Big Data is watching you. Has online spying gone too far?

Share

When Katharine MacDonald got pregnant for the first time, she went, naturally, to the Internet and started flinging questions at Google. "Everything I could think of," the 25-year-old masters student, who lives in Charlottetown, recalls. She got answers, but also, almost instantly, Big Data fired back with pop-up ads about baby clothes and breast pumps. "I was still only eight weeks," she says. "The Internet knew before any of my friends and family."

But then, she lost the baby. And Big Data didn't register the news. Even when she purposely searched "miscarriage" over and over again, hoping someone in cyberspace would get the message, the ads kept coming. "There's got to be some way to stop it," she says with a sigh. "But I haven't figured it out."

After MacDonald lost her second pregnancy at 27 weeks, she realized that the ads for children's toys and clothing that kept popping up on her screen were based on the Internet's assumption that she was already a mom with a toddler.

"You are reminded every, every day, all the time, that this happened to you, and what you're missing," MacDonald says. Facebook, a place where she sought comfort from friends, became just like one more tactless acquaintance, cheerfully asking after the baby whose loss she was grieving. The information she'd traded away online with those initial Google searches had drifted beyond her control, impossible to reclaim, or even reset.

Last spring, when Canadian Janet Vertesi, a sociology professor at Princeton University, detailed the extreme measures she took to conceal her pregnancy from Big Data, the experiment revealed not just the full-time plotting that hiding requires, but also how, unless we all plan to live under rocks, it's an impossible endeavour to sustain. Vertesi only managed it with a full-time defence, by insisting on Web-silence among family and friends, and buying big-ticket baby items with cash.

Whether we like it or not, our quiet angst and seminal moments are the spoils in an information-trading game. Big Data, the industry term for all the coded information collected online, is an indiscreet, and often tactless, snoop. Turn 55 on Facebook, and between Happy Birthday messages, Big Data will decide you're overdue for a walk-in bathtub. Casually Google bridal gowns and the Internet jumps into the role of overbearing wedding planner.

We can hardly claim to be innocents, given the ever-repeating debates about Google's creeping reach or Facebook's privacy incursions – the latest assault, announced on Monday, was a new advertising platform called Atlas, that will allow advertisers to use Facebook data to target users outside Facebook. (For its part, Google earned a slap this week from Germany's data commissioner, who ordered the search engine to get express permission before using personal information to create user profiles.) We get riled up when a dating site such as OkCupid admits to surreptitiously playing a "social experiment" on its users, but a nanosecond later we're back on our phones, surfing for romantic interests. The people who are using real baby pictures to create fake families on Instagram are undeniably creepy, but images on the photo-sharing site keep coming. Cellphones spew out data – where you've been, who you've called – like "digital exhaust," as Internet researcher Ronald Deibert puts it, but we never turn them off.

We knowingly enter into a relationship with Big Data with every click we make. But tolerating targeted pop-up ads, as critics such as Vertesi point out, doesn't confer a carte blanche application of the full sum of our digital selves. We should consider our return on the transaction. If we don't put a high price on our privacy, it will go for a bargain. Treasure it, and the companies so eager to learn our secrets will be more careful to earn our trust.

"The business model rests on spying on users, and you can't change that at its core without disrupting that model" says Deibert, director of the Canada Centre for Global Security Studies at the University of Toronto and the author of Black Code, which details, in alarming terms, the omniscient sweep of prying eyes, both public and private.

Rather than scurrying for cover, Deibert makes a case for consumers standing up – demanding accountability for the use of information, more transparency from the first Web click, and clear legal frameworks on the role of surveillance by both companies and governments. While these questions take on more weight in countries without clear protections on free speech, Deibert points out that even liberal democracies surreptitiously break the rules, as Edward Snowden's whistleblowing on the U.S. National Security Agency revealed. Unguarded, data is the purse forgotten on a park bench; a good deed in the right hands, a snatch and grab in the wrong ones.

"I also want to receive useful recommendations when I visit Amazon," explains Deibert. "But what I don't want to have happen is for the WiFi I am connecting to in the hotel in Azerbaijan to take all of my passwords that I am sending in the clear because I am not knowledgeable about Internet security, and then sell that to a grey market cyber-criminal group that's going to exploit my bank account. That's an extreme example but it's also possible."

It's happening closer to home, if for presumably less nefarious purposes. For instance, Deibert explains, when you use free WiFi at an airport or hotel, your Web behaviour – although not your name and other identifying details, according to privacy laws – is monitored and retained as valuable big-picture demographics for market research. You may not care – you like the free WiFi – but what about the GPS on your cellphone, or the control you signed away by clicking, without ever reading, the user-licensing agreement on your latest software or downloaded app?

"Individuals have to be vigilant, not plastering your e-mail everywhere, and putting every detail on Facebook," says Ann Cavoukian, the former Ontario privacy commissioner, now founding director of Ryerson University's new Privacy and Big Data Institute. "Any time you are making a new purchase or opening a new account, let your intentions be known from the first interaction."

