Why am I so interested in issues of data privacy and data security? I think this story about “black boxes” in Toyota cars illustrates it well. In short, Toyota cars have airplane-like black boxes in many of their cars that can track data like speed, whether the airbags deployed, and so forth. However, the data is stored in a proprietary format, and only Toyota can access it; they only do so when requested by law enforcement. I am interested in security and privacy precisely because I want to see the end to what I consider to be horrible practices like this.
I don’t think it’s horrible because black boxes shouldn’t exist, or that they infringe upon privacy. On the contrary: my major problem with this is that it is far too private: only Toyota has access to the data, despite the fact that the owner of the car paid for the black box and the driver of the car is the one generating that data. Toyota should not store this data in a proprietary format that only Toyota has access to, and only when Toyota wants to divulge the information. The owner of the vehicle should have full access to the data at all times and should be able to control it.
Advancing technology has put a premium on data. In the past, nobody cared where you drove your buggy or what your shopping habits were at the general store, because such information was too unwieldy to be agglomerated and analyzed. Today, however, with inexpensive computing power, ubiquitous sensors, and a hyper-networked infrastructure, such data is incredibly valuable. Where you shop, what your likes and dislikes are, and your demographic information are worth a lot of money to banks, marketers, and other businesses. Credit report agencies and web ad marketers like DoubleClick are just two of the many businesses that make money by buying and selling information on consumers.
What’s lost in the current jungle of regulations, though, is that much of the time consumers are not only not compensated for this data that other businesses are profiting from, they sometimes have no control over the data whatsoever. True, by law credit bureaus have to give consumers a process for disputing erroneous items in a credit report, but what about all the other businesses out there that are accumulating data for sale? The vast majority of the time, consumers have no idea that this data on them even exists, let alone what do do about it.
That’s why I think that taking ownership of this valuable data is going to become a very pressing issue in the near future. There’s nothing wrong with collecting this data, but the subjects of this data should be aware of it, and should have some control over its accuracy and sourcing. Hence my displeasure at Toyota: the data should be available to those that create it, and not just to Toyota themselves. Businesses are going to need to come up with policies for handling, correcting, and securing this data. Governments will have to do so as well.
As for proprietary formats, there’s little use in data that you can’t use, and I’m against their use too. I’m a strong believer in open-source and standards-compliant formats, and again, I think that these issues will become more important as time goes on. Especially when it comes to government archives, data from 50 years ago is completely useless if the file format it is stored in is some proprietary format that disappeared when the company that created it went out of business 30 years ago. Open-source applications can have better security implications as well.
As we surround ourselves with more and more data, these issues grow in importance. This is exactly why I’m excited about studying some of these issues in the MSST program.