Physical fitness is a baseline job requirement for a fighting force, so a few years ago military leaders in the United States gave thousands of their soldiers wearable devices to quantify their workouts.
We don't know whether or not the soldiers' fitness improved, but one unintended consequence was that the location data from the devices were posted online by the company that collected it – with the result that internet sleuths have identified U.S. military compounds in sensitive places like the Middle East, along with the movements of the people who work there.
This is a terrible miscalculation by the U.S. military. It is also one more example of the unforeseen consequences of blithely using technology that we assume, sometimes to our detriment, is benign.
It is easy, in retrospect, to scold U.S. military brass for not telling soldiers to use the appropriate privacy settings on their fitness devices.
That, however, elides the fact that tech companies' default setting is your data is ours unless you specify otherwise. It also ignores the reality that most – all? – such companies collect copious amounts of information they don't even know what to do with yet.
Zeynep Tufekci, a University of North Carolina professor who studies the social implications of technology, summed it up on social media this week: "Privacy of data simply cannot be negotiated person by person, especially because there's no meaningful informed consent. People cannot comprehend what their data will reveal, especially in conjunction with other data. Even companies do not know this, so they cannot inform anyone."
That's true, and frightening.
As individuals, we might accept and even enjoy the fact that, in exchange for allowing them to collect location and search data from us, tech companies can target us with advertisements and movie suggestions tailored to our tastes.
But we can't kid ourselves about our ability to control access to that data, or its uses. As a 2015 paper by researchers at Princeton University stated, "Once released to the public, data cannot be taken back. As time passes, data analytic techniques improve and additional datasets become public that can reveal information about the original data."
In other words, once your data is online, whether you gave it knowingly or not, it's out there for good, morphing and growing as more and more computers chew through it.
Last week, the federal privacy commissioner, Daniel Therrien, proposed a set of draft rules on the issue of safeguarding "online reputation"; that is, being able to force search engines like Google to remove outdated or incorrect information about a person whose name is used in a search.
Mr. Therrien says Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) doesn't explicitly give Canadians the right to manage their online reputations, but several of its provisions, when combined, could give them a modicum of control.
"This implies that individuals should have the ability to remove information that they have posted online," he said.
Mr. Therrien is careful to advocate for a balanced approach, and he acknowledges the threat of overreach to free expression; say, if a public figure wants an embarrassing fact about him removed from Google searches.
We know that the complexities of online reputation management and the right to enjoy the benefits of a fitness device without being tracked like a paroled criminal are not precisely the same issues.
But they fall under the critical rubric of privacy rights – something that some people, like Prof. Tufekci, argue should be considered a public good akin to access to potable water and clean air.
Our privacy commissioner is doing his job and trying to get Parliament to think seriously about that very question. As evidenced by the U.S. military's snafu, the dangers of letting companies gobble up and spit out personal data unchecked are too fraught to ignore, and becoming more so every day.