Please enable JS

The New Civilization In The Era Of Data - Control, tracking and security

Privacy, digital democracy, data value, monetization, ownership, blockchains, cryptocurrencies, artificial intelligence, … Every activity on the Net leaves traces and user information. Constantly connected devices involve privacy risks. Rules and transparency needed to manage the Digital Society.

 Article by Giorgio Merli

As we know, today there are 4.5 billion people connected via the internet and, by 2030 there will be 75 billion IOT (Internet of Things) devices also connected or connectable. They are inputting data about ourselves onto the internet: data coming from our homes (energy meters, electric appliances, etc…), from our cars (GPS, black boxes, etc…), from our smartphones (use of apps for location, etc…), from our internet activity (including what we disclose by accepting cookies in order to access sites that interest us), from our use of services offered in smart cities, etc. This means that, as of today, nobody can say they still have complete privacy.

The proliferation of contact tracing apps for the containment of the Covid pandemic has initiated numerous discussions about their effectiveness and raised privacy protection issues, with particular reference to people’s health data and social contacts. Without discussing the effectiveness of the chosen solutions (monitoring procedures and specific technologies), we have all realised that in fact we are already living in a “Big Brother” society in which we are constantly being observed.

THE PURPOSE OF THE IDENTIFIERS

The scale of this reality cannot be overlooked. This situation is known to experts and nowadays also to a wider public, as a result of recent sanctions against telephone companies and also thanks to numerous journalistic reports tackling the subject (such as the Netflix documentary film The Social Dilemma).

We must be aware that an app in itself is a doorway to our data. The operating systems of our smartphones in fact generate a series of APIs (Application Program Interfaces) which allow apps to use the different functions offered by the device (such as GPS, camera, etc…). The APIs provide access to the various identifiers of the device, that in turn lead to the owner’s identity.

It is no coincidence that our smartphone’s ID Device is called IDFA (“Identity for Advertisers”) in the IOS-Apple systems and AAID (“Android Advertising ID”) in the Android systems, indicating how they were specifically developed to produce targeted and personalized advertising based on the monitoring and algorithm-interpretation of our behaviour and interests. The purpose of identifying data is therefore quite clear: its main purpose is to make us the recipients of individual targeted advertising.

There are also other identification tools used by numerous stakeholders and apps. By analysing some of them in detail it will be simple to understand how the technology “big players” can easily identify the owner of a device and trace his behaviour simply by cross-checking this ID with location data and internet access data.

The most important identification tool is the IMEI (“International Mobile Equipment Identity”), which is the unique identifier for each smartphone. It remains unchanged even if the application is reinstalled or when the device is returned to its to factory default settings. IMEI is an ID hardware for warranty verification, registration of the product in the manufacturer’s database, device localization and arrest in case of theft or loss to protect personal data, and the installation of updates.

Then there is the MAC WLAN address (an identifier that each device that can connect to an internet network has) and there is Bluetooth one (it too is unique, used for example for COVID tracing Apps).

Since the IMEI is bound to the SIM card, we can be certain that none of us produces anonymous data because that would be physically impossible. The acronym SIM stands for Subscriber Identity Module which means that our SIM card is connected to the personal data we give to the telecom companies when we sign a new contract. After all, without this fixed connection it would be impossible for the company to know who to charge for its services. And since SIM cards are traced by radio stations managed by the telecom companies, these companies, at any given moment, have access to our data. In theory this data is securely stored, but it can be easily sold, legally or not, to anyone who may be interested (just think about the recent sanctions imposed to some telecom companies when some of their employees were accused of stealing and selling the personal data belonging to the company’s customers).

THE ABSENCE OF ANONYMITY

Currently, therefore, data anonymity is unrealistic. All we can do is trust those who are managing these systems, yet they could still be hacked and/or accessed by their employees.

As such, even though there are numerous operative advantages on both a business and a private level for operating digitally, we must acknowledge the many risks connected to this lack of anonymity. It is for this reason that rules and laws that try to limit the risks have been activated. First of all, there is the European Community’s GDPR (General Data Protection Regulation). GDPR has become a model for the whole world. The regulations that have been recently defined in California (which is where most of the apps that have led us into the world of data were first invented) are in fact very similar.

Obviously, we have to hope that world standards will follow these examples. It would otherwise be difficult to keep realities such as Cryptocurrency and social networks under control, if somebody can take advantage of some more “tolerant” access doors. Just think what is happening on the subject of the lawfulness of certain behaviour on social networks such as Facebook and Twitter.

