Meet the dig­i­tal you

News that a po­lit­i­cal re­search com­pany Cam­bridge An­a­lyt­ica mined Face­book data to try to sway elec­tions has sparked global out­rage. But should we re­ally be so sur­prised? looks at what re­ally hap­pens to your dig­i­tal data.

The Southland Times - - FEATURES -

Such was the se­ri­ous­ness of the oc­ca­sion, Face­book boss Mark Zucker­berg ditched his usual T-shirt and jeans for a shirt and tie.

Fronting up to the United States Congress this week to de­fend his so­cial net­work against grow­ing dis­quiet about its pri­vacy and ethics, Zucker­berg’s mea culpa was well prac­tised. But the un­ex­pected per­sonal ques­tions of Se­na­tor Dick Durbin met with awk­ward hes­i­ta­tion.

‘‘Would you be com­fort­able shar­ing with us the name of the ho­tel you stayed in last night?’’ Durbin asked.

‘‘Um,’’ Zucker­berg floun­dered. ‘‘No.’’

‘‘If you’ve mes­saged any­body this week, would you share with us the names of the peo­ple you’ve mes­saged?’’ Durbin con­tin­ued.

‘‘Se­na­tor, no, I would prob­a­bly not choose to do that pub­licly here,’’ Zucker­berg replied.

‘‘I think that might be what this is all about – your right to pri­vacy, the lim­its of your right to pri­vacy, and how much you’d give away in mod­ern Amer­ica,’’ Durbin said.

That is ex­actly what this is all about. What started with an in­nocu­ous-sound­ing Face­book per­son­al­ity quiz has pro­voked a full-force storm of out­rage, as peo­ple have twigged to just how much of their dig­i­tal life is be­ing tracked, stored and an­a­lysed. How ev­ery­where you go, ev­ery­thing you buy, ev­ery email or mes­sage con­ver­sa­tion you have is an­other brush stroke adding def­i­ni­tion to your dig­i­tal por­trait.

The so-called Cam­bridge An­a­lyt­ica scan­dal in­volved the po­lit­i­cal con­sul­tancy min­ing the Face­book data of 87 mil­lion peo­ple and as­sign­ing them per­son­al­ity types based on what they like and how they be­have.

The idea was to use those pro­files to de­sign per­son­alised po­lit­i­cal mes­sages to help swing the Trump cam­paign, although the ex­tent of its use re­mains un­known. The data breach raised sev­eral red flags - how was the quiz app able to mine the data of the quiz re­spon­ders’ Face­book friends, and what are the im­pli­ca­tions for democ­racy if so­cial me­dia pro­files can be used to ma­nip­u­late elec­tions?

This is your dig­i­tal life

The Cam­bridge An­a­lyt­ica quiz app was called This is Your Dig­i­tal Life. Where bet­ter to start then, than a stock­take of your dig­i­tal life?

We asked four vol­un­teers of dif­fer­ent ages, stages and so­cial me­dia ac­tiv­ity to down­load the data Face­book and Google has on them.

The size and con­tent of the data dumps var­ied wildly, ac­cord­ing to how much each per­son used the ser­vices. I’m a rel­a­tive so­cial me­dia her­mit, so it’s not sur­pris­ing my Face­book archive was a tiny 47MB - the equiv­a­lent of about 146 Mi­crosoft Word doc­u­ments. Welling­ton Girls’ stu­dent El­yse Smaill mean­while had 1.4GB of data - the equiv­a­lent of about 4400 Word doc­u­ments.

The 17-year-old doesn’t post that often, but uses Face­book Mes­sen­ger to keep up with friends over­seas, and Face­book groups to or­gan­ise events. ‘‘I am on Face­book a lot,’’ she laughs, slightly guiltily, as she watches the slow down­load of her moun­tain of data.

