It’s been a while since I’ve written about the Iron Law of Data Collection. That’s the idea that when the Government collects data, regardless of the stated rationale, there will inevitably be mission creep that sees the data being used in new, unintended ways and that it always leads to abuse. It turns out that the law applies to organizations other than the government.
In the same post linked above, I noted that If the data is there, anyone with an interest in exploiting it will demand access. Those interests are not limited to law enforcement and public safety concerns. Media companies plan to ask U.S. regulators to force AT&T to share the huge store of customer use data that they’ve been collecting since 1987 through their Hemisphere program. Although the data is often shared with law enforcement, without warrant but for a fee, the purpose of the Hemisphere program is to monetize that data.
With AT&T’s proposed acquisition of Time Warner, media companies are whining that the data will give AT&T/Time Warner an unfair advantage in targeted advertisements and are demanding that regulators force AT&T/Time Warner to share that data with them. Notice how the notion that that data doesn’t really belong to ATT&T in the first place—it’s the viewing/texting/calling history of its customers—doesn’t come into play here. The data is there, it’s exploitable, and all the players are demanding access.
In a just world, it would be against the law to collect (or at least to store indefinitely) that information but then law enforcement would have to deal with getting those pesky warrants when it wanted to check on whom we’ve been communicating with. Worse, the other carriers, who do periodically purge their records, will see their customer data as exploitable and also begin storing it long term.
It’s the iron law. Once that data is collected it will be used in ways that we find objectionable. The only solution, as I say in every iron law post, is to prevent that collection in the first place. The carriers should collect that data only for billing purposes and purge it as soon as the bill is paid. Of course, that’s not going to happen because exploitable.