Think about the expected large-scale monitoring and use of data regarding health that we are expecting in the next few years (a process that has picked up speed due to the spread of the Covid-19 pandemic). Consider, the different uses of personal data depending on politics and reference models (for example how China has kept the pandemic under control and how, by using facial recognition, it monitors everything that could be of interest to public administration and influence the citizens life through the use “Social Credits”).

In fact, it has been Covid-19 that has allowed us to recognise that privacy will come to an end in the face of “urgent” health problems and/or problems of security in centralized socio-political environments. We already understand how much of our personal data is in fact, more or less officially, in the hands of Internet operators, e-commerce, public administrations, Secret Services and… interested hackers (for themselves or their clients). Unfortunately, we can also foresee how our data could fall into criminal hands for legal direct or indirect use and probably for totally illegal uses in the deep and dark web where there is arms trafficking and, what more worryingly to us as people, organ trafficking. For more banal reasons, the fact that someone can freely access our data without our knowledge must be cause for extreme concern.

THE AVAILABILITY OF DATA IN REAL TIME

This justifiable concern must not make us get rid of the Internet, removing all the opportunities and convenience it offers us, but it must motivate us to find a way to limit such dangers, even if we cannot eradicate them completely.

Consequently, we must acknowledge the fact that IT and today’s telecommunications infrastructures do not allow for data anonymity and, at the same time, we can no longer adopt a hard-line approach for privacy protection; probably an impossibility with the new logic of global social networks. There may be moments of a partial rethink about the casualness with which personal data and facts are made visible (as happened in September 2020 when a significant percentage of users abandoned Facebook and Instagram when the alarm was raised about this), but the trend indicates an increase in the use of the Internet that will be unstoppable.

In fact, the new digital economy is based on, and will become more and more reliant on, the availability of real time data to allow the implementation of new “smart services.” The use of some services and the fulfilment of some administrative and social obligations can already only be carried out digitally, and the Covid pandemic has accelerated this trend.

The advantage of sharing data resides in the fact that it can be shared for purchasing, fulfilment, use and supply of services and the development and sharing of knowledge. The negative aspect resides in that it may be used in an uncontrolled, illegal or fraudulent and criminal way.

A positive use could be an intelligent analysis of data for the most diverse of reasons, from intelligence against terrorism to research for new medicines, from the robotization of business procedures for risk management to the development of new products to supply personalized services and also the intelligent management of urban mobility being the fruition of services in smart cities etc…

Unfortunately, even when used positively, there already exists a widespread anxiety about its illegal use that is unbeknown to us.

 

DIGITAL DEMOCRACY AND ARTIFICIAL INTELLIGENCE

Yet another positive use, that has also a possible negative side, is that of data transparency regarding Public Administration, an important extension of which is probably the use of digitization for the functioning of Democracy.

The subject of Digital Democracy is in fact on the agenda of the European Union and other countries. It is already being greatly utilised in countries where democracy is managed from the top. Just think of China where everything is controlled and managed digitally (top-down obviously), encompassing all procedures within the Public Administration as well as management in real time of controls and sanctions. Think about the “social credits” (a sort of car license point system) used by the Chinese as a criterion for the right to use community services, access to finance, education etc…

A system that is very different to the meaning attributed to Digital Democracy in European democratic countries, where Digital Democracy is about giving the chance for citizens to contribute to the management of public affairs bottom-up, such as the applications developed in Barcelona, where citizens can participate in decisions on public investments etc…

Another important theme is the spread of Artificial Intelligence being used to analyse a combination of personal data and people’s behaviour. At the moment the digital robotization of processes (not only in manufacturing, but also in processes of banks, insurance, legal and mobility etc..), presents the same advantages and risks of the other IOT applications. The implications are quite different when we talk about Artificial Intelligence being applied by the Secret Services, politics, research by pharmaceutical companies and companies interested in studying the weak signals of the market and of people through the social networks or other personal digitalized information and activities (for example our health data archived in a health facility). In which case, Big Brother studies our behaviour and sentiments thoroughly and tries to influence us or use us for some specific gain; for example, suggesting new purchases, attempting to influence voters and generating fake news artfully put on internet...

DATA OWNERSHIP AND DATA CONTROL

By acknowledging all this and not seeing any reversal, there is the need to at least guarantee us citizens a chance to control our own data. Having also understood that it is impossible to anonymize our data, due to current easy geolocalization and other factors, all that remains is to hope for the promotion and development of systems that will increase the ability for people/citizens/company customers to control ownership of that data.

