Of course, financial companies are never far from the forefront in this arena, and every merchant and bank has become a peephole or tentacle of a beast with no single center or mind. As bank debit cards become Visa "check cards," the smallest of transactions start to traverse VisaNet, leaving pattern data behind. In some places, cash is no longer accepted.
Still others are pawing through your travel, financial and other behavioral data, even if they're not sure what they're looking for. Look no further than the three-quarters of a million people now on the Transportation Security Administration's "watch list" -- and many more standing next to the swamp's edge as the list continues to grow -- to find irrationality bordering on the creepy. Worse still, the TSA has partnered with commercial firms such as Verified Identity Pass Inc., which runs the dubious "Clear" service, through which one can pay a US$99-per-year indulgence to be quickly absolved of errors and slop in the TSA watch lists.
The gathering gloom
What happens, then, when all this data -- good, bad and pointless -- flows together? Sliding down the slippery slope, the data collected by the likes of Verified Identity Pass, GM and Verizon is but one step away from causing real trouble.
When minimally accountable companies share data with one another or with government agencies, their information is aggregated and labeled in ways that are troubling. The results could be commercial exploitation (including the horror of direct marketing based on trivial purchases) or more sinister developments such as debit payments for cigarettes leading to insurance rate hikes, or cash withdrawals in Nevada earning you a virtual reputation for moral turpitude.
And simple problems can be compounded by the way in which information is shared. Credit-reporting companies are prone to this: Instead of independently coming to a conclusion regarding risk rating, a note or error recorded by one credit reporting agency is often noted by others -- and the existence of the note is itself considered a negative risk factor. This subjective spiral of suspicion means that the risk-assessment system is weighted against an individual when systemic accuracy is off.
The U.S. federal "Real ID" Act is another good example of what happens when excess data get shared and published between agencies and organizations with different rules. The law is troubling in itself, since it establishes a de facto national identity card and promotes dubious use of more personal data than is currently collected by most licensing agencies. But it also establishes data-sharing rules between participating and nonparticipating states and other governments -- even those that may not subscribe to the privacy laws such as U.S. Drivers Privacy Protection Act (18 U.S.C. 2721) that supposedly protect this new trove of personal data. Add commercial service providers for license renewal and other governmental agencies, and the potential for abuse becomes legion.