Google, anti-trust and trust

google-76517_640The fact that Google has been fined around £3.8 million for “antitrust” violations (read more here) highlights a potential issue which students need to be aware of; the fact that the big tech companies, google, Facebook, Microsoft, Apple, etc, are businesses at the heart as opposed to being focussed on the public good.

I will carefully qualify the above in that I most of what companies such as the above do does provide public benefit plus that they also make great contributions to philanthropic, research and charitable endeavours.   The issue is that given their size and resultant power there is the potential for inappropriate activities or activities not in the public interest to take place.   There is the potential for decisions and actions to be taken in pursuit of the dollar, or pound for us here in the UK.

As we provide the big tech companies with more of our personal data, as we sign up and eagerly consume the subscription services they provide, we are feeding them power.    This power can be used, as is suggested in the claims against Google, to leverage and bully other organisations, establishing monopolies and reducing public choice.     This power can be used to influence individuals and groups through profiling and targeted advertising as was the Cambridge Analytica scandal that impacted on Facebook appeared to suggest.    This power might even be able to revise history or to change the “truth” in the future, assuming this isn’t already happening.

Do students consider how the services they subscribe to might be used to influence them?   Do students consider the competitive market and the impact of overly powerful monopolies?   Do they consider how data, the new oil in terms of value, might be used?

I wont be stopping using the above companies any time soon as they each provide excellent services which help me in my work and life however I am aware of the implications of their use.    I believe it is important that we have discussions with our students in relation to these issues, to ensure they too are aware before the sign up to yet another service.    Do they trust these sites having consciously considered it or do the trust blindly?




Big data and digital literacy

technology-3178765_640The recent Cambridge Analytica scandal is a perfect discussion topic for use with students when looking at the implications of big data on our lives, or more importantly on the future lives of the students which currently occupy our classrooms.

For me one of the first areas for discussion is to try and get an appreciation for all of the data which we make available to organisations such as Google, Facebook, etc.     As we use their free services we provide them data.

The second area for consideration is the fact that the data provided can then be used to identify further data or to extrapolate probabilities of certain characteristics.    A perfect example is how Target gathered data in the hope of identifying which female shoppers were pregnant due to the tendency for pregnant women to be profitable for the organisation.   Looking at a women’s spending habits including changes in habits over time, Target were able to assign a pregnancy probability rating to its customers, therefore identifying which customers were the most likely to be pregnant.

Ethics and privacy are another area for discussion.    How comfortable are students with the fact that companies such as target might be able to identify such private aspects of our lives such as whether a woman is pregnant?     Is this an invasion of our privacy?

One of the main issues which surround Cambridge Analytica is the possible use of data to profile individuals and then to influence them and their decision making.    Through targeted marketing, targeted specifically at individuals based on the data which is available on them, they may have had their voting decisions shaped.    Their decisions may not have actually been their own decisions.    Is such a practice of profiling and influencing individuals ethical?

We also have the issue of information sharing.   If we provided the information to Facebook or Google do they have the right to share this with other and if so, are there limitations on what such a third party might do with this data?   The Cambridge Analytica scandal highlights this in that the data gathered came from a questionnaire app, however made use of sharing functionality in Facebook to hoover up far more data than it was directly given, gathering data on the friends of users of the app.

The fact we don’t pay for Google or Facebook is another area worthy of discussion.    The phrase, If your aren’t paying for it, you are the product, seems appropriate here.    We don’t pay for using Facebook as Facebook gets its revenue from advertising.    It therefore is sharing data with advertisers to allow them to target the appropriate customers to maximise the return from advertising expenditure.   Are we happy that Facebook and Google too are in effect sellings us?    This also leads us to the purpose of Google and Facebook.   Both appear to be companies providing services which enhance our lives.    Although this is true it is also important to remember that they are also companies with shareholders and therefore companies out to make a profit.    Does the safe, ethical and responsible use of all the data we provide trump their need to make a profit?

