The right to privacy for users of the internet has gained a lot of attention recently. The Facebook/Cambridge Analytica scandal, where digital consultants to the Trump campaign used data from Facebook users, has made people more aware of how their right to privacy has been eroding.

https://www.theguardian.com/news/2018/may/06/cambridge-analytica-how-turn-clicks-into-votes-christopher-wylie

But the recent news about what Cambridge Analytica was up to is the tip of the iceberg. Companies like Facebook and Google collect vast amounts of information about their users.

Google collects and stores:

  •       your bookmarks;

  •       your contacts;

  •       your Google Drive files;

  •       your YouTube videos;

  •       the photos you’ve taken on your phone;

  •       the businesses you’ve bought from;

  •       the products you’ve bought through Google;

  •       data from your calendar;

  •       your Google hangout sessions;

  •       your location history;

  •       the music you listen to;

  •       the Google books you’ve purchased;

  •       the Google groups you’re in;

  •       the websites you’ve created;

  •       the phones you’ve owned;

  •       the pages you’ve shared;

  •       how many steps you walk in a day;

  •       every email you have ever sent or received, including those that were deleted or categorized as spam;

  •       every Google Ad you have ever viewed or clicked on;

  •       every app you ever launched or used and when you did it; and

  •       every website you have ever visited and what time you did it at; and every app you have ever installed or searched for.

Facebook collects and stores:

  •       every message you’ve ever sent or been sent;

  •       every file you’ve ever sent or been sent;

  •       all the contacts in your phone;

  •       all the audio messages you’ve ever sent or been sent;

  •       what it thinks you might be interested in based off the things you’ve liked and what you and your friends talk about;

  •       every time you log in to Facebook, where you logged in from, what time, and from what device;

  •       all the applications you’ve ever had connected to your Facebook account.

https://www.theguardian.com/commentisfree/2018/mar/28/all-the-data-facebook-google-has-on-you-privacy

While Facebook and Google are among the companies collecting the most data, virtually every company is now in the data business. I attended the Creighton Business Symposium last fall. One of the speakers there noted that data is such big business that Domino’s Pizza now employs more people who collect, analyze, and review data than employees who make pizzas.

So what do companies do with all of the data they collect about their users? They can apply ever more advanced artificial intelligence tools to sort through it and learn customer likes and dislikes in order to target them with increasingly effective advertising, focused on products and services they are likely to be interested in. They can use it as Cambridge Analytica and others have, to target individuals with political advertising likely to influence the way they feel about a candidate or party before an upcoming election. The potential uses are endless.

Understandably, the power companies have to gather information about and manipulate individuals has raised serious legal, moral, and ethical questions. Do we cede our right to privacy when we browse the web using Google or use a service like Facebook or Gmail? Are the user agreements that we routinely sign but no one reads the best way to inform consumers that the service provider will be gathering information about them? Should a company or service provider have to disclose to consumers how they are using that information? Should there be hard limits on what a company can do with consumer data, even if the consumer consents?

The Government is also in the Data Business

The U.S. government also collects a disturbing amount of data about its citizens. Its interest is to reduce crime, prevent terrorism, and protect national security. But the data it gathers could easily be misused, by hackers who gain access to it, by rogue government employees, or by corrupt government leaders.

What follows are some basic facts about the types of data the government collects and how long it is retained.

• 5 years: How long the National Security Agency keeps “metadata” about all Americans’ domestic and international phone calls without suspicion of wrongdoing

• 5 years: How long the National Counterterrorism Center can keep and search databases of non-terrorism information about Americans

• 5 to 20 years: Retention periods for databases that store at least some information from border searches of Americans’ laptops, phones, hard drives, and more

• 6 years: Time period, beginning with the start of surveillance, that the NSA can keep Americans’ incidentally gathered communications

• 20 to 30 years: Amount of time the FBI keeps information collected via assessments and National Security Letters, even when it is irrelevant to a current investigation

• 30 years: Time period that Suspicious Activity Reports with no nexus to terrorism are kept by the FBI

• 1 Billion and growing: Records in the FBI’s Investigative Data Warehouse

• 1,000,000 sq. ft.: Size of National Security Agency’s data center (opening in 2014)

• 41 billion: Communications records stored by NSA’s XKEYSCORE system every 30 days

https://www.brennancenter.org/publication/what-government-does-americans-data

In 2017, the National Security Agency collected more than 534 million records of phone calls and text messages from American telecommunications providers, more than three times what it collected in 2016. Those records are not tapes of the actual calls, but metadata, identifying who called who, how long the calls lasted, how many characters were in a text message, etc. While the calls themselves were not recorded, that metadata can be used to identify an individual and “can also be paired with other publicly available information from social media and other sources to paint a surprisingly detailed picture of a person’s life.”

https://gizmodo.com/the-nsa-managed-to-collect-500-million-us-call-records-1825789394

Data is Ultimately About Control

Most people accept that companies will gather data about them in order to try to sell them products. In the wake of the Cambridge Analytica scandal, more people understand how campaigns (or companies acting on their behalf) use their data to try to influence their political beliefs. Regardless of whether companies and governments are doing it, gathering individual data is ultimately about control.

