The UK government has announced the intention to monitor the calls and online activity of everybody in the UK. In this post, I look at how profiling – like the one proposed by the government – is done.
I confess: When I saw the news headlines, on April 1st, I thought that it was an April’s Fool prank. But I was wrong. The UK government really plans to pass laws to monitor the calls, emails, texts and website visits of every UK resident, as part of their effort to fight crime and terrorism.
Soon enough, analysts from all camps highlighted the technical difficulties of capturing and analysing such data, the prohibitive costs of such a project, the implications for those being monitored and the implications of false positives. This previous post looks at such points.
In this post, I want to move away from the debate of whether this effort is possible or even worth it. Instead, I look at the principles behind profiling.
What is profiling?
This dictionary defines profile as: ‘an outline of an object’. Thus, in essence, profiles are partial representations, be it an object, a structure or a person.
To develop these representations, profilers capture records of events, actions and interactions overtime. Then, they use these stored records to determine typical behaviour and to spot deviations from that behaviour. That’s no different from learning, over time, when your mother is likely to call… and growing worried when she doesn’t follow the pattern (even if the deviation ends up bringing joy).
What is the source of the records used in profiling?
Anything that can be recorded can be used in profiling. Though, of course, it is neither practical nor useful to collect and analyse every single data field. It really depends on the purpose of the profiling exercise – for instance, whether it is for the purpose of preventing crime or to prove criminal association after the event.
Much of our behaviour leaves traces – some times, inadvertently. If you are interested in this topic, check the documentary ‘Erasing David’. It provides a compelling look at how much information private companies and governments have about us. Do watch it, but be warned that you may feel a bit paranoid, afterwards.
We leave physical fingerprints, footprints and DNA residues.
Our movements are captured on CCTV cameras and traceable via our mobile phones.
Our purchases are recorded by loyalty programmes and credit card providers.
And, of course, records of our digital activity reveal what information we look for and what entertainment we consume, as well as who we write to, how often and about what.
The traces left by our behaviours are like signals that indicate who we are, what we do and what drives us.
How are the signals interpreted?
It is all about associations and context.
One comment in a discussion forum means nothing. But the comment, in association with visits to certain websites and a change in travel patterns may mean a lot… or not. That’s where the context comes in.
A red rose, for instance, means different things in different contexts. In the context of UK politics, the red rose stands for the object ‘labour party’; in Greek mythology, it stands for ‘love’; and in Christian iconography it stands for ‘martyrdom’. To complicate things further, the contextual references may change with time. For instance, the red rose only became the logo of UK’s labour party in the mid 1990s.
In other words, insight comes from looking at a given data point in the context of all the other data points we have. Only then, can analysts start identifying themes, or patterns.
Before you decide to stop using electronic money, to give up store or airline cards, to ditch your mobile phone and start communicating with your friends by smoke signals only, consider how difficult your life would be.
And how suspicious (and risky) would it be if you tried to buy a flat with cash and no exchange of property deeds?
The absence of signals can be as revealing as their presence. In one money laundering case I looked at, a firm was found to run a car smuggling operation because of the absence of certain expenses that analysts would expect in the type of business that the firm claimed to operate. It’s just like when you go on holidays: you don’t need to post on Facebook that you are away. Your lack of status updates or a change in the pattern of check-ins and comments will say so on your behalf.
Before you rebel against the government’s infringement in your private space, remember that commercial organisations do this, too – airlines, banks, supermarkets, telecommunications operators and, of course, providers of online services such as social networks or search engines… you name it. In fact, some firms are much better at customer profiling than this government will ever be. If you want to know what data organisations hold about you, the implications and what (if anything) you can do about it, do check Steffen Glomb’s website here (Steffen is a former student of mine who has a really neat product idea for the protection of personal data – watch this space!)
Being aware of the profiling skills of some organisations, I have made some minor changes in my behaviour. For instance, I do not have loyalty cards from organisations I perceive to be particularly good at profiling (see here), and I use a variety of e-mail addresses for different purposes. But, in the great scheme of things, these are insignificant measures. I considered declining to provide my passport data when booking a flight… but haven’t done it, yet.
Do you take active steps to avoid – or, at least, hinder – being profiled, either by commercial organisations or the government?