The vol­ume and de­tail was sur­pris­ing. Ev­ery Face­book Mes­sen­ger con­ver­sa­tion you’ve ever had; ev­ery Face­book photo you’ve ever liked, posted or been tagged in; au­dio files sent as part of Mes­sen­ger con­ver­sa­tions. Ev­ery email you’ve ever sent via Gmail, ev­ery YouTube video you’ve ever watched, or searched for; ev­ery Google Drive doc­u­ment. And, in one case, a to-the-minute map record of ex­actly where you went on your English hol­i­day.

There were laughs - Face­book had cu­ri­ously de­cided 65-year-old Grant Sid­away should re­ceive ads about women’s is­sues, while I was ap­par­ently into The Beach Boys and an English band I’ve never heard of. Seven­teen-year-old Katie Bonne was down to re­ceive ads re­lat­ing to 1965 Julie Christie movie Dar­ling.

There was noth­ing as sin­is­ter as the log of a phone con­ver­sa­tion with his mother-in-law, which Welling­ton de­vel­oper Dy­lan McKay dis­cov­ered in his Face­book data, fu­elling global fears. But there were un­nerv­ing de­tails. Katie’s Face­book data in­cluded an au­dio clip recorded on her phone, but never shared with Face­book or Mes­sen­ger.

El­yse dis­cov­ered a clutch of gam­ing apps had up­loaded her con­tact info, although she couldn’t re­call ever us­ing them. I found un­fa­mil­iar Face­book photos, and that Face­book some­how knew which of its ad­ver­tis­ers had my con­tact in­for­ma­tion, although I never log in to apps or sites with my Face­book lo­gin.

And that’s just Face­book and Google. If you’ve ever signed up to a store’s email to get that 15 per cent off your next pur­chase, chances are that store is now track­ing your be­hav­iour. Ama­zon records ev­ery­thing you’ve ever bought, ev­ery prod­uct re­view you’ve writ­ten. And stop to think about the playlists served up by Spo­tify or the apps that rec­om­mend books es­pe­cially for you, and you’ll re­alise the only way they can do that is by min­ing the data of mil­lions of other users to find peo­ple who seem to have sim­i­lar tastes.

Should we re­ally be sur­prised?

‘‘Pri­vacy?’’ asks mar­ket­ing lec­turer James Richard. ‘‘There’s no such thing.’’

‘‘Ev­ery­thing you do or say, your net­works, your con­tacts, ev­ery­thing about you is col­lected and ex­ists some­where. The laws we en­act around pri­vacy I con­sider sim­i­lar to the locks you put on the doors of your house. It makes you feel safe, but if some­one wants to break into your house, they’re go­ing to do it.’’

Study Google’s pri­vacy pol­icy and you’ll see they read your emails, and even record phone data. But the Vic­to­ria Univer­sity aca­demic says peo­ple don’t read terms and con­di­tions, which can stretch to 30+ pages. And they don’t re­alise tech be­he­moths such as Face­book, Google and Ya­hoo own mul­ti­ple busi­nesses, and move data be­tween them. Google owns YouTube; Face­book owns In­sta­gram and mes­sag­ing app What­sApp.

Richard says busi­nesses have al­ways tried to pre­dict what peo­ple want, from the vil­lage butcher who has your Fri­day steaks ready be­fore you walk in the door. Per­son­al­i­sa­tion has al­ways been the holy grail of mar­ket­ing.

Face­book ads al­ready marry your in­ter­ests with your lo­ca­tion, which they can work out from our IP ad­dress even if you’ve left your pro­file lo­ca­tion blank. So if you’re into horserid­ing they’ll post ads for sad­dleries in your home city.

What seems to have upped the creep-out fac­tor in the Cam­bridge An­a­lyt­ica case is the fact they pur­port­edly used peo­ple’s Face­book pro­files to pre­dict per­son­al­ity type, and then pre­sented po­lit­i­cal mes­sages tai­lored to that way of see­ing the world.

