellian surveillance stat
  • Most of this stuff is targeted at precisely the demographic of people who DO NOT CARE how its used.

  • 10 years in the future, my scale is going to tell my refrigerator to not open the freezer "to keep that fatass away from the ice cream". so really the benevolence of thinking machines is what bugs me most.

    • Only if the government puts more horrible hackish fixes on the health care system to maintain the same level of disgusting hyper-profitability for the health care industry while just spreading around the costs so it doesn't hit any one person way too hard.

  • If your brain bucket lets you believe your favorite time waster site is following a 'social contract' then yes, this is the route for you.
    If however you have not lost all ability to reason, why would you use facebook et al?

  • Hive mind, and all that?

    It's not really possible to "opt out" of public surveillance. Can you imagine the difficulty of claiming the right to "disappear" off of other people's Google Glass (maybe by broadcasting a disruptor signal of some sort saying "ignore me, nothing to see here, move along"?

    And how do you assure privacy to those who deprive others of it, themselves?

    If privacy is outlawed, only outlaws will have privacy...

    New thought really is required. Not sure all the angles can be squared.

  • Let me see if I understand this correctly: the social contract that *did* exist failed with regard to privacy because private and public entities alike found it was in their best interests to break it, so the solution is to create a brand new one. There are multibillion dollar industries around large-scale analytics for commercial purposes, surveillance for military, intelligence and other purposes, and lots of money to be made by continuing to violate the contract. And for the most part, the overwhelming

  • by DriveDog (822962)
    To my mind, TPMS is currently the leading candidate for poster child of loss of privacy due to devices leaking my data. Anyone with a little time and knowledge or a moderate amount of money can set up a single or network of detectors to track my car. With a little more time or money, someone could also spoof my tires' TPMS codes, so that my car appears to have been somewhere it wasn't.
  • If you need to define privacy rules like that from the political side, it's because your general design is wrong.

    Posting ALL data from devices to a central server based on a timer from the lowest common denominator of the systems needing the data is a simple and very NAIVE design approach of such a system...

    Other methods include using P2P technology as found in VoIP/Skype etc. systems. This way only data-sources that the end-user accept and authenticate can initiate remote data-acquisition. Yes this is

  • What we seem to be having is a confusion between the concepts of privacy and anonymity. Things that occur in public are by definition not private, but we have become accustomed to assuming most of our actions are nearly anonymous. This is quickly becoming a poor assumption.

What hath Bob wrought?

Working...