Opinion

Developing Consensus on the Ethics of Data Use

Information is power, as the saying goes, and big data promises the power to make better decisions across industry, government, and everyday life. Data analytics offers an assortment of new tools to harness data in exciting ways, but society has been slow to engage in a meaningful analysis of the social value of all this data. The result has been something of a policy paralysis when it comes to building consensus around certain uses of information.

Advocates noted this dilemma several years ago during the early stages of the effort to develop a Do Not Track (DNT) protocol at the World Wide Web Consortium. DNT was first proposed seven years ago as a technical mechanism to give users control over whether they were being tracked online, but the protocol remains a work in progress. The real issue lurking behind the DNT fracas was not any sort of technical challenge, however, but rather the fact that the ultimate value of online behavioral advertising remains an open question. Industry touts the economic and practical benefits of an ad-supported Internet, while privacy advocates maintain that targeted advertising is somehow unfair. Without any efforts to bridge that gap, consensus has been difficult to reach.

As we are now witnessing in conversations ranging from student data to consumer financial protection, the DNT debate was but a microcosm of larger questions surrounding the ethics of data use. Many of these challenges are not new, but the advent of big data has made the need for consensus ever more pressing.

For example, differential pricing schemes – or price discrimination – have increasingly become a hot-button issue. But charging one consumer a different price than another for the same good is not a new concept; in fact, it happens every day. The Wall Street Journal recently explored how airlines are the “world’s best price discriminators,” noting that what an airline passenger pays is tied to the type of people they’re flying with. As a result, it currently costs more for U.S. travelers to fly to Europe than vice versa because the U.S. has a stronger economy and quite literally can afford higher prices. Businesses are in business, after all, to make money, and at some level, differential pricing makes economic sense.

However, there remains a basic concern about the unfairness of these practices. This has been amplified by perceived changes in the nature of how price discrimination works. The recent White House “Big Data Report” recognized that while there are perfectly legitimate reasons to offers different prices for the same products, the capacity for big data “to segment the population and to stratify consumer experiences so seamlessly as to be almost undetectable demands greater review.” Customers have long been sorted into different categories and groupings. Think urban or rural, young or old. But big data has made it markedly easier to identify those characteristics that can be used to ensure every individual customer is charged based on their exact willingness to pay.

The Federal Trade Commission has taken notice of this shift, and begun to start a much-needed conversation about the ultimate value of these practices. At a recent discussion on consumer scoring, Rachel Thomas from the Direct Marketing Association suggested that companies have always tried to predict customer wants and desires. What’s truly new about data analytics, she argued, is that it offers the tools to actually get predictions right and to provide “an offer that is of interest to you, as opposed to the person next to you.” While some would argue this is a good example of market efficiency, others worry that data analytics can be used to exploit or manipulate certain classes of consumers. Without a good deal more public education and transparency on the part of decision-makers, we face a future where algorithms will drive not just predictions but decisions that will exacerbate socio-economic disparities.

The challenge moving forward is two-fold. Many of the more abstract harms allegedly produced by big data are fuzzy at best – filter bubbles, price discrimination, and amorphous threats to democracy are hardly traditional privacy harms. Moreover, few entities are engaging in the sort of rigorous analysis necessary to determine whether or not a given data use will make these things come to pass.

According to the White House, technological developments necessitate a shift in privacy thinking and practice toward responsible uses of data rather than its mere collection and analysis. While privacy advocates have expressed skepticism of use-based approaches to privacy, increased transparency and accountability mechanisms have been approached as a way to further augment privacy protections. Developing broad-based consensus around data use may be more important.

Consensus does not mean unanimity, but it does require a conversation that considers the interests of all stakeholders. One proposal that could help drive consensus are the development of internal review boards or other multi-stakeholder oversight mechanisms. Looking to the long-standing work of institutional review boards, or IRBs, in the field of human subject testing, Ryan Calo suggested that a similar structure could be used as a tool to infuse ethical considerations into consumer data analytics. IRBs, of course, engage in a holistic analysis of the risks and benefits that could result from any human testing project. They are also made up of different stakeholders, encompassing a wide-variety of diverse backgrounds and professional expertise. These boards also come to a decision before a project can be pursued.

Increasingly, technology is leaving policy behind. While that can both promote innovation and ultimately benefit society, it makes the need for consensus about the ethics at stake all the more important.

Truthout Publishes My Thoughts on Big Data’s Image Problem

Happy to report that Truthout today published my quick op-ed entitled “Big Data’s Big Image Problem.” Not only does this piece expand on comments the Future of Privacy Forum submitted as part of the White House’s Big Data Review, but it also riffs on my favorite part of the latest Marvel movie, Captain America: The Winter Soldier.  As a privacy wonk, I took great pleasure in discovering that ::minor spoilers:: Captain America’s chief villain was actually “The Algorithm.”  When Captain America doesn’t like you, you know you’ve got an image problem, and frankly, big data has an image problem.

