The latest round of regulations placed on corporations to protect privacy will not protect us from the harm caused by government surveillance. This should concern us all, since government intelligence agencies are the major players infringing upon our privacy. In May of this year, the European Union enacted the General Data Protection Regulation, a new law mandating that all organizations doing business with the EU must incorporate strong privacy measures, such as Privacy by Design (a set of principles to pro-actively instantiate privacy as the default setting), into their infrastructure. But the GDPR will be limited in its scope since it applies to the private sector. Governments, the major players in this field, will continue to engage in mass surveillance of our personal data.
Of course, governments house vast amounts of personal data in order to provide a variety of services. However, providing government services is not the central privacy issue. The major concern arises when government intelligence agencies are able to access large amounts of personal transactional data such as location data, our purchases, web surfing and social-network activity from corporations and use it to surveil their citizens – this is a mostly invisible privacy issue which remains largely unaddressed: the unauthorized use of personal information by governments, which most likely flies in the face of the U.S. 4th Amendment and Section 8 of the Canadian Charter. And if I may be so bold, Facebook, Google and the like do not have SWAT teams that can burst into the homes of people falsely profiled as terrorists or criminals based on reams of input personal data analyzed by statistical techniques that have an inherent error rate. Even with low error rates of only a few per cent, with billions of transactions, there will still be a high number of false positive identifications – that is, people falsely accused. Current machine-learning algorithms based on statistical pattern recognition may be a boon for businesses in terms of their ability to micro-target ads, recommend movies, restaurants and so forth, but it will be devastating when those algorithms are applied to personal surveillance.
And then there is the financial cost to society of corporate-database hacks, which expose the personal information of millions of consumers to criminals, and the ensuing harm potentially done by identity theft – not to mention the litigation, fines and class-action lawsuits against the hacked organization. All of this further increases the total costs for society as a whole, which will no doubt be passed on to the consumer, but without diminishing the true privacy concerns associated with escalating government surveillance.
Governments acquire the majority of their surveillance data from corporations because that is where most of the personal data resides. We must change this paradigm, of governments accessing corporations' data, to one in which individuals securely store their own data. This is where artificial intelligence comes in. What if, in the future, each individual controlled and securely stored his/her personal data by way of an intelligent software agent, thus precluding corporations from having to install privacy-protective measures? What if the information that corporations retain was individually encrypted by each consumer’s intelligent software agent – their own personal assistant? Then we could begin to mitigate the problem of massive surveillance. What if government authorities could identify potential criminals and terrorists without resorting to mass surveillance, but by using court-ordered warrants in response to probable cause (and in the process, reducing false positives), all in a rapid and seamless manner? What if all of this could be done, while at the same time placing individuals in complete control of their personal data, meaning that our privacy and the resulting freedoms would expand instead of shrink?
My vision of protecting privacy and security is to create a new form of artificial general intelligence – open-sourced intelligent personal software assistants that would securely store your personal data. These assistants would perform a number of functions: understand requests for web transactions based on the context of the situation; delineate and report the logic for any particular decision and action; monitor websites on behalf of the user to ensure that any personal information passed on to them would only be used for the primary purpose of carrying out the requested transaction; and, over all, provide a secure repository for the user’s personal data. I call this decentralized methodology Privacy by Design 2.0.
PbD 2.0’s goal is to make hacks of corporate databases and the concomitant loss of massive amounts of personal data a thing of the past. In other words, personal information would never again need to be stored in a corporate database, either in plaintext or encrypted form, without the express consent of the individual. That doesn’t mean that an organization couldn’t negotiate with consumers (via their intelligent personal software assistant) to use their personal information to, for example, service their requests or for data analytics. It means that one’s personal data would always be controlled by one’s intelligent personal software assistant, based on one's privacy preferences. If an organization needed to use this information, it would need to obtain the individual’s express consent for a specific purpose, after which the information could be deleted. Organizations would no longer be required to expend major resources to embed privacy protections into their systems. With a truly intelligent personal software assistant, an individual’s privacy would be protected, while transaction costs would be lowered for society as a whole.
We call this new technology “SmartData.” And it will indeed be different because the software will be voice-activated on your smartphone. You will be able to set your privacy preferences by simply speaking to it; alternatively, you could accept the default PbD setting. It will also be easy to use for those not digitally inclined: all you would have to do is say to your phone: “Hey SmartData, book me a flight to Chicago for tomorrow afternoon, economy fare, aisle seat.” No swiping, clicking or confusion. Win-win!