Some Further Thoughts On Privacy

The US has a (large­ly reli­gion-dri­ven) absti­nence-until-mar­riage move­ment; in some states, schools are not required to pro­vide sex­u­al edu­ca­tion to teens, and where it is pro­vid­ed, absti­nence from inter­course is pro­mot­ed as the best method of main­tain­ing sex­u­al health. But a 2007 meta-study found that absti­nence-only at best had no effect at all on teen sex­u­al health, and at worst led to high­er rates of sex­u­al­ly-trans­mit­ted infec­tions: in com­mu­ni­ties with greater than 20% of teens in absti­nence-only pro­grams, rates of STDs were over 60% high­er than in those of reg­u­lar pro­grams.

Igno­rance of their options meant these teens were less like­ly to use con­tra­cep­tion when they did have sex, were more like­ly to engage in oral and anal sex, and less like­ly to seek med­ical test­ing or treat­ment.

I wor­ry that ‘total pri­va­cy’ advo­cates are caus­ing sim­i­lar igno­rance in peo­ple online. An arti­cle in the lat­est Wired UK heav­i­ly hypes up the scare of your data being pub­licly avail­able, but with­out offer­ing any expla­na­tion of why that’s bad or how you can take back con­trol, beyond block­ing all data shar­ing. By pro­mot­ing zero-tol­er­ance pri­va­cy, encour­ag­ing peo­ple to leave social net­works or unin­stall apps that share data, total pri­va­cy advo­cates fail to edu­cate peo­ple on the pri­va­cy options that are avail­able to them, and ways they can use data to their own advan­tage.

Face­book, for exam­ple, has excel­lent expla­na­tions of how they use your data, fil­ters and pref­er­ences that let you con­trol it, and links to exter­nal web­sites that explain and pro­vide fur­ther con­trols for dig­i­tal adver­tis­ing.

My con­cern is that, if you advise only a zero-tol­er­ance pol­i­cy you run the risk of dri­ving peo­ple away to alter­na­tives that are less forth­com­ing with their pri­va­cy con­trols, or mak­ing them feel help­less to the point where they decide to ignore the sub­ject entire­ly.  Either way they’ve lost pow­er over the way they con­trol their per­son­al data, and are miss­ing out on the val­ue it could give them.

And I strong­ly believe there is val­ue in my data. There is val­ue in it for me: I can use it to be more informed about my health, to get a smarter per­son­al assis­tant, to see ads that can be gen­uine­ly rel­e­vant to me. And there is val­ue in it for every­one: shared med­ical data can be used to find envi­ron­men­tal and behav­iour­al pat­terns and improve the qual­i­ty of pub­lic pre­ven­ta­tive health­care.

I’m not blithe about it; I don’t want my data sold to unknown third par­ties, or used against me by insur­ers. I’m aware of the risks of the panop­ti­con of small HD cam­eras that could lead to us all becom­ing wit­ting or unwit­ting infor­mants, and mon­i­tor­ing of com­mu­ni­ca­tion by peo­ple who real­ly have no busi­ness mon­i­tor­ing it.

What we need is not total pri­va­cy, but con­trol over what we expose. We need trans­paren­cy in see­ing who gets our data, we need leg­is­la­tion to con­trol the flow of data between third par­ties, we need the right to opt out, and we need bet­ter anonymi­ty of our data when we choose to release it into large datasets.

Knowl­edge is pow­er, and I’d rather have con­trol of that pow­er myself than com­plete­ly deny it a place in the world.

Sources and further reading

The United States of Authoritarianism

I’m read­ing Eric Schmidt and Jared Cohen’s ‘The New Dig­i­tal Age’ at the moment. It’s a fair­ly dry look at the near future, both per­son­al and polit­i­cal, and the impact of dig­i­tal tech­nol­o­gy. It’s (obvi­ous­ly) in favour of every­thing Google are doing — to the extent that anonymi­ty is seen as a gen­er­al­ly unfavourable aim, except in extreme cir­cum­stances — and has the occa­sion­al out-of-place digres­sion (not sure how the robot­ic hair­dress­ing machine fits into the new dig­i­tal age), but is over­all much more inter­est­ing than not.

One thing that’s obvi­ous, how­ev­er, is that it was writ­ten before the NSA/GCHQ leaks, as gov­ern­ment sur­veil­lance isn’t men­tioned as some­thing that we in the West would do. In fact there’s a sec­tion on the dif­fer­ence between author­i­tar­i­an regimes and democ­ra­cies, in which it says:

[Author­i­tar­i­an] regimes will com­pro­mise devices before they are sold, giv­ing them access to what every­body says, types and shares in pub­lic and in pri­vate.

Which, if the allegations/rumours/conspiracies about the Intel back­door and Apple SSL hole (for exam­ple) turn out to be true and based on cre­at­ing secu­ri­ty flaws rather than exploit­ing them, would put the US very much in the author­i­tar­i­an camp.

Privacy, permission, and opting out

Ear­li­er today I got an update noti­fi­ca­tion for the Face­book app for Android, and to install the update I had to agree to some new per­mis­sions:BcFRREcIAAA9tvW.jpg_large

The thing is, I don’t agree to those new per­mis­sions. So I tweet­ed this:

Looks like this new update to Face­book for Android means it’s time to unin­stall the app.

