The Age of Transparency

I know that most people say that privacy will be “the” new human right in the XXI century: and I would like to agree.

But, despite being a fan of the TV series “West Wing” (few series were so fast-paced and not bound to a specific knowledge domain), I think that, by and large, the war has already been lost- and we have just few skirmishes here and there to keep some residual privacy.

Hence- the age of transparency, considered not as a loss of privacy, but as an active choice.

As usual, I think that the best way to present a thesis is not our standard “Thesis-Demonstration”; I rather like to share the information that “feeds” my usual “connecting the dots”, followed by what I derived from those observations.

Recent news: perspectives on privacy

Recently thousands of pages have been written about the News of The World scandal- but often privacy kept being a “fluid” concept: according to the specific needs and aims of those talking about privacy, it became what I could call either a positive or a negative right (right to selectively disclose vs. right to deny access to information).

In the UK the discussion was about avoiding unauthorized phone tapping.

At the same time when in Italy, spending over 1bln EUR each year on legal wiretaps (newspapers’ data), supporters of civil rights belonging to the opposition (yes, also human rights follow party lines) protested to ensure that the constant flow of unauthorized disclosures of legal wiretaps continue: as a transparency measure to reduce corruption.

Obviously, two incompatible perspectives on privacy: but those are not the only ones.

I posted recently a comment on Facebook about a new event on the Google front: their acquisition of a facial recognition company.

I know that I wrote repeatedly about privacy- and I also worked on privacy, from the definition of a new service (target: small companies), to adding that as part of my project manager and business analyst role in various industries.

And it should not be forgotten that, despite all the good intentions contained within the Directive covering data privacy, we Europeans are sharing data outside the European Union that supposedly we were not required to, as both through our wire-transfers and whenever we travel to the US we provide more data than our own countries would be usually allowed to obtain without just cause.

So, four different perspectives: but you probably understand where I am heading to.

Privacy lost

Google is not the only one playing the online real-time facial recognition card: also Facebook had announced a similar feature.

As I wrote in my Facebook status- maybe beside Googlemaps we can now look forward to a “who was there” feature, and some even more creative marketing services (such as looking for your friends holding a bottle of beer, or visiting a specific location, and then suggesting you either one or the other).

The interesting part: as Facebook pictures are usually accessible from outside Facebook, if you happen to be in the background of a picture taken by somebody else, the new facial recognition feature will make you traceable.

Is this a violation of your privacy? Probably yes- as, while the member of Facebook or its Google equivalent signed up for the service, passersby did not.

But this applies also to newspaper pictures: add a facial recognition feature (yes, live pictures as in Harry Potters’ movies), and, unless newspapers start to publish pictures like the ones that I usually take (almost never people appear), chances are that your privacy already disappeared.

As for mobile phones and other electronic communications: frankly, for the ordinary user, or those who (like me) decided not to use the available means available to protect your privacy (beside the basic things that anybody can do), the technology is privacy-averse: read my past articles for funny stories.

Usually “privacy” means fixing holes- i.e. following (un)intentional disclosures.

It does not really need to be something as dramatic as what happened in UK: an Italian divorce lawyer, years ago, obtained from telecom companies the information about the presence of the husbands’ phone in a certain location at a certain time each week- thereafter, such a disclosure was forbidden.

When we will start paying everywhere using our mobile phones, the linkup with facial recognition and online activities will also bypass one of the last remaining bits of privacy- banks (as you could build a pattern of presence through the various electronic payment activities).

But the difference between the Italian and the British case is also linked to the local cultural context: in Italy, the concept expressed by those asking to keep the unauthorized disclosing of legal wire-tapping is expressing a lack of trust in the legal system and its ability to prosecute those in power misusing their position.

A recent article from Naples, quoted over few weeks the request to arrest a Member of the Parliament (approved few days ago), the investigation of two Generals of the Guardia di Finanza (eventually they got promoted to remove them from their current office, pending investigation), and the restriction order applied on a Vice Questore, the former head of the Squadra Mobile in Naples (transferred to Rome, while he has been ordered to stay clear from Naples)- all involved in corruption cases.

Personally- I think that while publishing should be allowed, illegal wire-tapping or disclosing legal wiretaps should be sanctioned: if you are vested the power to carry out wiretaps, it is not to obtain a personal benefit (be it money, power, or just plain “bragging rights”).

We in Europe and the Western Hemisphere got used to laws and restrictions enacted whenever there is a major crisis: and I find quite puzzling when people seem to link everything to 9/11, forgetting that the 1970s brought to Europe decrees authorizing a search on an entire block, not targeting a specific individual or group (e.g. in Germany and Italy, due to terrorism), and other restrictions.

Incidentally, for my British friends: in Italy, like in most of Continental Europe, we are required to carry our papers with us, and, anyway, our mobile phones enables anybody with the appropriate technology to trace our movements with a better detail than anything that justified the original opposition to the compulsory ownership of an ID card (shall we say, back from the Magna Charta times?).

But, frankly, as I said before, were are now way past that debate, and we should instead consider something else: how to ensure that those having access to the information do use it within the confines of their office, and not, for example, to provide the information to third parties.

As I wrote online: I have no qualms about having to identify myself to, say, travel by plane, ship, high-speed train (all confined spaces were an unnamed passenger could be a security risk).

I think: when I am asked to provide, over an open wireless, all the data that are usually required to confirm/duplicate an identity, without any information about those requiring the information and any confirmation on how long they will keep the data, only to temporarily use a wireless network… it is a database too far.

But how do you shift from defending privacy by catching up with technology (a Sisyphean task), to managing transparency?

Transparency should start at the top: and while financial transparency would reduce the risk of corruption, probably it would be easier to consider that, if you hold a public role, with mobile phones and cameras everywhere, you are actually surrendering most of your privacy while in office.

