Privacy could be the next big thing

Privacy could be the next big thing Stuart Langridge @sil kryogenix.org I’m going to talk about how privacy could be the next big thing. Emphasis on the could. And on what we do about it, and how you can be ahead of your competition.

data collection… a bit creepy? In 2012, Target, the American discount store, put together a list of 25 products that when purchased together indicate that the purchasing woman is likely pregnant.

Then they mailed out coupons for baby products to prospective mothers… and one of them’s father stormed into his local Target and demanded to see the manager.

“My daughter got this in the mail!” he said. “She’s still in high school, and you’re sending her coupons for baby clothes and cribs? Are you trying to encourage her to get pregnant?” (also, Sunnydale High School.)

http://www.businessinsider.com/the-incredible-story-of-how-target-exposed-a-teen-girls-pregnancy-2012-2 And then a couple of days later he apologised profusely when it turned out she WAS pregnant.

https://www.theguardian.com/technology/2015/jul/08/women-less-likely-ads-high-paid-jobs-google-study allo Women are less likely to be shown ads for highpaying jobs.

http://money.cnn.com/2015/08/04/technology/facebook-loan-patent/ allo If your social media friends have bad credit ratings, it could be harder for you to get a loan.

Uber / tracked drivers attending taxi protests & fired them / internal app “God View”, tracks you after leaving car / “Rides of Glory” home after one night stands / blog post

https://motherboard.vice.com/en_us/article/53ddwb/uber-knows-too-much-about-you They retracted that one. Because even they were aware that this sort of thing is creepy. Really, really creepy.

https://twitter.com/aianhangover/status/466813236520964097 Isn’t it great to live in the 21st century? Where deleting history has become more important than making it.

“If you’re not paying for the product, you are the product.” There used to be a saying. If you’re not paying for the product, you are the product.

G N O R W BA “If you’re not paying for the product, you D are the product.” NO Various levels of untrue / sometimes pay AND are the product / getting for free does not mean agreeing to be exploited all ways

http://powazek.com/posts/3229 “There is no correlation between how much money users pay and how well they’re treated.” “There is no correlation between how much money users pay and how well they’re treated.”

http://www.af.mil/News/Photos.aspx?igphoto=2000588958 I’m OK with being the product; I’m not gonna pay; show me ads I like at least

TV ads were rubbish back when people watched TV

creepy What’s different / words used already / hear from real people, media, friends in pub, colleagues at work, people on train. Creepy, what does it mean?

aggregation The issue is aggregation.

emergent aggregation phenomena Emergent phenomena. Data science: big pile of facts / deduce new facts you weren’t told.

data collection… a bit creepy? It’s what Target did.

It’s what Sherlock Holmes did. Take data → new surprising conclusions. Fun to watch… if it’s happening to someone else.

There’s a scene in the first episode of BBC’s Sherlock where Benedict Cumberbatch, playing Sherlock Holmes, makes a bunch of deductions about Watson. And Watson looks like this →

“Amazing” This is not the face of someone who is pleased and delighted by their user experience. People do not like it when you do this.

Your data collection is creepy when you use it to deduce things you weren’t told and shouldn’t know Companies. Learn this. This is what data science is for, so there’s a mismatch. And it’s not new.

Supermarkets are laid out in an incredibly precise way.

Vegetables at the beginning because it communicates freshness

Bakery near the entrance because it smells nice

Stuff everyone buys is at the back so you have to walk through everything else to get it

only exit from the airport is through the duty free shop

https://www.realsimple.com/food-recipes/shopping-storing/more-shopping-storing/grocery-store-layout “Every aspect of a store’s layout is designed to stimulate shopping serendipity” Every aspect of a store’s layout is designed to stimulate shopping serendipity

trapped So people find this weird and unpleasant! And the worst thing is that they’re helpless. They’re trapped. Because there’s nowhere else to go. There are a bunch of stock answers for what you should do about this.

you can’t opt out You can’t opt out by just not using any of this stuff at all. that’s not realistic. It’s not impossible, in the same way that you’re allowed to go and live in a cave in the desert if you want, but anyone advocating that as a solution to your problems can shove off.

unrealistic We’re all part person and part machine now. And that’s OK

Never be lost again. Horror films need excuses or no suspense.

