Augmented Reality and Privacy
18 July 2013
Augmented reality uses a computer to overlay information on our view of the real world to enhance it by providing more information or entertainment or even ads. While it has been a feature of science fiction - in spacesuit helmets, targeting computers, and the like - for some time, it’s working its way into the real world. One of the first practical applications of it was Google Goggles, which uses the camera on an Android phone to search via images or bar codes and to overlay extra information on the view through the camera. This is something that gets more useful as the technology becomes wearable - as with Google Glass - and has some obvious uses, such as navigation.
The fact that in order to be useful, augmented reality technology requires a computer to be tracking in real-time what the user is doing while the technology is in use raises some concerns about privacy and security, both for the user themselves as well as for anyone around them. Some of these concerns came up when mobile devices began to include cameras, such as making sure it’s not possible to take pictures secretly (this is why mobile cameras make obnoxious sounds when they take pictures). The problem with augmented reality is that when the technology is worn, it’s much harder to make it clear when events are being recorded. Google Glass currently requires a spoken command to take pictures and videos, but doesn’t make it obvious if the user continues to take video. Additionally, by using facial recognition with Facebook or Google, it becomes possible to identify anyone in the line of sight of of the user - and Google recently turned down a Glass app that did just that. Although most of us don’t expect a huge amount of privacy while walking in public, giving anyone the ability to identify us on the spot without ever saying a word is incredibly creepy. Forget targeted Internet ads, real-life salespeople could show you only products you might be interested in, based on what they surreptitiously learn about you before saying a word. The Internet already tailors itself to what it thinks you want to see, and with AR the real world could follow suit.
The issue of privacy and security gets more interesting when you consider that the computer driving any augmented reality is a computer - likely attached to the Internet - running software that could contain any number of security holes. Google pushed a patch to Glass a few days ago where Glass automatically identified and executed data stored in QR codes that it recognized as pictures, because it was found this could be exploited to make Glass stream video to a paired bluetooth device without the user knowing. While an exploit such as this isn’t necessarily useful given the limited range of bluetooth and pairing requirements, it reminds us that there can be exploits. Glass, for example, knows where you are and what you’re looking at which could yield a wealth of personal data to advertisers and hackers. While wearing an augmented reality device, simply looking at a credit card would be enough to lead to identity theft if the device has been exploited, for example.
What this means for the rest of us is that as more augmented realities work their way into everyday life, the amount of privacy we can expect drops substantially. Google turns down apps for Glass that allow identifying people, but there is no way of knowing if other manufacturers would do the same. For individual users, augmented reality needs to know a minimum of what the user is looking at which doesn’t necessarily allow for a lot of privacy. The issue of security and privacy is one thing where the Internet is concerned, but as it works its way more substantially into the real world, it raises some interesting and definitely not unfounded concerns.