Privacy and the Data Trolls

Fans of the brilliant 1960s television show The Prisoner remember the primal expression of freedom in the voiceover at the beginning of each episode: “I am not a number! I am a free man!” Fortunately, things have changed since the sixties. In this enlightened age, we recognize the fundamental truth that a human being is not really a number at all — in fact, humans are a mosaic of numbers. Numbers that quantify social interaction, numbers that model shopping behavior, numbers that predict which movies you will favor, who you are most likely to marry, the odds that you will buy a new car within the year, whether you buy whole milk, low fat, or skim. An endless parade of numbers in endless permutations, endlessly analyzed.

I am not a number! I am a free man!

The term “Big Data” puts a nice face on this phenomenon. It’s good branding, stripped of any trace of menace. How can it be menacing? It’s just statistics! Clean, clinical, and sanitary. But it is easy to forget that each of the individual data points that make up a data set belong to someone — a person defined by these data. And that person has rights, including the right to determine how the data are used.

Companies like Facebook and Google offer consumers free services in exchange for the use of their private data. This arrangement works to the benefit of both consumers and businesses if consumers enter into the bargain with the full knowledge that they are being tracked, traded on, and analyzed. Unfortunately, consumers rarely understand the terms of the bargain, articulated in arcane legal language in a click license and shown at the point of maximum anticipation of receiving something “for free”. The danger is particularly acute as popular web services expand their properties to encompass more and more of a person’s life. Google courted controversy (particularly in Europe) when they unified their privacy policies to make sharing private data across their properties seamless. From the privacy policy:

We may combine personal information from one service with information, including personal information, from other Google services — for example to make it easier to share things with people you know.

Combination of data across services is a slippery slope. It may seem fairly innocuous — possibly even convenient — to display flight departure times on a search page when travel plans were made using gmail, but the convenience quickly becomes intrusive.

flight schedule
Result of a Google search for ‘flights’
 

Google’s first adventure in healthcare happened before the privacy policy unification, but still raised privacy concerns. What if it happened today? The recent acquisition of Nest Labs has some people worried about the intrusion of Google into the realm of the physical, and both iOS and Android are showing up in cars.

So, where does this leave us? Must we surrender our privacy to have the modern conveniences, or should we just retreat to our cabin in the woods now? The answer is no. The best way to defend against privacy erosion is to build upon services that do not have built-in structural incentives to violate privacy. As a platform for genomics applications with consent and strong privacy protections built-in, Genecloud is one such service. Our sister project Personagraph is another. Both are Trusted Third Parties that have strong incentives to protect user privacy, not to charge headfirst down the slippery slope. Which arrangement do you trust?