Data privacy in the cloud enabled society
Blog: End to End BPM
I am writing these words one week after the terror attacks on Charlie Hebdo newspaper in France that sparked a long series of discussions about the reasons those attacks happen. One of the consequences of the incident, was the intention of the British government to enforce a policy that blocks citizens access to encrypted software applications, in order the government can listen, read and extract what it considers to be relevant information to avoid security risks.
The intention, aligned with what happened during the riots in London some years ago, where the police requested to Blackberry a mean to have access to the conversations of the looters (as the security forces leaned they were using Blackberry software to plan and execute the attacks) is creating a sound-wave of criticism. Against the intention are brought reasonable arguments about our own privacy and on the other side, there are also important arguments about defending ourselves against terror or criminal activity.
What I think is key around this discussion, is not the political or other motivational values, which in either case are valid. The key concern is consent. Consent to access our personal data.
It is very interesting to analyse from a societal point of view, is how some people are deeply concerned with personal data access from 3rd parties, when such concern does not exist about how a bank account manager can understand our lifestyle just looking to the bank statement entries. It seems that the society is not concern with that anymore, or to the fact that we allow software companies to track our life when we use our smartphone, to lead our habits in a way that some content that is presented in maps, social networks, news are today partially biased, based in our browsing attitude, the places we travel, the information we read and our shopping habits. Smartphones become learning machines about what we do.
Marie Wallace, made a very interesting presentation called “Privacy by Design: Humanizing Analytics” where she discussed the principles on how to create software applying the privacy by design principle.
What I think the challenge is, as I expressed in Marie’s blog, more than discussing on rules, policies and how to implemented coding, is the foundation principle on what should be private. The definition of a concept, a domain, is a consequence of the surroundings, of the environment we live and the multitude of human principles and beliefs. What in a society can be accepted as a practice in other can be condemned.
Privacy it is not anymore what it used to be. Take for example the attitude of different generations how they expose their life in social networks. The concept of privacy is constantly being redefined to a point that can be transform into a matter of transparency, for example, sharing your taxes declarations if you are a politician. But much beyond this, is how youngsters deal with it. In the past, kids interact in the street, today they are living in real time as much as they can. They broadcast their lives to his friends. As the younger generation that reach the labor market are used to be connected to information, the next generation will be in perpetual broadcast. Privacy will probably need to be redefined.
This concept of privacy is also challenged by the concept of transparency. In the book, the Circle, a novel by Dave Eggers, it is explored that in the future society must be transparent. Being transparent means you are not afraid of hiding your medical records because it can save your life, as also your are not afraid of exposing your earnings and tax situation. The book, pitches the necessity our of world become transparent (in a way a fictional software company creates applications where all our life is part of that company) in order to avoid crime, bribery, corruption. It particularly explores the trade off how becoming transparent, giving up our privacy, the world will become a better place, something that future generations probably will not care about and can create clashes against elderly generations. The flip side, is the classic Orwellian apocalypse that looms and take control of our society.
One of the solutions, to protect our privacy is as Butler W. Lampson points out, citizens own the data and define who can have access to it, again the consent principle.
What people most often want is a sense of control over their data (even if they don’t exercise this control very often). Many people feel that this control is a fundamental human right (thinking of personal data as an extension of the self), or an essential part of your property rights to your data.
The concept is aligned as someone already coined the era of the personal cloud, the challenge is, as Butler adds, societies around the world have different cultural norms and governments have different priorities, there will not be a single worldwide regulatory regime. However, it does seem possible to have a single set of basic technical mechanisms that support regulation.
However, will the governments rise against the new business models that use the principle, we own your data? Our we will give up our privacy and become transparent?