Slow down and stop breaking things
On 5 May, Mint ran an interview with Nandan Nilekani that addressed data leaks and the Aadhaar card. While Nilekani was clear that Aadhaar’s infrastructure doesn’t allow it to store any data, and that it is in fact very secure, he did point to the need for getting a privacy law passed, to allow regulators to deal with the overall issue of cyber-security.
He decried the focus on Aadhaar, which by its very design, does not allow for a “man in the middle” type of attack. Nilekani separately pointed out that the proliferation of smartphones has led to Indians giving away their private data to large Internet companies such as Amazon, Apple, Facebook, Google and Microsoft, and that companies such as these are, for now at least, immune to Indian laws.
The same week has seen at least two other news items: one about Google, and the other about Facebook. Google is now fighting a “phishing” attack to its popular Google Docs service, which allows multiple users to work on the same document when they are trying to collaborate on a work product. The attackers in this phishing scam masqueraded as genuine users of Google Docs, and used this cloak of legitimacy to induce unsuspecting users into granting permissions to other applications. Google has announced that it is now taking steps to thwart this latest phishing attempt by removing the offending accounts and by pushing out security updates to its users. So now the stable door is shut, after the horse has bolted.
In the aftermath of a far more macabre tale, Facebook announced that the company will hire 3,000 people to watch for violent videos posted to its site. Facebook’s announcement comes after two grisly videos posted to the website caused horror and dismay over the last few weeks. In one instance, a murder in the US was uploaded, and in the other, a murder-cum-suicide in Thailand. Facebook already pays over 4,000 workers to screen videos flagged as inappropriate by its users, but all this work happens after the damage is done. The extra 3,000 putative hires will also work after the deed is done.
Why must we have a situation where the large Internet giants wait for horrendous things to happen before they react? Silicon Valley has so far followed a “go fast and break things” credo, which has led to enormous leaps in technology over the last few years.
Technological advances aside, every prediction regarding the amount of data being created, and therefore owned by these giants, is astronomic. And they already have the algorithms to predict suspect behaviour.
I have spoken in this column about how the death of net neutrality, which now looms over the US, and soon over the rest of the world, is likely to create oligopolistic behaviour among firms who either generate or transport such data.
In a recent interview, when referring to Reliance’s Jio, Mukesh Ambani talked about how data is the new oil. Data is now measured in zettabytes, a fantastically large unit of data, and these data appear to be growing at an exponential pace that simply beggars belief. My read is that what Ambani meant was that these data can be now be used in various ways, by applying technology-driven predictive algorithmic techniques, into schemes for Internet giants and telecom firms to discover and exploit new sources of revenue. And it shall surely follow, that nothing can be private anymore.
As Nilekani pointed out in the Mint interview, our smartphones, and the applications that run on them, already know so much about us: from where we are at any given point of time through triangulation or the use of Global Positioning System software to even whether we may be drunk or sober, by using gyroscopes and accelerometers built into each device.
In my mind, this puts the onus for data security and protection squarely on the Internet giants. With nearly 2 billion users, and untold advances in data analysis to predict human behaviour such as when two of its users appear to be falling in love with one another, is it likely that Facebook could have foreseen that someone would use its video streaming service to broadcast acts of violence? Was there no attempt to make sure that posting this sort of horror was impossible to do in the first place?
The “go fast and break things” credo has reached its ethical frontier. Does “breaking things” mean allowing horrific murders to be broadcast live? The post facto response has long been sufficient justification when it comes to hackers and the compromising of personal data, but it simply doesn’t work when horror is on the line.
The credo might have worked when Amazon, Facebook, Google et al were young start-up companies trying to blaze new trails, but they are now behemoths in their own right, and the common good of almost all the world’s “netizens” lies in their hands. At the rate we are going, it won’t be long before all the world’s citizens are also netizens. This means that in some sense, these firms have moved from being start-ups to custodians of the common good, with the associated ethical considerations that need to put the brakes on the credo of “going fast and breaking things”.
This is also a conundrum for law-makers. Simply creating stiffer penalties for those who breach Internet systems and profit from doing so will not be enough. The responsibility to police oneself before gruesome events occur probably now lies with the new oligarchs of the Internet, and they need to have a strong incentive to do so. Maybe it is time to impose stiff fines for each such infraction. That said, there is no simple answer. The nuances are endless, and points of view myriad. One thing is for sure: we are sailing in uncharted waters.
Siddharth Pai is a world-renowned technology consultant who has personally led over $20 billion in complex, first-of-a-kind outsourcing transactions.