Industry Unbound, book review: How the tech industry pays for lip services to protect data and privacy
“I’m going to change the system from the inside,” said one college housemate proudly as she began transferring to law school. A few years later, she was more optimistic: “The pressure on you to comply is so strong that you have to give in.”
I think of her every time a privacy-promoting friend takes a job at a giant data company, convinced that their hiring proves their new employer really cares. to privacy. From there, either they become assimilated with the protective practices they used to burden, or they give up in frustration. Usually, later.
It is this experience that Northeastern University professor Ari Ezra Waldman documents in Unbound Industry: The Inside Story of Privacy, Data, and Enterprise Power, which he personally got his hands on in three (unnamed) companies to document how privacy laws work in real-world realities. From this vantage point, he attends meetings and watches as companies of his choice design and release products, write privacy policies, and brief politicians and lobbyists. .
Waldman’s findings in the book, described in a recent talk at the Computer, Privacy and Data Protection (CPDP) conferenceIt’s sad – especially for someone who has spent most of their career putting in place privacy and data protection laws.
“An army of foot soldiers who ironically see themselves as part of the resistance,” is what he calls his legion of privacy experts, on whom Silicon Valley CEOs depend. privacy friendliness against the manipulation and deception common in today’s apps and online services.
Information Capitalism
Many times, Waldman sees engineering and design teams excluding the security people he follows, while the security teams themselves spend a lot of effort writing the kinds of policies that none of us would. want to read. Will their “doing accountability” work ultimately lead to consumer-friendly changes to the product? Oh no. All the impact assessments in the world aren’t enough to stop these companies from defaulting to products that are “dark stereotypes” or changing the relationship they’ve built between data collection and make a profit.
“Information capitalism,” as Waldman calls it, exists in the whole process of keeping the law unchanged. It assimilated privacy laws and normalized the warping of laws’ intent to serve its own interests.
Often, the laws themselves do not help them much. Well-written terms allow businesses to comply with the law without actually changing their data mining practices. What is needed in such cases, Waldman writes in a chapter on how to make changes, are explicit prohibitions. For instance, no tweak will make facial recognition benign, and someone’s life is compromised by a decision made by an inadequately protected algorithm. because the law allows them to understand how that decision is made. In addition, privacy law can learn from other areas such as securities law, which sets standards for independent audit and oversight.
No one wants to blame well-meaning, highly trained professionals who are doing their best. But, Waldman concludes, the reality is that information capitalism exists in part because of the efforts of today’s security professionals. Next time a friend says they’re taking on one of those jobs, invite them to read Waldman first.
RECENT AND RELATED CONTENT
How to delete a Twitter account and protect your data
Best Encryption Software: Protect Your Data
UK privacy watchdog fines Clearview AI £7.5m and demands UK data wipe
Murena, the privacy-first Android smartphone, arrives
Meta updates its privacy policy with more details about the data it collects