Average Folks and Retailer Tracking

Yesterday evening, I found myself at the Mansion on O Street, whose eccentric interior filled with hidden doors, secret passages, and bizarrely themed rooms, seemed as good as any place to hold a privacy-related reception. The event marked the beta launch of my organization’s mobile location tracking opt-out.  Mobile location tracking, which is being implemented across the country by major retailers, fast food companies, malls, and the odd airport, first came to the public’s attention last year when Nordstrom informed its customers that it was tracking their phones in order to learn more about their shopping habits.

Today, the Federal Trade Commission hosted a morning workshop to discuss the issue, featuring representatives from analytics companies, consumer education firms, and privacy advocates. The workshop presented some of the same predictable arguments about lack of consumer awareness and ever-present worries about stifling innovation, but I think a contemporaneous conversation I had with a friend better highlights some of the privacy challenges mobile analytics presents.  Names removed to predict privacy, of course!

The Supreme Court’s Say on Surveillance?

Big national security news yesterday: a federal court judge has ruled that the NSA’s Section 215 metadata collection program is an unconstitutional violation of the Fourth Amendment.  TechDirt has a great wrap-up of Judge Leon’s opinion, but more than the excellent legal analysis on display, the case is one of the first big demonstrations of how the federal judiciary is being brought into the surveillance discussion post-Snowden.  The secretive structure of FISA Court, and the difficulty – if impossibility – of getting those cases into the Supreme Court or out into the sunshine made it very easy for the the courts to avoid judging the constitutionality of broad government surveillance.

Just last year in Clapper v. Amnesty International, the Supreme Court was able to side-step today’s question by holding that a group of international lawyers and journalists had no standing to challenge the FISA Amendments Act of 2008 because they could prove no harm.  The narrow majority deferred to the FISA Court’s ability to enforce the Fourth Amendment’s privacy guarantees, an assertion that has proven to be ridiculous. Snowden’s revelations have changed Clapper‘s standing equation, and this may force the Supreme Court’s hand.

After today, it appears all three branches of government may have a say in the future of the Fourth Amendment, and it seems likely they won’t be in agreement.  Involving the Third Branch in an active dialog about surveillance is essential not only because it can clarify the scope of Fourth Amendment but also because it may be in a position to break a separation of powers stalemate between Congress and the President.  In the end, the steady stream of lawsuits challenging the NSA’s activities may end up having a bigger legal impact than any congressional theatrics.

Read More…

Europe Misdirects Rage on the US Safe Harbor

This morning, the European Commission released its report on the state of the US-EU Safe Harbor, a mechanism that provides for international data transfers, proposing a series of recommendations designed “to restore trust in data flows between the EU and the U.S.”  Europeans have long been critical of the Safe Harbor — and America’s free-wheeling attitude toward privacy in general — but the Summer of Snowden provided a perfect pretext to “reconsider” the efficacy of the Safe Harbor.

America’s hodgepodge or “sectoral” approach to privacy has increasingly placed U.S. officials on the defensive, and there’s no question the Safe Harbor can be improved.  However, conflating Safe Harbor reform with justified anger about expansive NSA snooping is counterproductive.  First and foremost, while public and private data sharing is increasingly intermingled, government access to data is not the same as commercial data use.  The Safe Harbor was explicitly designed to protect the commercial privacy interests of EU citizens.

It was not created to address national security issues, and the Safe Harbor specifically provides an exception from its requirements “to the extent necessary to meet national security, public interest, or law enforcement requirements.”  As FTC Commissioner Julie Brill has noted, national security exceptions to legal regimes are not unusual.  For example, the HIPAA Privacy Rule permits the disclosure of private health information in the interest of national security, and even the EU’s stringent Data Protection Directive includes an exception for state security or defense.

Read More…

Government Shutdown and Collapse: A Constitutional Crisis Caused by Rural America

As this government shutdown has come to absorb not merely the day-to-day functioning of government but also our national health care policy and the looming debt ceiling, it becomes harder and harder not to see this episode as the beginnings of a legitimate constitutional crisis.

By all accounts, this shutdown was formally instigated by 80 Republicans House members who wanted the Speaker to more aggressively work to “defund” Obamacare.  Whatever one thinks of Obamacare, of Big Government, these Republicans are hardly representative of the public as a whole:

These eighty members represent just eighteen per cent of the House and just a third of the two hundred and thirty-three House Republicans. They were elected with fourteen and a half million of the hundred and eighteen million votes cast in House elections last November, or twelve per cent of the total. In all, they represent fifty-eight million constituents. That may sound like a lot, but it’s just eighteen per cent of the population.

I actually thought one of the big takeways from November’s election was that the United States and our public policies increasingly faces a vast landed majority that is very much a numerical minority.

Read More…

Whose Hypothetical Horribles?

