Magazine

W{h}ither Privacy?

ByPrithwis Mukerjee

We need rules and guarantees that ensure that the loss of privacy does not compromise the well-being and dignity of the individual.

Privacy, or the Right to Privacy, has recently entered the public debate in India because the government has claimed in the Supreme Court that this right is not fundamental to the life and liberty that is otherwise guaranteed in the Constitution. But before we weigh in this debate, let us consider that even otherwise, how much privacy do modern, technology-enabled individuals enjoy today?

All of us use Google directly—for search, for mail, for watching videos, possibly for cloud storage. We also use Google Maps when we use Uber, Zomato and similar location-based apps on our Android phones that use its Global Positioning System (GPS) features. Facebook is our preferred way to keep in touch with family, friends and acquaintances with whom we share updates and pictures and respond to their updates with comments of our own.

There are many other services that we use but let us stick to these two that are the most ubiquitous and are immensely popular—and of course, the icing on the cake is that they are free. Free as in “free beer”, that is! Use it, have fun with it and no need to pay anything in return. But is it free? It obviously is, in the narrow monetary sense, but let us look beyond the obvious. Do you know how much Google knows about you? Quite a lot.

First, it knows what are the things or topics that you are searching for and second, as a corollary, the websites that you subsequently visit. So it knows if you have an interest in fine art photography or pornography! Technically speaking, it does not know about you as such, but about the “anonymous” person sitting on your computer and using the browser but the moment you login to Gmail— with your Gmail account—it can immediately connect you, the Gmail user, to the person using the browser and your anonymity is blown for ever.

Now this identification extends to each and every machine that you use to access Google services—the laptop, the tablet and the smartphone and very soon Google has a pretty good idea of the kind of person that you are. But this isn’t all—because Google reads your email as well and knows whether you are planning a visit to the Andamans with your family or discussing your investment plans with your financial advisor. But Google is not alone in this.

Facebook is just as curious about you and possibly goes one step further in knowing about our friends and “relationships”. You begin with the minimal mandatory information about your name, email and date of birth but as you post updates, comments and visit websites, it gets to know you more and better. Powerful text and sentiment analysis tools determine whether you are, for example, a right-wing computer programmer? A left-wing machinery salesperson? Or an ISIS-leaning university professor?

Even if you are very careful about revealing details about yourself, it knows that “birds of a feather flock together”, and so it checks out, not just your “friends”, but people who you have sent friend requests to and the people whose friend requests you have denied. Predictive statistics and machine learning techniques are used to connect the dots and arrive at conclusions that will surprise you with their accuracy—this author was surprised to learn that Facebook knew that he lived in Bhowanipur, a locality in Kolkata, that he had never, ever consciously referred to in any communication.

In fact, a website called Digital Shadow, a promo for a role-playing computer game set in a dystopian, privacy-poor Chicago—unfortunately not accessible outside the US—shows how much of your private information can be extracted from your Facebook profile and used to create a dossier that looks suspiciously similar to one prepared by assassins! One of the most creepy features about Digital Shadow is that it tries to guess which of your “friends” in Facebook could be used against you. But why are Google and Facebook tracking, or rather stalking, their users?

The obvious answer is that they want to offer you better services and in the process lock you into continuing to use their network. For example, Google claims that it can customise your search results to make them more relevant for you—a computer programmer and a zoologist both searching for “python” would be led to different websites, one for the programming language and the other for the reptile.

Facebook claims that it can reunite you with people who matter to you but with whom you have lost contact since childhood. But the real motivation in tracking and knowing users is that this knowledge is used to show advertisements—which is the only source of real income for both companies—that are relevant for you.

If the subject of the ads is of interest to you, you would be more likely to be tempted to click on them and bingo that is when they will bill the advertiser for every click-through. The entire business model and the humongous revenue stream is critically dependent on knowing you well enough to be able to predict which ad you are likely to click on. Which is why Google and Facebook will go to any extent to extract information about you and to be able to do so they are willing to offer you more, better and more customised services to lure, and lock you into their network.

In this context it may be a good idea to remember that whenever you get something free — free as in beer, that is—you are the product that is being sold to someone else for a price. Without being aware of the fact, you are monetising your personal information and using it as a “currency” to purchase the “free” services that are on offer. But before you view Google and Facebook as evil ogres and rush to cancel your accounts and delete your profiles—which you would eventually never do anyway :-)—think again.

Not only do these companies not have any evil designs on your health or wealth but they give you enough opportunities to stop them for acquiring this information. With a little bit of effort, you can figure out what data about you is being captured and can then configure your accounts to allow only that information that you are comfortable with sharing. The other good thing about this data collection process is that the raw data is, in general, not made available to any third party unless there is a court order to make it available to an authorised government agency.

So in effect, Google and Facebook can collect your personal data but technically, you have a way to turn off the tap, or at least reduce the flow significantly. But can you do so? That’s the catch! Consider the following… Google Maps is an amazing service, not only for taking flights of fancy over the Taj Mahal or The Great Wall of China, but also to navigate around town or go on a long drive through the countryside. For this, the GPS feature of your Android phone is used to determine your position and locate you on Google Maps.

