Sign In

Communications of the ACM


Privacy in the Global E-Village

The citizens of industrial nations long ago resigned themselves to having large amounts of their personal and financial information compiled by governments, insurance companies, medical practitioners, and financial institutions. Lately we have become familiar with the profiling performed in every online transaction, with many of us growing concerned over how the data might be shared among various commercial and governmental entities. Whereas correlation of data stored in physical filing cabinets was a monumental and costly task, the ease of sharing electronic data over the Internet has motivated companies and governments alike to break down the walls separating data collected for different purposes. We now face the imminent expansion of cyberspace into physical space in the form of networked cameras, biometric identification devices, radio-frequency identification (RFID) tags on consumer goods, and a wide variety of sensors.

The electronic networking of physical space promises wide ranging advances in science, medicine, delivery of services, environmental monitoring and remediation, industrial production, and health monitoring of people and machines. It can also lead to new forms of social interaction, as suggested by the popularity of instant text messaging [3]. However, without appropriate architecture and regulatory controls it can also subvert democratic values. Information technology is not in fact neutral in its values; we must be intentional about design for democracy.

Consider, for example, security cameras, now placed in so many locations it is difficult to get through a day without being photographed many times over. However, relatively few systems are networked, and the video images are generally erased at least once each day. The localized and limited life of surveillance information presents few privacy concerns. On the other hand, digitally networked cameras enabled with facial-recognition technology could closely track individuals. Though the crucial step of binding information to an individual in facial ID technology is unreliable today, the day is coming when all technological components will be reliable and inexpensive.

RFID tags are a nearer-term means of binding diverse information collected by sensors and cameras to individual items, since each tag has a unique identifier. The tags may either actively emit radio signals or, more commonly, produce a resonant response when interrogated by a reader. They can be read remotely, albeit at relatively short range for small passive tags. Intended commercial applications include automated inventory control and retail check out, with the promise of significant savings along the entire supply chain.

They also involve significant privacy concerns. When coordinated with camera images RFID provides a recipe for automated surveillance. This is not a fanciful future scenario; for example, in tests of prototype systems, removing a tagged item from a "smart shelf" triggers a camera to take a picture, and detecting the item near the checkout counter triggers another camera to take another picture to ensure the item was actually paid for. This is merely one step of many toward deployment of the means to track the behavior of individuals for commercial or governmental purposes. Moreover, linking the tag ID to an individual in a database is not needed to identify, say, the individual's attendance at some political event, such as a demonstration. Tag readers at the venue would be sufficient for establishing that the bearer of the tag attended, allowing detection or matching of the unique ID to the individual at a security checkpoint after the fact.

In testimony before a California Senate committee in August 2003, Beth Givens, director of the Privacy Rights Clearinghouse, a public policy advocacy group, defined seven rights [4] consumers should be able to exercise with respect to RFID technology routinely used in retail products:

  • Know whether a tag is in a product;
  • Know when the tag is read;
  • Remove the tag when a product is purchased, prohibit merchants' pressure tactics to coerce keeping the tag active, and prohibit reactivation without consent;
  • Own and use inexpensive readers to use to detect tags;
  • Access any database accumulating information from a tag;
  • Maintain security and integrity of information transmitted from the tag and subsequently stored, with strict regulations on the use of the information by third parties, including governments; and
  • Be able to account for everyone in the tag information chain.

The global e-village is potentially even more intrusive than the traditional physical village, from which at least it was possible to escape to the city.

They embody the incompatibility of widespread secret information collection within a free society; as such, they apply to many technologies. Totalitarian states place informers in every apartment building; democratic states should not be embedding the far more efficient electronic equivalent in every commercial transaction or stroll around the block.

It might be argued that for much of the history of civilization, most people lived in crowded villages in which there could be no reasonable expectation of privacy. However, it is also true that the great advances of civilization have taken place in the relative anonymity of cities, where divergent ideas and life-styles have been freer to escape the conformity of tradition. Sparta was effectively a village and left to the world little of cultural value; Athens was a city and bequeathed democracy, art, philosophy, theater, and literature.

The initially anonymous structure of the Internet promoted an explosion of self-expression. However, as argued in [2], it may well evolve in unwelcome directions with pervasive profiling and monitoring by commercial and governmental interests. Indeed, the global e-village is potentially even more intrusive than the traditional local village, from which at least it was possible to escape to the city.

When sensors, cameras, and tags are pervasively embedded in the environment and networked, anyone in the world willing to pay a fee (exponentially decreasing over time) will be able to get information on anyone else. Social and political conformity is a plausible result.

Yet while the forces of economic efficiency and governmental concern for security will drive the networking of the physical world, the outcome need not be dystopic. Information technology includes the possibility of embedding privacy protection, via standards, open source code, and government regulation. According to the principle of embedded responsibility [1], code should be structured from the beginning to reflect societal concerns.

Historically, U.S. government regulation of business practices has taken place in a reactive mode once issues are raised by actual or imminent deployment. By incorporating such concerns as an organic part of a system's design, the likelihood of costly and imperfect patches is reduced while increasing public acceptance of the technology. In this view, the public good represents an additional set of design constraints required for a successful product. Early Internet design included many such concerns due to the fact that end users were also the developers and interested in the open exchange of ideas.

Though embedding responsibility in embedded computing needs to be far more intentional with a broader set of stakeholders, it is still possible, since we are today only a small distance toward networking the physical world. It can be done if we take the initiative in our research, standards bodies, and efforts to advise governments worldwide to ensure these concerns are included in the design, instead of waiting for alarmed activists to propose drastic solutions. Given the largely unknowable but likely momentous societal consequences, it is our responsibility as technologists to seize this opportunity while we still can.

Back to Top


1. Institute of Pervasive Computing and Society, University of California, Los Angeles;

2. Lessig, L. Code and Other Laws of Cyberspace. Basic Books, New York, 1999.

3. Rheingold, H. Smart Mobs: The Next Social Revolution. Perseus Publishing, Cambridge, MA, 2002.

4. Subcommittee on New Technologies. California State Senate. Informational Hearing: RFID Technology and Pervasive Computing, Sacramento, Aug. 18, 2003; see

Back to Top


Gregory J. Pottie ( is a professor in the Electrical Engineering Department, associate dean for research and physical resources in the Henry Samueli School of Engineering and Applied Science at the University of California, Los Angeles, a member of the UCLA Institute of Pervasive Computing, and deputy director of the NSF-sponsored Center for Embedded Networked Sensing, with headquarters at UCLA.

©2004 ACM  0002-0782/04/0200  $5.00

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.

The Digital Library is published by the Association for Computing Machinery. Copyright © 2004 ACM, Inc.


No entries found