I hope to write more about the insightful discussions at the workshop convened by LIRNEasia and CIS. For now, here are the slides I used to frame the discussion on Harms from Surveillance, (In)security, and impacts upon Privacy and Competition. Image source.
The 4th Circuit Court of Appeals upheld what is known as the third-party doctrine: a legal theory suggesting that consumers who knowingly and willingly surrender information to third parties therefore have “no reasonable expectation of privacy” in that information — regardless of how much information there is, or how revealing it is. Research clearly shows that cell-site location data collected over time can reveal a tremendous amount of personal information — like where you live, where you work, when you travel, who you meet with, and who you sleep with. And it’s impossible to make a call without giving up your location to the cellphone company. “Supreme Court precedent mandates this conclusion,” Judge Diana Motz wrote in the majority opinion. “For the Court has long held that an individual enjoys no Fourth Amendment protection ‘in information he voluntarily turns over to [a] third part[y].
That’s title of a report Sriganesh Lokanathan and I completed for the New Venture Fund. Here is an extract from the executive summary. Much of the discussion of the socio-economic implications of behavioral data has focused on the inclusion of more citizens and more aspects of their lives within the sphere of control enabled by pervasive data collection. Effective public policy rests on good information about problems and the efficacy of the deployed solutions. Governments obtained such information through National Statistical Organizations (NSOs) in the 19th and 20th Centuries.
Daniel Solove’s work forms the basis of our recent analyses of big data privacy. It is impressive that he pulls together a comprehensive analysis of the implications of the passing of Justice Scalia for the third-party doctrine within a day. Justice Scalia’s opinion in Jones actually provides very little protection against government location tracking. Only the physical affixing of a GPS device to a car violates the 4th Amendment according to his view. But under the third party doctrine, the government can readily obtain GPS data from third parties that provide GPS services without a physical trespass to the car.
As befitting an article on BIG data, the writer of this piece, done for Center for Internet and Society, is liberal with superlatives. A colossal increase in the rate of digitization has resulted in an unprecedented increment in the amount of Big Data available, especially through the rapid diffusion cellular technology. The importance of mobile phones as a significant source of data, especially in low income demographics cannot be overstated. This can be used to understand the needs and behaviors of large populations, providing an in depth insight into the relevant context within which valuable assessments as to the competencies, suitability and feasibilities of various policy mechanisms and legal instruments can be made. However, this explosion of data does have a lasting impact on how individuals and organizations interact with each other, which might not always be reflected in the interpretation of raw data without a contextual understanding of the demographic.
I first talked about the competitive issues of big data at the 2013 IGF in Bali. In actual fact the competitive implications of a subset, utility customer information, were discussed back in 1992. But it was rare to think that there was anything to talk about other than privacy. Finally, the message seems to be getting through. The concern is that while data can give a business competitive advantage, unique treasure troves of data can provide one player with unique insight and, potentially that can be translated into market power.
I was a little surprised to be invited to a meeting on big data organized by the Institute of Technology and Society of Rio de Janeiro. But then I realized that the event was scheduled back to back with IGF 2015 in Joao Pessoa and that they were basically piggy-backing on the attraction of large numbers of international experts to Brazil in November 2015. With some effort, I was able to find a few people who were not lawyers participating in the event, but it was dominated by those of the legal persuasion. This meant that there was a presumption that laws and regulations were needed to avoid the bad things that could be imagined. Usually, what we have is a battle of imaginations.
Today I spoke at a session on Big Data for Development: Privacy Risks and Opportunities organized by UN Global Pulse and SIDA at Internet Governance Forum 2015. My presentation that sought to set the stage is here. Many interesting questions were raised, but I will here focus on one particularly uninformed one. The questioners (this is a synthesis of two questions) said that while the data holders may give data for free, they will start to charge for it soon. Therefore, it is important to ensure that the value of the data created by mobile users should be addressed and that users should get paid for their data.
I spent two challenging days at the first face-to-face meeting of the Privacy Advisory Group of UN Global Pulse in Den Haag. BIt was challenging because it was scheduled adjacent to a privacy commissioners’ conference and because the location was in Europe where privacy protection has been elevated to quasi-religious status. We as researchers are trying to solve problems that affect millions of people in developing countries such as traffic, unresponsive and poorly planned cities, the spread of diseases and so on. To us privacy and other harms matter, but in the foreground of our thinking we always place the social problems we are trying to solve. We attack the privacy problems because they get in the way of the larger purpose.
