The foolhardy – or not – moment I delivered the coup de grace to my biometric privacy


Photo by Drew Hays on Unsplash

You know how some people seem particularly tasty to certain insects?  Mosquitoes utterly adore me but they ignore my sister-in-law.  My daughter returned from a whole week at summer camp completely tick-free, but her dad went for a four-hour walk in the same locality and found himself picking off six of the little blood-suckers.  And while my siblings seem comparatively nonplussed about our ancestors, I have been thoroughly bitten by the genealogy bug and will happily while away the hours tracing family lines, particularly when I’m visiting my parents and can dig into the rich treasure trove of family photographs and documents my mother has collected over the years.

If this seems a little middle-aged, well, I guess I am getting up there in years, but hey, I’m not alone.  Everybody needs a hobby, and a few years back it was reported that researching your family history is one of the most popular leisure pastimes in the United States, coming second to a similarly staid-sounding pursuit, gardening.  Genealogy websites are apparently nearly as popular as online porn, which is, well, very popular indeed.  And like porn, it can be quite addicting – so much so, in fact, that after a while I found that the boxes full of photographs and the family-tree websites weren’t doing it for me anymore.  I needed a stronger hit, a more exhilarating high, and that meant only one thing.  I needed to spit in a tube, and I needed it bad.

Although I live in the UK, I was visiting the US, and so I chose a local dealer to feed my craving –  Just $60 and a couple of business days later, an exciting, compact little box arrived in the post.  Keenly aware that I was veering dangerously close to being part of the 91% of people who don’t read terms of service before they sign up, I was nevertheless in instant-gratification mode and scanned the T&Cs in some haste.  I did pause briefly before returning the postage-paid box full of biometric data, recalling a 2013 research study that asked people to estimate the worth of their browsing history.  About as much as a Big Mac, they’d responded.  Browsing history might tell you a lot about a person, but what worth did I place on the ultimate font of information about an individual – my DNA?


It was only after the box of spittle rattled down into the bottom of the postbox that I started to ponder it more deeply.  I did a bit of Googling and instantly encountered the scaremongering.  What DNA Testing Companies’ Terrifying Privacy Policies Actually Mean, read one Gizmodo headline, and I felt a tremor of unease. Unsurprising, really.  We’re quite concerned with privacy these days – rightfully so – and what could be more unique and personal to me than the genome that I’d just entrusted to the US Postal Service, an ancestry website, and any third-party researchers with whom the latter might be partnering?

When I read the comments below the headline-grabbing articles, though, there were some measured and well-informed points that made me feel considerably less wobbly.   If my anonymous genome information were available to researchers,  I thought – or indeed, to anyone – how meaningful is this to me?  How might it affect me?  Is this the kind of privacy I really care about?  The worst-case scenario I could imagine in the here-and-now is that a data breach might allow my personally identifiable genetic information to leap the confines of and find its way into the databases of, say, health insurers.  Even this unlikely scenario doesn’t bother me much, since I live in a country with universal health care.  Pre-existing conditions or genetic vulnerabilities don’t matter for my access to treatment.  (Thanks, NHS!)   Well, you might argue, even if there’s little or nothing in the way of present-day dangers, perhaps this is one of those situations where I’ll only realise the implications in the future, down the line.  Maybe some horrific sci-fi coda will cap off this tale, the story that began the moment I relinquished the most personal of my personal data, for a mere song, just because I’d been bitten by the genealogy bug and wanted to satisfy my curiosity in the moment.

But the thing is…I remember listening to a series of podcasts about privacy a few years back, and there was one that made a particular impression on me. When we refuse consent for our medical information to be aggregated and used in research, the speaker said, everyone loses.  The more genomes we have on file, the faster and more efficiently researchers will find treatments and even cures for all manner of human ailments – cancer, Alzheimer’s, heart disease.  I can’t find the podcast now, but it could easily have been by Yaniv Erlich, a geneticist and ‘white-hat hacker’ at Columbia University.  His Tedx talk kicks off in the same scary vein as the article mentioned above.  Look what we did in my lab, he says, we took one person’s anonymous genome.  We mixed in a paltry handful of demographic facts associated with that genome, and utilising a big genetic database, look what happened: hey presto, we narrowed a pool of 300 million Utah residents to just one man.  That’s three hundred million to ONE. As you might expect, certain members of the audience looked rather horrified.

But hang on a second, and watch the video all the way through.  He shows a photograph of a young woman with a rare congenital medical disorder, a woman whose life has been transformed due to the genomic information of thousands and thousands of individuals.  I think of my friend Lucy Watts, currently on the hunt for a diagnosis for her incredibly rare and mysterious disorder – a diagnosis that could be of inestimable value to her sister and any future children she might have.  Without large genetic data banks, the answers she seeks wouldn’t be possible at all.

