D2.2: Set of use cases and scenarios

Title: NO PRIVACY SCENARIO

No Privacy Scenario

We make several assumptions, as realistic as possible, on the development of the Internet.  

1. The majority of the citizens are connected to the Internet and use a variety of electronic services (e-government, e-banking, e-commerce, e-voting, …) 

2. Remarkable development of storage devices, database technology, profiling algorithms, data gathering and data mining techniques exist. 

3. User’s communication is traceable (i.e., no anonymous communication infrastructure is implemented). 

4. Unique identifiers, such as national ID numbers, are used to authenticate users (note that this is the case in some of the most recent electronic ID developments, such as the Belgian electronic ID card [1]). 

In these conditions, and taking into account that companies increasingly consider customer profiling and databases as a “gold mine”, it is reasonable to predict that more and more transactional, behavioural and personal data will be stored and used for different purposes. While e-government and e-voting create data procession with public authorities, e-banking and e-commerce create data procession by private authorities. It is even possible that public authorities provide data to private authorities and vice versa.  

Given that no communication anonymity mechanisms are implemented, and due to the use of unique identifiers, users do not have means to prevent the linking of information their electronic activities generate. The gathering of data may even be invisible to the user.  

The linkability of all information generated by an Internet user (e.g., through the IP address, national ID number or social security number), allows for sophisticated profiling of each user. Let us list some of the information that could be gathered and stored directly or indirectly, just by monitoring the user’s communication: email address, age, gender, location, religious preferences, sexual orientation, civil status, number of children, school of the children, bank, job, organisation, list of products bough on the Internet, daily supermarket and groceries lists, type of car, name of the garage, period of holidays, political orientation, race, lifestyle, interests, social network…  

Information can also be gathered indirectly by linking data together, e.g. by storing which mobile phones of different persons are often together in the same area, one could infer social relationships.  

Who would want to access these heterogeneous set of data? Here we give some examples of how the data could be profitable for different organisations.  

1. Private sector: Marketing companies can develop highly sophisticated campaigns if they get these data. For example, they could provide a service that shows on the TV (GSM, spam, or other new forms of publicity that may appear) of each person the ads that are more likely to stimulate him to buy a product (or a service). The economic gain of those in possession of the data could be enormous. Already today, ads are more and more personalised so that they have much more value: When entering a website like hotmail.com, the ads are automatically provided in the language of and towards the interested public of the location that is linked with the IP number.  

2. Public sector: Political (including extremist), religious (including abusive and dangerous sects) and even criminal or terrorist organizations could target the people they are interested in. For example, they may use it to recruit new members among those who are more likely to be "converted"; they could also use this information to select when and where to commit a crime (personalized crime could emerge, where the criminal selects and studies the victim in order to better plan and commit the crime). 

1. Private sector: Human resources departments could use these data in order to control their employees and to select their personnel. Discrimination based on personal details would be difficult to control. For example, people who have had medical problems would be more likely to be fired or not employed. Even if legislation would forbid medical examination before offering someone a job (as is the case in The Netherlands), it would be difficult to prove that information regarding medical problems was the reason for firing or not employing a person, especially if one has no access to the information that is available to the other party. 

2. Public and Private sector: As to both sectors, data can be abused by individual persons who abuse the database for personal purposes. The risk here is especially high because in this case people may really have an interest in accessing data, and the harm that is done could be very big  

3. Public sector: Regarding the public sector, that is governments, intelligence agencies, police departments, etc., it is difficult to imagine that they will resist the temptation of collecting and storing these data. As the draft framework decision of the Council of the European Union indicates, the priority for law enforcement and security may make them monitor citizens and push the legal and practical limits on the use of the data gathered. This is a more serious threat to individual freedom in weak democracies and undemocratic systems, where people who oppose the political regime may be retaliated. The point is that we do not know when democracies weaken and who will be in charge if they do. As an example of an explicitly undemocratic regime, China demonstrates the extent to which a government may want to move to remain in control.  

As we can see, personal information is valuable for organizations, whether it is for economic profit, or for controlling employees or citizens and their personal lives beyond today’s imaginable limits. It is important to note that a crucial point will be the extent to which access to information is asymmetric. Especially in the case of asymmetric access (either because data protection legislation is absent or because it is not effective) personal information will give power and control to those in possession of the information, leaving profiled individuals in a vulnerable situation, as they do not have means to control who has access to which personal information, and for which purposes this information is used. In extreme scenarios, in which the amount of information available on individuals is very large, the degree of control on the profiled individuals could be enormous.  

Finally, we would like to remark that once the information is no longer under the control of the user, it cannot be guaranteed that it will be completely removed. Therefore, in some sense, once privacy is “lost”, it cannot be recovered. This is why personal data must be protected not only through legal means, but also through technical means that prevent the collection of the information. 

From the Identity perspective, we could say that a very large portion of the identity (in the broad sense) of individuals would be exposed to external entities, which are not under the control of the data owner. This would give organisations in possession of the data the power to exploit and influence people’s identities and behaviour for their own purposes.