I'd like to start with three quotes. The first is by Brian Barrett, writing about the Sony hack for Gizmodo:

The most painful stuff in the Sony cache is a doctor shopping for Ritalin. It's an email about trying to get pregnant. It's shit-talking coworkers behind their backs ... It's even the harmless, mundane, trivial stuff that makes up any day's email load that suddenly feels ugly and raw out in the open ... You may assume you'd be fine in the same scenario, that you have nothing to hide, that you wouldn't mind. But just take a look through your Sent folder's last month. Last week. Yesterday. There's something in there you wouldn't want the world to see. There's some conversation that would be misread without context, or read correctly for its cloddishness. Our inboxes are increasingly our id, a water cooler with infinitely expandable memory.

The second is by the sociologist Karen Levy speaking at a panel about Consent and the Network, at Eyebeam last month. Paraphrasing, she said:

...we act as though if we are able to develop a technical means around a user's consent then we have a right to do whatever we want.

The third and final quote is by Keir Winesmith describing how they think about the social and privacy implications of the work they are do at SFMoMA.

He said:

We walk right up to the line of creepy. And then we take two steps back.

When Flickr launched geotagging – the ability to associate your photos with a physical location – we did not try to establish so-called sensible defaults. Instead we forced users to choose defaults before they could use the feature.

First, they had to choose a default privacy setting for all their geotagged photos. Second, they needed to expressly indicate that they wanted us to import any geographic metadata that their phone or camera might have embedded in their photos.

This was back in August of 2006, six months before the iPhone was announced and just under a year before the phone was actually released and the whole notion of camera phones automatically embedding GPS information in a photo's metadata had not really been normalized yet.

One of the consequences of our decision is that as other photo-sharing services became more popular (most notably Instagram) many never bothered to ask users whether they wanted or expected that metadata to be exposed. As if by magic their photos were suddenly geotagged and a lot of people started thinking that our geotagging support was broken.

Keep in mind that it wasn't even until 2008 that, then NSA director, Keith Alexander asked his staff: Actually, why don't we just keep all the signals? so everyone was still pretty excited by the opportunity that all of this data presented. People have always written dates and places on the backs of their photographs so having your technology take care of those details as-if by magic is pretty cool.

It's not like we weren't excited about geotagging. It's just that we were trying to be mindful of the implications of what users were getting in to. But being mindful and successfully conveying that mindfulness to people are not the same thing and, like I said, it was 2008 and everyone was feeling pretty good about things. We still believed that the sum of the Internet was so big, too big, to prevent anyone from stitching it all back together.

Did you know that if you assign a Creative Commons license to one of your Flickr photos that setting trumps your ability to prevent other people from downloading the original photo? Even if you've said you don't want to let other people download your original photos and you've said you don't want to make your geotagged photos public (because unless you explicitly opt-out all photos are geotagged now) the license setting takes precedence.

I mention that because even I didn't realize that's what we were doing and I worked there for five years. Or rather I had always assumed that we would err on the side of caution when asked to choose an order of precedence for something like that.

I tell you this because if there was ever a cardinal rule at Flickr it was: Don't fuck with people's original photos. This included the metadata. We wouldn't have purged the EXIF data from your pictures even if you had asked us to.

In a world where you might be able to imagine something with the breadth and reach of a National Security Letter, but perhaps the not apparent liberalness of its application, this is a "feature" right?

In a world where you might imagine a junior lawyer drafting an argument claiming that algorithmic facial detection, by virtue of its automated nature, should be classified as just metadata along with all the date/time and geographic information present in digital photographs... well, yeah.

In a world where the phrase open-source information even exists...

One of the burdens of the present is that we are all, forever, being forced to pay the cost of someone else's near-future opportunity. The core of the opportunity myth, in the United States anyway, is a celebration of someone seeing value in something that no one else has recognized or understood yet and in reaping the reward of extracting that worth.

In legal circles there is something known as the "exclusionary rule" which doesn't seek to prevent the collection of data by making it a physical impossibility but achieves the same result by nullifying its admissibility in court. It is a very real example of a community simply deciding that 2 + 2 = 5. We say that the manner in which cause and effect are established is, frankly, more important than the fact being proved. Most people know the exclusionary rule by its umbrella principle the Fourth Amendment – or the right to privacy – of the US Constitution.

Right now the manner in which the exclusionary rule is applied to big-data a mess. One court has ruled that the police can not physically install a GPS unit on your car and track your movements while another has ruled that the police can still demand that the phone companies hand over all the location data tied to your cell phone.

I don't think anyone is entirely certain how the exclusionary rule squares with something like a National Security Letter but Australia, at least, has made short work of that debate by simply legislating that anything collected under the auspices of their own surveillance laws is admissible in court.

There is a whole other discussion to be had about the approach Europe is taking with their "right to privacy" laws and I want to mention them only in passing because they are the closest thing we may have gotten to something approaching an exclusionary rule for the data that private companies collect or the uses they put it to.

In the meantime absent our ability to craft narratives and social norms in step with the instrumentation of our lives the resultant "big-data" will remain a bountiful frontier of opportunity for anyone willing to see the implications of their actions as tomorrow's problem.

One of the things that we've been thinking about, at the Cooper Hewitt, is how we collect contemporary design objects. What does a design museum do when the meat of their practice has either become entirely digital – that is lacking any singular manifest physicality – or whose full meaning and understanding, whose implications, are opaque absent access to the underlying source code or the data it produces.

To some degree thus has it ever been. We may never know, truly, the motivations of an artists or a designer but there's usually a pretty thing to can look at, fifty years later. This might be the actual thing that was produced or it might be the relentless documentation that seems to define people hell-bent on a practice that claims to leave no trace behind.

