The Data Revolution
Recent headlines like “Facebook and Cambridge Analytica: What You Need to Know as Fallout Widens” and “Far more than 87m Facebook users had data compromised, MPs told” have people in a panic. Some are accessing their own metadata, shocked to learn how far their personal information can travel. Politicians are in a sweat, some because they must face their constituents’ fears, others facing their own ignorance of this hot-button issue.
For my part I’m more worried about the reaction, or more precisely, the overreaction this issue might provoke. We are depending on out-of-touch representatives to draft laws and regulations that will keep our data safe, when it is becoming clear that these same representatives lack a basic understanding of how the internet works. Here is a simple interaction between Mark Zuckerberg, CEO of Facebook, and Orin Hatch, the senator from the state of Utah:
Orin Hatch: Mr. Zuckerberg I remember well your first visit to Capitol Hill back in 2010. You spoke to the Senate Republican high tech task force which I chair. You said back then that Facebook would always be free. Is that still your objective?
Mark Zuckerberg: Senator, yes. There will always be a version of Facebook that is free. It is our mission to try to help connect everyone around the world and to bring the world closer together. In order to do that we believe that we need to offer a service that everyone can afford and we’re committed to doing that.
OH: Well if so, how do you sustain a business model in which users don’t pay for your service?
MZ: Senator, we run ads.
The problem isn’t that Orin Hatch does not understand the many nuances of technology. Rather, it’s that he didn’t bother doing basic research on the topic. Facebook’s business model is similar to that of other “free” enterprises, like radio and TV, which sustain themselves through ads. These are the guys who are about to debate how to regulate our data. THAT is scarier to me than how my data might be abused.
Should I be concerned?
Yes and no.
Yes. The fact is that you should be careful with your data. Be careful with your activities online. Do not fill out every form. Do not accept every game invite, and do not take every quiz.
For example, answering the above question may seem innocuous at first. But, did you know that some sites use inquiries like this to generate security questions? The answer to this question might serve as an answer to a security question. By putting the answer to this question online, you might unknowingly bring hackers one step closer to accessing sensitive information like your bank account.
On the other hand….
No. You have access to and control over your data. You can manage how your data is displayed. You can choose to limit your Facebook posts to close personal friends. You can compartmentalize your use of social media: Facebook for friends, LinkedIn for professional interactions, and Twitter for
trolling social interactions. (I did not mention Instagram, Snapchat, and other social media platforms, but please use them carefully).
Why we need data
Data is the essence of the internet — it is what fuels this tool, now so central to modern life. We use the internet to gather information, to win arguments, and in return, we also contribute to the internet. We review products. We applaud good service or condemn bad service. Without our contributions, there would be no such thing as Wikipedia. The internet is the hamster wheel on which we all take turns, to ensure that it keeps turning.
My fear that the data accessibility pendulum might swing too far in the opposite direction is a real one. Hoarding our data is not the answer. I’m not a fan of the #deleteFacebook movement. It doesn’t solve the problem of proper data management; it merely moves the problem from one platform to another.
And as I mentioned, our data fuels the evolution of the internet and the products that connect to it. Let’s take the NEST thermostat as an example. The NEST thermostat can gather data from your energy usage, your activity, and your presence. It can then run this data through an algorithm and some machine learning that will interpret your daily pattern and optimize your thermostat and energy consumption. This is the brilliance of data. On the other hand, might also include some security risks. Knowledge of your daily activity could help hackers understand when you are and aren’t home. In the case of NEST Labs, however, this concern is unfounded: NEST has been very good at keeping their data secure.
However, this is not to say that connected devices and their security is not a point of concern. Take the CloudPets issue as an example. The lax security around this product is worrisome; strong security is the responsibility of every software and product developer, and should be a priority.
Privacy concerns are not limited to security issues, either. For another example, consider the so-called “smart” TVs. A few years ago people noticed that included privacy notices gave some vendors the right to record conversations and share them with third-party vendors. This wasn’t criminals taking advantage of insecure devices; it was a company openly saying in the fine print that they were sharing customers’ data. Many other devices besides smart TVs can record you: your phone, laptop, smart speaker, and every app that runs on them could also be doing so. This is why some people put tape over their laptop cameras.
So, what is our responsibility as consumers?
“Everything in moderation, including moderation.” — Oscar Wilde.
With moderation in mind, we don’t need to #deleteFacebook; we just need to set the appropriate sharing and permission settings. We need to actually read product privacy notices. We need to demand more accountability from software and product developers. We need to be aware of the recording devices around us. With the increase in connected devices and other devices that can passively record audio and video, the opportunities for hackers to penetrate a system and steal data also increase. We may not need to obfuscate everything we do online, but we do need to think about what we’re allowing to get online. We need to vote with our wallets and return products that don’t adequately protect our data.
At Spiria we have worked on development of several software and products. When it comes to connected devices, our experience began in building medical devices. FDA-approved medical devices, regardless of their classification, require heavy security scrutiny. The process we developed ensures that the product is secure and challenging to penetrate, and that the data is secure both in storage and transmission.
We apply this same process to all our development. When it comes to software development, there are several approaches: some are “mobile-first” and others are “offline-first”. At Spiria our mantra is “security-first”. We apply this approach to all the software we create, whether web applications, mobile applications, or desktop applications. This is also true of all the product development that we have done in the fields of medical devices, precision agriculture products, energy management, and consumer products.
We see connected devices as an ecosystem encompassing all aspects of the connected device. Take the NEST thermostat, for example. The actual thermostat is only the beginning of the connected device. The thermostat requires a high-functioning, well-designed user interface. This ensures that installation, connectivity, and usage is simple, which is key to a product’s success. The device will also be gathering information from the user and the environment. It will gather information on heating and cooling patterns, activity within the house, etc. It will also connect to weather data and know the current outside temperature. This conglomeration of data will be placed in a database, and then run through an algorithm and some machine learning to better accommodate the user’s needs. There is also the issue of connectivity. The NEST thermostat is connected to the cloud and therefore is accessible from a computer browser or mobile app, ensuring accessibility from any device at any location.
Taking this approach to development, and to connected devices, is one way that developers can empower users to have better control over their data. Responsible development that keeps data security in mind helps create devices that facilitate user understanding and data management, and means that the devices themselves are conceived with security top of mind. With development that considers the user’s security needs, and users who are more aware of their own role in data management, those of us who use and love the internet and its connected devices can contribute to its evolution, and our own, with more awareness, confidence, and control.