Released last fall, Rick Smolan and Jennifer Erwitt’s The Human Face of Big Data is a gorgeous, coffee table book that details page after page of projects that are using Big Data to reshape human society.  In a later interview, Smolan suggested that Big Data was “akin to the planet suddenly developing a nervous system” with “the potential to have a bigger impact on civilization than the Internet.” A bold claim if ever there was one, but the advent of Big Data begs the question: what sort of ramifications will this new data nervous system have on society?

Since I began reading about Big Data in earnest last year, I’ve noticed that much of the discussion seems to be focused at the extremes, hyping either the tremendous benefits and terrific fears of Big Data.

Proponents tend to look at data analytics with wide-eyed optimism.  In their recent book, Big Data: A Revolution That Will Transform How We Live, Work, and Think, Viktor Mayer-Schoenberger and Ken Cukier suggest that Big Data will “extract new insights or create new form of value, in ways that change markets, organizations, the relationship between citizens and governments, and more.”

On the other side of the coin, scholars like Paul Ohm argue that “Big Data’s touted benefits are often less significant than claimed and less necessary than assumed.” It is very easy to see Big Data as a giant engine designed explicitly to discriminate, to track, to profile, and ultimately, to exclude.  Technologist Alistair Croll has declared Big Data to be the “civil rights issue” of our generation.

Adam Thierer, who puts his faith in the market to sort these issues out, has derisively suggested these worries are little more than boogeyman scenarios and hypothetical horribles, but I take his point that much of the worry surrounding Big Data is of a kind of abstract doom and gloom.  The discussion could benefit by actually describing what consumers–what individuals are facing on the ground.

For example, in my paper, I noticed two interesting stories in the span of a few weeks.  First, that noted Judge Alex Kozinski had declared that he would be willing to spend $2,400 a year in order to protect his privacy from marketers and miscreants.  Second, that individuals were data-mining themselves on Kickstarter to the tune of $2,700.  One was an established legal figure; the other a poor graduate student.  One could pay.  The other could only sell.

More of the Big Data discussion should center around how consumers are honestly being impacted.  Instead, we’re still talking about Fair Information Practice Principles with the strong conviction that a few tweaks here and there and a renewed dedication to some long-standing principles will “solve” the privacy challenge we face.  In the regulatory regime, there is much discussion about offering “meaningful” user choice, but as the “Do Not Track” process has demonstrated, no one really knows what that means.

I would love to pay for my privacy, but that’s a cost I’m not prepared to cover.  I’d love to make meaningful choices about my privacy, but I’m not sure what any of my choices will actually accomplish.  Perhaps Thierer has a point, that I’m worried about hypothetical horribles, but I’m not sure our planet’s new data nervous system has my best interests in mind.

Because Everyone Needs Facebook

Facebook has rolled out several proposed updates to its privacy policy that ultimately gives Facebook even more control over its users information.  Coming on the heels of $20 million settlement by Facebook for using user’s information for inclusion in advertisements and “sponsored stories,” Facebook has responded by requiring users to give it permission to do just that:

You give us permission to your name, profile picture, content, and information in connection with commercial, sponsored, or related content (such as a brand you like) served or enhanced by us.

A prior clause that suggested any permission was “subject to the limits you place” has been removed.

This is why people don’t trust Facebook. The comments sections to these proposed changes are full of thousands of people demanding that Facebook leave their personal information alone, without any awareness that that ship has sailed.  I don’t begrudge Facebook’s efforts to find unique and data-centric methods to make money, but as someone who is already reluctant to share too much about myself on Facebook, I can’t be certain that these policies changes aren’t going to lead to Facebook having me “recommend” things to my friends I have no association with.

But no one is going to “quit” Facebook over these changes.  No one ever quits Facebook.  As a communications and connectivity platform, it is simply invaluable to users.  These changes will likely only augment Facebook’s ability to be deliver users content, but as someone who’s been with Facebook since early on, Facebook sure has transformed from this safe lil’club into a walled Wild West where everyone’s got their eye on everyone.

 

Framing Big Data Debates

If finding the proper balance between privacy risks and Big Data rewards is the big public policy challenge of the day, we can start by having a serious discussion about what that policy debate should look like. In advance of my organization’s workshop on “Big Data and Privacy,” we received a number of paper submissions that attempted to frame the debate between Big Data and privacy. Is Big Data “new”?  What threats exist?  And what conceptual tools exist to address any concerns?

As part of my attempt to digest the material, I wanted to look at how several scholars attempted to think about this debate.

This question is especially timely in light of FTC Chairwoman Edith Ramirez’s recent remarks on the privacy challenge of Big Data at the Aspen Forum this week. Chairwoman Ramirez argued that “the fact that ‘big data’ may be transformative does not mean that the challenges it poses are, as some claim, novel or beyond the ability of our legal institutions to respond.” Indeed, a number of privacy scholars have suggested that Big Data does not so much present new challenges but rather has made old concerns ever more pressing.

