Watch Out: Your Mobile Devices Are Listening!
Posted by Bob Warfield on September 16, 2010
Remember the precogs from Minority Report? They knew what you were going to do before even you knew, and you could go to jail for it without ever having done it. Because you were destined to do it.
But this world we live in keeps become more and more creepy as the machines become more and more aware. I read this article just now:
So, my iPad can hear what I hear, and can know what I’m watching on TV because it recognizes the sounds. But wait, my cell phone can hear things too, things I can’t even hear. For example, an ultrasonic signal that tells it when I walked into a store:
While voice recognition has generally been a failure, voice print analysis works (up to 93% for speaker recognition versus about 80% for voice recognition) , so my iPhone should be able to recognize who I’m talking to before it really knows very well what I’m talking about. And, of course, it knows where I am because of its GPS.
I file all of this sort of thing under the heading of “augmented reality”. It’s really not the same thing, but as the devices become more aware of their environment, the User Experience can be changed in some pretty dramatic ways. It’s fascinating to think about, but don’t you agree it’s also a little bit creepy?
We recently became aware of an example where a Google employee had been using the omniscient powers of Google to access private Gmail and GTalk accounts so that he could spy on and harass people, including four minors. The employee had access to email and call logs via Google Voice. Who knows what else is available if every part of your life Google sees were pieced together into a coherent dossier on a person.
It seems to me there are architectural provisions that could be made that would make this sort of thing much less likely to be abused, while retaining the ability to provide the goodness that such services can also offer. Hey, I like the idea of getting more coupons at a store because it knows I walked in the door. I just don’t want the retailer stalking me over it, let alone some creepy employee of the retailer.
If you handle credit card data, you’re already subject to a set of provisions for how your software needs to treat that data. Seems like it would be straightforward to specify some architectural provisions for managing private data too. For example, suppose the data that uniquely tells who I am has to kept separate from the data tracking my actions. The two are joined with an abstract identifier that is completely meaningless except as a way of putting the two together, and the list of people who have the right to put them together is dramatically restricted. It might even take the customer’s help for an employee of the service provider to be able to see the data. Imagine if the Google employee couldn’t see the email logs (and after all, why should they?) unless the email owner, or someone very high up the food chain at Google, cooperates by typing in their password to authorize it.
Software vendors should be thinking about how to preserve their customer’s privacy proactively, before something much worse than the Google incident happens and severely damages the company’s reputation forever. Expects thing to get a lot creepier before they get better.