Privacy is contextual and social, less legal and technical

Privacy is more than a couple settings and a consent checkbox on a form somewhere. Privacy and publicity seem to be pretty straightforward concepts and, legally, they are treated fairly superficially and defined mechanically. A result of that is a similarly superficial treatment in conversations about privacy and publicity in social and commercial engagements which rarely touches on what privacy really means to us. This leaves us fundamentally confused and conflicted about privacy because we have a deeper sense of what privacy means to us but the typical conversation about privacy lacks the language to describe that deeper sense of it all.

Anil Dash and dana boyd recently published articles on Medium titled “What is Public?” and “What is Privacy?“, respectively, which dive deeper into what publicity and privacy mean to us. If you are interested in what privacy and publicity mean in modern times, you should read both articles carefully:

What Is Public? andWhat Is Privacy?

One of the paragraphs in Dash’s article that stood out for me was this one:

What if the public speech on Facebook and Twitter is more akin to a conversation happening between two people at a restaurant? Or two people speaking quietly at home, albeit near a window that happens to be open to the street? And if more than a billion people are active on various social networking applications each week, are we saying that there are now a billion public figures? When did we agree to let media redefine everyone who uses social networks as fair game, with no recourse and no framework for consent?

I agree more with boyd that privacy is more about social convention. I particularly like this extract from boyd’s article:

The very practice of privacy is all about control in a world in which we fully know that we never have control. Our friends might betray us, our spaces might be surveilled, our expectations might be shattered. But this is why achieving privacy is desirable. People want to be in public, but that doesn’t necessarily mean that they want to be public. There’s a huge difference between the two. As a result of the destabilization of social spaces, what’s shocking is how frequently teens have shifted from trying to restrict access to content to trying to restrict access to meaning. They get, at a gut level, that they can’t have control over who sees what’s said, but they hope to instead have control over how that information is interpreted. And thus, we see our collective imagination of what’s private colliding smack into the notion of public. They are less of a continuum and more of an entwined hairball, reshaping and influencing each other in significant ways.

I also think this next extract nicely captures why people become angry with brands and why reputational harm happens at an emotional level. If you represent a brand, you should read this a few times:

When powerful actors, be they companies or governmental agencies, use the excuse of something being “public” to defend their right to look, they systematically assert control over people in a way that fundamentally disenfranchises them. This is the very essence of power and the core of why concepts like “surveillance” matter. Surveillance isn’t simply the all-being all-looking eye. It’s a mechanism by which systems of power assert their power. And it is why people grow angry and distrustful. Why they throw fits over being experimented on. Why they cry privacy foul even when the content being discussed is, for all intents and purposes, public.

Privacy is contextual. Law is also a poor mechanism for protecting it because law tends to be mechanical (it has to be). What we need more is a better awareness of what privacy and publicity mean in a social context and where the line is.

Jeff Jarvis made a statement about privacy in This Week in Google 261 which really caught my attention:

Privacy is a responsibility. It is an ethic of knowing someone else’s information.

Photo credit: Lost in Translation by kris krüg, licensed CC BY-SA 2.0

Big Brother WiST and the end of privacy?

Big Brother 2009 Italy

ITWeb contacted me and asked me for comment on a new technology called WiST which stands for “Wireless Intelligent Sensing Technology” (look out for the article tomorrow). On the face of it, this is an exciting technology. It is an alternative to RFID and promises an effective way to track assets and, more problematically, people:

Recent developments in miniaturized and low power integrated-circuit technology has allowed for the development of miniature and intelligent WiST™ sensors. Sensors provide a unique ID, sense movement, temperature, light, tilt, pressure and many more attributes. WiST sensors can also act as active RFID or NFC devices. This greatly enhances the use of WiST™ in a large variety of applications that vary from personal to business use.

Similarly GSM and microprocessor technology have become smaller, more power efficient and cost effective. The WiST™ sensor data transmits to predefined databases on the internet. The WiST™ applications then alert users and route data to business applications, control rooms, cell phones, and mobile devices according to predefined rules.

While the asset management applications are relatively benign (except where combined with people), the possible applications for people-based tracking are worrying, to the say the least. One of the possible applications mentioned on the WiST site is for “social networking identification”:

Why send countless hours updating your social networking profile while you can stay in touch and build new social networks with the help of a WiST™ sensor armband.

WiST™ armbands contain tamper proof sensors with on-board memory that enables the user to store personal information such as name, photograph emergency contact details, medical details and social network details. The system is programmable to allow for flexible distribution protocols.

As the user visits WiST™ enabled venues such as clubs, bars, restaurants etc. WiST™ cameras will identify the users and take photographs and/or videos of them in their social environment. The users can follow a few simple steps to post the material of their choice to their profiles.

