How data privacy spun out of control, and what is next - Interview with Arwen Smit

Can you please share with our readers your professional background and how you came up with the idea of your new book, Identity Reboot?

Technology has intended and unintended consequences. The tally of ‘what had not really been anticipated’ currently stands at influenced elections (as described in the investigative Mueller report), dis-information proliferating across social media, damaging ‘deep fakes’ (detailed faked videos), commercial campaigns targeting deeply held values, filter bubbles strengthening online division and tribalism, online surveillance, and behavioural manipulation. The red thread running through this toxic turbulence is data. A technology advocate at heart, the question of data privacy and identity led me on a multi-year quest of examining humanity in the digital age: Identity Reboot was born.

Identity Reboot argues that in the 21st century data privacy precedes human capability for reason. Human behaviour has become an optimisation problem, and we are providing the data that is being optimised for. Whether it involves companies maximising profits or governments sculpting the perfect citizen, identity and data reside at the very heart of the ‘optimisation equation’.

This book is a story about what comes after. It continues where others stopped, suggesting a way forward. This is a book for those who feel that the promise of the Internet has been compromised along the way. This is a book for politicians, business leaders, and technologists who have country and career defining decisions to make. And this is also a book for those who love data and want to preserve the many benefits it can bring to the world. 

What are the main threats in the field of data/identity protection and what can be done to diminish these challenges?

In a world defined by data, unintended consequences are plenty. To start, there is identity theft. With access to biographic, behavioural and biometric data, imagine the damage somebody could do pretending to be you online. Americans are more worried about being a victim of cybercrime than being a victim of a violent crime. 

Another area for concern is the depth of data collection for profit and power purposes. For context, when presented with a dataset of more than 12 million Americans containing over 50 billion location pings, journalists from The New York Times could identify a single individual in the entourage of President Donald Trump, effectively following the President’s movements. Location data is merely one many targeting variables. 

It follows that building an efficient targeting machine means that both good and bad actors gain the power to use such infrastructure for good and bad ends. Preferences of and predictions on human behaviour are valuable commodities in this day and age, with the explicit goal to better control those preferences and predictions in the future. Technically, preferences are not the end-product, but future behaviour is. 

While profit games justify data collection, power games justify data surveillance. When weighing the individual vs. the collective, free speech vs. moderation, and security vs. privacy it becomes clear that weighing the role of data is paired with weighing the role of government.

Is the blockchain the best way to protect data privacy? 

Identity Reboot explains that reclaiming human capability to reason unfolds via multiple layers. 

Autonomy, the first layer, is split into three: Autonomy of Being (the ability to make verifiable claims about yourself), Autonomy of Thought (access to independent information of high integrity), completed by Autonomy of Reason (a dialogue on the information, logic, and authorisation of algorithmic decision making). 

Data Equity and Data Privacy make up the second and third layer, respectively. Data equity asks if privacy can be protected without sacrificing utility. In other words, in order to reap data benefits must people draw the short straw? Data privacy, the third layer, refers to the role of data in the social contract between citizen and state. 

Blockchain is one in a suite of technological tools necessary to reimage data privacy in the 21st century. Blockchain technology will play an outsized role in reclaiming Autonomy of Being (the ability to prove that you are you), restoring provenance to information to combat dis-information (‘fake news’), as well as laying the technical foundation for data collaboration. However, blockchain complements other techniques, such as de-identification, distributed computing, encryption, impermanence, and of course, regulation.

Are the existing regulations that aim to prevent data abuse on the Internet sufficient? If not, what is needed to improve the regulatory space?

European GDPR fines to date total around half a billion euros. Yet the true relevance of GDPR is not the sum of its fines, but rather an evolution in thinking: online identity matters as much as offline identity, and deserves protection. 

Governments have an historical opportunity to define what good identity looks like. Identity Reboot proposes a suite of recommendations for governments on how to approach identity, suggestions on how to halt disinformation, a framework for thinking about algorithmic ethics, guidelines on data treatment, and an evaluation of the role of data in the social contract between citizen and state. Within these constraints, new business models will be born. Think of trust brokers, key management solutions, rented logic, and data provenance.

However, different cultures ascribe to differ value systems, institutionalising different regulatory expressions. Three value systems are emerging: the US, the EU, and China. The window to express cultural views towards human rights in an online world is fleeting, and failure to act now might result in another exporting its values more successfully. 

You believe in the need for a reimagination of data privacy in the 21st century. How can this be achieved and what are your predictions on the future of data privacy?

Even if the companies in this book might no longer exist in ten or even twenty years, if left unaddressed, it is more likely that we will face the same problems. Arguing that technology giants such as Facebook and Google should never have been founded in the first place because we presently find fault with the current use of their infrastructure is like arguing that automotive giants should never have been created on the ground of climate change. We are here, now. The question is how we will move forward.

It is sobering to realise that if data is out there, it stays out there. This implies that databases of faces and fingerprints (biometrics), likes and cursor movements (behavioral), and names and addresses (biographic), can never be recovered. But, if we act now, I’m optimistic about the future. I believe that the problems in front of us are solvable. Identity is a fundamental asset of interaction: it is the very first step towards humanity in our data-driven society. The future is yet to be written – and we will all have the opportunity as well as the responsibility to contribute. 

About Arwen Smit 

Arwen Smit specialises in technology ethics and its intended and unintended consequences on society. Smit is the author of Identity Reboot, a book examining how the break-down of personal data privacy is being exploited from profit and power perspectives, arguing that human behaviour is being devalued to an optimisation game, and that we are providing the data that will be optimised for. Smit has previously worked within strategy roles for companies such as the Mobility Open Blockchain Initiative, venture capitalist firms, various startups, Google, and Facebook.