I was thinking a bit about RFID and personal privacy today and a simple yet powerful truth slowly dawned on me. The root of the RFID privacy issue in this country is, quite simply: You have no right to privacy, not when it comes to personal or private enterprise.
The constitutional right to privacy that I (and pretty much everyone else I know) seem to think exists as an inalienable right, actually doesn’t exist verbatim. The supposed “Right to Privacy” I took for granted is actually collection of amendments in the Bill of Rights that, when culminated and interpreted in the right way, amount to protection of personal privacy. However, nowhere in the Constitution or the Bill of Rights is the word “privacy” actually found. What’s more, and this is the important bit, the implied protection of privacy found in the Bill of Rights only applies to government. It does not apply to citizens or private companies.
If you just paused for a moment of realization, join the club. When that fact slowly dawned on me, I was actually taken aback by my own blatantly ignorant assumptions. What this means, in no uncertain terms is, massive data collection companies like CheckPoint, Equifax, and Experian (etc.) are not breaking any constitutional law by amassing obscene amounts of personal information about you they can glean from every piece of paper you’ve ever signed your name to from your library card to your supermarket loyalty card to your mortgage papers. In many ways, these companies are not unlike stalkers… only they masquerade as legitimate authorities when it comes to your personal and financial “viability”.
An even scarier prospect is that these companies are branching out into the “private CIA” space, capturing and recording personal information much more intrusive than only every single financial decision you’ve ever made. Now these companies are actively trading information with local law enforcement, offering free “credit check terminals” on every single desk in entire police districts, in exchange for police data. They want every piece of information the police have, whether it’s accurate or not. They want to know if someone was brought in, even if no charges are actually filed. They want to know if someone gives a statement, if they get a parking ticket, if they sneeze and a police officer hears it. They want it all, and they are getting it. I wouldn’t be surprised if they get data feeds from the license plate and face-recognition cameras monitoring city streets so they can even get your last physical location if a client was willing to pay for it (the full meal deal). Many states are now using these companies to verify people’s addresses (pdf) when they get a drivers license. Doesn’t it concern anyone that private companies now have so much power that an egregiously flawed credit reporting system can not only deny you getting a mortgage, but now it can even deny you getting a drivers license?
Back when I was going hot and heavy with platform development for txtGroups (my endeavor into the mobile space) I started looking into location based services and found it frighteningly easy to get set up with access to LBS information. I could query a database and find out the approximate latitude and longitude of pretty much any cell phone I wanted. If I can get access to that data for only a buck a query, you can bet your ass these companies have got to be involved with LBS in some capacity. How is that not an illegal privacy violation of some kind?
The Bill of Rights implies a right to privacy, and with several Supreme Court cases to back that up, it’s clear that at least the government must keep it’s nose out of your private business. But how exactly is access to this privately collected data regulated when various US Federal government departments like the Department of Homeland Security are these companies’ biggest clients? All this local and federal government use and sharing of personal data with these companies doesn’t just blur the privacy line, it obliterates it.
I really wanted to bring this around to RFID and the privacy issues surrounding it, so I’ll get back on track here. A couple years ago an interesting paper was submitted to the DHS for review called “The Use of RFID for Human Identification” (pdf), which basically states that the benefits of using RFID for human identification are outweighed by the privacy issues/risks. This paper obviously caused some hubbub, the best of which I found here at the RFID Law Journal blog (pdf).
But putting all that government RFID privacy invasion hubbub aside for a moment, the fact that private companies can ruthlessly collect and share/sell any and all information about you it can find/buy/trade/coerce, with no regulations as to the accuracy of, who they sell it to, or for what purpose that data is used for… that really is the heart of the RFID privacy argument for me. It would be, and probably already is, just another tool these companies (and the government by proxy) use to collect more and more data about you, your whereabouts, and your existence itself.
I try to be careful with my own personal information, but even vigilant privacy advocates get sloppy with their info from time to time. It simply can’t be helped in a society that, since the 50s, has been built from the ground up on marketing to desires over needs and improving the information gathering techniques used to further that process. But now information itself has become the most profitable product a company may have, and with our own government becoming a partner in the data aggregation business, you can bet a symbiotic machine as cold, efficient, and profitable as this will be impossible to stop.