As we use more and more technology, with more and more of it being online, we are generating more and more data.    This data is being gathered by organisations.    I don’t believe there is any easy answer to this situation as proceeding oblivious or ignorant to the implications is ill advised as is total disconnection and an attempt to avoid generating any data.    For me the key is for our students to be consciously aware of big data and its implications.


GDPR and third party sites

The new GDPR regulations coming into force in May 2018 mean that the potential fines associated with data breaches or other leaks will be greater than those that exist under the current data protection act.

The new regulations also finally make third party vendors liable where their action or inaction result in the release or leak of data which they are processing on your behalf.   This seems like a good thing in that if you use a third party and through no error of your own their use leads to the leak of data, they will be held responsible.

The issue here though is that the above is only part of the story.     Although the third party vendor may be responsible for the breach it would have been your responsibility to confirm their compliance with GDPR and their security and other measures in relation to data prior to commissioning them to handle your data.       Even although the breach or leak may have been due to the action or inaction of a third party you are going to have to prove that you showed due diligence in checking out the third party and its operations prior to signing them up to process, store or otherwise use your data.   If you didn’t then you too may be found to be liable and therefore receive what could be a significant fine.

As schools a large number of third party sites are used in the delivery of the educational experience we provide the students under our care.    This might be specific maths or science websites with sample questions or learning materials, or it might be more generic services such as Showbie or G-suite.   In each case you will be providing personal info on your students, with some sites requiring more data than others.    In each case you will need to prove that you undertake at least a basic review of the provision offered in relation to data safety and security by each site or service.

With this in mind the key questions I see the need to ask a third party are:

  • Do you share my data or allow others to access my data?  If so, with who and why?
  • What security do you have in place (physical and logical) to protect my data?
  • What disaster recovery and backup process do you have in place?
  • How long do you retain data and what happens to data should I quit your service?
  • Do I have the right to audit or request the audit of your data security provision?

As we approach the May implementation date for GDPR we need to ensure we have a better handle of where school data, that of students, staff, parents, visitors and other stakeholders, is stored.    Part of this will involve identifying all third party vendors and asking them regarding their preparedness for GDPR.


My data?

pacemaker-1943662_640A recent BBC News article highlighted a US judges decision to allow data gathered from a defendants pacemaker to be admissible in court (You can read the article here).    The data in question was used by an expert witness to cast doubt on the defendants explanation as to the events surrounding the case in hand.   The issue here is the gathering of data for one purpose, to measure the defendants vital conditions in order to aid medical treatment and diagnosis, versus the eventual use of the data to prove what he was doing during a specific period in time in relation to criminal prosecution.   Surely data gathered from a device in my body would consistent “my data” and therefore be for me to decide or approve its use.

This incident seems to go against the basic rules of the data protection act and also the upcoming general data protection regulations due to come into effect in May 2018 in that the eventual usage of data did not relate to its original purpose.    The required permission for storage and usage of the data would have been limited to this purpose.    Now there are exceptions for law enforcement in relation to protecting society which may have come into play, plus the incident happened in the US and I don’t have any experience as the equivalent of the data protection act in the US however I would assume the similarities likely far outweigh the differences.

This case seems to suggest that it may be possible for data gathered to be used for purposes other than that for which it is intended or for which permission was obtained.     All that is required is some justification of need.    This seems vague and particularly concerning.

So what about the Amazon echo sitting in the front room recording every comment, discussion and noise occurring in my house?    What about the camera in a Smart TV equipped with gesture control or the Kinetic device attached to my sons Xbox One?      What about the engine management unit or GPS unit in my car, the data my smart watch gathers or info from my FitBit or other fitness tracking device?     We may be happy about these devices gathering data for their intended purposes but what about the purposes to which the data could be used, where we as yet can predict this?    I am sure the bloke with the pacemaker couldn’t have predicted he might be convicted based on data his pacemaker gathered.    How might a hacker or someone else with malicious intent use the data which available?

As we work with students to build them into digitally or technologically literate individuals we need to discuss the above.

Are we happy with so much data being gathered, stored and processed on is by third parties?   Do we truly understand how the data is or can be used?