What happens when the attempts to use Big Data to control people go even beyond influencing purchases and political preferences? The worst case scenario about how Big Data and artificial intelligence can be used to eliminate privacy rights and control a populace seems to be playing out in China. The Chinese government is experimenting with using technology to monitor its citizens and extend its control over their behaviors.

China is using "Sky Net," a nationwide surveillance system tying artificial intelligence to CCTV cameras to tag and track its citizens. Each Chinese citizen is given a photo ID at 16 years of age. Those photos are then stored and used to identify people as they move around the country. Originally intended to track down corruption suspects, Skynet is now also used to identify those guilty of crimes as minor as jaywalking and to ration toilet paper at public parks.

https://www.csoonline.com/article/3228444/security/skynet-in-china-real-life-person-of-interest-spying-in-real-time.html

“In what it calls an attempt to promote ‘trustworthiness’ in its economy and society, China is experimenting with a social credit system that mixes familiar Western-style credit scores with more expansive — and intrusive — measures. It includes everything from rankings calculated by online payment providers to scores doled out by neighborhoods or companies. High-flyers receive perks such as discounts on heating bills and favorable bank loans, while bad debtors cannot buy high-speed train or plane tickets.

By 2020, the government has promised to roll out a national social credit system. According to the system’s founding document, released by the State Council in 2014, the scheme should ‘allow the trustworthy to roam everywhere under heaven while making it hard for the discredited to take a single step.’ But at a time when the Chinese Communist Party is aggressively advancing its presence across town hall offices and company boardrooms, this move has sparked fears that it is another step in the tightening of China’s already scant freedoms.”

https://foreignpolicy.com/2018/04/03/life-inside-chinas-social-credit-laboratory/

If the Chinese government’s social credit scheme sounds creepy, the fact it is attempting to monitor workers’ brain waves sounds like something drawn directly from George Orwell’s nightmares. The story linked below reports how the Chinese government is making workers in certain industries wear caps, which “constantly monitor the wearer’s brainwaves and stream the data to computers that use artificial intelligence algorithms to detect emotional spikes such as depression, anxiety or rage.”

https://www.scmp.com/news/china/society/article/2143899/forget-facebook-leak-china-mining-data-directly-workers-brains

Needless to say, the Chinese government is doing a great job of demonstrating some of the significant dangers associated with Big Data and artificial intelligence.

The Role of Regulators

Federal and state governments will have to understand these emerging technologies, stay current on how they are being used, and weigh their utility versus how they could compromise consumer privacy. In order to regulate an industry effectively, the regulators have to develop a deep understanding of it. Without such a base of knowledge, it is impossible to understand the potential benefits and costs of the technology and to craft and enforce intelligent laws that make sense. As the recent Congressional hearings regarding Facebook made clear, and internet memes like the one below mocked, the government at all levels has a lot of catching up to do.

There are a variety of things government should be doing. In one example, Illinois passed the Biometric Information Privacy Act. It places significant restrictions on how companies can use biologically unique identifiers for an individual. These identifiers, such as fingerprints, voiceprints, and facial recognition, if compromised, place individuals at a higher risk for identity theft. Government agencies, at all levels, should enact similar laws, which place reasonable limitations on the data companies can collect, how it must be secured, and how it can be used.

Reasonable limitations also need to be placed on the government’s power to collect information about its citizens. While private companies are tempted to manipulate people for profit, government will use the justification (or pretext) of security to justify spying on and invading the privacy rights of its own citizens. That amount of data in the hands of a J. Edgar Hoover type of leader, willing to use it to blackmail or control others, could be truly dangerous. 

Emerging technologies like Big Data and artificial intelligence offer the potential to solve some of the world's most complex problems. They will disrupt industries, fundamentally change the economy, and potentially affect the world in as profound a way as the Industrial Revolution. As with any tool, these technologies can and will be used for good and evil. It will ultimately be up to all of us to decide how we will allow them to be used, how much of our data we are comfortable sacrificing and what level of individual privacy we will accept.