PSC Cards and Personal Data – be VERY Afraid

 

The rumblings over the last year about the ‘harvesting’ of personal data in digital formats, prompted primarily by the Trump/Russia election scandal, has been constant. The media focus on personal data has waxed and waned but has never gone away. Nor should it – it needs to get sharper, more insistent, and more inquisitive. Every citizen in the state needs to arm themselves with knowledge and start discussing the type and extent of our personal data that government departments and private corporations may store, keep, and share.

Recently in Ireland, we have had government departments, on the one hand, foisting a national identity card, aka the Public Services Card, on us by stealth, while on the other those same departments try to sneak through clauses exempting themselves from penalties under The Data Protection Bill 2018. At the same time, we had Facebook and Google attempting to influence the outcome of the 8th Amendment Referendum with massive advertising campaigns, apparently funded by foreign organisations.

After a lot of effort and lobbying by private groups and individuals both Facebook and Google have been browbeaten into pulling the offending and offensive ads and some changes have been forced into The Data Protection Bill to penalise government departments if they mess with our data. The big worry, however, is that our government made no effort to protect its citizens’ private data or to protect the integrity of a national vote until it had, essentially, to be coerced into making state departments moderately accountable for data breaches. None of that has changed either the ardent intent with which our government is progressing the Public Services Card programme to become a national ID card that is ‘mandatory but not compulsory’, nor the resolute foot-dragging they show in making positive change to data protection for the state or individuals.

While these and other data stories are frenetically convulsing in daily conversation, Cambridge Analytica, Facebook, and smartphones are all maturing to become elderly technologies. Over the coming years, they will be consigned to the retro tech world of old Nokia phones. If the technologies of today make you worry about your privacy being invaded, well, you ain’t seen nothing yet and you’d do well to read on.

How personal can personal data get?

We’ll start this horror story by looking at hearing aid technology. This may seem an odd place to start but hearing aids have advanced enormously in recent years particularly in terms of wireless communications. Wireless comms allow aids to exchange data with one another and to share information with other technologies. For almost two years now GPS tracking has been available with on-ear devices allowing for aids to be easily found should they be lost. By extension, if you get access to the manufacturers’ software you can then track that individual anytime and anywhere. Of course, the

manufacturers are very careful to protect the integrity of their technology, but anything that can be read and programmed can be hacked.

A year ago, Phonak (Swiss hearing aid manufacturer) launched a programme of ‘online-hearing-aid-fittings’ for the US Military. All US war veterans who wear hearing aids will soon be fitted with discreet on-ear devices to which an audiologist can connect remotely via the cloud. The audiologist will be able to talk to the wearer, hear what they hear, and reprogram the aids as they see fit. People with hearing loss can now have their hearing aids adjusted in real-time with built-in video conferencing. Again, anyone with access to the manufacturer’s software could eavesdrop on the hearing-aid wearer and those nearby without their knowledge.

People with hearing loss can now have their hearing aids adjusted in real-time with built-in video conferencing (PRNewsfoto/Phonak AG)

In parallel with the current hearing aids are in-ear biometric advances such as photoplethysmography-based in-ear sensor systems for identification of increased stress arousal, pulse oximetry, and a whole range of other multimodal physiological in-ear sensors. Hearing aids will be able to check pulse, temperature, skin conductivity and other biometrics as well as provide audio to a distant point. It’s called ‘hearable’ technology and is a subset of ‘wearable’ tech. It is a fantastic step forward in science and engineering and will enable sick, frail, or disabled people to be monitored and an intervention signalled if a potential health risk is detected . . . among other things!

That’s just hearing aids. Eye-worn wearable technology is also about to explode. Mass-market eye wearables, a brand of smart goggles that act as optical head-mounted displays in a pair of eyeglasses, have been pioneered by Google Glass. They are very much in vogue with video gamers but their use has encroached into the realm of smartphones and will eventually hasten the demise of the ‘mobile phone’ as we know it now. Google Glass displays information in a smartphone-like, hands-free format. Using built-in microphones, wearers communicate with the Internet via voice commands, so that you can walk, talk, browse, and send and receive messages discreetly without anyone being aware of your actions.

