Fear of Data

A while ago, I came across an interesting opinion piece on Lifelogging, and how interest is waning as people move towards more “forgetful” services like Snapchat. It’s certainly something I’ve thought a lot about, both in terms of the data I create, and who has access to it. It requires a lot of trust in the people who we share our data with. The essay’s author, Mike Elgan, has his own opinion:

I believe this apparent impulse to forget is not what it seems. In reality, people are just suffering from information overload and data anxiety. Collecting huge amounts of personal data — even large numbers of pictures — simply creates a problem without solving one. The problem it creates is: How do you manage all this data? How do you back it up? Store it? Annotate or tag it?

Following this election, I think Mike Elgan and others are asking another question: who else has access to our data? I know I am, but I was asking it before it was cool, or at least before we were all afraid of Donald Trump.

In the wake of the election, a lot more people who were pretty darn confident about their data, how safe it is, and how safe they are, started getting a lot more paranoid. Case in point, this excellent Buzzfeed article by Sheera Frenkel, which interviews a handful of — well, two — Valley entrepreneurs who run data-focused companies, along with noted tech wise-ass critic, Maciej Cegłowski of Pinboard fame. (I use “wise-ass” as a compliment, here.)

Maciej has been an outspoken critic of how the Valley treats data collection, likening it to nuclear waste in an excellent talk. Maciej also has an excellent set of six fixes to help restore privacy online. I’m grateful for his work, but rather than rehash his ideas and spend more time chiding Valley companies for treating the data of real people with as much care as you might give the wrapper for your chewing gum, let’s step back and think about how we got here.

Tech companies have two main uses for personal data. One is for improving products and the consumer experience. Google collects your every move, reads every email, and tracks cars in traffic, so that when you wake up in the morning, you can find out that traffic’s backed up on your way to the airport Then Google suggests you leave a few minutes early, and take an alternate route. Your life is measurably improved — you didn’t miss your flight — and everyone is happy.

The other use is to sell to advertisers. Google collects your every move, reads every email, and tracks cars in traffic so that it can suggest you pick up breakfast from Dunkin’ Donuts, or that it’s time to get your tires rotated at Jiffy Lube. Okay, maybe not you specifically, but recent changes there suggest that might be changing. Either way, the goal for advertisers is to leverage all of this data to know what you want or need before you do, get the right ad in your face, and make the sale.

Of course, this is all a review. We know this is the arrangement, and for every game-changing, life improving notification we get on our devices, there’s going to be a targeted ad somewhere to make sure it’s paid for. Implicit in all of this is trust that these companies will be good stewards of our data. What we haven’t fully defined is what good stewardship of data is.

We are getting a very good idea of bad stewardship, though. It’s the push notification to leave for work when you’ve already sat down at your desk, sure, but it’s also the badly targeted ad that you can’t escape no matter how hard you try. It’s the email from Have I Been Pwned? that tells you yet another company has been hacked and your email, password, credit card, and god knows what else now is for sale on the darknet to the highest bidder. It’s the service you loved and trusted going out of business, and their assets being picked up for pennies a gigabyte by some entity you never heard of in a country you can’t find on the map, and no way to get your data back.

The narrative has always been “trust us, we know what we’re doing,” followed up by “give us more data, so we can get better” — at least among those who are courteous enough to ask. Most places just change the Terms of Service, and throw up a screen that people will click through without reading so they can get their next dopamine hit. But, because so many techies want a better, smarter device, they’ll not only happily give in to what the companies ask, they’ll raise hell about those companies that take their time and try to do more with less, or protect user privacy in the process. (Yes, I’m talking about Apple.)

Which is why I’m so surprised to read about how Valley companies are freaking out over Donald Trump. Nobody can tell me they see this coming, if not from a Trump presidency, than perhaps under another in four to eight years. The fracas between the FBI and Apple should have been the latest of a whole flock of dead canaries in the data mine — it was never going to stop with one device. Whatever a company’s policies on encryption, authorized access, or what have you, men with guns can be very persuasive, whether they have a court order or not.

I’d like you to pretend for a moment that you work for Facebook, Google, Amazon, Apple, or Palantir — any company that collects a whole bunch of data on people’s online behavior. Imagine you work in the department that oversees data collection, and that you have access to the database. Imagine you can see, unencrypted, every scrap of data of every person in that database, should you choose so. That’s a lot of power, and in real life, it’s probably shared across a bunch of people. But imagine you’re one of them.

After work one day, a man trails you to your car. He holds a gun to your head, and hands you a list of people that he wants data on. If you give him all the data, he promises you ten million dollars. If you don’t, he will put a bullet through your head and make it look like a suicide.

What do you do?

It doesn’t matter whether the man with the gun is with the US Government, the Russian Government, or just some nutjob with a grudge and a list of ex-girlfriends. Your life is at risk, and you have access to the data he needs. Remember, you don’t need a supercomputer to crack encryption if you can beat the password out of the owner with a wrench. The only way to make sure nobody gets unauthorized access to data is not to have that data lying around in the first place.

And there’s the catch.

So much of our online lives run on data, not just to pay for it, but to make it usable. We’ve struck a Faustian bargain, and this is the result. Fear is justified, and at the risk of conspiracy-mongering, it’s no surprise that Peter Thiel was so willing to fund the Trump campaign in retrospect. Thiel is the co-founder of Palantir, one of the biggest of the big data companies, and they already have huge inroads with the New York City government. Plus, he sits on the board of Facebook. Now, Thiel has the ear of the President-Elect.

With no controls on what data is collected and how long it’s stored, these databases become increasingly tantalizing targets for malicious actors of all stripes. It’s a shame that it took this long for anyone to start waking up to the danger. Now, it might be too late. At least we’re having the discussion at last, and perhaps a few of the people who called me paranoid aren’t going to be quite so dismissive going forward. Boy is that some cold comfort.

Originally published at Sanspoint..