Uber, big brother, and company use of big data

There's social privacy (hiding from the state) and personal privacy (hiding from your neighbours). Where do corporations fit in?

ImageI have had the opportunity to speak about my concept of Big Uncle a couple of times this year (at the itSMF Australia national conference and at an ISACA security education day). Big Uncle pertains to national surveillance and privacy, not corporate surveillance. But I have been meaning to examine the area of corporate surveillance which I think falls in a middle ground. When people raise concerns about personal data and surveillance they are as often worried about corporates as they are about governments when they refer to the mysterious "THEY".

Big Uncle says that we get the surveillance we want and deserve. Surveillance can be benevolent. It is up to the community to stand up for what it believes in, and especially for IT professionals who are the troops on the ground for Big Uncle ... or Big Brother.

We in IT enable surveillance: we collect the data, we transfer it and store it, we create the tools to search and report it. Big Brother is not possible without the consent of IT professionals. Don't be giving the "I didn't know" or "just taking orders" defenses.

Image
When laying out that argument I was referring to surveillance by the state. So where does the concept of Big Uncle take us with corporates?

Recently the issue of corporate rather than national surveillance has been in the media when Uber threatened to use its data to harass journalists who are critical of Uber.

Thanks to Murdoch, American television, paparazzi, and similar influences, journalists have lost any respect they may have had in the past, which is not helping them defend against this idea.

But a company using its power of data to hound and intimidate an individual? We don't want to go there. Today journos; tomorrow bad reviewers, stroppy shareholders, whistle-blowers...

From their statements, Uber comes across as an arrogant bombastic bunch whose success has gone to their heads and who have long since left any ethical grounding behind. Hopefully they will get what they deserve.

Most of the employees at Uber will be in IT. They need to do some serious soul-searching about the tools they build and the controls they put in them. Hopefully some will find the whole thing distasteful enough to (a) leave and (b) if necessary whistleblow on the bastards.

I think there are two kinds of privacy:

  • social privacy: the privacy from society, stuff that the community as a whole, the state, cannot see.
  • personal privacy: privacy from those you know, your friends, neighbours and colleagues.

I'm not expert or well-read on privacy so if this model already exists please let us all know in the comments.

Personal privacy is easily defensible. We have a right to privacy from those we meet personally, though it is a newly minted right, a social advance without historical precedent.

Social privacy not so much. If you have a taste for pictures of ladies in lingerie, you have a right to keep that from your neighbours. But if you have a taste for pictures of little girls in lingerie then I sure as hell want the state to know.

Anonymity is the extreme form of social privacy, and I think anonymity has no place in any civilised society. If your society is so broken that you have a valid case for anonymity (e.g. homosexuals in Muslim countries, or liberal women or Christians or...) then the lack of it on the internet is the least of your worries. if you cant trust the state you have to fix the state not the internet: they'll be watching much more than just your emails, you need to change your behaviour not your firewall.

For a civilised democratic society anonymity is indefensible. There are too many use cases against it: trolling, cyber-bullying, identity theft, grooming... Generally it simply drives uncivilised behaviour. Anonymity allows people to do things they wouldn't dream of doing with people watching. It turns them into animals.
We can't demand transparency from our government and their agencies and not provide transparency ourselves. Transparency and democracy go hand in hand, and it cuts both ways.

Simply put I think the state has every right to overrule your privacy but individuals don't. Which is pretty much how the law works.

So, back to those evil corporations. Corporations are somewhere midway on the spectrum between society and individuals in terms of how you should regard them over privacy of data. They know you, but they don't care about you individually and you don't have to meet them face to face.

There are real benefits in them having data about you, but not as much benefit as the state knowing. I want Amazon to make intelligent book recommendations. I want all the ads I see to be of interest.

There are real risks too, they are more likely to abuse the data than the state is (Would the conspiracists up the back keep it down please. They're not chemtrails they're contrails, and if they were lizards you'd be able to spot the purple tongue).

When I presented on Big Uncle recently, an audience member proposed a use case for why privacy is important: imagine if your health insurer saw a photo of you on Facebook with a cigarette. So your insurer catching you lying is a bad thing? In a small town your insurance broker knew full well whether you smoked or not. Welcome back to the global village.

On the other hand a use case that is more discomforting is the recent revelation that the airline industry is building a system (IATA's New Distribution Capability, NDC) to allow them to display pricing based on what they think you as an individual would be willing to pay. They're gaming you.

I think we need a nuanced view of privacy (I'm certainly nuancing my own view over time):

  • We should have tight control and protection over what someone can reveal to those who know us and to the public. Our personal privacy is important. We have that pretty well in place already I think.
  • The state should have the right to know about us, with full transparency of what they do and how (My Big Uncle presentation says "Snowden is a hero"). Social "privacy" is in fact secrecy, it is as unhealthy as the secrecy of the agencies probing it.
  • We should give more scope to corporations to use data, in controlled conditions, with oversight and accountability. Sometimes they are operating in a social way where our transparency is important; sometimes they are getting personal and need to be slapped down.

Thoughts?

Syndicate content