Big Data and Citizens of Glass

May 8, 2017 by

Privacy activists have long pointed out the security and privacy risks of Internet of Things (IoT) devices. The latest WikiLeaks revelations have shown that these risks are real (Vault 7). State agencies themselves may exploit the lack of security in Internet connected devices to create their own version of a digital panopticon. Any militant regime would be envious to see the sophistication of today’s Internet surveillance. 

Two years ago, I presented a paper at a privacy conference highlighting the risk that smart TVs may be hacked to eavesdrop on conversations (the privacy policy of Samsung even allowed for that). Two years forward and we learn that the CIA has developed various malware and trojans that are capable of doing exactly this. 

Smart devices as digital panopticon

Equally disturbing is the news that the CIA has been actively looking at the possibility of taking control over smart cars and trucks. Mobile phones can be remotely instructed by the CIA to send the cellphone’s geolocation, audio and text communications as well as covertly activate the phone’s camera and microphone. Items that we bring into our most private space, our homes, can be turned into a beacon of surveillance allowing everyone with the right skills and interests to invade our privacy.

Not only governments spy on us.

Recently, German authorities banned the sale of a toy doll that specifically asks children to provide personal data including their parent’s names, the name of their school, their favourite TV show and the place where they live. The device can be easily hacked and was consequently banned due to privacy concerns, particularly given the toy may be in a child’s bedroom. Sounds creepy? It is!

Citizens of Glass

Things such as smart cars, fridges, and TVs do not have the in-build security features and firewalls that are commonly installed in computers and to a lesser degree in cellphones. At the same time Big Data has matured to an extent that it allows for pretty accurate user profiling. Profiling enables data analysts to determine an individual’s personality or behaviour, interests and habits so that it can be analysed and predicted. Big DataThis includes aspects such as a person’s economic situation, health, personal preferences, interests, behaviour, location or movements.

We are giving governments, businesses, and criminals alike unprecedented access to our personal information.

With each click, with each downloaded and installed app, we leave a little footprint on the Big Data autobahn, giving away a bit more about our personality. This digital footprint is a highly sought after traceable good. Companies pay for it. Entire business models are based around harvesting, analysing, and extracting information about us and our behaviour. The sophistication of data analytics has advanced so much that it extracts our little secrets click by click.

Big Data is turning Internet users more and more into citizens of glass.

At best data about us is used to sell us something. At worst our behaviour is manipulated beyond the scope of consumerism. Just like Bentham’s panopticon, we are being surveilled to alter our behaviour through tailored advertising, fake news, click baiting etc.

Erosion of individualism and democratic process

Privacy is the backstop of individualism. Independent thinking and forming an opinion were once thought to be vital ingredients of a functioning democracy. Yet they are being undermined by click baiting (which has left our media in a catatonic state) and political microtargeting which actively seeks to manipulate voter behaviour and opinions.

Big Data has become a powerful tool in politics. In fact Big Data played a critical role in Donal Trump’s election success. On 9 November 2016 Cambridge Analytica released the following press statement:

Cambridge Analytica, the market leader in the provision of data analytics and behavioral communications, would like to congratulate President-elect Donald Trump and Vice President-elect Mike Pence on their historic victory. Cambridge Analytica was instrumental in identifying supporters, persuading undecided voters, and driving turnout to the polls. The firm’s integrated Data Science, Digital Marketing, and Polling and Research teams informed key decisions on campaigning, communications, and resource allocation. […]

Trump paid Cambridge Analytica 5 Million US Dollar in September 2016 alone in the hope that data profiling will win him the presidential election. Cambridge Analytica claimed that it had 4,000 – 5,000 data points on every US individual. The YouTube video “Big Data and Psychographics in the electoral process” explains the process in more detail.

Cambridge Analytica had a video clip on its website that showcast its influence in the US election.

They have since changed their website but if you use the WayBack Machine you get a snap shot of the sites content as of October 2016.

Privacy protection is fundamental to a free and open society.

Practical dilema

From a practical point of view, protecting privacy is not that easy. The reason for that lies in part in the online users themselves. The apparent unawareness or disregard for online privacy is enabling misuse of data. Also, privacy laws are national laws and the privacy standards vary between countries to the extent that there is not even a uniform understanding of what amounts to “personal information”. For instance is metadata or browser generated information private information ?

This stands in stark contrast with the practical reality that personal data is transferred across national borders and accessed anywhere. Enforcing privacy across different jurisdictions is costly and complicated and requires greater commitment of resources. Some jurisdictions do not even recognise a breach of privacy as an actionable cause of action (e.g. Australia). National privacy laws lag behind the frog-leaping technological developments. Some countries’ privacy laws even predate the era of extensive cross-border data transfer.

The international data autobahn may benefit from internationally accepted privacy standards. From a practical point of view that seems very unlikely if the recent EU – US privacy shield negotiations are anything to go by.

European General Data Protection Rules

However, the European General Data Protection Rules (GDPR) may in fact coerce the rest of the world to comply with European privacy standards. This new privacy standards are conceptualised as a strict liability regime with extraterritorial application. The official start date is the 25 May 2018.

See also Who has access to your gmail account?