Unfortunately, your location is also stored by Google, and the history of all places that you have ever visited in the past can be accessed by logging in with your Gmail account. In fact, even in places where this is no cellphone coverage, the location is captured and then uploaded onto Google as soon as the cellphone can access the network. So even when you are off the grid, as the author was in Ladakh recently, your location and approximate movements are available in your location history!

That is quite a big hit on your privacy. You should also be aware that any picture that you take with a phone or a modern digital camera is encoded with the GPS determined latitude and longitude of the place where the picture was taken and so even an indoor picture of any subject that is uploaded into Facebook carries with it the physical location of the photographer. You may react to this in one of two ways. You may argue that since I am not a terrorist or not involved in anything illegal, I do not care if my location is known to Google and by extension to anyone who can access this data. But someone who is more privacy-conscious may decide to use the facility that Google offers to turn off the process that determines location.

The second option may seem to be a good idea, but this will lead to some major inconveniences! You would not longer be able to use Google Maps to know where you are. More importantly it will also disable a whole raft of location-enabled applications like Google Sky, My Track, that helps you determine the length and duration of your morning jog, and horror of horrors, the very useful taxi hailing apps like Uber and Ola. All smartphone apps gather and transmit a huge amount of personal information, including but not limited to location, behavioural patterns and even contact names.

This is why most e-commerce sites like Myntra and now Flipkart are desperate to migrate users from websites, that need a browser, to the mobile that has a dedicated app. Of course you could keep toggling the location feature on and off as and when you need it but that would be very inconvenient. So this is the tradeoff: if you want the convenience of something useful, like booking tickets online or hailing cabs, then you must “pay” for it with your “personal data.”

Are you willing? This tradeoff is not new. If you roll back a couple of years and go to an earlier generation of technology, the fact that you are using your cell phone means that you are revealing your location. Moreover, a cell phone is a personal device and your call records—that are available with the telephone company—shows the network of people that you are connected with and this information is not really any different from the network of your “friends” that Facebook is aware of.

Similarly, when you use a credit card, the bank gets to know both your location as well the nature of goods or services that you have purchased. All these are serious violations of privacy, but can we afford to stop using cell phones and credit cards, without facing serious inconvenience? But even this tradeoff is not new. Let us roll back a couple of centuries, or decades in some societies, and look at another kind of tradeoff. Would you want your womenfolk to step out of the house?

For a lady to come out of purdah and visit a location outside the harem is also a violation of privacy! Outsiders may get to see what she looks like and also know who all she is visiting. Is that acceptable? It depends on where you draw the line and decide what level of privacy you are comfortable with. Unfortunately, there is no unique and universal way to define the point where the tradeoff between privacy and convenience is not acceptable anymore.

Someone may find it acceptable to keep their women behind closed doors, others may choose not to use credit cards and cellphones, still others may not want to use Google and Facebook and then there can be someone else who would refuse to give his biometric data to get the Aadhaar card. So we need to shift the debate from privacy per se, to the consequences of the loss of privacy.

If a woman goes out of the house, then instead of questioning her loss of privacy, we first need to make sure that she feels safe enough to do so and then, should she be harassed, molested or otherwise violated, then the full force of the law should be applied on the perpetrator of the violation. So the real question is not that of privacy but the rule of law. Once the focus shifts from ensuring privacy to enforcing the rule of law, the issue becomes much simpler to address. There is no difficult trade-off between privacy-vs-convenience or between privacy-vs-security.

Instead, we have the rule of law, and that by definition should be supreme. In practical terms, this translates into making sure that before any service is offered in exchange of personal data, there must be a clear and unambiguous contract, or terms of service, that specifies the end use precisely—who will get to see the data and why. This practice, adopted by all ethical and honest websites that offer technology-enabled services should not only be adopted by the government but should also be enforced by laws of contract and tort through the judiciary.

Unlike Google and Facebook, a government offers services for which it is the only, monopoly service provider—for example, birth, death and marriage certificates—and which the citizen cannot afford to live without. So there must be a by-pass, a manual override for individuals who prefer privacy over convenience. Well-known privacy advocate Richard Stallman is one such man who does not use credit cards, cell phones, Google, Facebook or Amazon because he values privacy ahead of convenience.

Most of us, on the other hand, harassed as we are by the pressures of modern life, are happy to sacrifice our privacy for the convenience of modern technology-enabled solutions. The government must cater to both categories of people. As technology advances and systems become critically dependent on digitized information, prevailing ideas about privacy will become obsolete—just like the harem and the purdah. But as privacy fades away, we need something else—rules, processes and guarantees, that will ensure that the loss of privacy does not compromise the well-being and dignity of the individual.

Can we trust, and force, the government to be honest with its citizens? Not just with privacy, but in every other area of governance. That is the real issue that civil society must grapple with.