Interview Cyber Privacy: Who Has Your Data and Why You Should Care is the title of a new book from April Falcon Doss, a former associate general counsel for intelligence law at America's NSA. Doss spoke to The Register about her concerns with pervasive data collection and its potential for harm.
These days the author is chair of cybersecurity and privacy at law firm Saul Ewing Arnstein & Lehr in Baltimore, Maryland.
Explaining why she wrote the newly published book, Doss said: "I spent years immersed in [privacy issues] and I was constantly discovering new areas of data collection, new ways in which data is being used, new concerns for individuals, and I thought, you shouldn't have to be a data expert to understand these things."
In the book she describes how cloud computing, analytics, and algorithms have changed the privacy landscape into one where near-inconceivable quantities of personal data is analysed.
I think people underestimate the ways in which their data is used to manipulate and shape their opinion, their thinking, their intentions...
Fitness wearables have "generated some 28 petabytes of data," she writes. "In today's complex data privacy environment, it's difficult for consumers to understand what they're consenting to: how their data might be collected and used by the owner of a free product or service they've signed up for, how it might be sold to others, what the impacts of cross-platform data aggregation are, and how artificial intelligence algorithms are creating behavioural prediction models about them."
How aware is the general public about what is happening? "I think that people have a general sense that when they're on social media, there is some profiling that allows targeted ads to be served up," Doss said. "I think people would be astonished if they understood the true scope and detail in those profiles."
People see some benefit in personalisation and intelligent assistance. Perhaps if they were more aware of harmful consequences, the average person would care more. What are those harms? "There are multiple potential harms," said Doss. "One is the set of harms around excessive government surveillance. In the consumer context, I think people underestimate the ways in which their data is used to manipulate and shape their opinion, their thinking, their intentions, and also the ways in which data can be used to drive decision-making about them on the basis of automated algorithms."
Phew. At least we have GDPR, though
Much of the control the tech industry offers us is illusory, she said, writing in the book that "privacy policies offer little more than a fig leaf of user notice and consent since they are cumbersome to read, difficult to understand, and individuals have few alternatives when it comes to using the major digital platforms." EU cookie laws? "A great deal of energy and attention has gone into drafting and implementing cookie notice laws, but it is an open question whether anyone's privacy has actually increased."
Apple is sometimes characterised as a privacy champion, versus Google the data hoover. Is Apple better in terms of privacy? "Apple has done a brilliant job with its advertising in that regard," said Doss. "'What happens on your iPhone stays on your iPhone' makes a beautiful billboard, but we know it's not quite true.
There is no question that even in societies with a strong tradition of western liberal democracy, there is absolutely a possibility this data can be badly misused
"Apple does retain data within its own ecosystem, they monetise that data differently, but the only way that your data truly stays within the Apple ecosystem is if you always only use Apple devices and services. As soon as you go outside the Apple ecosystem, you're no longer in this sort of hermetically sealed little bubble and the reality is nobody uses their iPhone or their Mac book that way. It would be a mistake for somebody to think that because they have an iPhone rather than Android, they now have perfect security of their data."
Should we worry more about government data gathering, or corporations? "I'm worried about both of them," Doss said. "There is no question that even in societies with a strong tradition of western liberal democracy, there is absolutely a possibility this data can be badly misused.
"Corporations, though – the thing that struck me writing this book was that corporations remain largely unregulated. In every model, even GDPR, which is perhaps the strictest of the data protection regimes, a consumer can consent to giving away data. On one level that makes sense, there is no need to be overly paternalistic. On the other hand, in today's data environment it is very difficult for people to understand the implications of the consent that they give because the ways in which data is aggregated, shared and then used are so complex. Government oppression can be greater at the extremes, but there is at least a regime to say there are boundaries on what governments should do."
Unfortunately, Doss said, it is too late to curb pervasive data collection. "As a practical matter, the horse is out of the barn on data collection. We can nibble around the edges of that and restrict certain types of collection for certain types of purposes, but there is such a huge appetite for these data-intensive apps, services, and devices, and so many uses, so many innovations, so many things that people love about it that I don't think this is going away."
So what can be done?
Cyber Privacy is strong on describing the problems, not so good when it comes to fixing them. "I would be more satisfied with the book if it had more in the way of solutions in it," Doss admitted. "But I do think that one of the things that is heartening is that regulators in a number of countries now are focusing very heavily on the the anti-competitive implications of the big data platforms.
What does everyone make of today's Google antitrust action? Only the stock market is happy with the status quoREAD MORE
"Traditional antitrust and consumer protection models have focused on pricing as a measure of unfairness. Companies like Facebook and Google and Apple and Amazon and others that have a very data-intensive model have been allowed to become these international behemoths, barely regulatable, and in the process they have squashed competition that could perhaps offer viable and more privacy-protective services."
There is a telling comment in the book stating that humanity is conducting an experiment on itself. "All of us have been unwitting participants in a multifaceted, loosely designed program of unregulated research," Doss writes. The outcome is uncertain, with liberal values now under threat. "The most dangerous exports from countries like China and Russia may be... the normalization of surveillance, the greatest threat to democracy around the world."
Something to ponder when enjoying innovative free services.
Cyber Privacy: Who Has Your Data and Why You Should Care is published by BenBella Books. ISBN: 9781948836920. ®