Read More…

The Toobin Principle as a Corollary to the Snowden Effect

Jay Rosen has a fantastic piece today on PressThink on what he calls the “Toobin principle“.  In effect, Jeffrey Toobin and a number of media figures have criticized Edward Snowden as a criminal or, worse, a traitor even as they admit that his revelations have led to a worthwhile and more importantly, a newsworthy debate. For his part, Rosen asks whether there can “even be an informed public and consent-of-the-governed for decisions about electronic surveillance”?

I would add only the following observations. First, an informed public may well be the only real mechanism for preserving individual privacy over the long term. As we’ve seen, the NSA has gone to great lengths to explain that it was acting under appropriate legal authority, and the President himself stressed that all three branches of government approved of these programs. But that hasn’t stopped abuses — as identified in currently classified FISC opinions — or and I think this is key, stopped government entities from expanding these programs.

This also begs the bigger, looming concern of what all of this “Big Data” means. One of the big challenges surrounding Big Data today is that companies aren’t doing a very good job communicating with consumers about what they’re doing with all this data.  Innovation becomes a buzzword to disguise a better way to market us things. Like “innovation,” national security has long been used as a way to legitimize many projects. However, with headlines like “The NSA is giving your phone records to the DEA. And the DEA is covering it up,” I believe it is safe to say that the government now faces the same communications dilemma as private industry.

In a recent speech at Fordham Law School, FTC Commissioner Julie Brill cautioned that Big Data will require industry to “engage in an honest discussion about its collection and use practices in order to instill consumer trust in the online and mobile marketplace.”  That’s good advice — and the government ought to take it.

MOOCs and My Future Employment Prospects?

Massive open online courses are a new, rapidly evolving platform for delivering educational instruction. Since their appearance just a half-decade ago, multiple platforms now offer dozens of free courses from leading universities across the country. However, as MOOCs work to transform education, they also seek to find ways to turn innovative educational experiences into viable business models. In many respects, this is the same challenge facing many Internet services today. Yet while many “free” Internet services rely upon their users giving up control of their personal data in exchange, this bargain becomes strained when we enter the field of education.

Education aims to encourage free thought and expression.  At a basic level, a successful learning experience requires individuals to push their mental abilities, often expressing their innermost thoughts and reasoning. A sphere of educational privacy is thus necessary to ensure students feel free to try out new ideas, to take risks, and to fail without fear of embarrassment or social derision. As a data platform, MOOCs by their very nature collect vast stores of educational data, and as these entities search for ways to turns a profit, they will be tempted to take advantage of the huge quantities of information that they are currently sitting upon.

As MOOCs look for ways to turn a profit, they will be tempted to turn to the vast stores of personal data that they are currently sitting upon.  It will be essential to consider the privacy harms that could result if this personal educational data is treated carelessly.

This is already some evidence that MOOC organizers recognize this challenge.  In January, a dozen educators worked to draft a “Bill of Rights” for learning in the digital age.  The group, which included Sebastian Thrun, founder the MOOC Udacity, declared that educational privacy was “an inalienable right.” The framework called for MOOCs to explain how student data was being collected, used by the MOOC, and more importantly, made available to others.  “[MOOCs] should offer clear explanations of the privacy implications of students’ choices,” the document declared.

In addition to Udacity, the leading MOOCs–Coursera and edX–can improve how they approach student privacy.  Most MOOCs have incredibly easy sign-up processes, but they are much less clear about what data they are collecting and using.  At the moment, the major MOOCs rely on the usual long, cumbersome privacy policies to get this information across to users.

These policies are both broad and unclear.  For example, Coursera states in its Privacy Policy that it “will not disclose any Personally Identifiable Information we gather from you.”  However, it follows this very clear statement by giving itself broad permission to use student data: “In addition to the other uses set forth in this Privacy Policy, we may disclose and otherwise use Personally Identifiable Information as described below. We may also use it for research and business purposes.”  More can be done to offer clear privacy guidelines.

Beyond providing clearer privacy guidelines, however, MOOCs also should consider how their use of user-generated content can impair privacy.  A potential privacy challenge exists where a MOOC’s terms of service grant it such a broad license to re-use students’ content that they effectively have the right to do whatever they wish. EdX, a project started by educational heavyweights Harvard and MIT, states in its Terms of Service that students grant edX “a worldwide, non-exclusive, transferable, assignable, sublicensable, fully paid-up, royalty-free, perpetual, irrevocable right and license to host, transfer, display, perform, reproduce, modify, distribute, re-distribute, relicense and otherwise use, make available and exploit your User Postings, in whole or in part, in any form and in any media formats and through any media channels (now known or hereafter developed).” Coursera and Udacity have similar policies.

