understanding the importance and impact of anonymity and authentication in a networked society
navigation menu top border

.:home:.     .:project:.    .:people:.     .:research:.     .:blog:.     .:resources:.     .:media:.

navigation menu bottom border
main display area top border
« Does Google Creep You Out? | Main | FINAL CALL FOR STUDENT ABSTRACTS »

Who Needs Your Name?

posted by:Jason Millar. // 11:59 PM // June 19, 2007 // ID TRAIL MIX


Every now and again I Google my own name. If you’ve never Googled your own name, try it. It’s a strange way to spend fifteen minutes—there’s not much to be found, in my case—but every time I do it something different pops up in the search results. Sometimes I check to see if a new piece of information associated with me has trumped the usual results, other times, and for reasons still not clear to myself, I simply want to make sure that my stuff is on the first page of hits.

I know there are other individuals out there who share my first and last names. I met one once. Recently, while undergoing a security check for some work I was doing, it wasn’t until I provided my fingerprints and middle name that I was eventually cleared. I can only surmise the existence of another Jason X Millar (maybe the one I once met) who is less trustworthy than myself according to those who know and care.

One thing I have noticed, I’ve been Googling my name for years, is that there are more and more pieces of information associated with various Jason Millars popping up in the results. Many of those pieces of information are associated with me. But there are other individuals named Jason Millar out there—artists, soccer players and a host of other random individuals with random interests and opinions have posted information about themselves. I can only imagine that anyone interested in compiling all of the stuff exclusively associated with me would have some fancy guesswork to perform in the filtering. This is because it isn’t at all clear which of the information belongs to a single Jason Millar.

The same problem occurs when trying to piece together random information collected about random individuals. When trying to aggregate it under a name, complications arise due to the problems associated with authenticating the data.

This assumes, of course, that someone would be interested in stitching together what are ostensibly disparate chunks of information into an aggregated whole that would describe various aspects of a single individual’s life in a more holistic manner. To be sure, one could imagine data mining projects that involve this type of aggregation, such as the kind that could be used for psychological profiling. But for a great many applications—perhaps profiling for marketing purposes—the kind of complete data mining that would involve stitching together information under the heading of a name, might not be as important as it first seems.

Stitching a person’s information together based on first and last names is complicated. Authentication can be a tricky business where privacy laws are in effect, and the fact that there are so many “Jason Millar”s in the search results makes one wonder how useful names really are to those who know and care to authenticate information as mine.

In fact the more I do these searches the more I’m convinced that, in the information age, traditional identifiers that tend to make us want to associate complete sets of information with a “me”, or “her”, or any “particular individual” in the first place, are becoming obsolete. The type of association that seeks an identifiable individual at the focal point of the relevant information may soon be replaced by newer means of association and identification, which will allow individuals to aggregate information about other individuals through the various proxies indirectly associated with them.

I can only imagine that my name, address, phone number and other personal information traditionally used as a starting point when aggregating information about me will cease to be of primary relevance to the vast majority of individuals interested in accessing me for, say, marketing purposes. In their places, sets of numbers uniquely associated with the things I wear and carry with me on a daily basis will provide a highly reliable, and oddly descriptive, means for identifying {me}.

Here’s why this is plausible…

Consider the fact that in the near future every item that rolls off of an assembly line will have an Electronic Product Code (EPC) associated with it, and often embedded in it. Simply put, an EPC is a unique number, or identifier, for every product; every shoe, can of pop, bag and watch will have one—Wal-Mart says so. EPCs will be readable by any compatible reader operated by anybody who owns it (or them), and they will be very cheap. Now consider the fact that every communication device already has a unique identifier associated with it; every cell phone, Wi-Fi device, laptop, Bluetooth device, PSP and Nintendo DS has some hardware identifier associated with it per the relevant communication protocol—international telecommunication standards say so. Our future includes visions of wirelessly (ad-hoc) networked municipalities in which individuals are perpetually connected by means of their portable communications devices.

Any one of those numbers can function as a proxy in identifying an individual, even though only one number would be relatively unreliable if the task were ensuring that the same individual is carrying it at any given time. But with these two pieces in place it is easy to imagine networks of EPC readers constantly logging the information associated with the products I carry, and computer networks constantly logging the presence of communications that my wireless devices are constantly transmitting by virtue of their perpetual connectedness.

Let’s focus on EPCs for a moment, and imagine that consumer profiling is the application of the day (though it could easily be employee profiling). Every day I get dressed and leave the house carrying various products with me. Every set of numbers that is read at a given time will represent the set of EPCs I am carrying. On any given day that set will be different, owing to various possible combinations that I might possess at the time. However, over time the complete set can be built up by whatever network is logging the EPCs given that EPCs will begin to associate themselves with one another in the database. For example, my shoes will form a common link between many of the shirts and pants I wear, such that my EPCs will allow complex inventories to be built about my possessions. After a given time, by reading a subset of EPCs, a relatively unintelligent system could be extremely confident which complete set of EPCs it was dealing with, meaning that any future subset that is read and associated by relatively few common EPCs could be deemed part of the same larger set. Of course, every reader is associated with a location, such that a smart network of readers would be able to track the movement of the EPCs through space.

If you add the known locations of wireless ad-hoc network routers into the mix, sets of EPCs moving through space can be associated with particular communications devices. This means that information flowing to and from those devices on privately owned networks could be associated with the sets of EPCs. Anonymous blog postings, emails etc. could all potentially be associated with the set of EPCs and wireless devices.

Anyone interested in understanding a set’s purchasing patterns, its certain eating habits, daily movements, etc. need not know anything about credit card transactions, names, phone numbers, addresses or any of the other traditional pieces of personal information deemed sensitive. In fact, the particular individual at the locus of the set of numbers simply disappears, replaced by the things that matter most to marketers: information about an inventory of products and a means of communicating with whoever is associated with them. Access to whatever is at the locus of buying power, or at the locus of influencing buying power, is all that counts in profiling for marketing.

Speculating about the kinds of information that can be gleaned about the sets in this kind of environment could run pages. The point I want to make is that there will be the ability to identify clouds of numbers that self-associate through the indirect association they have with the individuals carrying them. The other point is that aggregating the associated sets does not involve directly identifying the individuals carrying the items.

I am not a lawyer, but I have heard a lot of mention of emanations lately (search the ID Trail blog for “Tessling”). Given the sketch provided here the questions I would raise are these:

a) Are the emanations coming from an individual’s possessions personal information or not, especially where identifying the individual in the traditional sense becomes unnecessary?
b) Does an individual have a reasonable expectation of privacy with respect to these kinds of data?

It seems we should gather opinions before the readers hit the streets. I’ll let the lawyers comment.


Post a comment

Remember Me?

main display area bottom border

.:privacy:. | .:contact:.

This is a SSHRC funded project:
Social Sciences and Humanities Research Council of Canada