Issue 52

Privacy in a digital world

Delivered on 05 November 2019 by Justin Pyvis. About a 6 min read.

Digital privacy is important, but involves potentially costly trade-offs: unless you're willing to cede some privacy, you'll miss out on a seemingly ever-growing number of services which depend on your data to function. The Snowden revelations and subsequent concerns about the level of data we freely give away to both corporations and governments may have shifted the landscape slightly toward more privacy, but we are still some way from knowing what the right level of privacy actually is.

But at least consumers are now aware of the privacy trade-off and most just don't care: abuses of user data are regularly reported in the media yet judging by their actions, the vast majority of users seem to place a low value on privacy. For a quick and dirty proof of that, just take a look at Facebook's user count and revenue, both of which continue to grow despite the numerous, well-publicised exploitations of its own users' privacy.

But at least with Facebook people are free to leave and sign up to a more privacy-friendly alternative if they so choose, or even eschew social media altogether. When governments abuse people's privacy it's not so simple, with the United States a major offender, having built a database containing every American's face:

It also emerged in June that the FBI has a larger database of over 640 million faces, compiled from states' driver licenses, that it also allows its agents to search against. That database is seemingly run by an internal FBI unit called Facial Analysis, Comparison and Evaluation (FACE), though a GAO report appeared to indicate that the database is routinely accessed by cops as well as the Feds, with the database being questioned more than 390,000 times since 2011.

The policies covering use of that database is still unknown, as are the systems that federal government uses to carry out facial recognition. What is known is that several companies have contracts with the government for facial recognition, including Amazon. Again, the details of those contracts are unknown.

As the article states, technology in this area has has outpaced civil rights laws and it's not as though a driver's licence or state-certified ID, used to compile the original database, are easy to do without. Worse, local authorities have already sold the data meaning it's now a part of both public and private databases.

If the United States is doing it, you can bet your bottom dollar that other, less privacy friendly nations, are doing the same. As the FT reported last week, China is using "emotion recognition... to identify criminal suspects":

“Using video footage, emotion recognition technology can rapidly identify criminal suspects by analysing their mental state . . . to prevent illegal acts including terrorism and smuggling,” said Li Xiaoyu, a policing expert and party cadre from the public security bureau in Altay city in Xinjiang. “We’ve already started using it.”

The problem is, it's not very good at what it purports to achieve (like most AI):

Companies around the world, including Amazon, Microsoft and Google, are all developing emotion recognition, but scientists say the technology does not work very well. “This technology is still a bit of a gimmick and is unlikely to be rolled out on a large scale in the next 3-5 years,” said Ge Jia, an influential Beijing-based technology blogger.

Something not working well has never stopped a government from persisting to the bitter end in the past, especially when it just might help it shore up control of its people, for example by oppressing minority groups (this tech has been rolled out in Xinjiang, where most of China's Muslim Uyghurs live). In the meantime they will keep collecting data that will be stored forever and it's not clear how, even with strong new privacy laws, this can ever be unwound.

Except, perhaps, with obfuscation, which if done on a large enough scale, will render "big data" irrelevant:

At its most abstract, obfuscation is the production of noise modeled on an existing signal in order to make a collection of data more ambiguous, confusing, harder to exploit, more difficult to act on, and therefore less valuable. Obfuscation assumes that the signal can be spotted in some way and adds a plethora of related, similar, and pertinent signals — a crowd which an individual can mix, mingle, and, if only for a short time, hide.

There is real utility in an obfuscation approach, whether that utility lies in bolstering an existing strong privacy system, in covering up some specific action, in making things marginally harder for an adversary, or even in the “mere gesture” of registering our discontent and refusal.

There are numerous products that help with obfuscation, for example by instructing Firefox to block browser fingerprinting, or by installing browser add-ons such as Go Rando, which "randomly chooses your emotional "reactions" on Facebook, interfering with their [sic] emotional profiling and analysis".