Starting from a position of privacy protection, both for individuals and companies, is Cavoukian's key mantra, and she argues that more corporations are realizing the cost benefit – and even the competitive advantage – of doing so. For one thing, she says, they dodge the growing cost of class-action claims for mishandling personal data. "I don't have to make the case to companies any more," she says. "There is enormous value in de-identifying the data. It enables research [and] marketing efforts to continue, getting value out of the data without infringing on people's privacy."

For instance, Cavoukian says, a new approach to biometric data, such as fingerprints, facial recognition or retina scans, might code the snippets of the data only to a pin number, never saving the name or identity of the individual. Privacy protection itself is becoming a lucrative business. An "Indie phone" prototype that controls the data it collects was recently revealed at a technology conference in Wales. Another program, called Omlet, developed by a researcher at Stanford University, is designed to allow users to guard their messages between friends from an unintended third-party audience.

At the same time, what you don't receive via the Web may be as disconcerting as what Big Data does choose to send your way. As Harvard Magazine recently reported, by crunching purchase data, credit card companies have determined that customers who buy anti-scratch runners for their furniture are less likely to default on payments. Let's say the computer doesn't realize you have carpets, will you be offered a higher interest rate, or turned down altogether? In 2012, Target took heat for using data collected from tracking store purchases – items such as cotton balls and unscented lotion – to send coupons to pregnant women, including a teenager whose father didn't yet know she was pregnant. But the company also heard from a swath of customers angry because they hadn't received the bargains, too.

Distilled, this debate is largely about understanding what we get for our data, and thinking through what we're willing to give up. It's worth noting that Christian Rudder, OkCupid's co-founder whose recent book Dataclysm unapologetically detailed the social experiment (among other revealing human tendencies), is a Big Data scientist who has never posted his daughter's picture online. For some people, he says, an online social community compensates for the privacy sacrifices – for him, the value isn't there. "It's a personal choice, it's not like I sat down and formulated a policy for how I use the Internet."

But why don't we do this more, especially when what we're sharing is so valuable? While Rudder questions the ability of laws to react fast enough to new policy issues, he does admire the case made by Alex Pentland at the Massachusetts Institute of Technology, who argued that, in the end, the law of the Internet should come down to ownership – that is, we own what we create online, and should have the power to delete it, or sell it to the highest bidder. (The European court's "Right to Be Forgotten" decision against Google was an imperfect step in this direction.)

Pentland, however, adds one important exception, which brings the debate full circle to the issue of balance: that the data, stripped of individual identity, must be able to be used for the common good, to follow disease, to track the flu, to determine how well government programs are working – even, one might argue, to collect patterns on miscarriages.

As much as she dreaded going on Facebook, Katharine MacDonald couldn't stay away for long. She is a thoughtful example of the tradeoffs we make. Until she installed a program to help block them, the ads kept coming, triggering fresh waves of sorrow. (More recently, on Facebook, she's also received invitations to join groups such as "Childless by Choice".) But revealing her private experience has also reaped positive results. When she spoke openly online about her miscarriage, in part as a form of grief therapy, she also began hearing from other women eager to share their story and seek her advice.

"I trust the Internet, and that is a mistake," she concedes. "[But] I hope there is some safety in numbers."

***

How one mother-to-be hid her pregnancy from the online marketplace

How do you hide from the online marketplace when you are among its most coveted bounty? That's the modern-day riddle that Janet Vertesi, a Canadian sociologist at Princeton University decided to test, after discovering last fall that she was pregnant.

For nine months, she and her husband did everything they could to hide their digital breadcrumbs. They spoke in code when texting about the baby. They posted no pictures and made no online announcement, calling loved ones individually with the news, while asking them to avoid making any references to her pregnancy on Facebook or other social media. When an uncle sent her a private message, "Congratulations, we are super-excited," Vertesi quickly erased it and de-friended him, to remove any connection. (She did send an apology by e-mail.) "It wasn't just about what I did," she says, "it was also about what our friends and family did online."

To search baby names, she used Tor, a private browser that routes online traffic through foreign services – and thus has acquired a nefarious reputation. Buying baby supplies required detailed diligence. They bought everything they could with cash, turning down offers for loyalty cards, and earning questioning looks from store clerks.

To shop Amazon for big-ticket items, they created an alternative e-mail and had the item sent to an Amazon locker instead of their home. Sometimes, Vertesi says, they felt almost like criminals. When her husband tried to buy enough Amazon gift cards to order a stroller online, he was directed to a sign warning that "excessive transactions" involving the cards could be reported to authorities.

"We certainly got a lot of raised eyebrows because we were doing things differently," Vertesi recalled in an interview last spring after revealing her experiment. "How did cash become so suspicious?"

Pregnant women are a lucrative business online, right up there with engaged couples and recent university graduates. (Vertesi tells the story of a cousin secretly shopping for an engagement ring who had to hide his computer during the search for fear his girlfriend saw the jewellery ads that kept popping up unbidden.)

For Vertesi, all that effort paid off. Nine months later, she had her baby – whose name and sex she's not sharing – without Big Data in attendance. But she admits that, in the long run, hiding is not really sustainable. The logistics are too exhausting. As she wrote in an essay in Time magazine: "No one should have to act like a criminal just to have some privacy from marketers and tech giants. But the data-driven path we are currently on – paved with the heartwarming rhetoric of openness, sharing and connectivity – actually undermines civic values and circumvents checks and balances."