This technology becomes problematic if it is used in such a way that consumers are unaware that it is being used or are not adequately informed about what the technology does. Tagging people in real-time and associating that with identities and location is a privacy minefield and WiST must navigate this very carefully. While the idea of enabling real-time tracking at events is an appealing one from an organiser’s perspective, people attending these events need to be clearly informed when or how –

  • the device or object they are wearing or carrying is such a tag;
  • they are being tracked and to what extent;
  • they can opt-out (they should be given a choice to opt-in in the first place);
  • they can access data about them held by whoever is holding or accessing that data as well as how they can control what is done with that data.

Sometimes consent isn’t enough. When children are involved the technology becomes incredibly problematic because of the limitations on collecting and processing children’s personal data (on the other hand, when the appropriate consents are given and safeguards put in place, this could be an invaluable technology to help track and protect children in trouble).

When it comes to the data collected, WiST must make sure that this data is secure and only disclosed to people who are required to have access to it and to parties the people being tracked have agreed may have access to the data. Using the data (including photos) for advertising must also be handled carefully. Ideally a release should be obtained and the party seeking to make use of those photos in the context of promotional competitions, for example, must comply with the Consumer Protection Act. Of course, when the Protection of Personal Information Bill is passed into law it will bring a host of very specific compliance requirements that will affect just about every aspect of WiST’s application to personal data.

This is a pretty complex set of issues which my comments only begin to unpack and this technology is not to be used to track people without making sure there is an adequate personal data protection mechanism in place to protect people’s privacy and explain the implications of the tags to them. The potential for abuse by reckless or uninformed providers is tremendous.

Consider this hypothetical scenario as an indication of the possible threats to consumers’ privacy:

A group of friends go to a concert and are given a bracelet containing a WiST tag. The tag tracks the friends’ movements in and out of the venue and trigger cameras at various locations in the venue. If the friends registered for the event in advance and associated their registration information with their Twitter and Facebook profiles, the photos are automatically uploaded (can your colleagues see these photos, do you know whether the photos are published publicly on Facebook or subject to your preferred privacy settings) and may even contain location data so someone downloading those photos can see where they were taken almost in real-time. As the friends visit concession stands their purchasing preferences are tracked and included in aggregated personal profiles, possibly to be made available to marketers later for more targeted marketing (not necessarily a bad thing but not everyone wants their preferences logged).

After the event the friends go their separate ways and, on the way home or to the next party, their tags track them using GPS functionality and transmit data about places they frequent, where they live and what their schedules are. If they happen to like the bracelet as a fashion item, they may wear the tags in the days that follow, adding a range of location-based information to their aggregated profiles and if they interact with other WiST enabled services, more specific transactional data may be thrown into the mix.

Where this becomes more problematic is if the friends were unaware that the bracelet was capable of tracking them and to what extent. If they didn’t consent to being tracked by the WiST tag (and this consent must be well informed, given the possible applications of this technology), they may not be aware of an option to opt-out meaningfully aside from removing and destroying the bracelet and the tag it contains (throwing it away at home isn’t really an option, it gives fraudsters with access to the data your home location and where your rubbish goes and a source for more of your data for possible identity theft efforts).

Other questions include who collects the data, who has access to it and who controls it? Can users obtain details of what personal information about them is being held under the Promotion of Access to Information Act? Is the data held in a central location or do event organisers and other WiST customers have their own databases? Are the holders of this data known to or discoverable by tagged consumers? Is the data securely held?

Something to bear in mind is that most of us carry a tag of a sorts already in the form of our mobile phones but we notionally have the option of disabling services on our phones that may track our locations, for example, or even turning the phones off altogether. Its not clear than consumers will be able to do this with WiST enabled devices or items.

WiST is a promising technology and could be legitimately and beneficially used in a variety of contexts to combat fraud and theft as well as simplify inventory control processes. It could help make a variety of industries more effective and efficient but when it comes to tagging people, the risks are considerable and require a well thought out and implemented privacy framework to avoid negating the right to privacy altogether. Much of this framework would come down to well-informed consent but there are a variety of legal compliance issues to cater for, both under current law and under future developments like the Protection of Personal Information Bill.

I’ve written about how important it is that consumers take an interest in how their personal data is collected and processed. WiST highlights how important this is and consumers will only have themselves to blame if they remain ignorant of the risks.

Image credits (in appearance order):

  1. Big Brother Italy 2009 by _mixer_, licensed CC BY SA 2.0
  2. WiST International, all rights reserved

Guest post: Being Generation Y

This guest post was written by Nastassja de la Guerre, a candidate attorney at Jacobson Attorneys. You can follow Nastassja on Twitter at @ndelaguerre.

The spread and ever increasingly availability of the Internet and digital and media technologies are the biggest evolution in human history since the industrial revolution. These developments have sent Generation Y on an evolutionary rollercoaster traveling faster than your average broadband and have caused many social changes and adaptions. With these changes emerge a generation that is completely misunderstood and highly criticized.

Among the MANY complaints about Generation Y are self-centeredness, an inability to manage time, a need for frequent praise, a lack of respect for elders, a sense of entitlement, little understanding of client service and poor face-to-face communication skills. “Generation Y is entitled, lazy, selfish, tech savvy, and incompetent,” is how Scott Greenfield, one of the finest criminal defence attorneys in NY puts it. Is this really the case? Or are we merely misunderstood?