Compared to opting out of services altogether which, as mentioned, often comes with significant costs, obfuscating your digital activity is relatively cheap. If enough people do it - whether purposefully or passively through changing industry standards such as DNS over HTTPS - large datasets will be full of so much misleading data that they will effectively become worthless.

The Musk family are something else

In the "image of the week" below I have provided snippets of testimony from the SolarCity lawsuit starring Elon Musk's brother, Kimbal. The whole fiasco is quite incredible and investors, if not already, should exercise extreme caution in any Musk-led business.

Learn more:

• A thread on the stunning deposition by Kimbal Musk in the SolarCity lawsuit »

China is still winning the 5G race

Despite the bans imposed on Huawei and the ongoing trade dispute, China remains the undisputed leader in the 5G space. It's also diversifying supply chains to become less dependent on the US components in the future. As I wrote last week, if the openly anti-innovation House Financial Services Committee is any representation of the country as a whole, the United States' reign as disruptor in chief could be over.

Learn more:

• As China switches on 5G ‘revolution,’ the U.S. is struggling to catch up »
• China rolls out 'one of the world's largest' 5G networks »
• China to Funnel $29 Billion Towards its Chip Ambitions »
• The Huawei dilemma: Washington still stuck trying to balance national security against US tech supremacy »
• Decision on Huawei role in Britain’s 5G delayed until after UK general election »

Political advertising

Facebook and Twitter have taken contrasting positions here, with Facebook opting to 'police' political adverts and Twitter banning them outright. Neither policy will be easy to enforce but I much prefer Twitter's stance. The two CEOs' comments are telling. First the Zuck:

"Would we really block ads for important political issues like climate change or women's empowerment?" he asked. "Instead, I believe the better approach is to work to increase transparency. Ads on Facebook are already more transparent than anywhere else."

Now here's Dorsey's take:

"It's not credible for us to say: 'We’re working hard to stop people from gaming our systems to spread misleading info, buuut if someone pays us to target and force people to see their political ad…well...they can say whatever they want!'"

While neither platform has any obligation to allow freedom of speech, Facebook's selective enforcement of political adverts - effectively playing politics - bothers me far more than Twitter's "go elsewhere" stance.

Learn more:

• Twitter’s Ban on Political Ads Will Hurt Activists, Labor Groups, and Organizers »
• Zuckerberg doubles down on Facebook political ads policy after Twitter ban »
• Facebook’s political ad ban created a disaster in Washington state »

Other bits of interest

• China Wants Communist Party Members to Pledge Loyalty on Blockchain »
• Russia just brought in a law to try to disconnect its internet from the rest of the world »
• Waterfront Toronto moving forward on Sidewalk Labs’s smart city, but with limits on scale, data collection »
• Google, Walmart Help Drive India Payments Past 1 Billion Transactions »
• Microsoft Japan’s experiment with 3-day weekend boosts worker productivity by 40 percent »

Image of the week

The Musks borrow heavily against equity in their businesses and regularly receive margin calls. In that context, Elon Musk's unusual Twitter statements make a lot of sense, as they're designed to pump the stock price of one of his companies long enough for him, and his family, to restructure their loans.

This week's data breaches

I don't know what's worse, the fact that Gaggle exists or that schools around the world pay sixty grand a year for the privilege of using it.

The breaches:

• Gaggle Knows Everything About Teens And Kids In School »
• School apps track students from the classroom to bathroom »
• Google Discloses Chrome Flaw Exploited in the Wild »
• I Accidentally Uncovered a Nationwide Scam on Airbnb »
• Government officials around the globe targeted for hacking through WhatsApp »
• WhatsApp sues Israel's NSO for allegedly helping spies hack phones »
• WhatsApp's Case Against NSO Group Hinges on a Tricky Legal Argument »
• Uber in talks with Los Angeles as scooter location data lawsuit looms »
• Google sued by ACCC after allegedly misleading customers over location data collection »
• Android bug lets hackers plant malware via NFC beaming »
• The First BlueKeep Mass Hacking Is Finally Here »

---

Issue 52: Privacy in a digital world was compiled by Justin Pyvis and delivered on 05 November 2019.