Under such broad licenses, students “own” their exam-records, forums posts, and classroom submissions in name only. The implications of a MOOC “otherwise using” my poor grasp of a history of the Internet course I sampled for fun is unclear. This information could be harnessed to help me learn better, but as MOOC’s become talent pools for corporate human resource departments, it could bode ill for my future employment prospects.

At the moment, these are unresolved issues.  Still, as MOOCs move to spearhead a revolution in how students are taught and educated, providing students of all ages with a safe-space to try out new ideas and learn beyond their comfort zone will require both educators and technology providers to think about educational privacy.

The Rhetoric and Law of Government Surveillance

Two weeks ago, after the President’s national security address, I was left with little reaction other than the speech sounded good.  The President made overtures to “refining” and ultimately repealing the AUMF.  There was some measured rhetoric about drone warfare and a frank discussion about GITMO.  The President even tolerated a heckler, but nothing about the speech appeared to suggest a serious re-evaluation of American national security policy.  But as this week suggests, positive words, whether in a speech or in law, can easily be used to obfuscate more alarming acts.

This week, of course, came news that our government is collecting metadata of the phone calls of millions of (if not all) Americans.  The time, location, and duration of our calls are being recorded, aggregated, and transformed into a vast network of personal information.  Last night came the further revelation that the NSA has continued a vast data mining enterprise with the participation of every major tech company–Google, Facebook, Apple, Microsoft, Yahoo, Skype, YouTube, AOL.  Whether through ignorance or an intentional gag orders, these tech giants have been forced to hem and haw about what exactly they know and what exactly they’re giving away.

As a number of people have recalled, then-Senator Obama cautioned against this sort of intelligence dragnet. “We have to find the right balance between privacy and security, between executive authority to face threats and uncontrolled power,” he said.  “What protects us, and what distinguishes us, are the procedures we put in place to protect that balance, namely judicial warrants and congressional review. These aren’t arbitrary ideas. These are the concrete safeguards that make sure that surveillance hasn’t gone too far. That someone is watching the watchers.”

Speaking to reporters today, the President has inverted his priorities:  “You can’t have 100 percent security and then also have 100 percent privacy and zero inconvenience.  You know, we’re going to have to make some choices as a society.”  The problem is that “society” hasn’t made this choice; a small collection of government officials have.

There is little question that the letter of the law has been followed here.  Both judicial review and congressional oversight are in place, but can anyone say whether they are effective?  It’s impossible, because it’s all secret.  Few members of Congress were aware of the breadth of these programs, and those that were legally prohibited from discussing them.  Our congressional oversight effectively amounts to a handful of members, having access to sensitive documents within tightly controlled conditions without the resources to effectively “oversee” anything.

Meanwhile, to be blunt, our Foreign Intelligence Surveillance Court is a judicial rubber stamp.  In 2012, 1,789 applications to conduct electronic surveillance for foreign intelligence purposes were made to the FISC.  One was withdrawn.  None were denied.  A further 212 applications were made to the FISC to access business records.  None were denied.

In February, I attended an address by Rajesh De, General Counsel of the NSA, wherein he attempted to disabuse the audience of several “myths” about the National Insecurity Apparatus:

False Myth #1: NSA is a vacuum that indiscriminately sweeps up and stores global communications.
False Myth #2: NSA is spying on Americans at home and abroad with questionable or no legal basis.
False Myth #3: NSA operates in the shadows free from external scrutiny or any true accountability.

At the time, I remember being struck by how much of his remarks focused on procedure and structural legalese.  As Jennifer Granick put it today, however, the complexity of our national security laws are such that it allows officials to offer “non-denial denials” that mask the truth and obfuscate the bigger concerns.  For example, it may well be true that the NSA neither sweeps up nor stores “communications.”  But if collecting every phone number you dial, long your call last, and where both ends of the call came from are not legally “communications,” I imagine that might come as a surprise to most average people.The government’s initial response–both in the Administration and in Congress–have been dismayed and outraged at the “magnitude of the leak” involved.   Jack Clapper, director of National Intelligence, has called this “unauthorized disclosure” utterly “reprehensible and risks important protections for the security of Americans.”  Or perhaps these officials are more worried about a political backlash:

If so much information is being gathered about almost everyone to figure out patterns, then it’s not as though you’d be tipping off a particular target that we were on to him. Would publicizing the order that this information be collected have given away technical secrets to our enemies (or rather, at this point, has publicizing it done so)? I don’t see how. I can see why the government might want to keep this data-mining program secret to avoid a political backlash, but that is of course not a good reason for concealing it.

No laws have been broken.  No single politician or political party alone should be blamed for this state of affairs, but we ought to become more mindful about the disconnect between the rhetoric surrounding government transparency and personal privacy and the actions of our society when these principles are at stake.

