The emergence of the Internet of Anonymous Things (AnIoT)
One of the contemporary technological developments that tends to affect profoundly the protection of privacy is the Internet of Things - or IoT. In this new technological context, the conception of privacy must shift to the idea of "non-tracking", consolidating a “right to non-tracking”.
Internet of Things’ achilles heel
The expression Internet of Things is an “umbrella” term1. IoT refers to a complex sociotechnical and infophysical ecosystem of dynamic artifacts interconnected with each other. IoT encompasses communicative interaction technologies between human to machine and machine to machine through wireless networks aimed at the most diverse domestic and professional uses.
An immeasurable amount of data, including those strictly personal and sensitive, are now constantly collected, transmitted, stored and shared, raising various ethical-legal challenges, for example concerning the enforcement of the right to privacy. The concern about data privacy in the scope of IoT is even more relevant when we note the prevalence of a scenario still strongly marked by the lack of comprehensive regulations in many countries2 capable of guaranteeing the protection of personal data online in a sufficient and effective way.
Reframing the notion of privacy
In this new technological context, the classic conception of privacy as "right to be left alone" does not seem to be enough, especially with the hyperconnectivity staged by the IoT. Privacy currently must have a greater conceptual range compared to its original meaning to encompass the very control of digital data, ensuring to a person the possibility of knowing, controlling, addressing and interrupting the flow of information related to it3.
Taking into consideration that recently companies such as Facebook, Google, Amazon and countless other have developed a number of technologies to track personal and sensitive data associated with platform services4 and connected devices to fit determined business models, the idea of personal identification on the information age shifted from "name" to the technical possibility of tracking data. Aiming to effectively guarantee the right to privacy on this scenario, I suggest that a conceptual reformulation of the notion of privacy should embrace the idea of "non-tracking" (or a “right to non-tracking”) in certain communicative relations, including through online anonymity, as a resistance to digital tracking.
Reframing the notion of anonymity
In a more global conceptualization of privacy, online anonymity would involve the cognitive and material abilities to elaborate and voluntarily use technological tools (software, applications, browsers, search engines, etc.) for the maximum time and to the greatest extent possible. The objective must be the possibility of concealment of confidential information and the concealment of private data by limiting the interception, collection, analysis, monitoring, control, storage or digital tracking of sensitive metadata or personal devices connected to the world wide web.
Besides that, the technological tools for anonymity and a more advanced anonymity concept must also advance in order to guarantee it (considering the innumerous and easy means to re-identify the person undermining anonymity), capable of achieving an effective unlinkability, undetectability and unobservability.5 Complementarily, it is important to consider that privacy “should not only be protected by law but also by technology, for instance by privacy-enhancing technologies, privacy by design concepts, and data protection management programs”.6
Although anonymity is interpreted in some legal systems as being prohibited, it should have its legitimacy7 (online and offline) better understood and valued in certain situations where it constitutes a fundamental tool - even if this is not widely recognised - for guaranteeing constitutional rights (not only related to freedom of expression, but also to access to information and the right to privacy).8
Although we find proposals regarding the identity management of objects or the protection of privacy in RFID technologies, it is still necessary to advance a (conceptual and technical) analysis regarding the adjustment of the thesis of the “right to non-tracking” (and therefore non-collection, non-transmission, non-storage and non-sharing) through online anonymity in the context of IoT. Online anonymity as an instance of privacy in the IoT context still lacks further conceptual clarification and even requires technical feasibility analyses.
1. Miorandi, Daniele et al. Internet of things: Vision, applications and research challenges. Ad Hoc Networks, vol. 10, 2012, p. 1497-1516.
2. See this article [in Portugese] for an example: https://www.nexojornal.com.br/expresso/2016/11/28/Qual-a-situa%C3%A7%C3%A3o-do-Brasil-no-mapa-de-prote%C3%A7%C3%A3o-de-dados-pessoais-no-mundo.
3. Rodotà, Stefano. A vida na sociedade de vigilância: a privacidade hoje. Organização, seleção e apresentação: Maria Celina Bodin de Moraes. Tradução: Danilo Doneda e Luciana Cabral Doneda. Rio de Janeiro: Renovar, 2008, p. 92-95.
4. Platform services for the purposes of this article concerns all online services based on digital contracts we make through the acceptance of online Terms of Service with determined internet applications providers. E.g., Facebook, Youtube.
5. Weber, Rolf and Zurich, UZH. Necessities and possibilities of regulation. IoT and Trust. Report; HIIG. Feb. 2017.
7. On the other hand, when anonymity (whether offline or online) is used as an artifice for the commission of civil and criminal offenses, it is understood in this case as illegitimate.
8. For a more in-depth discussion, see A. Michael Froomkin (1999) Legal Issues in Anonymity and Pseudonymity, The Information Society: An International Journal, 15:2, 113-127.