It is impossible to entrust the regulation to the information brokers
Many of us are aware that our online activity is recorded and analyzed, but we assume that the physical spaces we inhabit are not subject to surveillance. The information broker industry sees things in a different light. As far as this industry is concerned, even a simple action like walking down the street is considered a data set that can, and is allowed to be captured, cataloged and exploited. This blurring of domains between the digital space and the physical space is known to be important not only due to the fear of violating privacy, but also due to the weighty questions that the issue raises regarding ethics and power.
In one of the last issues of theWall Street Journal An article was published about a company called Turnstyle, which has planted hundreds of sensors in businesses throughout Toronto's business and commerce center in order to capture signals from smartphones as they search for open Wi-Fi networks. The signals are used to uniquely identify the smartphones as their owners move from street to street, from a coffee shop to a movie theater and from work to home. Even if the owner of the phone does not connect to any Wi-Fi network, it can still be tracked. And the whole process often happens without the knowledge of the smartphone users. The Turnstyle company makes the data anonymous by removing identifying details, and processes them into reports that it then sells to business and commercial entities to help them "understand the customer" and prepare personally tailored offers for them.
Recently voices have been heard, both in the public sector and in the private sector, calling for the free collection of data in order to minimize threats and, at the same time, maximize business opportunities. However, this trend may have completely unpleasant results. Mike C., a customer of the OfficeMax company, recently received a letter from the company, in which, after mentioning his name, the words "the daughter was killed in a car accident" appear. He never shared this information with OfficeMax. The company admitted that this was a mistake, which [it said] was caused by a "distribution list transmitted through a third-party provider."
This was, without a doubt, a mistake, but it has the potential to reveal what goes on behind the scenes of data trading. Why, anyway, did OfficeMax collect data about the accidental death of someone's child? And to what extent, if at all, can we expect business and commercial entities to set limits for themselves when it comes to our private information, assuming it's fair game? The OfficeMax company did not explain why it bought the mailing list, nor did it say how much personal information the list included, but we know that third-party providers that process data sell various types of databases to business and commercial entities, including "residential addresses of police officers, names of rape victims..., names of patients with genetic diseases," as well as names of people who were suspected of being alcoholics, of cancer patients and of HIV carriers and AIDS patients, as Pam Dixon, CEO of the World Privacy Forum, testified before the US Senate in December 2013.
In the absence of regulated regulations on the subject, several attempts have been made to formulate a professional code of ethics to be used by companies dealing in providing location data. According to one of the proposals, the code would oblige these companies to make the personal information in their possession anonymous, would limit the amount of time these companies could keep the information, and would prevent its use for the purposes of employment, providing medical services or insurance. However, according to this proposal, when it comes to "non-personal" information, the code of ethics will only require an assumption of consent (opt-out consent): that is, the assumption will be that the user consents to online tracking and the collection of data about him, unless he specifically informs a central website, specifying his personal details , who is not interested in tracking.
The problem is that almost everything is personal. "Any information that distinguishes one person from another can be used for re-identification, even based on anonymized data," wrote computer and information science experts Arvind Narayanan, now at Princeton University, and Whitley Shemtikov of the University of Texas at Austin, in an article published in 2010 in the journal Communications of the ACM. Such information includes anonymous product reviews, search queries, de-identified cell phone data, and commercial transactions. Furthermore, the model of assuming consent forces customers to volunteer additional personal information to marketers. And in addition, it is not at all clear if it will ever be possible to entrust the regulation to the entities that trade in information. Most of the accepted privacy models in the information industry assume that private individuals should act as if they were businesses, and trade their information for the best price they can get, and this, on the assumption that they operate in a "frictionless economy", that is, in a world where everyone understands how technology works and is aware of the consequences The possibility of sharing their personal information. But these models do not reflect our very unequal reality. The power is in the hands of those who have the tools to locate, collect and analyze data, and their power is many times greater than that of those who lack these tools.
A narrow focus on the issue of personal responsibility is not enough to give a sufficient answer to the problem: it is a systemic problem. These days, we are witnessing large-scale experiments being conducted on the streets of cities around the world, during which innocent bystanders become unwilling participants, without any real ability to negotiate the conditions for their participation in the experiment, and often, without even being aware that their personal information is being collected and stored.
____________________________________________________________________________________________________________________________________________________________________
on the notebook
Kate Crawford (Crawford) is a principal researcher in the research division of Microsoft, a visiting professor at the Institute for Citizen Engagement in Political Processes of the Massachusetts Institute of Technology (MIT), and a senior fellow at the Information Law Institute of New York University.
The article was published with the permission of Scientific American Israel
