The IAPP Global Privacy Summit I posted about last week wrapped up on Thursday. Here are a few highlights from the day:
How Blockchain Will Revolutionise Privacy
One of the most fascinating sessions was a primer on Blockchain technology, and its potential to further privacy goals. Blockchain is the technology that underpins online currencies such as bitcoin.
If it was easy to understand it would probably not be being described with such excitement about its potential for the future. I came away from the session understanding that blockchain is like a reliable, secure and authenticated “ledger” of transactions, maintained in multiple locations at once, and updated instantaneously across the network, so that each version of the chain remains identical in realtime. Techheads, please feel free to pile into the comments to point out the shortcomings in this simplification.
Like many new technologies, blockchain enthusiasts believe it will change the world. One skeptic told me “they’ll tell you blockchain will have your baby”. The presenters of “How Blockchain Will Revolutionise Privacy” were certainly informed, and enthusiastic. They were also alive to the possibilities for blockchain to promote privacy.
Blockchain technology will allow individuals to control their own data in unprecedented ways and determine not only who gets to use that data, but also how much and for what purpose. The days of companies monetizing personal data without consent could draw to a close, existing concepts of transborder data flow could disappear, and government access to personal information could be redefined. Further, transactions could be fully and securely verified without knowing the identity of the user.
Clearly we are at the beginning of understanding the range of applications, many of which will be privacy positive. Blockchain can give users confidence that they are dealing with an authenticated individual. Some countries are looking at the potential for providing certainty in real estate transactions, with the blockchain recording the chain of title and associated interests in land.
Less thought seems to have been given to the privacy risks. The technology depends on a full record being maintained in multiple sites, and on the permanence of the record. The presenters were not able to adequately reassure the over-capacity audience that blockchain could accommodate individuals’ rights to have data deleted, or that the distributed nature of the data chains would not increase access, and decrease individuals’ control over their data in some applications.
As with many new technologies, techniques, and ideas, it is a privacy commissioner’s job to take a precautionary approach, and to ensure proselytisers for the Next Big Thing take a breath, check their confidence in their product, and fully understand and address the risks without glossing over them in their enthusiasm.
To close the conference we heard from two inspiring speakers whose advocacy for their subjects had broken into the mainstream media, no small feat in the US.
Rabia Chaudry – Adnan’s Story
Rabia Chaudry, had a personal connection to the Baltimore murder of Hae Min Lee. Adnan Syed, the victim’s former boyfriend, who was convicted of her murder, was a family friend.
It is a story which can be told from many perspectives. There is the timelessness of the “love across the tracks” dimension of a Korean woman and Muslim man, and a relationship supported by neither family. There are allegations of racism , islamophobia and ethnic bias, of Police predetermination. There is the unprecedented success and popularity of the podcast which took up the case, Serial, which ushered in a new way of telling such stories, and a new audience. The podcast was downloaded 80 million times.
Any one of these angles make for a captivating presentation. Happily for our conference, the case also involves a privacy “hook”. A significant piece of evidence contributing to Adnan’s conviction were cellphone records including a cell tower “ping” putting the defendant broadly in the area where the body was discovered. At the time of the trial the probative value of such evidence was overstated. Re-analysis a decade later showed it shouldn’t have been relied on at all. You can read more in this book.
Rebecca Skloot – The Immortal Life of Henrietta Lacks
Did IAPP know that Rebecca Skloot’s presentation would come just 48 hours before the release of the Oprah Winfrey movie based on her book? Probably not, but it was another happy coincidence, to see our speaker promoted in subways, and on buses across America.
Henrietta Lacks was a poor African-American woman who in the 1950’s unknowingly donated a cell line to research which has lead to a raft of scientific research, enquiry and discovery.
Her aggressive cervical cancer cell was found to multiply rapidly, outside the body, meaning that even though she passed away more than 60 years ago, her genetic material would continue to replicate, and continues to this day to be sent around the world. She has attained an immortality of sorts, with her biomass since the first culture exceeding 50 million tonnes in hundreds of labs.
The failure to obtain any consent, let alone informed consent, echoes New Zealand’s own Unfortunate Experiment, 30 years later. The extent to which the family was left in the dark was illustrated by Henrietta’s widow’s confusion when belatedly approached by researchers in the 1970’s to obtain some form of consent. Knowing nothing of genetics or biology, but hearing an excited, thickly-accented researcher speak of Henrietta’s cell, the husband assumed he was being told that his wife had been alive these past 25 years, and was being kept in a cell at Johns Hopkins Hospital in Baltimore.
Skloot won the trust and confidence of the family, and in 2013 was the person who informed them that their mother’s sequenced genome had been published. She also brokered a deal with the National Institutes of Health for restraint, and family involvement in the use of the HeLa cell line.
The family is proud of the contribution their mother and grandmother’s tissue has made to world health. It has helped to eliminate polio, develop the HPV vaccine, sequence the genome, and countless other therapies and research discoveries. But they want, and are entitled to some respect for their privacy, and for the integrity and dignity of their mother’s unwitting gift.
Raising the Floor
Capitalising on the presence in Washington of a large number of privacy experts in town at one time, an organisation I’d never heard of, Raising The Floor set up a meeting to test out its idea of establishing a Data Ethics Council to take control of the data generated as part of its activities.
What activities? Raising the Floor is an ambitious project aimed at improving accessibility to online devices. One of the problems people with disabilities have is that every time they encounter a new machine, be it a screen to order food or buy a parking ticket, to a monitor in a public library, or simply a new device, they need to figure out how to activate the accessibility features that best meet their needs. That might be larger fonts, better contrast, audio options, or others. But if you can’t use the machine in the first place, how do you find those? The solution Raising the floor has proposed is a cloud based storage system for your accessibility features. You would use a token or USB drive wave that at, or plug it in to the new machine, which would communicate with the cloud server, which would in turn identify the machine you are wanting to use, and identify and activate your accessibility preferences.
This could clearly generate a lot of data about those users that could be used for good or ill. What to do? Raising the Floor wants to hand over control of that data to an expert ethics panel, and we were there to advise on how that might work, and what issues it would have to take into account.
Image credit: BTC Keychain via Flickr