This blog post has taken a few months to write. The content is not too lengthy and can be consumed in a few minutes, but the thesis tangents on a few subject areas that are related, namely privacy and security and my arguements were bouncing between the two without much guidance. I have rewritten this post many times in an attempt to collect my thoughts and motivations in a coherant manner. The jury is still out if I have achieved said goal.
The content primarily centers around privacy and security in regards to user’s data. How I define these subjects, loosely:
- Privacy (the primary topic): Custodial (mis)management of user information (Example)
- Security: Custodial safeguarding of user information against actors, e.g., hackers, the government or disgruntled employees (Example) (Example)
With an economy running on consumerism, it easy to get caught up in hype cycles of new products and services. As someone who works in technology, I typically experience the first wave of hype before it touches the general public’s awareness. In my case, I gave entirely too much of my life to Google et al. Further, I am interested in tools to make my life easier and Google provides damn good tooling for this: Search, Gmail, Google Home, Google Maps, YouTube, Project Fi, Google Photos, Android and Nest. Outside of Google’s sphere, I have utilized other services to enable a lazy attitude to my information sharing.
Here are some concrete examples that have made me question my utilization of new services going forward:
- Nest: Retains recordings of video that can be used for building data sets and alerts even without a subscription. I am sure there are plenty of images of our family, naked.
- Google Maps: Every instance of using the app saves location data even if disabled for sharing location with others
- Dropbox: While obviously a file-storage solution, it also has the ability to read (for OCR scanning or deep learning) your files and permanantly retain your data even after deletion
- Google: At the core, ads are served based not only on Google Search, but wherever I go on the internet
- Facebook: Serves ads and tracks similar to Google
With increasing recurrence of companies not taking appropriate action to safeguard their users’ data, or worse, gleefully profitting, it is time to take back control, where feasible, of what we so liberally give away. Even if I ignore the specifics of why controlling your data, safeguarding your privacy from corporations or state actors is paramount, understand that I believe that greed and power are dangerous motives and that the collection, analysis and transfer of this information will eventually provide the means of unethical (or immoral) use cases of the information. Incriminating, even.
- Our promised safety or convenience is worth some loss of privacy.
- Some may argue that preserving any sense of privacy is akin to a ship that since sailed.
- “I have nothing to hide.”
In context, I would not argue that these are invalid points, but for various reasons I have issues with each of these arguments.
- Building “backdoors” or weakened countermeasures against encryption affects everyone. In this scenario, the honest citizen is more likely a victim of hacking or breaches, while the nefarious actors will continue to evade the law with tooling that is illegal to the victims. The government should look out for the welfare of citizen, but not at the expense of violating our liberty. Thank you, Mr. Locke.
- It is hard to argue this point to a degree, but there is always an opportunity to enhance legislation to regain control of some tenents of privacy. Further, we should hold coporations accountable for gross negligence around security breaches (since they have immediate consequences) and immoral practices around selling and abusing user information.
- Privacy is a fundamental human right and our civilization is at a point (within the last 25-50 years) to have technical means to violate it. Instead of believing the mantra, “I have nothing to hide”, reword the phrase to: “I have nothing to protect.” Do you still feel the same way? If so, feel free to send me your Social Security number, banking information and your deepest secrets. DuckDuckGo published a brilliant essay on the topic.
Cloud services provide utility and value, but as end users, we should be cognizant at what we are giving away to these providers for use of their services. Further, many of these services are bound to or freely allow government snooping. The common adage, “if you are not paying for the product, you are the product” holds true to this day. Consider the possible consequences of relying on Facebook for communication, but getting arrested for excercising free speech if the topic is too radical for some. Consider that your Google may shudder your YouTube account if it is not worth their time to host it. In a follow-up, I will lay out the plan for migrating my data from hosted to on-premise services where I regain a greater control of my data.