It’s not sci­ence fic­tion - a 2015 Cam­bridge Univer­sity study found an app could pre­dict per­son­al­ity bet­ter than fam­ily and friends, based purely on Face­book likes. A sec­ond study found us­ing a sin­gle ‘like’ as­so­ci­ated with in­tro­ver­sion or ex­traver­sion, and de­sign­ing ads to suit that per­son­al­ity type, could in­crease sales by up to 50 per cent.

Richard says with the evo­lu­tion of big data and ar­ti­fi­cial in­tel­li­gence, pre­dic­tive tar­get­ing will only get bet­ter.

‘‘You’ll have a per­sonal agent em­bed­ded as part of a phone or watch. You’ll say ‘I want to buy a new car’, the agent will find a car that fits your bud­get and the type of per­son you are, and will ne­go­ti­ate a price with an­other AI. It will know enough about you and what you like.’’

Richard ar­gues it’s not un­eth­i­cal to mine data to send peo­ple in­for­ma­tion that’s rel­e­vant to them - that’s good mar­ket­ing.

‘‘What I ve­he­mently op­pose is un­eth­i­cal mar­keters who use this data to ma­nip­u­late or take ad­van­tage of vul­ner­a­ble peo­ple.’’

Ryan Ko runs Waikato Univer­sity’s Cy­ber Se­cu­rity Lab. He presents an equally sober­ing pic­ture of just how much in­for­ma­tion is be­ing col­lected about ev­ery in­ter­net user.

You know that won­der­ful Google Maps fea­ture that tells you trip times, tak­ing into ac­count cur­rent traf­fic? They do that by GPS track­ing peo­ple on the roads.

You’ve heard of cook­ies, which record your iden­tity and track your in­ter­net surf­ing pat­terns? What about zom­bie cook­ies – cook­ies that come back to life af­ter you’ve deleted them, track down your ear­lier self and keep adding to your his­tory.

And it’s not just what you like or write on­line that gives you away. Ko’s lab can tell from what, how – and how fast – peo­ple type, whether the typ­ist is a mid­dle-aged man and a left- or right-han­der.

While five years ago ev­ery­one was wor­ried about gov­ern­ments spy­ing on them, now peo­ple are re­al­is­ing that com­pa­nies like Google and Face­book have the com­put­ing power and tal­ent to un­der­take mass sur­veil­lance, Ko says.

Pri­vacy Foun­da­tion deputy chair­man Ge­han Gu­nasekara says while ev­ery­one now knows not to diss their boss on Face­book, data min­ing is a whole new fron­tier.

‘‘Peo­ple are happy to click ‘agree’ but what they don’t re­ally re­alise is that you’re es­sen­tially al­low­ing a Tro­jan horse into your smart­phone or com­puter, which can then snoop around and col­lect a whole bunch of stuff.’’

A threat to democ­racy?

It’s hard not to no­tice you’re be­ing tracked on the in­ter­net when you check out a pair of shoes and 30 sec­onds later an ad for those shoes ap­pears on an en­tirely dif­fer­ent site. Yet peo­ple seem sur­prised and alarmed the same con­cept could be used for po­lit­i­cal mar­ket­ing.

While no party in New Zealand is known to have used Cam­bridge An­a­lyt­ica, po­lit­i­cal par­ties have been try­ing to per­son­alise mar­ket­ing for decades.

In the past you’d work out your best tar­get was women un­der 40 who were house­hold shop­pers, look for tele­vi­sion pro­grammes with sim­i­lar de­mo­graph­ics and then ad­ver­tise dur­ing Roseanne and Short­land Street, says Na­tional party poll­ster David Far­rar.

Then along came Face­book, which al­lows par­ties to ad­ver­tise just to women aged 30 to 50 who live in North­cote.

Par­ties also try to tar­get psy­cho­log­i­cal pro­files, Far­rar says. You seg­ment pop­u­la­tions into types - such as Pres­i­dent Bush’s ‘‘Nascar dads’’ and ‘‘Soc­cer mums’’, and then use fo­cus groups to bet­ter un­der­stand how to ap­peal to them.