So when I try and imagine any real, meaningful consequence to my genetic information being out in the world, I don’t come up with anything.  But I completely understand how, combined with millions of other genomes, my genetic information could help others, how I could contribute in some small way to medical science.  In other words, my genes may be uniquely personal, but I actually don’t consider it sensitive. I don’t consider it ‘private’. If wants to share my anonymous genetic information with third-party researchers, as may be allowed by its ‘terrifying’ privacy policies, well, by all means, guys, terrify me.  And hurry up with my ancestry information while you’re at it, because I’ve got a genealogical itch I need to scratch.

“I know one of your secrets, Mummy”: What is privacy for?

Screen Shot 2017-11-15 at 12.10.38

Try this.  For the next few days, as you move through the world – making your choices, reading the news, talking to your friends and family – set yourself the task of noticing how often the topic of privacy rears its head.  Maybe it’s not called that; maybe it’s a kind of underlying theme, thrumming underneath the surface of a situation without being given its name.  But it’s there.  There are a dozen or more moments a day when we might be able to stop and say, “You know, this has a lot to do with privacy, really.”  And just why is it such an ever-present theme?  The answer won’t shock you.

Modern privacy is the hapless, weary lab rat of the information age, constantly scrutinised under the microscope, continually tested, always under investigation. We have to keep our eye on it, because it’s got a bit out of our control.  We used to know what it was, you see: how it worked, how to govern it, what laws applied to it.  But then – not gradually, not bit by bit, but quickly, in a tsunami of bytes – everything changed, and the concept of “privacy” mutated too.  Every day privacy is tossed into the searingly hot crucible of the digital environment, its integrity challenged, its properties and limits shifting and morphing.  This metaphor I’m using positions us as people who can study and control things, but that probably isn’t right for this context.  That doesn’t represent our relationship with privacy at the minute, individually or collectively, in the online environment.  We don’t feel in control of much of anything. We’re not clever scientists.  We’re clueless smallholders closing our stable doors after all our horses have bolted, wondering how this happened, mouths agape, catching flies.

Screen Shot 2017-11-13 at 21.49.56

The Merriam-Webster definitions of “privacy” are sort of useless in the digital age, because they create as many questions as they answer.  “Seclusion”?  What’s that?  When our virtual connectivity is taken into account, when are we ever apart from company or observation?  What constitutes an “intrusion” these days, when we share so much of our personal data, knowingly or unknowingly?  And “unauthorised”?  If we wanted to be 100% clear about what we were and weren’t authorising, we’d be signing away the majority of our free time.  Five years ago, The Atlantic reported that if we read and understood all of the privacy policies we encounter in a year, we’d lose 76 working days annually.  Five years ago.  I shouldn’t like to hazard a guess about much more time it would take in 2017.

The consequences of not reading the T&Cs of what you’re signing up to, with respect to privacy, came home to me recently.  I listened to an episode of the Reply All podcast, all about whether Facebook is really “listening” to us via our smartphones.  Following their instructions, and with a sense of foreboding, I did something I’d never done before – I looked into the advert settings to see how I’d been “categorised”.

My first reaction to this?  Clarity.  Ah-ha!  That’s why I get all of these advertisements for products that would allow me to proclaim my connectedness or my allegiance to the United States; that might help me assert my “identity” as a dual national; or that would put me in touch with an advisor, someone who could save me from the fate of people like well-meaning Tom or Rebecca, who didn’t mean to fall afoul of the IRS while living in the UK but who then got the right tax advice and were never anxious again.  (I hate those.)  Fully half of my categories had to do with my “ex-pat” status, my distance from “home,” my separation from what Facebook divined to be key “family”.  (The other half of my categories comprised a comprehensive list of all the Apple devices that I own.)  My  list of interests, on the other hand, portrayed me as a highly materialistic and vain sort of person, someone keen to purchase goods and service that would maintain and enhance my appearance.  This also all made sense in terms of the adverts I typically get.  (My abiding interest in tattoos came as a surprise to me, being completely free of skin art.)

My second reaction?  Skin crawl. I knew that this wasn’t technically “unauthorised”.  I simply hadn’t paid attention, hadn’t un/ticked certain boxes, hadn’t assiduously reviewed my settings at every app update.  Even so – even though I knew such technologies existed in the world, and that we are all constantly, silently plugged into more algorithms than we can count –  it felt creepy.  I hadn’t realised my categories were visible to me; bringing them into the light and looking at them straight on had an “ick” factor that I didn’t anticipate.