It seemed to hit a pop­u­lar nerve and got retweet­ed a hand­ful of times, but then I start­ed to get peo­ple telling me I was in error or hav­ing a knee-jerk reac­tion. Twitter’s 140 char­ac­ters are great for short bites but some­what lack­ing in con­text, so I thought I’d (hasti­ly) put togeth­er this expla­na­tion.

I don’t believe that my per­son­al data should be a con­di­tion for installing an app. I believe that when an app or ser­vice wants my data, it’s enter­ing into an exchange with me. For me to be hap­py with the exchange, I need a sat­is­fac­to­ry answer to these three ques­tions:

  1. For what pur­pose do you want my data?
  2. What do I get in return?
  3. How can I get my data delet­ed if I change my mind?

In my opin­ion, Facebook’s expla­na­tions aren’t sat­is­fac­to­ry. In the case of SMS per­mis­sions, they give the exam­ple of using SMS con­fir­ma­tion codes for autho­ri­sa­tion. This is a rea­son­able exam­ple, but the word­ing is clear that it is only an exam­ple of what they require the per­mis­sion for.

That caus­es what is, to me, an unac­cept­able ambi­gu­i­ty: a per­mis­sion may be grant­ed for a use I deem rea­son­able now, but once grant­ed it doesn’t have to be request­ed again for a rea­son which I may find unrea­son­able.

Per­haps it does­n’t mean that, and maybe I’m being para­noid, or unchar­i­ta­ble, or think­ing the worst, but to be hon­est, I’m a very light Face­book user and I don’t need the has­sle of work­ing out whether that’s the case or not.

So I don’t agree with the lat­est per­mis­sion requests, and as they’re not option­al requests I took the only course of action open to me and unin­stalled the app. I’m not think­ing about ter­mi­nat­ing my Face­book account, I can avoid the per­mis­sions issue by using the mobile web­site instead, so I will.

If Android had an option­al per­mis­sions mod­el, or if there were def­i­nite guar­an­tees from Face­book about what these per­mis­sions were required for, this would have all passed with­out inci­dent.

There are, of course, much big­ger con­ver­sa­tions being held about per­son­al data and pri­va­cy, but it’s almost Christ­mas and I should stop writ­ing this.

OK, Computer

Ever since Star Trek: The Next Gen­er­a­tion I’ve har­boured a dream of hav­ing a com­put­er like the one on The Enter­prise; one that uses nat­ur­al lan­guage pars­ing to under­stand your ques­tion, can give you the answer to almost any­thing, and can reply to you audi­bly. Of course, today this is no longer a dream; with Siri, Google Now* and var­i­ous sim­i­lar inter­net-enabled appli­ca­tions the sci-fi dream is only the press of a but­ton away.

But there’s one impor­tant aspect of the Star Trek com­put­er that every­one seems less keen on: the voice com­mand acti­va­tion. The TV show com­put­er is acti­vat­ed with a pre­fix: “Com­put­er: …”. Now we have prod­ucts like Google Glass, Motoro­la X, and Xbox One Kinect which promise the same func­tion­al­i­ty (“OK Glass: …”; “OK Google Now: …”; “Xbox on: …”), and the pub­lic reac­tion has tend­ed towards doubt, fear or down­right rejec­tion. Peo­ple I know who are oth­er­wise ful­ly-fledged technophiles have expressed wor­ries about the always-on lis­ten­er ser­vice.

It’s inter­est­ing that this reac­tion has per­sist­ed even though rep­re­sen­ta­tives of the com­pa­nies involved have tak­en great pains to empha­sise your pri­va­cy. In the case of the Motoro­la X there is a chip ded­i­cat­ed to only lis­ten­ing for your voice speak­ing the exact phrase “OK Google Now”, and the Xbox One Kinect behaves sim­i­lar­ly, and in nei­ther case is any data sent — or even, as far as I know, a net­work con­nec­tion required. But that’s not been enough to reas­sure some peo­ple.

This reac­tion seems per­haps under­stand­able, except that we car­ry around with us all day a device ful­ly capa­ble of lis­ten­ing to us and trans­mit­ting our words to unknown par­ties, and at home and work use oth­er devices equal­ly capa­ble of doing the same.

Could this fear be down to tim­ing? This news came at the same time as we heard about the full extent of NSA (or GCHQ here in the UK) spy­ing, so it would­n’t be unrea­son­able to think that pri­va­cy was fore­most in peo­ple’s minds.

Is it per­haps a gen­er­al dis­trust about what big com­pa­nies are doing with your data? Google in par­tic­u­lar have been fight­ing many pri­va­cy cas­es in courts across the globe, and a $15 bil­lion law­suit against Face­book for cook­ie track­ing is still ongo­ing (I think).

Or are peo­ple blanch­ing just because this for­malised voice acti­va­tion now makes it explic­it that we can be lis­tened to?

I was gen­uine­ly going to make a ‘final fron­tier’ joke to end this piece, but luck­i­ly I thought bet­ter of it.

* So per­va­sive is the image of the Star Trek com­put­er that it’s claimed that Google’s ‘obses­sion’ is to build their ser­vices in its image.