Ann Cavoukian leads the Privacy by Design Centre of Excellence at Ryerson University and is the former three-term information and privacy commissioner of Ontario.
How is it that our personal information is so vulnerable to cyberattacks? One attack can expose millions of personal data records, but we are also vulnerable to the privacy policies of the organizations that house our data. The main reason is that we currently use a “one-to-many” oversight mechanism, wherein one organization is responsible for protecting the privacy and security of many individuals. These are the Facebooks, Googles, Apples, Equifaxes and so forth. They all give lip service to protecting our privacy, but whether they actually do so is a function of their corporate culture. But what if there was another way, one that did not require the centralized storage of personal data in repositories?
Yogi Berra once said, “When you come to a fork in the road, take it.” In order to truly protect privacy, we will need to take the road less travelled. Instead of having a one-to-many oversight mechanism, we must use AI technology to evolve to a one-to-one oversight mechanism, with individuals able to control their own set of personal data.
Imagine having your own SmartData agent, an open-source (think Linux) software residing in the cloud that you can instruct, using your smartphone, to transact services on your behalf – ordering products, conducting web searches and so forth. Your personal agent would interpret those instructions within the context of your privacy preferences and then carry them out – anonymously. But your SmartData agent could also ensure that the personal data transmitted to a website would only be used for the primary purpose intended, then erased in a Snapchat-like fashion, if that was your privacy preference.
If an organization wanted to retain your personal data for analytics, it would need to negotiate with your SmartData agent. And prior to disclosure, your agent could ask the organization to sign an agreement stating it would only use the data for the intended purpose, with that agreement stored on a blockchain. But what if that organization declined to sign? Then your agent would inform you and suggest alternative sources that would agree to sign, then await your decision – the point being that, as with the Linux operating system, a market-driven ecosystem would arise as long as there was a demand for privacy. In addition, your personal data would never reside unprotected in an organization’s database; it would be encrypted by the unique key of your SmartData agent. That way, a successful hack would only lead to the exposure of one set of personal data instead of millions.
Organizations would no longer have the unfettered use of massive collections of personal data without the express consent of the individuals involved. Ironically, such technology would become an integral component in the protection of one’s privacy, which is now being threatened by the misuse of technology. But it would become a “technology of freedom.” In a world where personal information may increasingly be transmitted and used in multiple locations simultaneously, protecting data privacy may be possible only if the information itself becomes intelligent and capable of making appropriate decisions about its release, on behalf of the data subject. In other words, the data must become smart. We must take back control of our personal information from organizations and place it in the hands of the data subject, where it belongs.
Now you will be in the driver’s seat. You will be in control – privacy is all about control! Organizations would no longer have carte blanche over your personal data without your express consent and a contractual commitment to use it as per your stated preferences. And we can do this by using the innovative technologies of artificial intelligence encompassing deep reinforcement learning, homomorphic encryption, blockchain and evolutionary computation. We have tools that can serve as technologies of freedom – not the dystopian view of dated zero-sum, win-lose models. This is a call to all privacy-loving technologists: Let’s take the road less travelled and develop technologies that will preserve our privacy and, most importantly, our cherished freedoms.