Parsing the Purpose Limitation Principle

Last month, the European Union’s Article 29 Working Party (WP29) released an opinion analyzing the data protection principle of purpose limitation. That principle, which aims to protect data subjects by setting limits on how data controllers use their data, conflicts with potential Big Data applications. In the wake of efforts by a number of parties to tweak the “legitimate interests” ground for processing data, this opinion demonstrates how Big Data fundamentally challenges European privacy law.  The opinion itself seems geared toward addressing Big Data; the WP29 specifically notes that current business trends are of particular relevance to its opinion, which it put forward as a way to balance the risks and rewards of data processing in our increasingly data-intensive society.

Under Article 6(1)(b) of Directive 95/46/EC, the purpose limitation principle consists of two fundamental building blocks:

  1. that personal data must be collected for “specified, explicit and legitimate” purposes (purpose specification);

  1. that personal data not be “further processed in a way incompatible” with those purposes (compatible use).

The challenge posed by Big Data is that much of the new value of information comes not from any original, identified purpose but rather from secondary or derivative uses. As a result, both building blocks of the purpose limitation principle are in tension with the how Big Data works, presenting a challenge for pursuing innovative data uses in Europe.

First, WP29’s understanding of purpose specification requires that before data collection that purposes “must be precisely and fully identified.”  Many of the secondary ways in which data can provide value, whether to security, safety, or health, may not be easily identifiable. This problem cannot be cured by providing a broader purpose specification because the Working Party is critical of “vague or general” purposes such as “improving users’ experience,” “marketing purposes,” “IT-security purposes,” and “future research” as being generally inadequate to meet this test.

Limited in this way, the benefits of Big Data are effectively cabined by whether or not they satisfy the compatible use test.  The onus falls on data processors in Europe to determine whether or not a secondary use is compatible with how the data was originally collected. The WP29 opinion recognizes that actually applying the compatibility test is problematic within the context of Big Data, and suggests developing a “rigorous but balanced and flexible application of the compatibility test” to new data applications.

The compatibility test does provide some flexibility to data processors.  For one, because the test itself prohibits incompatibility rather than requires compatibility, the lack of any affirmative requirement that a data processor show further processing is compatibility appears to provide some wiggle-room.  Compatibility still must be assessed on a case-by-case basis; the following criteria are put forward as particularly relevant to any compatibility assessment:

    • the relationship between the purposes for which data has been collected and the purposes of further processing;
    • the context in which data has been collected and the reasonable expectations of the data subjects as to its further use;
    • the nature of the personal data and the impact of the further processing on the data subjects;
    • the administrative and technical safeguards adopted to ensure fair processing and prevent any undue impact on individuals.

These are important criteria to consider, but the WP29 specifically discusses the implementation of safeguards as being important to Big Data processing.  It distinguishes between two different “Big Data” scenarios: one where organizations seek to uncover “trends and correlations in the information” and another where they “specifically want to analyze or predict the personal preferences, behavior and attitudes of individual customers” in order to “inform ‘measures or decisions’ that are taken with regard to those customers.”

As described, this second scenario has the larger personal privacy implications for individuals. The WP29 explains that “free, specific, informed and unambiguous ‘opt-in’ consent” would be required, which may be easier said than done.  The division of the Big Data world into projects that seek out merely correlations in disparate information and those that directly target individuals is simple and easy to grasp, but it does not necessarily reflect how Big Data is reshaping how data is now processed. In a paper released in February, the Centre for Information Policy Leadership (CIPL) discussed some of the concerns surrounding Big Data, and one of the paper’s key takeaways is that Big Data is largely an iterative process. If many of the benefits we’re deriving from data come from secondary uses of that information, these insights appear across applications that cannot be as easily divided as the WP29 suggests.

More problematic, insisting on consent for any potential Big Data application that could impact individuals may not be tenable.  As CIPL noted, data analytics relies on “increasingly large data sets obtained from such diverse sources that obtaining consent may not be practicable.”  The WP29 seems to recognize both the limitations on consent and that insisting on consent could eliminate some legitimate benefits.  In a footnote, it admits that some exceptions may exist “in some cases, based on an informed debate of the societal benefits of some uses of big data.” (While the WP29 remains wedded to our current notice-and-consent framework, some of their proposed safeguards are exactly what is needed to alleviate Big Data fears.  The opinion encourages the disclosure of decisional criteria and providing consumers with insight into how their data impact decision-making algorithms.  In many ways, the opinion comes close to encouraging some of the same mechanisms to get users’ engaged with their data that I recently discussed.)

Fortunately, consent is one of six lawful bases for processing data in Europe. Article 7 of the Directive permits personal data to be processed where it is necessary for the “legitimate interests” pursued by the data controller, except “where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.”  Arguably, as notice-and-consent requirements have become ever more legalistic and procedural, the legitimate interest ground increasingly becomes the default posture of data processors.

