Privacy for Everyone: Closing the Gap Between the Privacy-Have's and the Privacy Have-Nots

Remarks at the National Access and Privacy Conference

June 19, 2014
Edmonton, Alberta

Address by Patricia Kosseim
Senior General Counsel and Director General, Legal Services, Policy and Research Branch

(Check against delivery)

---

Introduction

Good morning. Let me express my thanks for inviting me to give the keynote address. As the focus of this year's conference is "The Threads of Democracy", I would like to take this opportunity to discuss an area which I believe has profound ramifications for the exercise of the democratic principle of choice.

Although many of you work in public institutions and much of the conference agenda focuses on public sector issues, I would like to take a few moments this morning to discuss some of the privacy challenges we see arising in the private sector, and this for several reasons:

First, the private sector often serves as the bellwether of emerging trends and a good indicator of where economic incentives are gradually pulling us as a society. Second, the private sector is where the earliest adopters experiment with innovative, proof of concept technologies which are only much later emulated by public sector actors. Third, public sector institutions are increasingly outsourcing operations to private sector partners to increase productivity and gain efficiencies, thereby blurring the lines between both. Fourth, and as we are reminded in the media almost daily, private sector organizations are amassing a treasure trove of personal information which is of growing interest to law enforcement, and coming within closer reach of governments' long arms generally. Finally, my remarks about the reality of private sector are intended to speak to you not only in your capacity as access and privacy professionals, but also as individual consumers yourselves, for it is often our personal experiences as we go about our daily lives that help inform how we think about, and approach, our mission of privacy protection.

Much has been said about the exchange of privacy for goods and services. We can all think of examples of giving personal information for a benefit of some kind, be it a discounted price if we sign up for newsletters, a "free" e-mail service supported by advertising tailored to our interests, or rewards points to be redeemed on some desirable product. Many of you have no doubt heard the phrase "if you're not paying for the product, you are the product." However, today I want to turn that notion on its head and examine the idea of paying not with privacy, but for privacy itself. What I wish to explore with you – and what I'm hoping we can have a rich discussion about – is what I will assert is becoming a growing reality – the premise that increasingly, privacy is becoming a product in and of itself; one that we must be willing to pay a handsome premium for, or simply forego altogether.

This past March, in the New York Times, investigative journalist Julia Angwin described the arduous and expensive process of protecting her privacy in an opinion piece she titled, "Has Privacy Become a Luxury Good?". In it she asks an important question that caught my attention: "Do we want privacy to be something that only those with disposable money and time can afford?". Others have referred to privacy as "the preserve of the rich". I'd like to take some time to explore that further.

The increasing erosion of choice

Let me set the scene with some examples, the first of which may resonate more with those old enough to remember VCRs. There was a time, not so very long ago, when if you had nothing to do on a Saturday night, you could visit the neighbourhood video store and rent the latest blockbuster movie. No downloading, no streaming; just borrow, watch and return (not forgetting to rewind!). In the early days, there was a minimal amount of data exchange – only that which was necessary to ensure you didn't run off with the then-precious videocassette. Admittedly, that gradually changed as time progressed and videostores started collecting rental histories, particularly in the U.S. But it was certainly not as ubiquitous (and easy!) as the tracking, profile and data sharing that happens with the downloading or streaming model we see today through Netflix or on-demand channels that have largely replaced most big-chain rental stores and virtually all but a few mom-and-pop stores left standing.

Witness the rise of the so-called "Smart TV". If you've been in the market for a new television recently, you will have discovered, as I have, that you can no longer buy just a plain ol', dumb TV anymore. For some brands in particular, you have to accept to buy the SMART features you don't want and simply keep them turned off – or at least you think and hope they're turned off. Some of you may have heard of the case of a blogger from the UK who discovered that his LG Smart TV was reporting back to LG headquarters in South Korea every time he changed channels.^{Footnote 1} This blogger, called DoctorBeet, is an IT Consultant and obviously very well versed in the ins-and-outs of technology. So well versed, in fact, that when he noticed his LG Smart TV started displaying what appeared to him to be tailored advertisements on the device's home screen, he decided to investigate. Upon further inspection, it appears that not only were DoctorBeet's viewing habits being shared with LG, so was the file folder structure of any USB device that had ever been plugged into the USB port which is standard on all new TVs.^{Footnote 2}

When he complained to LG, he was told that because he had plugged in and starting watching his TV, he had accepted the Terms and Conditions of Service, which stated that LG could collect and use his data however they wanted. Perhaps most disquieting, even when DoctorBeet found and activated the setting which is supposed to stop the collection of what LG terms "watching info", the information was still being sent to LG headquarters.