Safer and more transparent systems are needed in which people can share and keep under control the data they decide to share with companies and communities. This means that it will be necessary to allow people to have visibility and control over third party utilization once they have conceded access and use of such data. This is the only way for citizens and customers to regain trust in the institutions and companies with which they have contact. Here, the development of the Cybersecurity technologies will play an important role.

To acknowledge the status quo – as described so far – serves to create the necessary awareness to develop new technological tools that will restore control of data to its rightful owners (citizens and customers). In this way we will reduce the focus on Data Privacy – which remains fundamental and suitable in specific contexts – and begin speaking about Data Ownership, that is unilateral control over the access to one’s data, as envisaged in the GDPR and in the European Commission (Brussels, 19.2.2020) COM(2020) 66 final).

It is necessary therefore to develop infrastructures and platforms that can operate on the Internet to guarantee this “Ownership”. However, to do this, two preconditions must be met: firstly, there must be the will to do it and secondly the knowledge and capability to develop and implement such technology. As far as technology is concerned all this could already be developed, but it is strongly resisted by those who have huge commercial interests in being able to manage our personal data freely (first and foremost the powerful Internet, Social network and e-commerce companies). Working against this trend are the regulations that the political and social communities have defined, first and foremost, the previously mentioned European Community rules known as GDPR.

THE ROLE OF BLOCKCHAIN

If in the last decade the focus was on trying to resolve the problem of “Data Privacy”, in the next decade the focus will be on looking for technological solutions that will allow the application of rules.

An important role will be played by Blockchains, which are a combination of rules and technology. Blockchains will, in fact, allow citizens/customers to control access to their data, thereby significantly increasing their trust and willingness to collaborate (also to make cities a better place to live in). The Blockchains will guarantee the reliability of the data allowing large communities with common interests to have information and regularly registered and safe contracts (in fact blockchains are explained using the concept of notarization).

But how can a technological solution that enables Data Ownership be structured?

The GDPR lays the legal foundations for recognition of ownership of data – that is Data Ownership – but this is still not enough. As we are talking about a digital context, data ownership must also be recognised from a substantive point of view, that is at a technological level.

This means that a decentralised system for the management of data sharing must be adopted. As of today, it is the owner of the technical infrastructure, typically a data broker/market place, who controls the data that passes through these infrastructures. They can therefore only guarantee transparency, not control over data sharing with third parties. Instead what is necessary is a technical infrastructure where the origin of the flow of data, namely the data owner, retains control.

Possible solutions to this issue already exist. The most efficient, in my view, is one patented in the USA by Ecosteer (an Italian start up with headquarters in Bolzano). Ecosteer proposes an overlay network for data flow sharing management that guarantees the Data Owners complete control of access by third parties (Data Users). It is a software based on Smart Contracts managed in Blockchain and on end-to-end encryption (the object of the patent). With such a structure Data Owners are able to unilaterally grant and revoke access to their data, and in this way automate “consent management” established by the GDPR. It is precisely the smart contract that creates the direct relation between Data Owners and Data Users and fixes the value of the data in “tokens”, spendable credits with involved stakeholders (a kind of loyalty points system that is used by credit cards, supermarkets etc…).

In this way it is also possible to have a reward mechanism for data sharing.

USER CONFIDENCE IS FUNDAMENTAL

The control of one’s own data and the remunerability of its use (those who want to use our data must reward us in some way) in a decentralised system is the basis for citizen/customer trust. This trust is necessary to promote their digital participation in businesses of which they are actual customers (almost a “democracy in business”…).

As A. Soro, head of the Italian Data Protection Authority, recently claimed and, as so clearly explained by Shoshona Zuboff in her book The Age of Surveillance Capitalism, we risk slipping towards becoming a “surveillance society”, a new type of organization in which the collection of data by private companies, and sometimes by States is such that it will severely limit our liberty.

In this framework, only the institution of rules and mechanisms which can guarantee transparency/control/ownership can limit the negative aspects and accentuate the positive. The definition of these privacy and data economic exploitation problems gives us the chance to acknowledge how, so far, technology has not been entirely designed or managed according to ethical principles, and therefore provides us with the opportunity and impetus to find better and suitable solutions.

Source: Sistemi & Impresa, newspaper of Culture and Business, October/November 2020 - ESTE edition

About the author:

Giorgio Merli, author of numerous books and articles on Management published in Europe and USA, consultant to Multinationals and Governments, teacher in several Universities in Italy and abroad. Formerly Country Leader of IBM Business Consulting Services and CEO of PWCC Italy, is currently Senior VP of EFESO Consulting and engaged in several digital transformation projects.