MONA, the Museum of Old and New Art in Hobart, Tasmania, is a provocative place, and not just because of its renowned artwork collection.
Entry to Australia’s largest and arguably most challenging private museum is through a light-drenched entrance. Visitors then head deep underground to where the gallery tour begins. Here you pick up an ‘O’ – a headset linked to a phone-sized device you carry through this dark, multi-layered venue.
MONA has no labels on any of its walls so the O device is your personal guide. Prompted by your wanderings through the gallery floors, it automatically offers contextual information and even recorded interviews about the artworks you stand in front of.
During my visit my O screen lit up asking me to enter my email address if I wanted to save my tour. Absent-mindedly I agreed and some time later, back at my own computer, I received an automated email containing a link to MONA’s website. I pressed it and my laptop sprang to life with an animated, computer-generated echo of my gallery visit.
The website retraced my steps precisely. My O device had recorded everything I had done, the meandering route I had taken, the particular artworks that had captured my attention, and – upon my agreement – downloaded it to a computer server that offered up again more information about exactly what I had seen.
This electronic reflection of my excursion rattled me. My journey through MONA’s mesmerising exhibits had felt intimate and there was something unnerving about being under surveillance while also becoming so lost in the art.
The instant I donned the O, this tracking had begun. Suddenly what had felt personal did not seem private any more.
At least the O had asked for my permission. Back in 2010 news broke that a Philadelphia schoolboy called Blake Robbins had been confronted by a school official who suspected Robbins had taken drugs in his bedroom.
Robbins, who maintained he was eating sweets and not popping pills, found himself presented with a photo taken of him at home by the webcam of a laptop that his school had provided him with. He and his parents launched legal action, claiming a violation of his civil rights.
It became clear that Robbins was not the only student affected. Around 2300 other school pupils had been given laptops by this school district, which had captured more than 50,000 ‘peeping Tom’ webcam images without any of them knowing it.
Robbins settled his legal case for a reported US$610,000 but his mother Holly remained uneasy, explaining to CBS News that she had three other children including a daughter whom she believed had also been spied on.
“I’m even concerned when I walk into a dressing room,” she said. “I just always feel the fear of being watched.”
She is not alone. Michael Wilkinson, the director of security and intelligence for the Asia-Pacific operations of Nuix, a Sydney-based international software company specialising in cybersecurity, routinely blocks his laptop’s webcam by covering it with a tiny piece of sticky black paper.
“My paranoia level is fairly high,” he admits, citing “the huge range of different malware out there that gives you remote access to the camera, the microphone, the keyboard of a laptop”.
“I’ve spent the last 18 years investigating computer crime and looking at how information is abused,” he says. “I get called in when things go wrong.”
Wilkinson has worked as a digital forensics specialist with the NSW Police Force, helped develop a Masters programme on the topic at a US college and lead a global team of consultants at Trustwave SpiderLabs, a company specialising in online security threats. He argues that leading a truly private life is increasingly difficult as more people use iPads, Fitbits, cameras and even cars with the GPS capacity to pinpoint your location at any time.
“The number of devices that people have now and the low cost of electronics – a GPS receiver can cost a couple of dollars – means that for any manufacturer of electronic equipment to install that kind of tracking device into equipment is close to zero cost.”
At this point, he explains, it becomes a matter of how much effort such companies want to put into “writing the software to track you”.
Wilkinson describes mobile phones as a “classic example” because “if you have the GPS enabled they are tracking you everywhere you go. Even without the GPS enabled, the cell towers, the wireless access point that you’re going near, are also able to locate you. You are getting tracked everywhere.”
While this form of electronic surveillance has been going on for some time, companies are increasingly exploring different ways of making money from it. Enter a large shopping centre and you may find they suggest you download an app onto your phone, Wilkinson says. “They will then use that app to track you as you move around … as you go in and out of different stores, they will start tailoring advertising to meet your movements, based on the type of shops you are going into, and then try to convince you to go in and spend more money in those different locations.”
Some may consider that useful but this cybersecurity expert, who says wryly that when he goes to the shops he knows exactly what he’s after – “I just want to go in, get it, and get out” – rails against it.
“It is my personal data, it is my privacy, it’s my life,” he says, outlining the steps he takes to avoid being electronically followed.
Wilkinson does not use an iPhone and only enables his android phone’s GPS when he wants to use it for directions. He carefully considers installing any app. When it comes to computer use he bounces between different web browsers and employs multiple user accounts “to try and prevent people from being able to identify me as coming back to a particular website, or to correlate my activity between different locations”.
Consider Google, he says. “You use Google maps to work out where you are going to go. If you want to go to a restaurant you then look up travel details, hotel details, flight bookings [and all this data] is being collected.” The cumulative result is “a massive profile of your entire life”.
“I don’t really want people to be looking over my shoulder at everything I’m doing, everywhere I’m going,” Wilkinson says. “You have to keep in mind that’s all going into a massive database.”
Wilkinson advises thinking carefully about how much information you volunteer to hand over, when and to whom. He advocates avoiding online competitions that demand personal details in return for entering, or doing quizzes such as those continually promoted by Facebook.
“It basically comes down to trust: am I giving this information to the organisation I think I am giving it to, and do I trust this organisation to be keeping it securely and only using it in the manner in which I find acceptable?”
Most companies collecting this information are not doing so with a malicious intent; they are collecting it to push targeted online advertising to you, he says.
However, describing what can happen when security goes wrong and a company finds its databases holding customer details compromised, he says that cybercriminals aim to collect as much personal information as they can. “The worst-case scenario is identity theft where the cybercriminals create an entire fake persona or totally impersonate someone and take out mortgages and credit cards and all sorts of other debt under your name.
“That sort of thing can take years to straighten out, and can take years to even become aware of in the first place. You generally don’t find out about it until debt collectors come banging on your door asking you to repay tens of thousands of dollars.
“People are very good at giving up their rights,” adds Wilkinson, pointing out that at the very least people should read their software user agreements, such as the recent Windows 10 agreement, for example, that states that “if you accept all the defaults you are giving Microsoft access to every file on your computer”.
There is an alternative to all this as I realised after my visit to MONA when I found myself in the Tasmanian wilds so far from my mobile phone provider that emails, texts and GPS tracking could no longer reach me.
For those few days the only sign of my presence – digital or otherwise – appeared as I walked along a deserted beach, creating a trail of footprints in the soft, white sand. The ocean just as quickly washed them away.