The Complexity of Achieving Privacy
- 5 minsIn the pursuit of privacy, we have sacrificed numerous things and continue to do so. At least in terms of applications and how we interact, we have decided to pay a hefty sum. We might not participate in activities that common people do, just to protect our data. When we sign up for a service, we take extra measures to ensure in case of a breach we have some degree of protection. It was a decision we made, a trade-off. Others may perceive us as lunatics, unable to fit in with modern norms and out of touch with reality, but each measure we take, feels right to us.
By putting bricks we have laid the foundation of walls surrounding us, to allow us a sense of peace while countless actors aim to capture every piece of information they can on us. After all, it has become the business model of sillicon valley. Companies offer us services, and in return we give them our data. They use the personal data of users to train AI models. In the hope that some day, they reach artificial general intelligence (AGI). When breaches happen, there is no consequence for them.
I have been thinking recently that no matter what we do, hidden variables could still affect our privacy in a drastic manner. We can eliminate every IoT device inside our house, we could modify devices by installing a firewall and setting up rules to prevent devices snooping on us. A tech-savvy privacy enthusiast might even think of developing his own private solutions as a substitute for Alexa. For CCTV cameras, we might set up a camera which is not connected to the Internet, preventing the vendor from collecting data if we are too paranoid. The aforementioned steps are encouraged, but does it really matter?
If you have a neighbor who simply does not care about digital privacy and gives his full consent to the vendor for data processing, every time you leave the house, your footage is captured and processed. In this context, not only your neighbor, but anyone who has permission to process that data has access to your time of arrival and departure. By the way, in this setting, who is the owner of the data? Is it your neighbor’s property since he installed the camera or is it you? since it is your footage, your face and your gait that is being transmitted. Possibly this information could even be shared between multiple entities.
If you wish to protect your privacy, you cannot simply limit yourself to your own devices. You have to think about who has your data and how they manage it. When you exercise the rights which have been granted to you according to GDPR, how do you know if the company is erasing your data when you request it? Do companies go back and erase your data from every backup they have? What is the procedure for erasure? Most privacy policies that I have read do not bother with details. They are vague, similar to guidelines given by GPDR.
Is the law going to protect us? In my opinion, most lawyers lack any deep understanding of the consequences of entangling technology with life. We cannot rely on law to protect us, as it has not kept us with current technology. In the current climate, we have monopolies and regulators are completely incapable of regulating them. We have to rely only on ourselves. Legislators, companies will take action when there is pressure on them. We need privacy by design systems. Data should not be collected where it is to be avoided. Data is not simply an asset, at some point it will become a liability. When there is a breach, there is a cost. Many universities lack courses teaching privacy related topics. Students heads are filled with artificial intelligence and how the collection of more data will lead to better results in terms of accuracy.
Let us explore another example. Suppose you decide to remove Meta from your life. It is a drastic and time-consuming measure. You have to delete your Facebook account, moreover you have to notify your friends that you will not be using WhatsApp anymore. Instagram was a tool to communicate with your high school friends you have not met in few years. Possibly by removing it, you cut your final thread of communication with them. Nonetheless, you can go ahead and take all the previous steps because your privacy is important to you. Assuming Meta is honest and your data is completely erased from their systems when you request it, they will still have access to your data indirectly. Your friends gave their contact list to WhatsApp when they signed up, hence Meta is able to tie your name to your phone number. Based on the phone number, they can infer where you live (country). Your face is being posted online by your friends and family members on Facebook and Instagram.
Meta was simply an example and I don’t mean to attack them in this post. You might have a family member that has sensitive health data about you on their laptop and their laptop is stolen. The documents that were on this machine would have sensitive details about you. Now the thief also has access to the data, so it is not simply about you and your countermeasures. You always have to think about who has your data and how they protect their data as it will eventually affect you and your privacy down the line. The aim of this post is to dishearten you from your endeavor. I truly believe that every action taken to promote privacy has an impact. But we should always consider that minimization of data should be the goal. Avoid sharing information with your social circle when you can if you want to be more private. Nonetheless, it always depends on your desired degree of privacy and how much you are willing to sacrifice in the end.