Take the Nest thermostat, for example. We acquired a pair in 2013 but that's really all we did. We took them out of their boxes and put them on a shelf. We also acquired some of the early sketches and preparatory drawing for the devices which are arguably more interesting, in the long-term, than the things themselves. It would have been unfair and unrealistic for the Smithsonian to ask Nest, or any on-going commercial interest, for the source code to their device. In the case of Nest we would have been asking them to forfeit the 3.2 billion dollars they earned selling their company to Google.

Absent the source code with which we might investigate how the Nest distinguishes itself from other thermostats or the decision to acquire the data that those units collected (I'm not sure they've ever been plugged in...) in order to demonstrate its use we are left with a lump of metal and plastic that we quite literally hang on a wall next its widely acknowledge inspiration: Henry Dreyfuss' classic T68 Round thermostat.

Note: We're actually exhibiting Dreyfuss' CT87K thermostat, and not the T68 but you get the idea.

With that in mind we have been asking ourselves: What would it mean for museums and libraries establish a kind of escrow for intellectual property for products or the data they emit? Assuming we could define a shared social contract around the practice what would it mean for both individuals and corporations to participate in the collection and nurturing of this data not with a focus on the present but with an eye to the future?

It is important to understand that the cultural heritage sector is in no way ready to take on the burden of maintaining an infrastructure like this. Some of us, by virtue of the value of our collections, can imagine the kinds of targets of opportunity we would become shepherding this kind of stuff but the sheer volume and physicality of many collections is a defense that "big data" doesn't enjoy.

What we do have though is a disposition for the long game, for keeping things safe and at least in recent times doing these things in the service of the community, at large.

I mention this because there is a fairly new and often uncomfortable reality for those of us in the cultural heritage business. That we are starting to share more in common with agencies like the NSA than anyone quite knows how to conceptualize.

Every time someone talks to you about personal informatics, or census data from a distant past, understand that the NSA is trying to solve the same basic set of problems and replace the number of miles you ran or the colour of your baby's poo with the question of Original Sin. In seeing the meaning of past actions as a way to make sense of present intent. Of judgement.

Which is not unlike what the humanities does. It used to be that I would have conversations with people where they would sketch out all sorts of pie-in-the-sky database systems and inference engines that could be plumbed in order to answer all their scholarly questions. What I've now come to realize is that many of them were simply describing the systems that Edward Snowden says the NSA has been building for itself all along.

Those tools evoke many reactions but if we are honest we will be forced to admit that envy is one of them.

Note: I didn't really get to this part during the talk itself. I pointed to it but it was all a bit rushed and disjointed by this point. The slide for this section is titled post conspicuously which is a reference to the instructions from the New York City Department of Health for restaurant owners to place their permit to operate in a place where anyone can see it, without having to ask. There's something about that idea which relates to everything below but you would be forgiven for not really seeing where those two things are holding hands because it's all still a fuzzy for me too...

One day all of that data the NSA is reported to be storing will be the raw material for an AP high school digital humanities homework assignment.

One day that data will be where most of us long since forgotten after our deaths might live on even the brief moments that someone sees our past as something more than an abstraction.

One day that data may be used to demonstrate that it was, in fact, a fifth column that finally ushered in a global confessional uniformity — a pursuit that seems to be present in every age for as long as we've been telling these stories.

One day that data will be subpoenaed and used to tell the stories that we may not want to remember but that we need to. If you've not read the US Senate Intelligence Committee's Study of the Central Intelligence Agency's Detention and Interrogation Program you should. Someone has to. It's profoundly depressing but it is important reading. Beyond the actions described in the report the thing that struck me is that most of the proof seems to have been found in the email that the various actors sent themselves.

Email. They talked about this stuff in email.

It's even the harmless, mundane, trivial stuff that makes up any day's email load that suddenly feels ugly and raw out in the open.

Lots of private companies are establishing corporate policies whereby email archives are purged on a regular interval. Lots of security professionals are recommending the practice to individuals precisely because the cost to an opportunist to hoarde that data and discover some clever use for it in the future is negligable.

Or this:

The CIA sought permission in January to destroy e-mail communications of all but 22 top CIA officials within three years of their leaving the agency — or when no longer needed, whichever is sooner.

No longer needed. I know, right?

In the end the National Archives announced that, at least for now, they won't indulge the CIA's request. This isn't necessarily about the CIA either. It seems that we give them a long-enough leash that by their actions they routine provoke these questions, but ask yourselves: Do you really want any government agency to have the luxury of choosing the shadow it casts in to the future and the stories it tells at dinner parties?

The practice is hardly new, historically, but I'm not sure its one that's worked out very well for most people, most of the time.

I do not mean to suggest that we supplicate ourselves to the imagined benefits of the hypothetical futures I am describing. The question remains: How do we protect the present from itself? The question remains: How long needs to pass before the sting of all that data in the moment is worth its yield in the future?

We have never stopped looking back and trying to figure out what the fuck the past was thinking and I don't imagine we will stop anytime soon. I think that is important to remember because one of the opportunities that big-data suggests is a better window on the past and, now that we've seen it, it's difficult to imagine anyone choosing the forfeit that possibility.

What upsets me about the "big-data" discussion is the way that it is so often couched in a rhetoric of inevitability. It is the rhetoric of the Law of the Jungle and some of us, at least, have been struggling to find viable alternatives for as long as we've recognized it as such.

The rhetoric of big-data is too often about absolute certainties and not about choices, or reasons. On bad days it is an abdication of our shared responsibility to articulate why we choose to live the ways that we do.