Indeed, as Europe debates its new data protection law, the legitimate interest ground has seen considerable discussion.  The  Civil Liberties, Justice and Home Affairs (LIBE) Committee Report issued in December proposes that the legitimate interest provision could only be relied upon in “exceptional circumstances.”  The more industry-friendly Commerce Committee suggests that the European Data Protection Board should “set out comprehensive guidelines on what can be defined as ‘legitimate interest.’”  All of this activity suggests once again how challenging Big Data applications may be for European privacy law, and tweaking how we understanding principles such as purpose limitation do not resolve the benefits and business realities of Big Data.

Keeping Secrets from Society

While the first round of oral arguments surrounding gay marriage was the big event before the Supreme Court today, the Court also issued a 5-4 opinion in Florida v. Jardines, which advances the dialog both on the state of the Fourth Amendment and privacy issues generally.  In Jardines, the issue was whether police use of drug-sniffing dog to sniff for contraband on the defendant’s front porch was a “search” within the meaning of the Fourth Amendment.  By a slim majority, the Court held that it was.

This is what our protection against “unreasonable searches” has become: a single-vote away from letting police walk up to our front doors with dogs in order to see if they alert to anything suspicious.  What I think is even more alarming about the decision is how little privacy was discussed, let alone acknowledged. Only three judges–curiously, all three women–recognized that the police’s behavior clearly invaded the defendant’s privacy.  The ultimate holding was that bringing a dog onto one’s property was a trespass, and the Fourth Amendment specifically protects against that.  But while defaulting to a property-protective conception of the Fourth Amendment has the virtue of “keep[ing] easy cases easy,” as Justice Scalia put it, it ignores that nuanced reality that the Fourth Amendment was designed as a tool to obstruct surveillance and to weaken government.

The dissent, meanwhile, was ready to weaken the Fourth Amendment even more.  While this case was in many ways directly analogous to a prior decision, Kyllo v. United States, where the Court restricted the use of thermal goggles to inspect a house, the dissenters made the alarming assertion that “Kyllo is best understood as a decision about the use of new technology.”  What makes that rationale scary is that Kyllo included the unfortunate invocation that whether or not government surveillance constitutes a search is contingent upon whether or not the technology used is “a device that is not in general public use.”  This creates the not only the possibility but also the incentive to use technological advances to diminish the Fourth Amendment’s protection.  It creates a one-way ratchet against privacy.

I am not the first person to suggest that the Supreme Court’s Fourth Amendment jurisprudence is utterly incoherent.  I particularly enjoy the description that our Fourth Amendment is “in a state of theoretical chaos.” Last year, facing a case where the government attached a GPS unit to a car, tracked a suspect for a month, and never got a warrant, the Court unanimously concluded this violated the Fourth Amendment.  That was great.  More problematic, the case produced three very different opinions, that could not even cleanly divide along ideological lines.  What it boils down is this: we are a serious privacy problem in this country.

And while its easy to point a finger at a power-hungry government, the blame rests with us all.  We have been quick–eager even–to give up our privacy, particularly as we have embraced a binary conception of privacy.  We either possess it, or our secrets our open to the world.  We have been conditioned to think our privacy ends when we walk out the front door, and now we live in a world where nothing stops anyone from looking down on everything we do from an airplane, a bit lower from a helicopter, and, yes, soon even lower from a drone.  We have no expectation of privacy in our trash anymore.

Just look at Facebook!  Facebook isn’t even a product–it’s users are the product.  Vast treasure troves of personal data flows into the business’ coffers, and it wants more.  As The New York Times reported today, Facebook’s data-collection efforts extend far beyond its mere website.  Facebook doesn’t even stop when you leave the internet.  But worry not, says Facebook, “there’s no information on users that’s being shared that they haven’t shared already.”

That’s certainly true, but today it’s being aggregated. The data freely available about each and every one of us could, as The Times put it, “leave George Orwell in the dust.” Private companies collect “real-time social data from over 400 million sources,” and Twitter’s entire business model depends upon selling access to its 400 million daily tweets. Our cars can track us, and just today I saw the future of education, which basically involves knowing everything possible about a student.

I’m hesitant to quote Ayn Rand, but since an acquaintance shared this sentiment with me, it has dwelt in my mind:

Civilization is the progress toward a society of privacy. The savage’s whole existence is public, ruled by the laws of his tribe. Civilization is the process of setting man free from men.

Perhaps our collective future is, as Mark Zuckerberg posits, destined to be an open book.  Perhaps Google CEO Eric Schmidt is right when he cautions that “[i]f you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”  I am certainly not immune to oversharing on the Internet, and for whatever my privacy is worth, I don’t really have anything to hide.  But that’s not the point. Before anyone embraces a world where the only privacy that exists is in our heads, I would suggest reading technologist Bruce Schneier’s rebuttal:

For if we are observed in all matters, we are constantly under threat of correction, judgment, criticism, even plagiarism of our own uniqueness. We become children, fettered under watchful eyes, constantly fearful that — either now or in the uncertain future — patterns we leave behind will be brought back to implicate us, by whatever authority has now become focused upon our once-private and innocent acts. We lose our individuality, because everything we do is observable and recordable.

