VI. Realism, Data Crimes and Next Steps
If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged. -Cardinal Richelieu
I have talked about data privacy in almost every conceivable context in this series. Is greater security worth the tradeoff required by surveillance capitalism? On a macro level, a product in Alphabet’s portfolio like G board is helping advance our ability to do Natural Language Processing as a society, feeding what it learns from you into this area of Machine Learning and benefitting us all with better predictions on how words fit together. On a micro level, you benefit via better user experience in G board’s ability to fill in what you are trying to say before you even try to say it, speeding up your typing. Track people long enough, and you’ll find your ability to sell incredibly specific information to the highest bidder increases substantially, be they advertisers or rogue political research firms. But beyond the prying entrance of eerie ultra-specific ad targeting into your individual life from the odd Google search is the effect of kingmakers being able to use compiled micro knowledge to macro effect, and sway our elections. We’re in the midst of an attempt to amplify control to unprecedented and dangerous levels, at the expense of liberty.
The fourth installment of this series revealed some of the close ties Google has to government entities in the US, organizations that set out to promote the wellbeing of its citizens. With a lot of its services, Alphabet does just that, actually improving lives not only within the US itself but in all the world’s countries. The goodwill towards humankind isn’t so utopian that it doesn’t take account of adversaries or even friendly countries which can be trying to gain our intellectual property, like our francophone allies across the sea. We heavily favor countries that comprise what’s known as the Five Eyes, and rightfully so. This is a special relationship that evolved from the same British and U.S. cipher and code-breaking teams that cracked Enigma in World War II, made up of five English-speaking allies which also include Australia, New Zealand and Canada. The willingness to share intelligence and techniques for gathering it is out of self-interest. But can this self-interest go so far as to become counter-productive when privacy isn’t respected?
The military-industrial-google complex and I both believe in a theory in International Relations known as Realism, which maintains that power is the only thing that truly matters. The Five Eyes using its capabilities against other countries, under Realism, is its prerogative, as there is nothing powerful enough to dissuade it from doing so. It has done just that, to individual citizens inside and outside itself.
Surveilling a single woman in Germany is well within the acceptable bounds of the Five Eyes’ purview. And that is exactly what happened; details of her private life were pored over by unwelcome guests, as so many East German mercenaries did in service to The Iron Curtain, stealing themselves into the lives of others? Moving up through levels of analysis, what would it take for the balance of power to shift in order to longer be favorable to justify the Five Eyes’ prying? Even if all the people in the local Stadtstaaten (“city-state”) of Berlin were surveilled, it could be justified. Next in the land area state (“Flächenländer”) of Brandenburg, then on to all 16 federated states of the German Republic, it could still be justified. If pushed further, though, the ability of power to justify itself starts to be called into question. If all citizens of the EU were included in this dragnet, the realpolitikal value of such an action is not worth the cost. It could be leveraged by China, Russia, and/or the Middle East to go against the countries which make up the anglophone world. Why should I, as a person living and benefitting from the Five Eyes’ protection care about what’s happening way over in Germany? Isn’t it in our best interest as a country to be as vigilant as possible, even if that means a little spying? No.
The particular woman in question here isn’t just any Berliner, or Brandenburger, or citizen of Germany. She happens to be widely described as the most powerful woman in the world, and increasingly the leader of the free world in the wake of Trump. What our country did when (as the most powerful member of the Five Eyes) it acted for the rest of the group and was outed for wiretapping Angela Merkel has been toxic to our international image. The cost to our reputation was the equivalent of wiretapping every citizen in the EU. Even to advocates for security, any potential advantage mustered from pushing surveillance to such an extreme is outweighed in an even more extreme way by the shift in our standing with our NATO allies. Trust will need to be built back up. But for now let’s restrict ourselves in our analysis to the domestic affairs of just the two original members of the special relationship, the UK and US.
The $5 billion the FTC fined Facebook reflects a growing discontent for one Silicon Valley behemoth’s repeated privacy trespasses against us. What’s the damage of such practices beyond monetary settlements? What were the specifics of the case, and how do they tie into our staunchest ally?
Across the Atlantic, the chicken that came before the egg was Nigel Farage and the Brexit campaign. Despite efforts to do away with damning evidence, it emerged from emails and whistleblowers that Cambridge Analytica put its Data Science muscle into sealing the UK’s fate to shoot itself in the foot.
A third party app promising a fun way to predict your personality was behind the gathering of tens of millions of users’ data that was funneled into the political research firm Cambridge Analytica, based in the UK but named by its Vice President, Steve Bannon.
The Trump campaign’s digital arm was known as Project Alamo, and it demonstrated through its use of Cambridge Analytica the raw power of Data Science. This UK consulting firm claimed to have 5000 data point on every American voter (more than 328 million people), via a personality survey on Facebook which was hidden in plain view as a fun pop quiz. “The One Click Personality Test” didn’t only take your data, it took all the data from your entire friend network with no permission. This involved neither consent nor awareness of what the data would be used for, and the case itself cites 87 million users affected. Data accessed from the ‘quiz’ reached beyond public information into private messages. Personality types in swing states which were categorized as being more persuadable were targeted, as a hypnotist does when picking which volunteers to include in the show, basing the selection on the enthusiasm with which they’re waving their arms. Trump’s campaign had 5.9 million well-targeted facebook ads, masterminded by Data Scientist Brad Parscald, while Hillary’s had only 66K. This targetting of voters’ suggestibility effectively made Parscald a kingmaker in the 2016 elections. Although he is returning to head up Trump’s 2020 campaign, the Democrats are sure to prioritize such targetting in the future.