Interestingly, the Canadian Radio-television and Telecommunications Commission (the CRTC) recently posted a notice of consultation on set-top boxes: those smart devices that turn your cable or broadcast signal into something your TV understands; increasingly sophisticated computers that can also provide information back to the cable company, and potentially third parties, about what shows are being watched. Our Office plans to send a submission to the CRTC outlining the inherent privacy risks associated with collecting audience measurement data and pointing out that these boxes can yield detailed and potentially sensitive portraits of individual viewing habits.

Let me share another example: you may have seen advertisements recently for insurance companies offering discounts to drivers who agree to allow their car tracking data to be collected and analysed. (And if you haven't, you soon will!) This is only possible because all new vehicles in Canada are now equipped with an array of sensors which track the state of the vehicle at any given time. This technology, called vehicular telematics, uses these sensors to monitor not only the state of the car itself – things like the oil level, battery health, tire pressure and so on – but also how it is being driven, including how quickly it's going, how hard the brakes are applied and whether airbags have been deployed, enabling insurance companies to determine the habits of drivers, and assign insurance rates accordingly. However, as sensor technology becomes less and less expensive, sensors are being deployed more broadly to measure new data points: whether the windows are open when the car is exposed to rain (or a carwash), how closely one vehicle follows another, the weight of the driver (or passengers), and whether and how any of those data points are changing over time.

Advocates of vehicular telematics tout the safety and convenience features: who wouldn't want to know that their car needs servicing before finding themselves broken down at the side of a highway? And agreeing to have your vehicle's data shared with insurance companies could potentially save low-risk drivers money. But with more sensors and more tracking options available, how much rich data – our data – is being shared with telematics providers, insurance companies, third-party vendors and leaked to anyone else who can intercept it?

The Great Privacy Divide

These and many other examples beg the question: How would the average consumer assert their right to privacy in these new technological contexts? It is easy to say simply "opt out": don't stream movies, don't buy a Smart TV, don't drive a new car, don't monitor your home, don't use the internet, and don't carry or use a cellphone. But realistically, why should an individual have to choose between protecting their privacy and engaging fully in society – even if that means simply watching the latest series on Netflix?

How would an average user – one who might not even be aware that they've been "outsmarted" by their new TV – ensure their privacy is protected? How would they know where to begin, or even that they should begin – to mitigate risks to their privacy? What's a consumer to do?

There was a time when protection of privacy might have meant paying for an unlisted telephone number, and perhaps a post office box. In the days before the ubiquity of credit and debit cards, paying with cash was a common way of ensuring that your purchasing history remained your own business. However, in an increasingly dynamic and technologically shifting landscape, individuals have to take proactive and sometimes complex and expensive measures to protect personal information since those with whom they interact do not or will not. Examples are many:

• Credit reporting services offer a fee-based credit monitoring services whereby an individual's credit report will be scanned in real time for any unusual activity and should anything suspicious arise, a notification will be sent by e-mail.
• Most, if not all of the main Canadian insurance companies now offer identity theft insurance which can help you "restore your good name, credit rating and legal standing"^{Footnote 3} by covering lost wages and any other expenses you incur to set things straight. Plans can be purchased to cover you, your family, even your children.
• There are many online reputational companies who would be more than happy, for a fee, to monitor thousands of websites, social media sites and search engines to see what's being said about you, and to ensure that only the most flattering information appears when someone searches for you.
• Everything from wallets lined with RFID-blocking material to prevent your cards from being scanned by passersby, privacy screens for laptops, computers and smartphones, and home shredders to ensure secure disposal of your paper documents. For those who really want to be untraceable, perhaps buying a disposable phone number which expired after a certain number of calls or weeks, or even a "burner cellphone" – one to use without a contract or commitment, to be disposed of when you decide the time is right.
• If you really wanted to commit to ensuring your privacy, the only thing stopping you from buying encryption services to ensure anonymous internet browsing, GPS jammers to block geo-location systems from tracking you and voice-masking systems to prevent eavesdropping on your conversations, is the depth of your technical understanding, and ultimately your purse.
• One suite of tools to prevent tracking and profiling is called "TOR" which bills itself as "free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security." TOR grew out of a secure communications network developed for the U.S. Navy, and is free of charge, provided however you have some level of technological know-how.
• But what about your cellphone footprint? For a fee of close to $1000 US you can avail yourself of the military-grade security built into Blackphone, what one reviewer describes as "a hyper-secure smartphone."^{Footnote 4} This phone, not much larger than the standard Apple iPhone, boasts fully encrypted peer-to-peer calls, malware prevention, ultra-secure cloud storage, completely private internet browsing and centralized app security management. Sound daunting? Rest assured that apparently it's designed "for the normal person."^{Footnote 5} (Provided that "normal person" is already a security pro.)