I moderated CPRsouth 10’s opening plenary that looked at the competitiveness, privacy and marginalization issues associated with the emerging field of big data. Attached are the questions that I circulated beforehand to the experts who participated in the discussion. Here is an excerpt. The document also contains several annexes that provide examples and definitions about the terms that are used. 5.
I will be participating in this Internet Governance Forum session in Joao Pessoa, Brazil, later this year. The session is organized by UN Global Pulse: In recent years, the potential of big data derived from the Internet and other digital devices to transform targeted advertising, recommender systems, location based services, logistics and other activities in the private sector has come to fruition. Increasingly, parallel applications in development work have emerged, proving the utility of big data for monitoring and measuring social phenomenon including disease outbreaks, food security, or migration. However, the opportunities presented by big data simultaneously raise serious concerns about privacy, especially when it comes to use of personal data. To realize the benefits of “Big Data for Development” it is important to find solutions for how to protect fundamental rights and values, including the right to privacy as recognized by the UDHR and ICCPR.
Verizon is in the the news and under the gun for its use of supercookies to track mobile users. The company uses the tracking technology — alphanumerical customer codes known as supercookies — to segment its subscribers into clusters and tailor advertising pitches to them. Although Verizon allows subscribers some choices regarding the use of their information for marketing purposes, the company does not permit them to opt out of being tagged with the persistent tracking technology. Our discussion: Within the first cluster proposed by Solove, the most relevant problem is surveillance. In the context of big data, it is useful to distinguish between active and passive surveillance.
The specialized unit of the UN dealing with big data for development, UN Global Pulse, has constituted a data privacy advisory group. LIRNEasia’s chair and advisor to the big data for development team, Rohan Samarajiva, is a member. Among the other members are MIT’s Sandy Pentland and Umar Saif, Chair of the Punjab IT Board and Secretary IT of the Government of Punjab.
An unexpectedly detailed description of our big data session was included in the Day 3 highlights: Big data is usually in the headlines for the wrong reasons – surveillance, exploitation of personal data for commercial or governmental ends, intrusion of privacy – but can also serve a valid and immensely exciting social purpose for development. Kicking off a fascinating, packed and highly-interactive session, moderator Rohan Samarajiva, Founding Chair and CEO, LIRNEasia, set out this contradiction in perception of big data as a “competition of imaginations” between hype and pessimism, reminding us that big data is “of interest to all of us, as we are the creators of this data, the originators of this data”. Our mobile telephones, and by extension we ourselves, are permanently in communication with the nearest towers, sending out details of our whereabouts and activities in an ever-growing, highly personal call record. This session aimed to “talk not about the imagination, but about what has been done”, exploring current and future trends in the use of big data for development.
Much of what is discussed as “big data” does not include the poor, because smartphone penetration is still low, social media are not used by all classes and datafied records are rare in developing countries. Therefore, the session focused on research that has been/is being done on pseudonymized mobile network big data in developing countries. Instead the usual “battle of imaginations” which posits the optimistic scenarios that tend toward hype against the pessimistic scenarios that imagine all sorts of bad things that could happen, we began with reality. What had been actually done on the ground in countries as different as Namibia, Afghanistan and Sri Lanka were presented by data scientists who knew the ins and outs of data cleaning, pseudonymization, and what software needs to be used to analyze petabytes of data at a time. The active audience raised a range of questions.
I resisted the notion that we should start our work on guidelines for”big data” from the settled law of other jurisdictions. I did not do that in 1987 when I did one of the earliest policy studies on ICTs and the law in Sri Lanka, and I was not about to start in 2013. I had reservations about both the chaotic and piecemeal nature of US privacy law and the over-bureaucratic nature of European law that made even a simple list of course attendees a subject of “data protection” enforced by a Data Protection Commissioner. In addition, I sensed that big data was a qualitative jump from what existed before and it was wrong to simply extrapolate from the existing law. Looks like I was right.