In the wake of Edward Snowden’s allegations of massive surveillance by the United States government on foreigners and on its own citizens, renewed attention is being given to digital privacy. There are two distinct but related components of this: privacy from government surveillance and privacy from corporate or other private interests. Much has already been written about the former.

But surveillance on the scale that Snowden alleges (and its extent is unclear at this point) would not be feasible unless people had created massive amounts of information and records about themselves… records that companies use for commercial purposes.

For instance, 10 years ago Gmail did not exist. Google created this free email service to make money by data-mining Gmail accounts and selling access to advertisers. Facebook allows people to create profiles of themselves, their friends, their favourite products and their location.

There are tons of free — and very useful — applications on the internet as well as organizations offering discounts. But are they donating these services out of pure altruism? No. As they say in internet marketing circles, “If the service is free, you are not the customer. You are the product.”

So much data is generated that even IT experts aren’t aware of it. Consider the case of John McAfee, who developed the original virus-detection software. He fell on hard times and was charged with murder in Belize. But before the police arrived, he disappeared.

I was among the first to find him — simply by looking at a picture he had posted online. From my desk in central Illinois, I was able to track him down in Rio Dulce, Guatemala. I could identified what restaurant he was at. It sounds complicated, but it only took me a few moments. I went through the exercise because I was bored on a Monday (my wife says I need better hobbies). Apparently the computer guru had forgotten that modern devices come with GPS receivers and will embed (if not turned off) geolocation data in events, pictures and the like.

I’ve used public geolocation data in investigations from time to time to prove the validity of a story, or to prove that someone is less than honest. Even more data becomes available if you can obtain a subpoena. Recently, I used GPS data embedded in social media to prove that a politician was violating ethics laws by doing political work in a government office.

The amount of data generated about people that can be leveraged for marketing purposes is staggering. It is euphemistically known as “Big Data” and the reality is there is far more data generated than can be used right now. That hasn’t stopped companies from creating new technologies for absorbing it. There is a voracious desire to gather as much information about consumers as possible.

For instance, a recent patent filed by Microsoft describes technology that can detect how many people are watching a home movie. If there are too many warm bodies in the room, the device warns viewers that they must purchase a license.

As far as gadgets are concerned, the newest hot item is Google Glass, essentially a wearable computer device that looks like a pair of glasses. Google, as a company, doesn’t sell personal information but it does gather information for the purposes of selling access to consumers based on their interests. As an example, my wife was searching for some Super Mario toys for my children and now most websites she visits display ads about Super Mario products.

That said, some of the potential of Google Glass is disturbing.

For one thing, the device is always on. It pays attention not only to what is in front of you, but also your eye movements. While that may seem innocuous, eye movements are very informative. We’ve all had conversations in which our partner wasn’t looking at us but past us. Eye movements can also tell whether someone is lying.

Because of the enormous privacy issues Google has decided to not allow facial recognition applications for Glass. But they are possible. Google images has a facial recognition component (as does Facebook) that allows you to find similar pictures.

Facial recognition was used by another digital sleuth to identify the actual person whose image was used by Manti Te’o as his fake dead internet girlfriend. (Coming from an Irish family near Chicago, I know better than to take a strafing run on Notre Dame).

And what happens if a malicious individual gains access? There is an entire class of hackers who do nothing but hack home PCs and surreptitiously turn on webcams and microphones to spy on young women (it’s often referred to as RATing in underground communities). The intent is to get naked pictures of an unsuspecting person. Sometimes it ends up in a personal collection; sometimes it’s used in a form of sextortion. It’s rather trivial to execute this attack. Imagine what an attacker could do if they hacked the glasses on your face.

The social implications are also interesting. How will it affect interpersonal relationships to be talking to someone who essentially has a camera attached to their face pointed directly at you (which may or may not be transmitting over the Internet). There is already the issue of people spending more attention looking at their phones than relating to people around them. Will Google Glass make this worse?

Finally, what authorities or parties in a lawsuit could get access to this technology? Google Glasses create and store data. If someone had a legal avenue to collect it, what could they find? What couldn’t they find? Recently, a doctor used Google Glass to live-stream surgery, allowing people all over the world to watch in real-time as he worked. Would it be possible for police to do the same thing?

Which, of course, brings us back to the NSA controversy and Edward Snowden. Governments need to monitor potential threats. With the advent of social media, wearable computing, smart phones and the like, massive amounts of data and records are being created that simply did not exist a decade ago.

Back in the 1990s, simply obtaining a list of a person’s friends was a huge challenge. You would need a investigator to stake out his home. You might need to tap his phone. Even then, there would be gaps in your knowledge. Now you can simply log into Facebook or copy a contact list from a cell phone. If corporations can use Big Data to sell products, government will theoretically be able to request access for law enforcement or other purposes.

In the end, no one is required to wear Google Glass or, for that matter, to participate in websites which contribute to Big Data. Most sophisticated criminals, spies, and terrorists certainly don’t use these technologies to keep up with their friends. However, most people are simply unaware of how much data they are creating about themselves and how easy it is for a third party to retrieve it. 

John Bambenek is an author, activist, and computer security expert in Illinois.  

John Bambenek is an information security practitioner living in central Illinois. He currently owns a consulting firm where he guides corporate executives and members of government on...