By Michael Hodson, Security Architect and AI Strategist at Digital Resilience.
In the previous post, we discussed some of the ways data is collected about us, both legally and illegally. While there may be some awareness that data is being collected, I believe the extent of that collection is poorly understood. What is even less understood is why we should care. As Samantha Floreani lamented in her recent Guardian article, “‘Nothing to hide; nothing to fear’ is a frustratingly persistent fallacy.” In the following, I will explore some of the reasons data collection may violate our right to privacy and why we should value Information Privacy.
Manipulation
Online manipulation has been a growing concern since details of the Cambridge Analytica (CA) scandal began to emerge in 2016. We have covered how CA collected and inferred data on individuals, but what they did with that information is far more concerning.
CA was a political consulting firm that used its technology to help governments and organisations influence elections. They were most notably involved in Donald Trump’s 2016 presidential election campaign. They were able to use the vast data they had collected to model the personality of every adult across the United States. With this modelling, they could then micro-target users with content customised to their personality and preferences.
As Carissa Véliz describes in her book Privacy is Power, the content was particularly nefarious for two reasons. Firstly, “they showed dramatically different content to different people, thereby destroying our common experience”, making it impossible for people to discuss political issues on common ground and thus further dividing the population along political fault lines. Secondly, the content did not look like political advertising. It was carefully crafted propaganda that appeared as typical news articles and user-generated content, further blurring the lines between advertising and news, fact and fiction, and stoking the phenomenon of ‘fake news’.
What we see in the case of the CA data scandal is a threat to personal autonomy and to democracy itself, resulting from a violation of privacy. CA acquired data by manipulating the information environment in ways people couldn’t possibly understand and used that data to exert hidden influence—ultimately to manipulate decision-making outcomes toward those their customers paid for. Though it is not clearly understood, it is probable that CA were influential in the 2016 election of Donald Trump in a way that undermines democracy.
Extortion
One of the primary values of privacy is that it enables us to control the relationships we have with others. In complex societies, it is important that we have different relationships with different people, and to maintain those relationships, we need to control who has access to information about us.
For example, you likely have a very different relationship with your partner than with your boss. There are things you would tell your partner that you would not tell your boss. Not only are some pieces of information not suitable for the relationship you have with your boss, but divulging certain types of information could also change that relationship. You may tell your partner that you are looking for a new job, but you may not be ready to tell your boss.
If someone is able to obtain sensitive information that I do not want to share with others—such as, using the Medibank example, my drug and alcohol treatment or an abortion—then they are able to extort money from me under the threat that they will publish that information. This is made possible because of my need to control how I present myself to others. This is also true of information that is aggregated and inferred to divulge sensitive information that I did not share and do not wish to share.
Asymmetry of Power
Some will argue that obtaining information is not the problem—the problem is what is done with the information. The view is that someone having my credit card is not an issue until they use it to purchase something without my permission. Similarly, Cambridge Analytica having a psychological profile on me is not an issue until they use it to exert hidden influence. The problem, then, is not of privacy but of abuse of power. On this view, what CA did was wrong not because it was an invasion of privacy, but because they abused the information they had collected.
I find this a difficult position to accept. It’s clear that the loss of privacy, whether nefarious or not, is what enabled such abuses of power to happen in the first place. As Ruth Gavison notes in Privacy and the Limits of Law, one of the reasons to protect privacy is that “unequal distribution of privacy may lead to manipulation, deception, and threats to autonomy and democracy.” In 1980, Gavison almost seems to predict a problem such as that created by Cambridge Analytica. I do not deny that there are many other legal and moral problems with what CA did, but it is undeniable that in today’s technological landscape, protecting the privacy of individuals is paramount to preventing the abuse of power that occurred here. Preventing the creation of asymmetries that enable abuse of power is one reason to value and protect Information Privacy.
Summary
The value of Information Privacy is immense. It enables us to protect ourselves from manipulation and hidden influence. It enables us to control the relationships we have with others. And, last but not least, it defends against the asymmetries that enable the abuse of power.
This is not only true of our most personal and sensitive data, but of all data about us. Because, as we have seen, even seemingly innocuous data and small amounts of seemingly irrelevant data can be aggregated and used to infer much more sensitive information.
In the next article, we will explore how modern Artificial Intelligence is making these issues more pronounced and what organisations can do to protect Information Privacy.