‘‘If you get big enough datasets and you find 80 per cent of peo­ple who vote Na­tional also like Led Zep­pelin, and 78 per cent like South Park. If you can find some­one who likes five of those things, you’ve prob­a­bly got a rea­son­able sci­en­tific ba­sis to say ‘There’s some­one we want to tar­get’. That’s all Cam­bridge An­a­lyt­ica was do­ing.’’

The Obama cam­paign also mined the data of Face­book users and their friends to tar­get ad­ver­tis­ing, but did not use a third party or the ruse of a quirky quiz.

Stuff asked Na­tional, Labour, the Greens and NZ First about their use of Face­book ads and data pro­fil­ing.

Na­tional says it uses Face­book’s tar­get­ing tools to max­imise value for money, tai­lor­ing mes­sages or pol­icy to peo­ple who ‘‘like’’ their Face­book page, to young vot­ers, se­nior vot­ers, or vot­ers in a par­tic­u­lar place. How­ever, they still find get­ting out and talk­ing to peo­ple more ef­fec­tive.

Labour cre­ated a range of elec­tion ad­verts across Face­book, YouTube, Google, and Grindr. Gen­eral Sec­re­tary Andrew Kir­ton says they don’t use Cam­bridge An­a­lyt­ica-style per­son­al­ity typ­ing. They do use elec­toral rolls, cen­sus and other pub­lic data, com­bined with door knock­ing and phone sur­veys, to try to un­der­stand who their tar­get vot­ers are. For ex­am­ple, pos­si­ble stu­dents who might be in­ter­ested in the party’s free ter­tiary study pol­icy. But they also favour doorsteps and phone lines.

‘‘Yes en­gag­ing with vot­ers on­line is im­por­tant, but in my view the ef­fec­tive­ness of it is al­most al­ways over­rated.’’ The Green party says it does not use Cam­bridge An­a­lyt­ica or any­thing sim­i­lar, but does tar­get ads us­ing Face­book’s in­ter­est tags.

NZ First leader Win­ston Pe­ters con­firmed NZ First did cre­ate dif­fer­ent po­lit­i­cal mes­sages for dif­fer­ent groups, but did not use data or per­son­al­ity pro­fil­ing.

Par­ties also col­lect their own data – sign­ing a po­lit­i­cal party’s pe­ti­tion is as stupid as do­ing a Face­book per­son­al­ity quiz, Far­rar warns. And he ex­pects par­ties to con­tinue us­ing data to make po­lit­i­cal mes­sages ever more per­son­alised.

Tech com­men­ta­tor Ben Kepes thinks Face­book’s al­go­rithm – which pri­ori­tises posts in your time­line based on what it thinks you want to see – is a greater threat to democ­racy than per­son­alised po­lit­i­cal mes­sages.

‘‘The echo-cham­ber ef­fect is much more of an is­sue than the ad­ver­tis­ing as­pect, I think.’’

What can you do about it?

There’s an old say­ing, that if you’re not pay­ing for the prod­uct, you are the prod­uct.

The prob­lem with the in­ter­net is users ex­pect ev­ery­thing to be free, so data-min­ing has be­come Face­book and Google’s busi­ness model.

At present, you can join #deleteface­book and opt out al­to­gether, turn off Google chrome track­ing and lo­ca­tion ser­vices, and switch to a pri­vate email provider that prom­ises not to read your emails. But that’s about it. If you want to buy any­thing you still have to pro­vide credit card de­tails, a name and ship­ping ad­dress. If you want to con­nect with friends, you’ll have to de­sign and fund your own so­cial net­work, and drag all your mates with you. In short, the opt-out op­tions are limited.

There was gen­eral agree­ment – both among com­men­ta­tors and our vol­un­teers – that in­ter­net users de­serve more clar­ity about how their data will be used. Sid­away sug­gested five or six bul­let points, in place of the cur­rent im­pen­e­tra­ble screeds.

That’s one of two pri­or­ity changes sug­gested by Pri­vacy Com­mis­sioner John Ed­wards, who has deleted his Face­book ac­count fol­low­ing the data breach. He re­jects mar­keter Richard’s view that pri­vacy is an il­lu­sion.