But what happens for those who cannot afford to spend handsomely on tools and devices to protect their personal information? For those for whom technology remains a mystery? Or for those who don't even realize their privacy is being compromised on a daily basis by the many so-called "benefits" designed to make their lives easier?

Perhaps reporters and other authors like Julia Angwin are right. Perhaps we are moving towards a great privacy divide, between those who can afford to protect their personal information because they have the knowledge and resources to do so, and those who cannot.

Closing the Gap between the Privacy Have's and the Privacy Have-Not's

How can we begin to close that gap? I'm going to propose several options. The first is to do nothing. Throw up our hands and admit defeat against the economic and technological market forces which have led us to this sad pass. We can just let the free market take care of itself, and hope that privacy somehow makes its way back into the equilibrium between the forces of supply and demand. I am going to suggest however that abdicating our responsibilities as informed consumers and as our own best privacy guardians isn't a viable option. The market, acting alone, simply can't be left to its own devices or be trusted to ensure that our privacy rights are upheld.

Alternatively, we can use our influence as privacy regulators to curtail innovation in this area. We can try to prevent or block technological advances at every turn – no streaming movies, no smart appliances or vehicles, no cellphones, nothing that would jeopardize our privacy. Is that any more viable? In the end, is that really an opportunity cost that consumers are willing to pay to avoid the privacy risks associated with technological progress? Would society really be better off for it? Do privacy and innovation necessarily have to be at complete odds with one another? Again, I will suggest that there are better ways forward.

We could work on the supply side of the equation by continuing to encourage companies to adopt the well-known concept of "Privacy by Design" – by building privacy protections into technologies at the outset; by ensuring data protection measures are undertaken proactively, rather than added on as an afterthought, if at all; and by insisting that privacy be the default setting. But perhaps the time has come for more than that. Perhaps we should also be insisting that those privacy protections be accessible to not only those who have the technical wherewithal or the money to pay for it, but to all consumers on equal footing. Perhaps our new motto should become "Privacy for Everyone".

We could also be working to influence the demand side of market forces. Consumers, particularly those with the greater bargaining power, can influence commercial developers by voting with their dollars – and their data – by opting for more privacy protective options – provided they can find them. If price and quality are still the main factors consumers look to when differentiating between products and services, then perhaps it's time to re-characterize privacy not as something which must be blindly paid for at a hefty premium or conversely, be unwittingly traded away in order to drive the price down. Perhaps privacy should be demanded as an inherent and defining aspect of quality itself. Just as mandatory food labelling laws can help support healthy eating choices, so can disclosure of personal information handling practices help support healthy privacy choices. Plain language privacy policies, found in an obvious location, which clearly spell out obligations and commitments on both sides can go a long way towards increasing the transparency consumers need to make informed and differentiating choices about the quality of goods or services which best match their privacy comfort levels.

Conclusion

No doubt many of you have heard about the Supreme Court decision in Spencer last week – a seminal decision for privacy, some have even called it "seismic". The case, in which our Office appeared as interveners, provided the Supreme Court justices with a historic opportunity to explicitly confirm that "anonymity" is a foundational pillar of informational privacy as a Constitutional right.

A provocative question I'd like to leave you with is this: what good will this right be if we let technological determinism render anonymity a relish of the past, or something so economically prohibitive that only the wealthy few or technologically savvy can avail themselves of it? If we passively let business models continue to evolve as they are, rendering completely obsolete privacy protective technologies or driving up the cost of developing new ones, will we even have the practical option of surfing the internet, watching TV, phoning our friends or driving our car on an anonymous basis anymore? Or rather, should we not be working harder, now more than ever, to redirect market forces and technological innovations in such a way as to close the gap between the privacy "haves" and the privacy "have-not's" so that everyone – who wants to – can participate in the meaningful enjoyment of this fundamental human right.

I welcome your thoughts and opinions. Thank you.