Third reaction?  Definite displeasure.  Authorised or not, it did feel like an intrusion.  But an intrusion on what?  Into what?  I didn’t really care, actually, that Facebook “knew” that I buy cosmetics, that I have a family, that I engage in travel, that I wear jewellery.  Follow me or talk to me for five minutes, and you’ll figure this out.  It’s hardly a secret source of shame; I don’t consider these data to be “private”.  So what was my umbrage about?  Why did it feel like such a liberty?

The questions I’ve found myself asking are not exactly about what privacy is.  Instead, they’re about what privacy is for.  I had that discussion with students yesterday on the MSc in Cyberpsychology at the University of Wolverhampton, when we were talking about whether dead people had the “right” to privacy.  Traditionally, rights in general, and privacy in particular, are the province of “natural”, or living, persons.  What good is “privacy” to a dead person?  What’s it for?  The answer, these days, is intimately connected to digital legacy.  If an image of you is going to persist online after you’re dead, what do you want that image to be?  Would you like to think you’ve got some say over that?  When you think about someone altering or fundamentally messing with that image after you’re gone, or about someone logging in and reading your private messages, does that upset you?  Would you like to believe that you’re the author, as much as possible, of your own lasting legacy?

My daughter is seven years old.  Over the summer, visiting the States (you know, the place from which I am expatriated), I took a lot of photos.  Being the only one in the family with a camera constantly in hand,  I serve as the chronicler.  I posted dozens of images on Facebook and Instagram.  They were there for the record, to be shared with the people who were there and who didn’t take snaps themselves, and to be enjoyed by friends back home in England.  Zoe knows that I share these things and often encourages and expects it, but perhaps it had all got a bit much.  One day I saw that the door of the room where she was staying was firmly closed, and Sellotaped onto it was a sign.

“Privet property of Zoe, don’t come in! Thank you.  PS: No takeng photos of this sine.  I meen you mummy.”

Naturally, I took a photo of it and posted it on social media.

I’m not a complete monster.  This action was not unconsidered.  I wasn’t free of doubt or compunction, but ultimately I went for it because I am mired in a particular belief.  I believe that the record of her childhood that I have compiled, stored, and shared on Facebook captures her personality and development over the years in all of its beauty, hilarity, poignancy and wisdom.  I think that it’s a Good Thing and that she’ll ultimately appreciate all of it.  Of course I would say that, though.  I am the biographer, the person who has taken virtually all of the decisions about what to disclose, what to select, what to share, and what to conceal about her life.  I’m curating this show; I’m driving this train.  Meeting adults in my circle of Facebook friends for the first time, my daughter is often astonished at the warm familiarity they show her, at their insider knowledge of her life.  Her reputation has preceded her, a reputation for which her mother is largely responsible.  “I don’t understand,” she said to me once. “Am I famous, or something?”

I laughed when she said that, but it was a guilty laugh.  A while later, I had the opportunity to feel guilty again.  She waited for her moment to confront me.  I was driving.

“I know one of your secrets,” issued a severe-sounding voice from the back.

“One of my secrets?” I said, blankly.  What could the child mean?  “Do you think Mummy has a lot of secrets?”

There was a pause.

“You privately shared something that said was private,” she said coldly.  “I saw that photo of the sign on my door.  It was on Melanie’s computer.”

“I’m sorry,” I replied weakly.

There was a pause again.

“It’s my choice,” she said, with emphasis.

That’s it.  That’s the whole of it.  There wasn’t anything secret behind that door.  There wasn’t anything sensitive about that sign.  But it was her sign, her writing, her room.  It was her choice.   Fundamentally, her privacy in that moment had nothing to do with that sign and everything to do with self-determination.  She had attempted to limit the audience with which it was shared, I had overridden that attempt, and here I am doing it again.

These conversations with my daughter, and my little excursion into the midnight zone of my Facebook privacy settings, have helped clarify what I think the fundamental function of our privacy-focused behaviours are.  Privacy is about self-determination.  It’s about retaining the power to say this is who I am.  This is what I value.  This is how I choose to present myself to the world.  This is how I identify, this is how I prioritise the different facets of myself.  This is the access to me that I will allow you.  Of all the things about myself that I consider to be important and valuable, “ex-pat” – a term I hate, a concept with which I no longer identify – is very last on the list.   Facebook had it listed as the central feature of my existence.

So I asked Zoe if I could post this photo on this blog.  She said yes.  And then, methodically, I went through and removed every “ex-pat” category on my Facebook advert settings. I’ll choose how I classify myself, thanks very much.

I left the bits about fashion and travel alone.

(c) Copyright Elaine Kasket 2017