Other than surreptitious fad apps and quizzes, the other main way to mine data is known as web scraping. It is an ethical gray area, but is one of the main tools used by groups like Cambridge Analytica to weaponized your data. They were truly the architects of Brexit, therefore, the era of Trump, therefore the current strong global push towards far-right populism, Jingoism and Xenophobia. As bad as the situation is in the US and UK, perhaps the worst instance of data crime occurred in Myanmar, where a massacre was facilitated by fake news spread by WhatsApp (Facebook). There is blood on the hands of technology companies that have grown too powerful to go unchecked and unregulated.
How can we fight back? Can you reclaim your own identity? From a societal perspective (that is to say, the society of the author), the Western Alliance? This too shall pass, and what happens next is for chance to decide. To protect your privacy and improve your chances in the new reality, wake up! Take into consideration the following pieces of advice:
- Don’t blindly click user agreements, they have consequences. So does putting your data out in the ether. You’ll be ahead of most by carefully reviewing each before proceeding to use the service. Although South Park once famously made fun of its terms of service agreement, Apple seems to be doing better than other companies when it comes to respecting privacy. Speaking at a conference of EU privacy commissioners in Brussels, Tim Cook put in a bid for a bill of U.S. digital rights, arguing for GDPR-style privacy protection in every state, not just California. He slammed competitors (read: Facebook, Alphabet) for profiting while unleashing powerfully negative forces onto the world.
“It is time for the rest of the world — including my home country — to follow your lead.”
- Always think critically. Be skeptical, not cynical. Google can and should be criticized for its leviathan status, but also consider the source when you have a story with a headline like this. Peter Thiel called for the investigation because he claims Google is working with China’s government instead of the U.S. military. He has Trump’s favor, as an early supporter of him, and built a fortune with PayPal. But Thiel is also behind Palantir, a lesser-known company that specializes in government and corporate big data analytics. So always consider the source and remember to dig deeper: Thiel is acting in self-interest and leveraging his position with the president against a direct competitor that was attacked by China during the “Operation Aurora” incident of 2010 discussed in part IV.
What are some ways to address this issue of data privacy, as an individual? Some quick remedies are using a search engine like DuckDuckGo instead of Google, and realizing the costs associated with Facebook, as well as Amazon and Microsoft. What about data on how private your data is? A metric? It turns out the topic of this series, data privacy, can be measured scientifically. There are a few ways in development, and I will make note of two: Private Aggregation of Teacher Ensembles, PATE, an approach that achieves private learning by carefully coordinating the activity of several different ML models, and Differentially Private Stochastic Gradient Descent (DP-SGD). This second approach is basically a procedure where a batch of data is randomly sampled and iterated through until the entire batch has been processed. Domain knowledge of Machine Learning algorithms is needed, as well as TensorFlow and Keras, but for those who really want to take privacy up a notch, this is recommended reading.
What are some ways to approach the issue as a society? The NSA later this year will further consolidate its offensive and defensive capabilities into a new cybersecurity directorate. It is adopting a strategy of “persistent engagement” in cyberspace against foreign adversaries including Russia, China and Iran. Laudable goals, but its track record of turning the military-industrial complex inward instead of outward necessitates the creation of an agency that could serve as a foil. A Data Protection Agency. The FTC helps to safeguard consumers and promote competition, but until recently failed to enforce many of the orders it established. The DPA would focus on privacy protection, compliance with data protection obligations, and emerging privacy challenges. It would address specific issues raised in this series in the following ways:
- Enact baseline federal legislation to bring all 50 states’ data rights to a level comparable to that seen in California, while still respecting that each state and often each city in a state have slight variations in how they approach data.
- Impose obligations for companies that collect personal information to have greater transparency, purpose specification and use limitation of data.
- Prohibit or do more to prevent manipulative marketing practices.
- Allow individuals more meaningful control of their personal data by requiring companies to move away from all-or-nothing terms of service which impose a binary of either waiving privacy rights or not using the product.
- The consolidation of personal data within a small group of firms has stifled innovation and competition. The DPA and other antitrust enforcers in the US should prioritize privacy interests in merger review, incentivizing privacy by design.
- Any reasonable citizen would not object to the disclosure of specific records that are required for legitimate criminal investigations and obtained through an appropriate judicial procedure, but US companies should not disclose user data in bulk to government agencies.
The only way to truly opt-out of having your data mined is to become a Luddite. Regulation promises to tame the Wild West of Data. But just as stating the Western part of the United States was “tamed” over the last 200 years is highly loaded, what is becoming the new reality of technology is open to interpretation. Our “manifest destiny” is to continue pushing the boundaries of what Data Science is capable of, as it continues to oscillate like a pendulum between privacy and security, liberty and control, good and evil. The players will continue to play this new game of ours, but there need to be referees on the field.
Should you wish to support public-interest technology, groups such as the Electronic Frontier Foundation and EPIC are a great place to start.
Works Consulted:
Complete Transcript, Video of Apple CEO Tim Cook’s EU Privacy Speech
Consumer Perspectives: Policy Principles for a Federal Data Privacy Framework
NSA Forms Cybersecurity Directorate Under More Assertive U.S. Effort
Privacy Amplification by Iteration
Semi-Supervised Knowledge Transfer For Deep Learning From Private Training Data
Trump Targets Google’s China Ties, Citing Billionaire Investor Peter Thiel
