Soylent Green Is Data

by | May 31, 2013 | DPA, Privacy

Recently I encountered two good examples of the private sector’s attitude to privacy and consent, both of which vexed me. Firstly, the social media expert Mat Morrison (@mediaczar) highlighted on Twitter a thoughtful blog by @Drdrang about free internet services with the statement that it was the “definitive response to ‘if you aren’t paying for it, you’re the product’ nonsense”. Morrison and I had a short disagreement on Twitter – his view is that it’s unreasonable to pick on the internet’s tendency to feed off its users (my phrase) when so many other sectors like banking and government show the same thirst. He also made the reasonable point that despite being free of the European legal privacy controls, Facebook and Google have commercial imperatives to protect personal data. Morrison talks sense, especially about the way that other sectors are as keen to syphon data as the internet is.

However, I do disagree with him. I don’t think market forces are enough to keep big corporations in line, and  I don’t think it’s right to dismiss the ‘you’re the product’, even if it’s a bit hysterical. Morrison said that the statement is akin to the revelation in ‘Soylent Green’ that the much-desired food that is saving an overcrowded world turns out to be made out of people. But the free internet is not the world of Soylent Green – Facebook, Google and other ‘free’ services do not consume humans and feed them back to other humans. The free internet corporations feed off live hosts so that they can feed other corporations. This is not Soylent Green; the free internet is a parasite. I was tempted to call them vampires, but vampires inevitably kill the host, and the free internet wants us all alive.

Many products are sold on a fantasy – nobody’s life was ever made more exciting because they drank a bottle of Fanta, while a Lynx-sheathed manboy does not automatically become a magnet for the ladies. That Facebook exists to bring people together and make connections is actually less of a lie than most – it’s just that the purpose of that network is so that Facebook can monetise the resultant data. Anyone who doesn’t care about their privacy can laugh off ‘You’re the product’ and go all Anthony Weiner to their heart’s content. But that should be an informed choice. If free internet providers aren’t transparent about their business models, we need scary memes to warn the unwary even if this just means that they are better informed when they swim with the leeches. I use some of these internet services, but I don’t think they are free.

A pronounced rejection of choice inflected the other thing that vexed me. While Morrison has a different, but perfectly respectable perspective from mine, I found the blog written by Phil Lee of the law firm Field Fisher Waterhouse and hosted by the International Association of Privacy Professionals to be pernicious. Headlined ‘A Brave New World Demands Brave New Thinking’, it could just as easily have been called ‘The Internet Knows Best’. As far as the net-enabled future is concerned, I think it’s safe to say that Lee is not a sceptic:

All of these connected devices – this internet of things collect an enormous volume of information about us, and in general, as consumers we want them. They simplify, organise and enhance our lives” (my emphasis)

Given that Lee’s blog trails the exciting prospect of internet-enabled shoes, I can confidently say that I don’t want them because they’re stupid. But this is only the beginning. In the face of a welter of products with the capability to monitor our every waking moment, Lee identifies the likely “knee-jerk insistence on ever-strengthened consent requirements and standards” that ‘we’ in the privacy community will demand, even though the purpose of these new devices is “ultimately to provide services we want”. Given that we want these services, Lee says that the wrong thing to do is to ask us whether we want these services. Explicit consent is “lazy”. It will drive “poor compliance that delivers little real protection for individuals”.

Why?” he asks. Yes, Phil, tell us why.

The problem – according to Lee – is that asking people to give consent requires ever-longer consent notices (I’m trying to think who writes these long, tedious, legalistic consent notices, but at the moment I’m coming up with nothing). Consent becomes more about legal compliance and takes the emphasis off privacy by design. Because they have to get consent, Lee argues that technology designers won’t pay any attention to privacy as they build their products, relying solely on a take-it-or-leave-it, impossibly complex consent question at the end.

