Uber, Facebook et al can’t (always) be trusted

Raise the red flag on apps’ use of personal data

An edited version of this article was first published in Sunday Star.

Recently, reports of Buzzfeed journalist Johana Bhuiyan’s allegations that private car service Uber — which launched this year in Malaysia– had on two occasions tracked her without her permission surfaced.

That the company has access to this information is not surprising; one of the selling points of car services and taxi apps is “security” from allowing family or friends to monitor ones journey, including details of the driver.

What was interesting about this allegation however is that Bhuiyan claims to have been monitored by a system dubbed God’s View, which reports state allows anyone with access to it a mass-surveillance-like database of journeys logged by the app as well as personal data of those using it.

It makes sense that such data is being logged, particularly for business purposes. This is common practice that Internet users have for years usually blindly accepted when signing on for a service. Whether it is photos on Facebook, location data on Instagram or daily routes on map app Waze, data we share privately with the companies and publicly on these platforms are often linked to our identities and filed away.

In most cases, there is an unmentioned understanding between users and these companies — we share our data with the companies in exchange for free services such as search facilities, email, storage and more. To some degree, there is an element of informed consent that data can be used by these companies in certain circumstances such as advertising targeting among others.

The understanding however is usually rooted in the belief that these companies would protect our data and not misuse it. Time and again, such companies find themselves having to reassert their commitment to maintain the privacy of its users.

In today’s world of assumed “publicness”, the belief is that only companies that are transparent in how they operate and use information we willingly share with them will see success and longevity in their business.

Companies like Facebook, Twitter, Yahoo and Google, for example, release transparency reports regularly, listing request for user information from institutions such as governments as well as how they respond to such requests. This practice is commendable, particularly in situations where the revealing of information can pose danger to a particular user.

The accepted wisdom is that if these companies go as far as to create privacy policies, constantly affirm their commitment to security and have such ethical practices, then surely we can trust them.

Besides, the mainstream discourse on breach of trust when it comes to digitised data often times revolve around the behaviour of the State. Human rights defenders has put a lot of effort, with good reason I will add, taking on the authorities and institutions bent on encroaching into the rights of its citizens.

From a digital technology standpoint, one issue that has been hotly discussed over the past few years is the issue of surveillance.

That battle is far from over but from a simplistic point of view, there is a solution to this problem if people feel strongly enough about it to do something about it. Thanks to the hard work of civil society, these issues can be addressed through lobbying and activism. What’s more, in democratic societies, citizens can vote out Governments they feel have failed them.

But what of ethical issues and betrayal of trust from commercial organisations that provide services we have embedded so deeply into our lives?

If anything, the allegations by journalist Bhuiyan itself should raise a red flag over what kinds of dangers these companies could potentially impose onto their users.

Even if there are no corporate policy or actual steps being taken to put these unethical and sinister practices into action, intentions to do so that have been come to light should at the very least make us cautious.

Bhuiyan’s allegations appeared following revelations from a closed-door event emerged that a Uber executive rhetorically suggested the possibility of mobilising their own researchers and journalists to respond to journalists who have been critical of its services by looking into their personal lives.

Uber has since responded to the reports with a commitment that the idea does not represent the company’s policy and that it has no intention of putting it into practice.

Still, it begs to be asked what a rogue executive in any organisation with so access to so much personal data about an individual could do.

Already, there is evidence that users are not always aware of how their data is being used. Granted, it is becoming common knowledge in exchange for free services such as Google’s email services and search product, we are allowing our information to be used to serve advertisers.

Have you ever noticed doing a search on Google, for example, and then going on to other sites like Facebook or Gmail and seeing ads directly related to that search? Many would argue that this is a fair exchange.

But in other circumstances, more questionable behaviour has been recorded. Reports have surfaced by Silicon Valley insiders that such breach of trust is not uncommon.

As an example, Apple has been previously caught out collecting location-related data in the past from iPhones, something the company attributed to a bug and claim to have fixed.

Earlier this year, Facebook received a lot of flack for an experiment it conducted in 2012 involving over 600,000 users where it manipulated information to see if it could impact the emotions of users.

Questions have also been asked about the potential danger in Facebook’s introduction of the “I Voted” badge (in the US), suggesting that Facebook has the power to manipulate who sees those badges (and perhaps be peer-pressured into voting), which could impact not only the way people vote, but the number of voters in particular areas to benefit certain parties or politicians.

Some of these dubious intent or actions are of course speculative. In Uber’s case, the tracking remains an allegation and Michael’s suggestion of attacks on critics may have genuinely not been part of the company’s plans.

However, this doesn’t take away from the fact that these companies have the ability, resources and data necessary to do ethically-questionable things.

It is important that we as users are aware of these issues because commercial organisations don’t exist the way the State does — we do not have the failsafe of democratic systems to fall back on to protect us.

Granted, legislation is slowly being developed across the world to deal with these issues more and more as we discover them with every turn of new technological advancements. But history has also shown that the State cannot always be trusted to hold large organisations accountable.

The current debate on net neutrality in the US is a clear example of how a company can influence politics, at the expense of the public. US President Barack Obama just recently urged the US Federal Communications Commission to push through policy which will not allow Internet providers to block or slow down connections. Naturally, some telcos have publicly opposed to the president’s plans and reports have surfaced that politicians backed by these companies are being pressured to oppose it as well.

There is also cross-border issues in that legislation in some countries may not have the power or influence to impact multinational companies. Then there is the fact that sometimes companies use vague language to inform us of what they will do with our data — often in line with Data Protection laws, such as the one Malaysia recently gazetted — but we overlook it in our haste to accept terms and conditions.

With this knowledge, users are now caught in a conundrum with regards to what to do. The fact is that many of the services these companies provide are fantastic and serve the public in ways never before imagined.

What is important here then is that the the relationship between user and company remains not just mutually beneficial but also trustworthy.

As such, users need to find ways to hold these companies accountable, not only when allegations and scandals surface but to constantly remind them that companies that would eventually win out are those who are committed to transparency, particularly with regards to what they are doing — or not — with our data.

Turning to the tools of political consumerism including protests and boycotts is one such way. There is already a strong movement to delete the Uber app in the US — reports indicate that removal of the app over the past few days is higher than usual — but it is equally important to speak out and pressure these organisations into doing the right thing.

However, with the kind support and backing many of these companies have both morally and financially, often times such efforts only cause a slight glitch.

Which is why it is equally important for users to support and empower consumer rights groups and freedom activists or turn to existing structures such as utilising social media tools to highlight any unethical activities by companies to coordinate a wider response against said companies.

It is imperative that we remain vigilant and proactive in this not only to protect our basic rights but more importantly, our own safety.

An edited version of this article was first published in Sunday Star.

Note: Some changes has been made to this article in reference to time (e.g. “Just a week ago” and “Last week” have been changed to “Recently”).