privacy. fucking. matters.

anelki

2020/01/15

CW: brief allusions to violent crimes near the bottom of the post

“What does it matter if I have your location pings?! We delete them after 24 hours!”

privacy. fucking. matters.

We live in an age where privacy should be more important than ever. An age when we have the technologies to track and surveil with alarming precision. And that all exists in a regulatory framework that is—to put it as mildly as possible—totally fucking incapable of protecting the privacy of the average citizen. We should all be furious. Instead, we’re on Facebook.

As I noted in my first post, the Overton Window has shifted dramatically since 2006 with the emergence of social media sites as a daily feature of our lives. The defensive posture that most people held on this topic—or claimed to hold, at least—melted away.

There is no more dangerous development and no area in need of a strict legal framework that protects end user privacy, especially in the US.

More than perhaps any other factor, the rise of the smartphone may be the tool that made this all possible.

the spy in your pocket

I opened my first checking account at the US Employees Oklahoma City Federal Credit Union a few days after my 18th birthday. One of the first purchases I made after receiving my debit card a few weeks later was a new wallet. The guy who sold it to me at Penn Square Mall was someone who was “Myspace famous.” For some reason, I remember his posting about going to the Apple Store in the mall to check his Myspace. But smartphones changed that. We could be connected to these networks all the time and fill the gaps with them. The biggest thing that Myspace lacked wasn’t something that Myspace had much control over. Myspace lacked a way to become a constant part of your life. Facebook (which opened itself to mass registration in 2006) was rising just as the iPhone was announced in 2007. Facebook was able to become an early and significant part of the mobile landscape. It was always right there, whenever you wanted to “connect” with your friends.

At the same time, these devices have become effectively essential to most peoples’ lives. During the week of 13 January, I’m planning to make an effort to use my phone less than 30 minutes each day. But I’m not like most people. Most people don’t think about it or maybe they just don’t care, even if they do think about it. Maybe it just never occurs to them.

going off to/at #transpo20

The thing that finally got me to write this post was a conversation I had at Transportation Camp.

Some of the richest and most dangerous data your phone can provide is your location. It’s also a permission that’s frequently requested by apps that shouldn’t really need it. My credit union’s mobile banking app does not need to access to my location. If I really need to find the nearest branch or ATM, I’m perfectly capable of putting in a city name or postal code, thanks! The same for almost every other app that asks for it. None of them really need unrestricted access to this information.

As it happens, it’s also a rich source of data for transit software. And while I imagine most of the people in this field who want access to this information have the best intentions to only use it for arrival time calculations or similar, their attitudes discussing it betray a fundamental lack of concern for user privacy: it’s not the fact that you claim to delete the data after 24hrs, no exceptions. It’s the fact that the data exists. It’s the fact that it is created. Because you’re not the only one trying to get it.

How do I know that if I give you this data, it stays with you? Or that there’s not another app also leaking my location to somewhere else? How do I know that you’re actually using the data they way your privacy policy says you do? I don’t. I can’t know for sure. And I have no good reason to trust you. Or, in a rather disgustingly capitalistic view of things, support your efforts to make money by giving you my data for free.

During a tense session hosted by Transit (it’s an app) and Lyft, ominously titled “We’re Watching You, and That’s a Good Thing” (you really can’t make this shite up, folks) this all kind of came to the fore.

One of the Transit folks started asking some questions about how many people wouldn’t trust them with their data. 80% of people put as hand up. Apple? About the same. Google? 90% plus me putting both hands up.

This obviously took them by surprise.

One person whom I only know as “Kevin,” was incredulous that people wouldn’t share their data to improve transit ETAs:

What does it matter if I have your location pings?! They’re deleted them after 24 hours!

Because, Kevin, the issue isn’t that you may delete it. It’s that I can’t trust you or any other app on my phone to truly protect my privacy. It’s that you’re asking for this data. And for me to give it to you, it must first come into existence. I’d really just prefer it never came into existence in the first place. I want to be able to exist in the world without the feeling that I’m being tracked. Not least by a $500 metal and glass brick in my back pocket. The obvious solution “smash your phone and throw it into the Potomac at high tide” is one that few people would dare consider and fewer still would carry it out.

During the Lyft/Transit session, they passed around the microphone to folks who wanted to explain why they wouldn’t trust Transit and Lyft with their data. I was one of the last folks to speak. I’m sorry to say, I don’t remember what precisely I said. I just remember that Kevin didn’t like it.

Not just smartphone pings but SmarTrip taps

DC’s regional transit agency (WMATA) also collects significant amounts of granular data from every customer who uses a registered card to pay for their journeys. As WMATA Metrorail charges fares based on the length of a journey and when it is taken, an enormous amount can be discerned from that data alone.

As a case in point: a customer taps into Vienna-Fairfax every weekday at 8:30am and taps out at Union Station some time later. Then, they tap in at Union Station at 5:45pm and tap out at Vienna-Fairfax. Given that data alone, you can already begin to form a judgement about who they might be, what profile they fit, etc. If you toss in a bus trip on either or both of those rail trips, you can at least get an idea of where they live based on the AM bus trip from the stop close to their house to Vienna-Fairfax. See? Don’t even need the address. But drawing on demographic data from near the bus stop, you can figure out even more about them. Are they a cashier at Sweetgreen? Or are they the mid-30s Biglaw associate who orders falafel every Wednesday? Now, buy some data from some shady data broker and toss it all in a Blendtec. Boom. Figured you out Josh McMahan, Associate at White Shoe Legal, LLP. Enjoy falafel day tomorrow, sign up for our emails and we’ll send you a coupon for 50¢ off your order!

You probably think this song is about you, Kevin

At the end of the day, the folks from Transportation Camp all migrated around the corner to a bar for drinks/dinner. I had resigned myself to the fact that my sparring with Kevin had concluded, but fate had another thing yet in store.

After dinner and a few beers with some old and new friends, I spotted Kevin making the same case to a delightfully skeptical looking urban planner from a major planning firm. At last, we could argue less than 20 feet apart.

Standing there, listening to him run through the same hackneyed “We all want better transit arrival data, so lemme have yours!” that he’d made several times during several sessions. It dawned on me: “this dude has no empathy.”

So I tried a different tact. I tried to explain that someone who is the victim of abuse or sexual assault may have issues with just anyone taking their data. Then I moved on to the fact that at least three trans women of color were murdered in the DC area last year. Given that, maybe members of the Trans or the broader LGBTQ community might not want to just give up their location or any other data. Because, Kev, people are different from you. The calculus around public safety is different. Who these people can trust is different. They are not a self described “normal, 50-something, straight white dude.”

mumble “Thank you for educating me” mumble, he said, as he turned away to the person on his other side.

Big Data, Little Ethics?

I used to know someone who worked at a software company, and through them, a fair number of data scientists. I have the privilege of working with a great data scientist on a number of projects at work.

The thing that both my friend at the software company (but not their coworkers) and my colleague have mentioned is something that always bounces into my consciousness when issues like this come up:

Most data science people don’t remember that the data represents people. It’s just numbers. It’s just something to manipulate with their slick R or Stata skillz.

And this is the problem in a nutshell.

You might be trustworthy, Kevin, but not everyone is. And I resent that you think I should trust you by default. I resent that about any of these companies.

The default has become to share far more than anyone ever needs to know. But Kevin, be happy! We’ll know with 0.2% more certainty that the bus will arrive only 28 seconds behind schedule.

What the fuck have we already given up? And where are we going? Nowhere good. This bus goes straight to a hell of our own devices.