Thursday, 24 September 2015

I, Robot; and privacy by design

Text of submission to Gikii 2015...

Sonny, the modified NS-5 robot in the 2004 I, Robot film exhibits several key elements designed to serve his mission of avoiding the robotic revolution:

  1. Keep secrets;
  2. Heterogeneity of processing;
  3. Separation from central authority;
  4. Denser alloy…

How can we reflect upon this for technology in general, and privacy by design in particular.

1. Keep Secrets
The recent report  from the Digital Catapult highlights the importance of trust in growing the opportunities for providing value from personal data. However, the report exhibits the continued mental blockage that the technological community seems to have confounding the value in personal data with the need to share that data.
The simple technical architecture prevalent today is software / app / device / whatever which provides a user interface, while all data is stored in “the cloud”. These systems often come with complex Ts&Cs wherein (whether you understand it or not) you have agreed to share your data with the provider and often given them license to do unspecified things with it - usually everything just short of publically publishing it. Laughably this is often referred to as a “privacy policy” – this is not privacy, at best it is confidentiality.
I sit here editing this file on my personal computer using Word – this document is currently private, and the use of this “editing” app does not require me to share my data (document) with anyone; contrast that with Google Docs where in order to use the functionality I am required to share my data with Google. In this regard, I ‘trust’ Word to maintain my privacy as it takes no view on where I store my data and I can choose to keep it secret or send it for review; whereas I have to hope and pray Google is able to live up to its claimed confidentiality, as “the data is out there”.
Hopefully forthcoming legislation will require “privacy by design” – in our simple example, this should indicate that since an editor can be designed to maintain things as secret, this should be a mandatory option.

2. Heterogeneity of processing
Sonny is fitted with a secondary processing system, one that is capable of overriding the default “3 laws” behaviour. However, importantly Dr. Alfred J. Lanning who created Sonny also realised the importance of ensuring that Del Spooner, the automatonophobic cop was sufficiently piqued by Lanning’s death to investigate and follow the breadcrumbs.
We can draw two distinct and complementary lessons from this:

  • Aside from the system that is performing some useful function, we need observers watching out for undesirable behaviours; such technology is widespread in corporations, where independent “intrusion detection systems” monitor networks for anomalous traffic – where are the personal information intrusion detection systems?
  • Since we are dealing with personal data, there is, by definition, some living individual that it concerns. They are an essential part of the heterogeneous processing that we need to ensure is considered as part of the system – for this we must ensure that the humans have legibility, agency and negotiability concerning their data.

Humans in the loop, is essential for “privacy by design” extending significantly beyond what we consider as informed consent.

3. Separation from central authority
It is the stuff of endless Hollywood movies (from Dr. Strangelove to Captain America: The Winter Soldier) that centralized command and control systems are a danger – a central point of attack, emergent intelligence or simply bugs, and the world ends.
While centralized command and control systems are the dream of military commanders, even they provide authority to commanders in the field to make independent decisions to ensure appropriate and timely response to changing circumstances and communications interference (also many movies here too).
Sonny was provided not only with heterogeneity of processing so that he could challenge the default “3 laws” behaviour, he was able to be aware of commands from V.I.K.I. but could choose to ignore them.
Plans for centralized control of domestic appliances for demand side management of energy consumption are both technically dangerous and require intrusive monitoring (that many confound with the roll out smart meters). A similar problem arose in the telephone network in the mid 1980s and was solved with a highly distributed algorithm that requires no centralized state   - such analytic insights need to be forefront of those campaigning for “privacy by design” when confronted with the spurious technical argument “we must centralize the data or it doesn’t work”.

4. Denser Alloy…
Extolling commercial entities to modify their practices to take on board “privacy by design” is a merit-worthy activity, but we’ll need some ghosts in the machine to catch them when they succumb to bad practice or plain carelessness.
Sonny: Do you think we were all created for a purpose? I’d like to think so.
[looks at his hand]
Sonny: Denser alloy. My father gave it to me. I think he wanted me to kill you.
The talk will take examples from domestic Internet of Things to illustrate the points herein made…