Microsoft’s Mundie: Data Collection Fuels Need for New Privacy Rules

 
 
By Jeffrey Burt  |  Posted 2013-10-10
 
 
 

Microsoft’s Mundie: Data Collection Fuels Need for New Privacy Rules


CAMBRIDGE, Mass.—Individuals, companies and governments are going to have to reconsider how they think about and deal with privacy as increasing amounts of personal data are collected and stored, according to speakers at the EmTech 2013 conference here.

Devices, Websites and sensors continue to collect more information on people, from what they’re buying, to how much electricity they’re using, to how their health is, to where they are. The trend will only continue as more intelligent systems—including wearable devices—collect data for business and government agencies to use.

“People are now being observed in increasingly intimate ways by all the technology in their lives,” Craig Mundie, a senior adviser to Microsoft CEO Steve Ballmer, told an audience Oct. 10 at the EmTech event, on the campus of the Massachusetts Institute of Technology. “Too much data is being collected in too many ways.”

Not surprisingly, people are becoming more uncomfortable, not only with how much data is being collected, but also why it’s being collected and what those parties—businesses or government agencies—might be doing with the information, Mundie said. That is part of the reason the Microsoft executive is advocating creating a new way of thinking about privacy around how the data is being used rather than how it’s collected.

The current privacy concerns echo those aired when credit card companies started becoming part of everyday life, he said. The worry was that the banks would have a window into all the purchases a person made, and what the banks could do with that information. However, the banks—eager to ensure that they didn’t give governments a reason to come down on them—were careful in how they handled the data they collected. At the same times, users were willing to give up a little data to the credit card companies in exchange for the convenience of using credit cards.

However, there are some key differences now that make the issue of privacy a larger matter, Mundie said. Much more data is being collected in different ways—from sensors in the home to applications on mobile devices—and consumers have much less knowledge in what information is being gathered and how it’s being used.

When a smartphone user looks to download an app, they may be asked if it’s OK that the app collects their location information. However, there’s no clear explanation about where that data will be kept and for what it will be used.

Other speakers also talked about the amount of data that is being collected from people. Carlo Ratti, director of MIT’s SENSEable City Lab—which uses data to help develop plans for urban areas—said privacy is “another thing we have to be very careful about.” The smart cities approach calls for massive amounts of information collected from a range of sources—including homes and cars—to be used by government agencies to make cities run more efficiently and cost effectively.

 

Microsoft’s Mundie: Data Collection Fuels Need for New Privacy Rules


However, with that comes the responsibility to ensure that all this data collection doesn’t unnecessarily infringe on people’s desire for privacy. Laura Schewel, co-founder and CEO of Streetlight Data, another urban data-collecting company, noted that while people are suspicious of governments collecting information—as illustrated by the reaction to what the documents released by former National Security Agency analyst Edward Snowden revealed—they don’t seem to always understand that companies like hers collect much of the same data.

Microsoft’s Mundie has been promoting changes around both privacy policy and technology to address the new ways data is being collected and used. He said cryptographic wrappers and metadata could be used to give people more control in how their data can be used, and laws could be put in place to ensure that businesses and government agencies follow rules in the metadata that dictate how the information in used. And how large a legal penalty should there be for companies that violate the rules in the metadata?

“Personally, I’d say make it a felony,” Mundie said. “Otherwise, the penalty is too low to deter that behavior.”

On the technology side, the idea of digital rights management (DRM) that artists use to protect the use of their music, movies and other creations can be used as a starting point when talking about how people could begin to protect how their data is used, he said.

“Everybody is being observed and tracked in ways people haven’t even thought about,” he said, in arguing for the need in a new model concerning privacy.

A key part is creating ways for people to change their minds in how the data is used. A company may use data in a particular way today that a person is OK with, but that company may discover a new way to use it down the road in a way that person objects to, Mundie said. People should be able to opt out of those “emergent uses.”

He noted that there might be data in such areas as security, law enforcement and health care—for example, around vaccinations—that society will not let people opt out of because that information is needed to ensure the protection of society. Such exceptions to opting out must also be considered, Mundie said.

 

Rocket Fuel