| I think there is a mathematical theory here people should become acquainted with -- differential privacy. So far it has found use in the context of a large data set, e.g. search engine query logs, to try to determine how invasive a statistical summary or release of only partly obfuscated data would be. Like calculus, it has a sort of epsilon/delta construct -- given a differential privacy concern epsilon, under what circumstances (how tight a bound on delta) do I need to prevent that. http://en.wikipedia.org/wiki/Differential_privacy Perhaps this theory could quantify the intuition that while it's ok to snap my license plate now and then (very little differential privacy loss on my part), enough times and it becomes invasive, and dreadfully so. This puts some teeth into the vague talk about a mosaic theory. The key idea is whether the aggregate information in the data set can triangulate you, to within say 10000 persons (not much privacy invation), or 100 (quite a bit). There seems to be a tipping point around clusters of 100-1000 persons or so, that is the typical size of small organizations or groups of people, such as churches and schools. Now, as an application: license plates are nearly unique identifiers and the attacker has a database of who's who for all intents and purposes, so it is little different from asking everyone for their ID just because they are on the street. That's illegal by the way, even for the police. The argument that was formerly deployed here is that using a vehicle on public roadways was a privilege that cost you natural expectation of privacy (non-intrusion) in public places. The real crux of the issue here is that the public-private tradeoff was once predicated on the individual (the individual atom has protection, because data collection is sparse, so tagging the individual but not the path was meaningful). Now the data collection is dense, and even single particle tracks become visible. If you think in terms of fluid mechanics, there's a sort of Euler view / Lagrange view here (as there is with tagged dollar particles and tagged wallets or accounts). That is, tracking individuals and tracking their paths become duals of each other, if the data collection is dense enough. It doesn't matter whether the item tracked is the tagged individual, or the flows and transactions -- either way, complete reconstruction of the system becomes possible. With any data set, there is a sort of 'phase transition' in its size, where you suddenly can see the underlying trajectories of all the tagged particles. Things that made perfect sense when data collection was sparse, just as allowing the police to jot down you license number and chase you with a bicycle, turn into totalitarian surveillance when the observations become dense enough -- in a way we can quantify in terms of a sudden jump in information gain that goes from nearly complete ignorance of where people are and what they are doing (the former phase), to near complete knowledge of everything. Very much like percolation theory. |
That is not illegal at all. Anyone can ask for ID, including the police. Doesn't mean you have to give it to them. In the case of the police, refusing to show your ID can't be used as cause to arrest you. But they can still ask for it.