The UK government has announced the intention to monitor the calls and online activity of everybody in the UK. In this post, I look at how profiling – like the one proposed by the government – is done.
I confess: When I saw the news headlines, on April 1st, I thought that it was an April’s Fool prank. But I was wrong. The UK government really plans to pass laws to monitor the calls, emails, texts and website visits of every UK resident, as part of their effort to fight crime and terrorism.
Soon enough, analysts from all camps highlighted the technical difficulties of capturing and analysing such data, the prohibitive costs of such a project, the implications for those being monitored and the implications of false positives. This previous post looks at such points.
In this post, I want to move away from the debate of whether this effort is possible or even worth it. Instead, I look at the principles behind profiling.
What is profiling?
This dictionary defines profile as: ‘an outline of an object’. Thus, in essence, profiles are partial representations, be it an object, a structure or a person.
To develop these representations, profilers capture records of events, actions and interactions overtime. Then, they use these stored records to determine typical behaviour and to spot deviations from that behaviour. That’s no different from learning, over time, when your mother is likely to call… and growing worried when she doesn’t follow the pattern (even if the deviation ends up bringing joy).
What is the source of the records used in profiling?
Anything that can be recorded can be used in profiling. Though, of course, it is neither practical nor useful to collect and analyse every single data field. It really depends on the purpose of the profiling exercise – for instance, whether it is for the purpose of preventing crime or to prove criminal association after the event.
Much of our behaviour leaves traces – some times, inadvertently. If you are interested in this topic, check the documentary ‘Erasing David’. It provides a compelling look at how much information private companies and governments have about us. Do watch it, but be warned that you may feel a bit paranoid, afterwards.
We leave physical fingerprints, footprints and DNA residues.
Our movements are captured on CCTV cameras and traceable via our mobile phones.
Our purchases are recorded by loyalty programmes and credit card providers.
And, of course, records of our digital activity reveal what information we look for and what entertainment we consume, as well as who we write to, how often and about what.
The traces left by our behaviours are like signals that indicate who we are, what we do and what drives us.
How are the signals interpreted?
It is all about associations and context.
One comment in a discussion forum means nothing. But the comment, in association with visits to certain websites and a change in travel patterns may mean a lot… or not. That’s where the context comes in.
A red rose, for instance, means different things in different contexts. In the context of UK politics, the red rose stands for the object ‘labour party’; in Greek mythology, it stands for ‘love’; and in Christian iconography it stands for ‘martyrdom’. To complicate things further, the contextual references may change with time. For instance, the red rose only became the logo of UK’s labour party in the mid 1990s.
In other words, insight comes from looking at a given data point in the context of all the other data points we have. Only then, can analysts start identifying themes, or patterns.
Before you decide to stop using electronic money, to give up store or airline cards, to ditch your mobile phone and start communicating with your friends by smoke signals only, consider how difficult your life would be.
And how suspicious (and risky) would it be if you tried to buy a flat with cash and no exchange of property deeds?
The absence of signals can be as revealing as their presence. In one money laundering case I looked at, a firm was found to run a car smuggling operation because of the absence of certain expenses that analysts would expect in the type of business that the firm claimed to operate. It’s just like when you go on holidays: you don’t need to post on Facebook that you are away. Your lack of status updates or a change in the pattern of check-ins and comments will say so on your behalf.
Before you rebel against the government’s infringement in your private space, remember that commercial organisations do this, too – airlines, banks, supermarkets, telecommunications operators and, of course, providers of online services such as social networks or search engines… you name it. In fact, some firms are much better at customer profiling than this government will ever be. If you want to know what data organisations hold about you, the implications and what (if anything) you can do about it, do check Steffen Glomb’s website here (Steffen is a former student of mine who has a really neat product idea for the protection of personal data – watch this space!)
Being aware of the profiling skills of some organisations, I have made some minor changes in my behaviour. For instance, I do not have loyalty cards from organisations I perceive to be particularly good at profiling (see here), and I use a variety of e-mail addresses for different purposes. But, in the great scheme of things, these are insignificant measures. I considered declining to provide my passport data when booking a flight… but haven’t done it, yet.
Do you take active steps to avoid – or, at least, hinder – being profiled, either by commercial organisations or the government?
Ana Canhoto 
Interesting point again, Ana! And it seems like you have profiled the government, and predicted behaviour, considering a previous post :).Anyway, I think that in our way of living, with all the conveniences we’re used to, but also with the way commerce works, it’s hard to escape profiling, and we should realize it is part of our lives. We leave many, many traces. The thing which is most important, I think, is to find ways to deal with it. Do not get lured into too many loyalty programmes, for example. And if you do, be sure to take the benefit out of it for which you have joined. At least then you get some reward for selling your data. I think that is how I try to deal with these situations. Also, posts and articles like this one, and the ones you’ve linked to, help people understand what is happening. I think that is important as well. That people understand that it is a trade-off. If you understand the way data about you is collected and used, you can find ways to live comfortably with that. And make sure to vote for politicians who understand the need for clear and open procedures around data collection and profiling. So that if you are profiled to be a potential criminal, terrorist or whatever, you at least have a chance to defend yourself, if it is not true.
LikeLike
Yes, I agree, Arjan: it is simply inconvenient (or even impractical) to escape profiling.Thanks for saying that my article helps people understand the issue. That is my goal, indeed. Education is power – in general, and about this issue in particular. The extent to which many people are aware of the data that is being collected, and how it is used, is depressing.The only thing I disagree with, in your comment, is the part about the politicians and the ability to defend yourself. On this point (though not on others) I subscribe to the message in the Erasing David documentary: nothing to hide, but something to fear.
LikeLike
A reader has shared the following (very interesting) link: http://knowledge.wharton.upenn.edu/article.cfm?articleid=2973#.T32Qc0PNtco.twitterIt’s of an interview with Professor Joseph Turow (University of Pennsylvania’s Annenberg School), author of the book “The Daily You: How the Advertising Industry Is Defining Your Identity and Your Worth’.Thank you to Steven Dupon (@StevenDupon) for bringing this article and video to my attention.
LikeLike
Great summary Ana!Here is my opinion:The profile building can be something really useful and there can be win/win situations for both person being profiled and organisation profiling. I am actually curious about all my profiles, e.g. they might help me better reflect on stuff that I do.Chances are that profiles get used for purposes that I am not aware of and/or I dislike. The government stuff actually being the least of my worries. In fact some proper market research on the population could help a lot to inform governments actions. Sadly, Facebook actually comes closer to having and using these insights. At what point does Facebook actually see that selling ads requires a target audience with disposable income, if all goes downhill, will they try to support the economy?I would like to have more transparency and control about the profile building. I also dont buy into anonymisation and aggregation anymore. See for example Paul Ohm’s paper on de-anonymisation: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1450006Anyway people are different, some like to stay in the matrix, even wished they did not know about it. Others want to have the notion to stay in control of their lives. I fear that the attempt too overservice a consumer, may cut into my moments of serendipity. If I only get offered/presented what was predicted to be interesting for me, based on the profil of my past behaviour, wouldn’t that be boring if not worse?So I want the choice of personalisation and anonymity. But the default for me is towards anonymous, unless I chose to opt-in for ‘relationship’.
LikeLike
Thank you very much for the link to that paper, Steffen – I did not know it!On the (scary) thought of content delivered to you based on your profile, you may like the video in this blog post: http://www.anacanhoto.com/Site/Ramblings/Entries/2011/5/9_Keeping_up_with_information_online.htmlThanks, again.
LikeLike