governance, political economy, institutional development and economic regulation

Posts tagged ‘Data privacy’

Secrecy, privacy and property rights

access denied

Rahul Gandhi alleged, during last week’s doomed-from the-start no-confidence motion in Parliament, that corruption in the 2016 agreement signed by the Narendra Modi government to purchase 36 Rafale fighter jets from France had forced defence minister Nirmala Sitharaman to backtrack from her assurance to disclose details of the price of purchase.

Parliamentary subterfuge – unnecessary, if there is nothing to hide

The matter could have been ended by Ms Sitharaman admitting that being new, she had overlooked the confidentiality clause – a plausible explanation since military purchases are a tough, black box to unravel. Instead, the government chose to hit back by pinning the blame on a 2008 bilateral security agreement signed by the then UPA government with France. This needed both parties to protect classified information which could compromise the security and operational capability of the defence equipment of either.

It is quite a stretch to argue that keeping the price paid a secret meets the test of “necessity” or “proportionality” which guide how much a citizen’s right to know can be restricted. The Chinese or the Pakistanis couldn’t care less what the Indian taxpayer shelled out for the fighter jets.

They likely already know the specifications of our purchases. But at the same time corruption cannot be lightly presumed to be the reason why Ms Sithraman backtracked. Expect this unresolved debate to hang like an ominous cloud as the counter to the BJP’s allegations of corruption during the previous UPA government.

The underside of unrestrained privacy

Privacy is to individuals what secrecy is to the State.  The debate on privacy got muddied by the recent arraignment of WhatsApp for being the conduit of fake news, which incited vigilante violence and hate crimes.

WhatsApp encrypts content in its pipes end-to-end like no one else. Complete secrecy attracts 1.5 billion active monthly users and 60 million messages per day. Its end-to-end encryption cannot even be decrypted by its own administrators. This rabid commitment to secure the privacy of its users doesn’t align with the extant law and is as over-the-top as is our government’s thirst for secrecy. The fundamental right to privacy is restricted by other fundamental rights, including public order, security and those embedded in Article 21 of the Constitution of India, to which privacy was also mapped by the Supreme Court in 2017.

A fundamentalist view on the right to privacy has spawned “dark”, impenetrable means of communication, like WhatsApp. This is a precursor of what could happen if the “dark web” becomes the norm. Similarly, if crypto currencies are allowed to subvert a sovereign’s power to issue currency and bury crime-related financial transactions underground, catastrophe beckons.

WhatsApp managers initially expressed technological helplessness to regulate the unsavoury use of its technology. They are now making conciliatory noises with an eye to their bottomline. Non-compliance could jeopardise their application for adding-on a payments app in India.

Psst! I have a secret

Secrets

Why has WhatsApp been allowed to linger on and not simply told to shut shop, as is China. The bottom-up view is that encrypted communication has wide appeal across political parties and individuals. We all have secrets.

WhatsApp democratises the power to have secrets, unlike the Official Secrets Act 1923, which locates this power only within the State. WhatsApp allows everyone to have secrets. This suits freewheeling democratic India.The last word on the privacy of digital data will be from the Justice B.N. Srikrishna Committee on data protection. This committee, appointed in August 2017, has worked in unprecedented grand isolation. Presumably, things have been decided behind closed doors and the collective wisdom will be revealed in due course.

TRAI recommendations on data privacy and security mundane, at best 

But in chaotic India, surprises are routine. Days before the report was to be submitted, the Telecom Regulatory Authority of India (Trai) published, on July 16, 2018, its recommendations on privacy, security and ownership of data. The TRAI recommendations are unlikely to make the committee pause and think again. It is already broadly agreed that the individual’s ownership of data is paramount. But both the fundamental right to privacy and the right to property over data are restricted. If the necessary safeguards exist to mask sensitive and personal information, the plea of privacy loses force for denying access to data, at least to the State.

Artificial intelligence requires masses of data to train machines to think and behave better than humans. Anonymised data aggregated across a large number of individuals is more valuable than oil, in order to understand and predict contextual human behaviour.

Who is “Free riding” on data?

The debate on free riding on data has focused on how aggregators free ride on individuals data. However, if an aggregator “pays” explicitly for using individual data, ownership over data should stand transferred to the aggregator. Consider that in touristy locations across the world, locals demand a fee to be photographed. Such contracts, for non-anonymised data, with adequate safeguards, should be encouraged not pushed underground.

With respect to strictly anonymised data the right to deny or withdraw access to, despite adequate masking safeguards, can be viewed as anti-development and also at a stretch anti-national. At the very least, denying or withdrawing access to anonymised data should attract a cost to be paid, since it amounts to “free riding” on the technological benefits gained by others providing their anonymised data.

TRAI has passed up an opportunity to assert that the ownership of anonymised aggregate data should vest with the entity doing the aggregation if a specific contract exists with the data generator (app user). This needs to be clarified to retain the value proposition in data aggregation.

A market for anonymised data

Conversely, TRAI has ignored the need for a market to price data. A market exists even today. But it is an informal and non-transparent market which hurts the commercial interests of the individual data owner and puts the controller or processor of data in the driver’s seat. This information asymmetry can be removed through innovative institutional development to ensure that individuals are not shortchanged and have to sell their data cheap – much like innocent tribals selling their land for peanuts. If data is the new oil, it must priced accordingly.

Restore property as a fundamental right 

demolition

We have grossly neglected property rights in general and specifically in the context of  data management. Civil society mostly focuses on safeguarding the privacy aspect of data management. There is a reason for this. Unlike privacy, the right to property stopped being a fundamental right in India in 1978. This makes it difficult to challenge laws infringing on property rights.