Generation Y

We were not part of the starting up stages of the dot com boom, but rather we are part of an age where if you don’t have Internet access or a mobile phone we actually think you are an alien. 1995 marked the commercialisation of the Internet. I was 6, a year before I started school.  We are part of a generation where information is literally at our fingertips and Google has become our professor.  To put it into perspective: the average 15 year old has access to more information than the president of the USA had 15 years ago. Does this mean we are arrogant and know-it-alls? Nope, it just simply means we are well informed.

Like any other generation, generation Y has been shaped by the events, leaders, developments and trends of its time. The rise of instant communication technologies, new media used through websites like YouTube, Instagram and Pinterest and social networking sites like Facebook and Twitter has shaped us into the people we are, how we function in the work-place and how we respond to the law and government. We are in the age of mass creativity. We no longer want to be told what something is or who we are or how we should act. Rather, we make up our own minds and choose our own paths. This independence is highlighted by the heightened importance we place on our human rights, particularly the right to privacy, equality and freedom-the principals our Constitution is founded on.

Yes, of course, with new technology comes new crime and misbehaviour. We have seen this in the London riots of 2011 where social media platforms and instant messaging were largely to blame for how well the riots were orchestrated and how communications regarding the riots could be sent across to different individuals instantly.  Or the infamous Stuxnet virus, designed by unknown parties, which made headlines in 2010 when it worked its way into Iran’s nuclear programme. Or the Occupy Wall Street movement. But rather than blaming social media and instant messaging as well as our apparently immoral, disrespectful and lazy generation, governments should ask Y we are the way we are.  Economic prospects for the Millennials have worsened due to the late 2000s recession. Out of a population of 49-million, 7.5-million South Africans are currently out of work. Young people are worst affected, with over half of 18- to 25-year-olds unemployed. “This is a crisis. We call it a ticking bomb,” said Zwelinzima Vavi, Cosatu’s general secretary. “We think that one day there may be an explosion. Seventy-three percent of people who are unemployed in South Africa are below the age of 35 and a lot of them have been to universities.” Several governments have instituted major youth employment schemes out of fear of social unrest due to the dramatically increased rates of youth unemployment, with South Africa being no exception. President Zuma has promised to create five million jobs by 2020 in his recent State of the Nation address.

You may ask Y it is so important to change employment schemes and the working environment. Generation Y make up 27% of the population and about 5% of the legal profession. We’ve grown up in an environment where every fact, idea and opinion has a forum in which to be expressed. This leads to a movement away from the idea of being ordered to do something by your employer, but rather a strong need to collaborate and exchange ideas

Aside from the unemployment, other challenges we face is the world we grew up in. Our childhoods were tainted by major social unrest and reform. Unfortunately we also experienced a lot of empty promises from government and institutions and A LOT of divorce. This perhaps led us to learn to take care of ourselves and not to rely on institutions and outdated traditions. We have moved past the counter-culture of the 1990s. Race, sexuality, political views, religion, marital status don’t define who we are. We define ourselves through expression and collaboration. Therefore, Generation Y has high expectations of their employers, we seek out new challenges and are not afraid to question authority. This could become extremely challenging in the legal profession as well as other classical careers such as accounting, architecture, etc as these professions are based on age-old traditions and knowledge passed on from one generation to another in working environments where there is a definite hierarchy. Richard Susskind expresses it very clearly by stating that a trait common in large law firms is “irrational rejectionism”– perhaps because it is far easier to reject new ideas than give them a chance. Let’s take Paul Chambers’ story: He was arrested for a tweet he sent about Robin Hood Airport in England in January 2010. The airport suffered repeated service delays and disruptions due to cold weather, prompting Chambers to tweet:

“Crap! Robin Hood airport is closed. You’ve got a week and a bit to get your shit together otherwise I’m blowing the airport sky high!!”

Chambers was later convicted for sending a “message or other matter that is grossly offensive or of an indecent, obscene or menacing character” under the UK Communications Act of 2003, causing him to lose his job, gain a criminal record and a mountain of fees and legal costs. TV personality, activist, and social media comedian Stephen Fry has taken sides in the Paul Chambers “Twitter Joke Trial,” saying that British judges fundamentally don’t understand how Twitter works. Fry’s stance raises the issue about the generation gap between our technology and social media driven generation and those asked to adjudicate these issues

But it isn’t all bad for us.

In his recent state of the nation address, President Zuma had typed his entire speech on an iPad. The ANC spokesperson describes the president as always being on his iPad and constantly checking and responding to social media platforms, especially Twitter.  Helen Zille is known for her responsiveness and active engagement on both Twitter and Facebook. This indicates that the government is making the move into our generation and are desperately trying to connect with us. The government is starting to recognise our need to be heard and to be able to express our opinions, a strong feature of Generation Y.

Image credit: Generation Y by Mighty mighty bigmac, licensed CC BY-ND 2.0