There are several things in Lee’s blog that got my goat. Aldous Huxley’s novel ‘Brave New World’ is about a dystopia, so abandoning consent in the face of it is – at least metaphorically – surrendering to totalitarianism. The assumption that people want a self-aware fridge is questionable: I know lots of people who don’t even use Facebook. However, my biggest problem is with the premise that these wonderful new products are driven solely by the desire to simplify my life and so nobody needs to ask me whether I want them. I love Apple products and I have no doubt that if Apple produces a watch, as is the current gossip, I will be tempted to buy one. It will not simplify or organise my life – it will be a toy that I will probably struggle to justify buying. I have only now, after two years, found a more constructive use for my iPad than using it to play Osmos. And I have absolutely no doubt that Apple’s intention in launching such a device will be to suck data out of me as I wear it.

The launch of Google Glass – endlessly and breathlessly reported on by numerous commentators including in Lee’s blog – does not strike me as a wonderful development that will improve lives. It is an audacious attempt to place an electronic corporate filter between people and their perception of the real world. The 1990s paranoia about virtual reality offering a dangerous alternative to reality could always be countered by the fact that even if it worked, it was effectively an experience with a natural end. Google Glass goes with you everywhere – the data host can close its laptop or switch its phone to silent, so to ensure that the flow of data keeps coming, Google escapes the restrictions of devices and seeks to mediate the user’s experience of the world. It’s ‘They Live’ in reverse.

If you want to submit yourself to this, be my guest. If you want a US corporation to mediate your senses, go for it. But Lee’s idea that the complexities of this technology mean that we must find alternatives to giving people a choice is the most counter-intuitive response imaginable. It’s absolutely true that the developers of devices and apps should be thinking of privacy at the design stage, but the watchword for this should be choice. If Google cared about privacy, they would not only be launching Google Glass, they would be offering Google BrickWall, a device which would render the wearer invisible to any of Google Glass’s recording and analytical abilities. Instead, non-users will simply have to point and laugh at Google Glass wearers.

Privacy by Design and consent are not mutually exclusive – there is simply no reason to say they are and no reason to let designers off the hook. There is no need for consent agreements to be complicated or technical. I don’t know if Lee is implying that he and his legal colleagues are not up to the task of explaining new technology to the public and offering them a clear choice, but if so, one can only wonder at his pessimism. The premise of the blog is that the public already want these services, so surely they already have some understanding of what they offer and how they work. The key job is for companies to spell out the surprises and then give people a choice. For example:

  • If you buy these internet shoes and use them as advertised, we’ll know where you are, what you’re doing, who you’re talking to, and what you’re talking about
  • We will sell this data to anyone willing to pay for it
  • They will market shoes to you
  • You can’t turn this feature off
  • You will not be able to moonwalk just because you wear these shoes, even though Justin Bieber did so in the advert
  • If you don’t like this stuff, don’t buy the shoes

The brave new thinking that we need is for internet companies to offer adults choices about what using their services involve. This can be a choice within the service, or simply a clear statement of what the service entails and then the choice of whether to participate. Instead of plugging social media as California’s humble gift to the world, they should explain that the price of using the service is data, and explain how this works. They could go further, offering cheaper versions of gadgets that hoover up personal data and charging more for the versions that just cost money. This would be brave (if divisive), whereas Lee’s version of brave sounds a bit Big Brother Knows Best.

When the individual deals with the private sector, especially the big IT behemoths like Apple or Google, the relationship is already impossibly asymmetric. Therefore, as much as possible should be about consumer choice and consent. Consumers should not be infantilised while companies make decisions about how to give them what the companies decide they want. We’re not a homogenous mass, each eager to surrender our selves for a pair of X-ray specs. And most people care about privacy to some extent, because most people shut the door when on the toilet and close the curtains when getting changed.

Beyond sensible legal restrictions to prevent criminality and exploitation, the internet and technology sector is free to sell whatever it likes, and free to ask for payment in data rather than money (we should draw the line at blood and firstborns). The only principle worth hanging onto in the face of this Brave New World is the right to say Yes, or if you want to, No.