Privacy and the Autonomous Age

So how does privacy impact Autonomous Vehicles and the Autonomous Age? And how private is some of the information?

Autonomous Vehicles obtain, store and share information which may very well require compliance with HIPAA privacy regulations – some of the most stringent regulations, outside government secrecy, that is. J

Suppose you are driving to an appointment with your psychiatrist for treatment of your acute Heinleinitis. Visiting a psychiatrist stigmatizes you in our society, much more than visiting doctors or labs, so you really don’t want the destination of this trip to be widely known. Perhaps you notice that in your doctor’s waiting room they don’t call you by name any more because the fact that you are seeing a doctor is a HIPAA privacy issue.

So the plan that you enter into the Optimal Adaptive Routing & Scheduling (OARS) System for your psychiatrist’s appointment tomorrow at 10:30 am contains HIPAA protected information. When your Autonomous Vehicle spends an hour and 35 minutes in the psychiatrist’s parking lot, that’s private, and even more private when your Autonomous Vehicle transports you inside the building and to the examining room – perhaps your Autonomous Vehicle even turns into the couch – why not? J

Fortunately, it is feasible for systems to apply different levels of security and privacy to different types of information. This will lead to some interesting situations. For example, the destination of your trip to your psychiatrist is protected by HIPAA level rules, but the fact that 2,386 vehicles were on I-85 this morning between 9-10 am this morning is not HIPAA protected, even though your Autonomous Vehicle happens to be one of them.

As usual, we encounter challenges as we look more closely, for example if we look at the local road that passes your psychiatrist’s office the number of vehicles decreases, and there is some danger of being able to identify your vehicle even from aggregate data. There are techniques for maintaining anonymity as the sample sizes decrease, if fact I have a patent relating to that subject.

Fortunately, monetizing our personal information actually simplifies the whole situation. Information that is collected anonymously isn’t subject to personal data fees, but once we are identified in any way, we can charge fees, presumably increasing as more and more information is revealed, with HIPAA level privacy as one of the highest levels. And with money on the line, there will be plenty of services checking to see that people are abiding by the rules and paying us our fees. J

Monetization will allow us to be more specific, and more individual, in how our personal information is used. As I noted before, I can donate selected information to particular research programs, or invest in a startup for ownership shares, or trade it for a service.

The NY Times published a related article on November 1, 2011: Angry Over U.S. Surveillance, Tech Giants Bolster Defenses.

“Yet even as they take measures against government collection of personal information, their business models rely on collecting that same data, largely to sell personalized ads. … as long as they remain ad companies, they will be gathering a trove of information that will prove tempting to law enforcement and spies.”

“… said Christopher Soghoian, a senior analyst at the American Civil Liberties Union. ‘But what they can’t do is design services that truly keep the government out because of their ad-supported business model, and they’re not willing to give up that business model.’"

“A tech industry executive who spoke only on the condition of anonymity because of the sensitivities around the surveillance, said, ‘Just based on the revelations yesterday, it’s outright theft, [my emphasis]’”

“’A lot of the things everybody knew they should do but just weren’t getting around to are now a much higher priority,’” said Paul Kocher, president and chief scientist of Cryptography Research."

“Facebook also said it was adding the encryption method of so-called perfect forward secrecy, which Google did in 2011. This means that even if someone gets access to a secret key, that person cannot decrypt past messages and traffic.”

The irony is that these tech firms are upset because our personal data, which they didn’t compensate us for, is being tapped by the government without their consent – what about us? I particularly like the reference that this is “theft”.