Unsurprisingly, Apple will, this year, leap into this same market with gusto and their products will be integrated: Apple Glasses will talk to and work seamlessly with Apple EarPods and the Apple Watch, sharing data and providing visual and audio data to the wearer and so herald the demise of the smartphone.

Bringing these technologies together allows us a glimpse at the tip of the personal data iceberg. Just beneath the surface, almost unseen, are companies like Tobii. Tobii makes hi-tech eyeglasses that are best described in their own marketing blurb:

This is Eye Tracking – Eye tracking is a sensor technology that enables a device to know exactly where your eyes are focused. It determines your presence, attention, focus, drowsiness, consciousness, or other mental states. This information can be used to gain deep insights into consumer behavior or to design revolutionary new user interfaces across various devices.

Apple’s new wearable ‘Glasses’ product, empowered with this technology is just on the horizon.

The stage is now set for the next revolution. In not too many years (over the next 5) we will chuck our smartphones en masse and don watches, earpieces, and tech glasses that will communicate with each other and the online world. It will be possible to measure eye movement, pupil dilation, skin conductivity, blood pressure, temperature, brain activity, blood chemistry, and other biometrics.

Using biofeedback, it will be possible not only to measure a person’s physical and mental state but to influence that person emotionally to a profound extent. An advertiser will be able to monitor the effectiveness of an advertisement in real time and even modify the content on the fly to achieve a desired outcome. The technology will not immediately be widely adopted, but it will be waiting patiently side-stage for key technologies to improve, primarily data transfer speeds and bandwidth.

Advertisers are drooling at the prospects provided by ‘wearables’. Just last year ‘Campaign Magazine‘, a UK-based marketing and promotion publication, published an article that chortled to itself with lines such as ‘Imagine a near future in which search is both triggered by and fulfilled with audio: how emotional does your brand sound on Google? Distinctive audio-branding may come to define successful businesses as audio-driven technology prospers. . . .’ The article focuses mostly on music, referring to it as an ‘emotional brand-building tool’ and ‘how brand saliency is optimised through repeatedly using sensory cues like music to enhance mental availability and build subconscious emotional attachment to the brand.’

As a society, we are only now seriously debating and regulating the use of personal data through electronic technology. We still need to educate the majority of our population, especially our children, of the dangers associated with technology in our personal lives. The fun parts of tech are obvious, but the scary stuff is rarely considered. Public dialogue is essential, now and over the coming years, to keep abreast of the galloping advances in the acquisition of biometric and personal information.

We need Data and Privacy Education in our schools and a programme for our general public. Just as we have campaigns, booklets, and advertising for road safety, sex, suicide, diet, and exercise we need exactly the same for electronic and biometric data. The best time to start this program was 10 or 15 years ago. The second-best time is now before more valuable time is lost.

The best first step we as Irish citizens can take is to vigorously challenge our government and government departments on the Public Services Card (PSC). The dangers posed by the sneaking, widespread, and insistent distribution of the PSCs have even our Data Protection Commissioner up in arms. When you see how cosy and blasé the Office of Data Protection Commissioner has been with Facebook and Google and see the same oversight board at loggerheads with senior civil servants over Public Services Cards then you know we need to be very worried.

There will be much more written on this over time but consider this: the PSC and the Data Protection Bill 2018 drafts show how little respect government departments have for the integrity of our personal data. The cervical check scandal shows the contempt government agencies have for disseminating data – even to the point of killing us. Data from Gardai, from housing and employment bodies, and other arms of government cannot be trusted.

Be afraid – be VERY afraid!

, , , , , , , ,

About Frank McGrath

An audiologist and electronics engineer Frank really is a “sound man”. Singing, drama, books, music, science, technology, art, politics, life, chat and craic are passions. Drama and folk singing engage his few spare hours outside of family duties. Frank has many acting and directing awards but writes a little too when time permits and the passion is up. View all posts by Frank McGrath →