Of course, as my boss describes it, Adam and Eve’s flight from the Garden of Eden had less to do with shame and more to do with attempting to escape the ever-present eye of God. Some would suggest we might have been better off in that idyllic paradise, but I much prefer to keep a secret or two.

Is Big Brother Getting Into Our Cars?

In the public relations battle between The New York Times and Tesla over the paper’s poor review of Tesla’s Model S electric car, the real story may be the serious privacy issues the whole imbroglio demonstrated.  After The Times’ John Bruder wrote a less-than-flattering portrayal of his time with the Model S, Tesla Motors CEO Elon Musk challenged the review using information provided from the vehicle’s data recorders.  In the process, Mr. Musk revealed that “our cars can know a lot about us,” writes Forbes’ Kashmir Hill. For example, Mr. Musk was able to access detailed information about the car’s exact speed and location throughout Bruder’s trip, his driving habits, and even whether cruise control had been set as claimed.

“My biggest takeaway was ‘the frickin’ car company knows when I’m running the heater?’ That’s a bigger story than the bad review,” gasped one PR specialist. Indeed, our cars are rapidly becoming another rich source of personal information about us, and this presents a new consideration for drivers who may be unaware of how “smart” their cars are becoming. Connected cars present a bountiful set of bullet points for marketers, but whether consumers are being provided with the necessary information needed to understand the capabilities of these vehicles remains an open question.

And it is not just car companies that will possess this wealth of information. Progressive Insurance currently offers Snapshot, a tracking device that reports on drivers’ braking habits, how far they drive, and whether they are driving at night. Progressive insists the Snapshot program is neither designed to track how fast a car is driven nor where it is being driven, and the Snapshot device contains no GPS technology, but the technological writing is on the wall. A host of marketers, telcos, insurers, and content providers will soon have access to this data.

In the very near future, parents will easily be able to track their teenagers driving in connected cars. Assuming cars permit their drivers to violate traffic rules, it may be impossible to actually get away with risky driving habits. Telcos increasingly find cars to be a lucrative growth opportunities. “[Cars are] basically smartphones on wheels,” AT&T’s Glenn Lurie explains, and indeed, many automakers see smartphones as an integral part of creating connected cars.

While we continue to grasp with the privacy challenges and data opportunities presented by smartphones, we have only just begun to address the similar sorts of concerns posed by connected cars.  In fact, privacy concerns have largely taken a backseat to practical hurdles like keeping drivers’ eyes on the road and more pressing legal concerns such as liability or data ownership. Indeed, at the last DC Mobile Monday event, the general consensus among technologists and industry was that consumers would willingly trade privacy if they could have a “safer,” more controlled driving experience. Content providers were even quicker (perhaps too quick) to suggest that privacy concerns were merely a generational problem, and that younger drivers simply do “not think deeply about privacy.”

That may be true, but while industry may wish to treat our vehicles as analogous to our phones, it also remains true that the average consumer sees her car as an extension of her home.  While the law may not recognize this conception, industry would be wise to tread carefully. OnStar’s attempt to change its privacy policy in 2011 proves illustrative. OnStar gave itself permission to continue to track subscribers after they had cancelled the service, and to sell anonymized customer data to anyone at anytime for any purpose. The customer backlash was brutal: “My vehicle’s location is my life, it’s where I go on a daily basis. It’s private. It’s mine,” went one common sentiment.

A recent article in The L.A. Times wondered whether car black boxes were the beginning of a “privacy nightmare” or just a simple safety measure.  The answer likely falls somewhere in between, and if the Tesla episode reveals anything, it is that the striking the proper balance may be more difficult than either privacy advocates or industry expect.While Mr. Musk had a wealth of data at his disposal and Mr. Bruder had only a book of observations to counter that data, neither party has been able to provide a clear account of Mr. Bruder’s behavior behind the wheel.  For example, what Mr. Musk termed “driving in circles for over half a mile,” Mr. Bruder claimed was looking for a charging station that was poorly marked.  Technologist Bruce Schneier cautions that the inability of intense electronic surveillance to provide “an unambiguous record of what happened . . . will increasingly be a problem as we are judged by our data.”

Most everyday scenarios presented by connected cars will not produce a weeks long dispute between a CEO and a major newspaper. Instead, Schneier notes, neither side will be able to spend the sort of time and effort trying to figure out what really happened. Certainly, consumers may find themselves at an informational disadvantage. In the long term, drivers may be willing to trade their privacy for the benefits of an always connected car, but these benefits need to be clearly communicated. That is a discussion that has yet to be had in full.

1 2 3  Scroll to top