I will talk about technological means to balance privacy and transparency- but in the last section, and it will be a little bit more technical.

Before: I quoted Italy before, as I was born there and hold its passport: and I will use Italy as an example.

Of course: you have to consider what is relevant in your own country.

Introducing transparency: a sample

I said above that some Italians saw the right to disclose wiretap as a right to be informed.

It would seem quixotical- unless you consider that in Italy corruption is embedded in the complexity of its legal system.

Oversimplifying- more laws and regulations (120,000 last time) imply more rules that you may or may not be violating in your business and, with overlapping controlling entities, more chances that somebody will be “creative”, and get some “tips” by doing (or not doing) something.

Recent statistics say that Italy “enjoys” a leadership in the number of fraud cases on EU funding.

Italy is introducing databases everywhere- also some categories of shopkeepers, from recent articles, will have to collect data on their customers.

I do not know if that will go as far as the hairdresser in Brussels who required a photocopy of my ID and credit card to reserve an haircut (but he was the only one- so, it does not seem to be a national standard), but I think that we will have to get used to a market in databases- unless something changes.

So, instead of considering a “right to wiretap”, as a way to disclose corruption, while not simply say that anybody holding a public office and anybody who will manage an identity database will have her/his tax return automatically published online?

While, at the same time, doing what I was told by some hotel owners, i.e. that their data collection system had to be connected with the Authorities- so that they halted the local storage of data.

Italy has the systems to automatically identify if, say, a tailor has a lifestyle that exceeds his income- why not extend this to anybody holding public office?

But this does not solve the “privacy vs transparency” issue: should the same transparency required from those holding a public office be extended to ordinary citizens?

Or, instead, should not we consider that technology, beside being the source of the issue can potentially, by a smarter use of databases, and the increased connectivity between anything from your car to your fridge (coming soon), enhance privacy, also versus what was available before the Internet era?

Enforcing transparency while respecting privacy

This section is a modest proposal- but the description is a little bit more technical.

Few assumptions:

  • IPv6 will enable the so-called “Internet of things”, i.e. each object with a chip inside will have a unique code, allowing to reach it individually
  • to enable also “passive” devices (e.g. credit cards, storecards) to be traceable, there will be sensors scattered in shops etc
  • we will all eventually have IDs or other identification means with a chip inside: I had my first “chip on a card” issued by Swissair a decade ago (the police in Kloten jokingly greeted me before I showed my passport), and I have more now
  • eventually, collecting data will become as easy as collecting stamps- a kid’s play
  • most countries will eventually converge on “Internet 2.0” or its evolutions, i.e. individual traceability of any connection and virtual enforcement of borders (yes, as it is done for planes and ships)
  • information will be priced by “semantic”, i.e. for what is worth to the recipient, whatever the source
  • any cash transaction for ordinary citizens will be converted into digital, potentially micro-, payments

It is a simple list, but, if you connect the dots, you already know the results.

First, a precondition: creating rules, or creating a database, does not create a motivation to social change “per se”.

As I keep saying when somebody tells me that changing the rules is enough: you need to change the culture, if you want to create a “learning environment”, i.e. people telling you why and who you can improve.

Otherwise: you will simply be able to enforce the rules set to solve yesterday’s issues, not to avoid future (unknown) ones- that requires a motivation to help enhance the rules, not avoid them.

With technology, it is even worse: the user is able to find workarounds that you would never have thought, and covering for all the possibilities would create a control system so cumbersome, that everybody will share informally workarounds (I have seen dozens of examples), making the system next to useless (i.e. how many users use more than 5% of the features of their Microsoft Office?).

Having a “country-by-country” access to the Internet (long ago, I wrote articles on that issue on this blog), while giving to each communication device or spending method a unique IP, and enforcing a national data collection (i.e. not vendor-based, but country-based), would enable a centralized “data profiling”.

In less technical terms: each individual would be able to decide which information is disclosed- and it would be the national database to disclose the information, as no data would be stored elsewhere.

Obviously, “Internet electronic agents” could check that no device or service provider stores more than the data that they produce internally by interacting with the customer, e.g. via a “smart meter”.

If this seems science-fiction… from the late 1980s, I worked often on data design for similar systems (on a company-by-company basis), and then I saw in the 1990s this applied across the whole banking system in Italy, and anybody who visited Europe immediately before and immediately after Schengen started saw a similar approach applied (see here for a sample of the projects/environments I worked on).

Back to the Italian example: assume that this “Internet of things” is in place, and that recent law changes requiring to register your customers will be enforced.

By using the database approach shown (ask the Bank of Italy, if you lack data designers), anybody resident in Italy could get a “national profile”, that would then work as described above.

Whenever an Italian resident carries out transactions with foreign entities, (s)he will know that only the data needed and legally authorized by the Italian government will be accessible to the foreign entity.

If and when an Italian resident moves elsewhere, her or his profile, again according to the bilateral international agreements, will migrate, and be removed from the Italian database.

Actually, the last one was a concept, limited to the tax and residency profile, that was already included, if I am not wrong, within some experiments to enable citizen’s EU-wide mobility (I think that Turin and Tarku did a joint project, in the early 2000s).

Does it really seem so complex? I do not think so, if you consider that we are anyway seeing all those assumptions being gradually turned into reality.

Also on the back-end, with the shift from the simple reporting on the risks assumed by the banking and financial industry, to what could eventually become a real-time monitoring on their exposure to risk.

If you are saying “Big Brother”- think again: if anybody and his dog is setting up databases, isn’t it better to ensure that each one has only the data needed, and that the data are correct, instead of having dozens or hundreds of databases with misleading information about you?

Of course- there are also other positive side-effects: but it depends on your perspective.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s