‘‘Has the horse bolted? Do we care any­more? Is pri­vacy dead? I don’t be­lieve any of those things are true.’’

His sec­ond rec­om­mended change is ro­bust reg­u­la­tion to pro­tect data pri­vacy and se­cu­rity, in­clud­ing sig­nif­i­cant penal­ties – some­thing New Zealand cur­rently lacks.

‘‘The rea­son your kid’s toy box is not filled with lead-cov­ered things is be­cause there are re­ally sig­nif­i­cant con­se­quences for pro­duc­ers putting those things into the mar­ket place. If they are un­safe, if they don’t meet the stan­dards, then they are pros­e­cuted. We are now in an age in which data can be mis­used in ways which are just as un­healthy or un­safe.’’

En­force­ment is likely to re­quire in­ter­na­tional con­sen­sus. How­ever, Ed­wards does not ac­cept in­dus­try protes­ta­tions that track­ing data breaches would be just too hard.

‘‘There’s an in­tel­lec­tual dis­hon­esty in say­ing that pro­tect­ing large com­mer­cial in­ter­ests’ in­tel­lec­tual prop­erty rights across an open in­ter­net is le­git­i­mate, nec­es­sary and doable but pro­tect­ing in­di­vid­ual pri­vacy is not. I’m call­ing out dou­ble stan­dards. They say it’s too hard, but ac­tu­ally it’s not too hard when you’re try­ing to pro­tect your new movie, or Ri­hanna’s new sin­gle or what­ever.’’

Ko is lead­ing a $12 mil­lion gov­ern­ment-funded cy­ber se­cu­rity project called Stra­tus, to re­turn con­trol of data to the peo­ple it be­longs to.

Ko ar­gues real con­trol would re­quire three things: a way of track­ing your own data, and re­ceiv­ing no­ti­fi­ca­tions if some­one tries to ac­cess it; keep­ing data en­crypted while it’s an­a­lysed (it can be done at present, but slows pro­cesses down); im­ple­ment­ing a kill switch, so that when Jennifer Lawrence dis­cov­ers her nude photos have been hacked, she can im­me­di­ately re­trieve them.

Gu­nasekara likes the new Euro­pean law’s re­quire­ment for pri­vacy by de­sign, and pri­vacy by de­fault, putting the onus back on de­vel­op­ers.

Richard ar­gues for bet­ter ed­u­ca­tion, so peo­ple un­der­stand what they are agree­ing to, and can see through things like per­son­alised po­lit­i­cal mes­sages.

In the end, though, ev­ery in­ter­net user will have to de­cide how much of them­selves they’re pre­pared to sell to pay for the con­ve­nience of freely con­nect­ing with fam­ily and friends, shar­ing and us­ing their doc­u­ments wher­ever they are, and get­ting jour­ney times based on cur­rent traf­fic.

‘‘I would love to have a med­i­cal chip em­bed­ded in me with my per­sonal his­tory,’’ Richard says.

‘‘If I was ever knocked un­con­scious, hit by a car, some­one could pick me up, scan it, and know ev­ery­thing. But there’s a down­side to that – my in­surance com­pany is go­ing to know all about my health.

‘‘There is a trade­off. There al­ways is.’’


Face­book chief ex­ec­u­tive Mark Zucker­berg tes­ti­fies be­fore Congress, about data pri­vacy and the use of Face­book data to tar­get Amer­i­can vot­ers in the 2016 elec­tion.


Pri­vacy Com­mis­sioner John Ed­wards deleted his Face­book ac­count in re­sponse to the data breach. He re­jects the idea that it’s too late to im­prove data pri­vacy.

As head of Waikato Univer­sity’s cy­ber se­cu­rity lab, Ryan Ko aims to re­turn con­trol of data to those who own it.

Newspapers in English

Newspapers from New Zealand

© PressReader. All rights reserved.