Can listen to any music you want

Can video call people on the other side of the world

Louis XIV couldn’t do this

These are superpowers. We should not have to give them up or trade them away.

http://waitbutwhy.com/2017/04/neuralink.html “If you leave your phone behind, it’s like missing limb syndrome” “If you leave your phone behind, it’s like missing limb syndrome” - Elon Musk

you can’t regulate it away You can’t regulate the problem away. EU have done some work on this → INDIA

https://timesofindia.indiatimes.com/india/right-to-privacy-is-a-fundamental-right-supreme-court/articleshow/60203394.cms India: privacy a fundamental human right. Gov regulation is needed. But too slow / easy to stay ahead / won’t happen cos big business.

John Stuart Mill wrote lots about free speech. Big thing he said is forgotten

http://blog.danieldavies.com/2002/10/free-as-bird-im-profound-believer-in.html “laws passed by governments are about the ninetieth most important restriction on our freedom of speech” Americans correctly big deal about 1st Amendment. Non-Americans too, discover they don’t have one. Gov reg at best a part of the answer & not the lead part

you can’t shout don’t have a go at people about it; just annoys your friends. Need to move Overton window.

https://twitter.com/sarahmei/status/882008927516463104 Use this messenger: feel right but have no friends. Doesn’t work. Tweet is right: right now people don’t know how to care.

you can’t reboot the public Can’t get a new public who do care either

The children of the revolution were faced with the age-old problem: it wasn’t that you had the wrong kind of government, which was obvious, but that you had the wrong kind of people This is wrong thinking. Which is pratchett’s point of course.

http://news.bbc.co.uk/1/hi/technology/3639679.stm More than 70% of people would reveal their password in exchange for a bar of chocolate Who’ll tell me their password? BUT HERE’S THE BAD NEWS ->

technology is not the fix And the fix is not technology. The tech is not the hard bit. There’s loads of tech.

signal

matrix

purism

Privacy badger

Vpns by the dozen

Password managers by the dozen

tor

chilling effect / frightened of what MIGHT happen cos they don’t know. Don’t like what they can imagine. / not about prison or illegal / is your rep / fear the unknown / chilling: not a law, discourage anyway

https://www.socialcooling.com/ “Freedoms are not being taken away; we are just afraid to use them” Freedoms are not being taken away, we are just afraid to use them

https://www.socialcooling.com/ “If you feel you are being watched, you change your behaviour” Ideally people really would dance like nobody’s watching. But hardly anyone does.

no choice But everyone’s still involved because they’ve got no choice. but what if there were a choice and people knew that?

the next ten years Whoever gets this right, works out how to tell this story, will define the next 10 years;

Mobile changed everything; changed the world; power in your hands; made billionaires & industries; everything old new again; new lens

Social changed everything; changed the world; power in your hands; made billionaires & industries; everything old new again; new lens

Go back in time; tell morpheus on his Nokia phone everything will be mobile. EVERYTHING.

Go back in time; tell users on sixdegrees (remember sixdegrees?? first social network) everything will be social. It’ll elect presidents.

go forward; world where your data is YOURS and everything still WORKS; tell them a time we felt like we had to give that up. Laugh, penny farthing.

https://home.kpmg.com/sg/en/home/media/press-releases/2016/11/companies-that-fail-to-see-privacy-as-a-business-priority-risk-crossing-the-creepy-line.html 82% of people are not comfortable with the sale of their data to third-parties in exchange for speed or convenience or product range People want this fixed. 82% of people are not comfortable with the sale of their data to thirdparties in exchange for speed or convenience or product range.

https://www.washingtonpost.com/news/the-switch/wp/2016/05/13/new-government-data-shows-a-staggering-number-of-americans-have-stopped-basic-online-activities/ Half of all people have avoided doing some basic stuff online because they have concerns about how their data will be used Half of all people have avoided doing some basic stuff online because they have concerns about how their data will be used.

disrupt Here, finally, is an industry that actually NEEDS disrupting. That’s how you disrupt. → BETTER MOUSETRAP

If you build a better mousetrap, the world will beat a path to your door. No they won’t. Stop believing this.