Conversely, the higher judiciary has been indulgent in admitting public interest litigation  (writs) challenging laws threatening fundamental rights generally, so privacy gets privileged legally over property. Privacy rights also align with the need to decriminalise gay sex. It is an emotive issue. In comparison, a right to property seems almost crass, where 60 per cent of people own no land or electric consumer durables; 40 per cent of households live in just one room and can fit their possessions into a gunny sack.

But make no mistake. Socialism erred in hiving-off the right to property from human rights. Property is intrinsic to the right to privacy and liberty. But we will have to keep arguing till we fix this error, eventually.

Adapted from the author’s opinion piece in The Asian Age, July 24, 2017 http://www.asianage.com/opinion/oped/230718/whatsapp-row-on-secrecy-privacy-property.html

Lock your data & sell it

The concept of information asymmetry” was taught using the well-worn example of a secondhand car salesman who uses his insider’s knowledge to sell a “lemon” (a defective car) to the innocent buyer. The new-age example of information asymmetry relates to data.

rural data

Visionary business leaders know that “data is the new oil”. But the average person allows free access to his or her digital data merely in exchange for downloading and using an app, such as Facebook, Google, Twitter, YouTube or Amazon, for free. The asymmetry is that individual data is worth a lot less than data collected at scale. The latter generates enormous value by targeting advertisements and influencing minds. Resolving problems of information asymmetry is a typical regulatory function. But it has been managed lackadaisically in the digital world, at least so far.

Have judicial short cuts muddied the water for selling your data legally?

A Constitution Bench of India’s Supreme Court had decided on August 24 last year that the right to privacy was a fundamental right for every Indian citizen, akin to the right to life and liberty or the right to freedom of expression. The court had stressed, however, that it was not creating a new right and was not, therefore, judicially amending the Constitution. It was merely enumerating the core components of the pre-existing rights in Article 21 to life and liberty.

Life and liberty are recognised as natural or inalienable right. The State can only restrain them lawfully, going through due process, and then too only in a reasonable manner. The judgment serves well the purpose of guarding individual privacy against intrusion by the State. But it may have inadvertently created a problem for individuals who want  to sell their data, opinions or experiences. There is a long history of the right to sell your privacy, such as in publishing a memoir.

Natural rights being inalienable cannot of course be sold. You cannot end your life for money or any other inducement. You cannot also voluntarily revoke your right to liberty and become a slave, no matter how much the reward. Techies, some of whom work 24×7, would be surprised to hear this. Treating privacy as a natural right and yet allowing for its sale with consent will have to be judicially reconciled.

……..and governments looks to the Justice Srikrishna Committee for answers

ravi shanker prasad

Meanwhile, Big Data is too valuable not to be used by social media and digital search, share, see and sell companies. Explicitly contracting with users to compensate them for using their data is one way forward. The Justice Srikrishna Committee report will likely show the way to legislate the do’s and don’ts on data protection.

Public education on the uses & abuses of data would help

In the meantime, the government can help by educating the public about the consequences of clicking the consent button on websites and apps — something that we all do without a thought. Tech companies could also do better. At present, they do inform users about the type of data that they intend to access, but what is less clear is how they intend to use this data. A clear distinction must be made between three types of use.

First, using your private data to target advertisements of products and services that you may want. Second, using private data for generating useful secondary data for sale like analysis of market trends and forecasts. Third, selling raw private data to a third party.

The Aadhaar leaks and the leak by Facebook to Cambridge Analytica of the raw data of 50 million American users are the third type of use, which can only be termed mala fide. Since there was no consent, such leaks should have both criminal and civil consequences — punishing the offenders, including those who leaked, and the collaborators who used the data, and in addition compensating the victims. Mere possession of stolen lists of raw data should be punishable as dealing in stolen goods under the Indian Penal Code. The source of the leak should be booked for theft, or at the very least, for criminal negligence.

Using your data to drive advertisements to you is the least pernicious of the three types of use. You can always choose to not view advertisements. Using your data to analyse behaviour trends is also acceptable, if only aggregated, secondary data is made public.

Socially conscious “tech” should lead by paying for data use with consent 

James Madison, one of the framers of the American Constitution, had put it very well. For him, if there is a right to property, the right itself become property, which can be transacted. Applying this logic, one can make the right to privacy something that can either be enforced or alternatively, sold or gifted, at the will of the owner. This seems to be a practical approach.

Tech companies desirous of being legally in the clear could start compensating customers who explicitly agree to having their data analysed and outed as secondary data, or even given out raw. Paying users through discount coupons on purchases or even by picking up their Internet access charges could generate the underpinnings of consent and contract. If the user remains free to choose any transmission provider, despite the social media site picking up the monthly bill, the Net Neutrality principle, which had killed Free Basics earlier, could also be complied with.

Meanwhile, cryptographed network and analytics tech companies, launching soon, aim to provide a “question and answer” service. Customers could query it about specific markets. “Fetch”, one such tech company, proposes to provide the answers, using primary data from contracted-in data sets of other companies, while ensuring that the primary data is kept secure.

Keep regulation focused on efficiency and free of ideology

Till now, the government has sensibly regulated technology companies very lightly, in order to avoid killing the spirit of innovation. Those days are now over. The government must ensure the impending privacy legislation is fit for the purpose, but also provides for the potential to monetise private data. Not doing so would be a massive social loss.

Adapted from the author’s opinion piece in The Asian Age, April 3, 2018 http://www.asianage.com/opinion/columnists/030418/in-an-age-of-leaks-just-lock-your-data-sell-it.html

Tag Cloud

%d bloggers like this: