Google’s ambivalent regard for privacy begins to catch up with it…

December 12, 2018 |

As if the Australian Competition and Consumer Commission report on Digital Platforms Inquiry wasn’t enough of a shot across Google (and others) bow Google has had to admit that Google Plus has had another, as in repeat, privacy flaw.  In October Google admitted a privacy flaw which had affected about half a million Google Plus profiles in the fortnight prior to fixing that problem.  Google admitted that the accounts had been exposed in March 2018.  The flaw was very significant, being the exposure of user’s names, email addresses dates of birth, profile photographs and occupations (amongst other details) to third party app developers through an API Bug.  An API, application programming interface, is a set of  is a set of subroutine  definitions , communication protocols, and tools for building software.  It allows the creation of applications which access the features or data of an operating system, application or other service.    On 10 December 2018 Google admitted to another bug which has affected Google Plus, potentially allowing 52 million user’s personal information to be accessed by third party apps and developers without permission. Google claimed that the flaw was introduced with a software update.  That in and of itself bespeaks as lack of competence.  The problem is that there is little benefit in believing anything Google says.  It’s approach to privacy issues is ambivalent and compliance with basic privacy protections grudging.  It’s track record on regulation is “catch us if you can.”   As expected the coverage has been hardly congratulatory with Fresh Google+ Bug Exposed 52.2 Million Users’ Data, A New Google+ Blunder Exposed Data From 52.5 Million Users and After another massive Google+ data breach, you should probably delete your profile right now.

It gets worse with Google’s CEO fronting a hostile congressional hearing as reported in Google CEO Sundar Pichai Faces Lawmakers Skeptical Over Privacy, Alleged Anti-Conservative Bias  and as reported in the Australian with Google CEO Sundar Pichai to be grilled on privacy policies.  The Australian article provides:

Google’s chief executive will be forced to defend his company’s privacy policies to a hostile congressional committee in Washington today (AEDT), amid growing global anger over the company’s treatment of privacy and political content.

CEO Sundar Pichai’s testimony comes only days after the Australian Competition & Consumer Commission released historic recommendations to hold digital platforms such as Google and Facebook to account.

It also comes at a time when congress is considering how to apply strict government regu­lations on tech giants that have so far been allowed to develop their businesses with little oversight, ­despite a series of controversies.

In prepared remarks ahead of his testimony to the house ­judiciary committee, Mr Pichai did not concede company privacy policies had been inadequate.

“Protecting the privacy and ­security of our users has long been an essential part of our ­mission,” he will tell the house ­judiciary committee.

“We have invested an enormous amount of work over the years to bring choice, transparency and control to our users.

“These values are built into every product we make.”

He will say Google, which like Facebook and other tech giants has traditionally opposed government regulatory oversight, was now willing to support US gov­ernment efforts to legislate ­greater government controls over the ­industry.

“We recognise the important role of governments, including this committee, in setting rules for the development and use of technology,” he will say.

“To that end, we support federal privacy legislation and proposed a legislative framework for privacy earlier this year.”

Mr Pichai will also deny accu­sations that Google settings ­have favoured greater exposure for left-leaning political commentary than for right-leaning ­commentary.

The problem with Google and its approach to privacy is cultural.  It defies a philosophy that puts the highest premium on the widespread and unfettered collection of personal data followed by analysis through algorithms to give a marketable and valuable product.  Google has demonstrated that it is prepared to go apply that philosophy to extraordinary and dystopian ends by filling part of the Toronto suburb of Quayside with sensors to collect masses of data in a private public partnership development.  The story is covered by the Atlantic in The City of the Future Is a Data-Collection Machine. The development may be a technical marvel but the lack of transparency about privacy protections is causing alarm.

The article provides:

In Silicon Valley, to make a device “smart” means to add internet connectivity, allowing it to collect, send, and receive data, often while learning and adapting to user preferences. The technology industry has invested wholesale in the idea that “smart” means better, and so we have smart speakers, smart thermometers, smart baby monitors, smart window shades, and smart sex toys, all perpetually collecting rich user data to send back to company servers.

Soon enough, we’ll have a smart city: Sidewalk Labs, a subsidiary of Google’s parent company, Alphabet, is building one “from the internet up,” with help from a series of private-public real-estate partnerships in the downtown Toronto neighborhood Quayside (pronounced Key-side).

It is not the first smart city—municipalities around the world have adopted smart infrastructure like artificial-intelligence-enabled traffic lights—but it might be the most ambitious. The project’s 200-page wish list of features is astounding. The “vision document” imagines not only the revitalization of a 12-acre plot that has sat largely vacant since its heyday as an industrial port, but its transformation into a micro-city outfitted with smart technologies that will use data to disrupt everything from traffic congestion to health care, housing, zoning regulations, and greenhouse-gas emissions. Long before flying cars, smart sensors won’t just be in our mattresses or our bidets, they’ll be embedded in the walls of our homes and the concrete beneath our feet.

But all those data require mechanisms to collect them, and the march to an “always on” city has drawn an onslaught of accusations against Sidewalk Labs and its real-estate partner, Waterfront Toronto, for dismissing privacy concerns and misinforming residents. In the past month, four people have resigned from Waterfront Toronto’s and Sidewalk Labs’ advisory board over concerns about privacy and lack of public input.

“People have to know that privacy is the default,” said Ann Cavoukian, who served for 16 years as the Ontario information-and-privacy commissioner and who is a professor at Ryerson University, where she leads the Privacy by Design Center for Excellence. “Meaning, they don’t have to ask for privacy; we’re giving it to you automatically.” Until October, Cavoukian was an adviser on the Quayside project, but she resigned after Waterfront Toronto and Sidewalk refused to unilaterally ban participating companies from collecting non-anonymous user data.

Nearly every city-fixing proposal from Sidewalk Labs combines civil engineering with some element of data collection—what the vision document calls “ubiquitous sensing.” Quayside reduces carbon not just via a thermal grid, but by embedding each home and office with Alphabet’s Nest smart thermostats, which use “occupancy sensors” and predictive modeling to autonomously adjust temperatures throughout the day. It mitigates traffic congestion by not only designing a more walkable city, but by employing a series of always-on cameras in public spaces that use computer vision to analyze traffic patterns.

Even the streets are smart. Among the innovations proposed to reduce pedestrian fatalities are autonomous cars, ride sharing, and “dynamic streets that collect and respond to data.” Streets would be embedded with LED lights that change throughout the day, allocating different amounts of road width to each type of commuter. With Sidewalk’s proprietary Flow system, cameras in the traffic lights would register vehicle speed and predict collisions.

The city is literally built to collect data about its residents and visitors, which Cavoukian was clear-eyed about when she signed on to be an adviser. She’s worried about Sidewalk using all these cameras and sensors to track people on an individual level, to create real-life versions of the personal profiles Google already uses to track people online. Without anonymization, she said, a single person’s activities could be connected across multiple sources and varying databases to track his movements over the course of the day.

The nature of Big Data analysis is that it reveals patterns and potential correlations that people don’t realize exist. For example, do people tend to order Uber Eats more when there’s more pollen in the air? This would be valuable information for companies, which could hypothetically time nudges and ads on food delivery around pollen season. Personally identifiable data “is a treasure trove,” Cavoukian said. “They want the identifiable data because then you can send all types of ads. Once people’s interests and comings and goings are [tracked], it would be a nightmare.”

In her capacity as an adviser, Cavoukian asked for a unilateral ban on personal-data collection. Sidewalk countered that such a policy should fall to its Data Trust, an independent governing body made up of representatives from Sidewalk, Waterfront Toronto, city government, and companies setting up shop in Quayside. Concerned that such a trust was designed to put citizens second behind corporations, Cavoukian quit.

Micah Lasher, the head of policy and communications at Sidewalk Labs, told me that Cavoukian’s demands were unrealistic. “The kind of certainty Dr. Cavoukian was seeking at this stage in the process could only be achieved if Sidewalk Labs presumed that it could have authority over all private-sector entities that may come to operate in Quayside,” he said. He added that Cavoukian’s exit was “unexpected,” and that the company has received enormous amounts of positive feedback on the data-trust proposal.

Lasher also told me that Sidewalk agrees with the importance of scrubbing personal info. “We’re not going to gather up all Torontonians’ data and sell it, we’re not building Sensorville,” he told The Atlantic in February.

How Sidewalk Labs and Waterfront Toronto square their plan for “ubiquitous sensing” with a simultaneous goal of avoiding “Sensorville” remains to be seen. But people like Cavoukian suspect that Quayside will work much in the same way other corporate projects do: User behavior is mined, the product is refined, and people spend more as they are engaged with more precision. If, for example, increased walkability and modular building increases sales at the string of planned shops in Quayside, any financial benefit theoretically goes to retailers. If peoples’ data, produced as they live and work, are key in enhancing profit, shouldn’t they reap more benefits than a shorter commute and cleaner air?

Another resignee, Saadia Muzaffar, the founder of TechGirls Canada, said over the phone that Sidewalk Labs failed, in her eyes, to inform residents how their data are part of either the city’s or the company’s revenue model.

“When you are coming to the table in good faith,” Muzaffar said, “I think you have to show what’s in it for you. That’s the only way to have any kinds of equity in a deal, especially when you’re talking about public interests.”

Muzaffar also said she felt as though representatives were not fully informing residents, focusing only on the potential positives of the project and ignoring questions of ownership and consequences. “There was actually active dissuasion from talking about data,” she said. “They make it feel as though it’s so complex [that] people won’t understand [data], when you can actually break it down. I think it’s really unfair to try and consult with the public on something they don’t understand.”

Lasher told me that “thousands of Torontonians” have attended varying workshops and public-engagement opportunities, with another roundtable scheduled next month.

“I think it’s important to note that this project seeks to accomplish many things,” he said,“including delivering large amounts of affordable housing, a highly sustainable neighborhood, and economic activity and new jobs. All of that needs to happen along with policies that protect the public interest, including with regard to data. But, data is just one piece of this conversation.”

Quayside may very well accomplish these things, remaking the city as we know it and setting precedent for future projects like it. But the controversy has shown that it may need to reimagine not just traffic patterns and thermostats, but a set of rules for data, privacy, and corporate “innovation” in a context that has never existed anywhere else on Earth. Thus far, at least, that’s proved the most difficult project to pull off yet.

The melancholy reality is that many of Googles opaque practices should warrant the scrutiny of privacy regulators.  In Australia that doesn’t happen because the Information Commissioner is timid.

Leave a Reply

Verified by MonsterInsights