The way you overcome an incumbent business is by doing battle on a field that they can’t compete on Overcome incumbent on a field they can’t compete on (not won’t, don’t). Apple invent mobile, overcome MS entrenched advantage; MS beat mainframes, computer on every desktop not a terminal; shape the world, current incumbents can’t compete; built business model on creepy, can’t exist; FB with privacy, can’t exist; how you win

a weapon which only hurts bad people Weapon only hurts bad people; being creepy but needn’t, fix it; reliant on creepy, die, but OK with that. People want this; not just geeks.

http://www.thedailymash.co.uk/news/society/privacy-experts-too-paranoid-even-for-lunch-2014082989998 Everyone finds this unnerving. Not just a conversation for geeks like me; the Daily Mash tells jokes about this now. “FB do weird things with data” is mainstream.

Tin foil hats are a fashion item now. The world is ready to be convinced. Eager to be convinced.

how? How do we do it?

Dwork, McSherry, Nissim, Smith - https://link.springer.com/chapter/10.1007%2F11681878_14 differential privacy Differential privacy not a bad one. Apple last year. Get aggregate info; can’t tell anyone’s specific answer; can’t tell if someone participated.

There’s a decent paper on differential privacy by Dwork et al and it’s worth reading if you get into this. We’re going to talk about a simpler method, but one you can start thinking about and implementing now.

what data do we collect? We collect lots of data about users, which is what makes them feel uneasy

overt and covert There are two sorts of data collection, overt and covert

Covert device specs, other apps installed, location, … Covert is stuff you can and do collect without asking the user explicitly. Doing this is somewhere between sensible and invasive depending on how you do it. We’ll leave this out for now.

Overt age, gender, postcode, ethnicity education level, marital status children, homeowner… Overt is stuff you ask the user about, or deduce. It’s about them rather than what they do. It’s demographics. Age. Gender. Where they live. Whether they’re married. This is stuff that advertisers like to segment their audience.

classify and identify your users The goal of it is to put your audience into different categories.

buckets To segment them into buckets. There is lots of literature about segmenting your audience and why to do it. Overt information is the stuff people largely feel uneasy about, because it’s about them.

age buckets under 18, 18-24, 24-35, 35-44, 44-60, 60+ Look at, say, age. We want to break the audience up into separate age ranges, because we market to these age ranges differently.

the randomised response method The randomised response method. Invented in the 1960s to ask people difficult questions, like whether they’d smoked marijuana. You need the information, but you don’t want people to incriminate themselves. How?

lie Basically, some of them lie about their answers. You ask everyone, “have you smoked dope”, and then everyone flips a coin. If they get heads, they tell the truth; if they get tails, they lie. And what happens is the lies cancel one another out and you get good statistics, but any one person’s answer is unreliable. So it can’t be used against them.

demo Live demo with graph

tune the lies Tune the lie percentage to balance user privacy and your aggregated data needs

If (Math.random() < 0.1) { age_bucket_index = age_bucket_index – 1; } Technically simple; just before you send the data, with a 10% chance, bump a data item up one bucket or down one bucket. Literally one line of code. You do not know if they lied. And provably so. It can’t be reversed. Nobody’s data is reliable. But you don’t store whether they lied.

data science You can do data science without being creepy about it. This is known technology. The methods exist.

competitive advantage And this is something you can trade on. Lead the charge. Your competitors can’t or won’t compete on this. You can talk about how you protect your people’s data and they can’t do the same.

competitive advantage And if they do… then everything’s the same except we’re protecting more people and everyone’s happier!

help understand We need to come up with ways to help people understand that there ARE ways to do this stuff. You can never be lost, and listen to any music, and video chat, and not feel uncomfortable about it.

It’s not OK that you’re made to feel uncomfortable It’s not OK that you’re made to feel weirded out. It is possible for there to be alternatives. Someone rooting around in your life is not a price that you have to pay.

false dilemma Opt out and cut off superpowers, or give up personal info to pay for them, and that’s it. We need to change that story. Help people understand that it doesn’t have to be like this.

it’s us These ideas, these alternatives, they’ll come from us. People in this room and rooms like it. Who’s building the next big company? You are.

change the story When you build it, talk about how we change the story. People are scared and they shouldn’t have to be. When hacking/making companies/chatting, talk about how we change the story. Lead the charge.

the seesaw tips World changes; everyone looks for it as a matter of course. And the seesaw tips over.

@sil World changes; everyone looks for it as a matter of course. And the seesaw tips over.