‘Why Is My Data Important? How Much Is It Worth?’

Dr Abhay Chawla, a visiting professor at Delhi University, IIMC and several other universities, is an engineer by training and has done his PhD in New Media. In a free-wheeling chat with Astha Savyasachi, Dr Chawla explains why the recent controversy over the WhatsApp controversy should serve as a wake-up call for those who believe data privacy is important only for those who have something to hide.

Let’s start with a fundamental question: Why is Data Privacy important for a common man unless he has something to hide?

Privacy is often called a ‘luxury for the rich’ and a ‘western concept’. And to some extent, it is true. Because if you are poor, what kind of privacy can you afford? For instance, my mali (gardener) cannot afford data privacy when all his documents are kept with the sarpanch or the zamindar in the village. Similar is the case when we ask somebody to download an app and take all of their information in return. If you look at it, it is also very culture-specific. If we look at the Indian culture and the kind of privacy we have in our houses, everybody gets to know more or less, everything about everyone in the locality. In today’s world, fortunately, or unfortunately, with the advent of digital platforms, privacy is a whole new ballgame, Hence, there should be a whole new way to look at it. That’s why a question like “Privacy is or is not essential for the common man?” becomes a somewhat reductionist way of looking at it. We have to look at the larger context.

Let me share an anecdote with you. I remember during the winters of 2019, I used to go to Mother Dairy to buy milk. There were all these mobile wallet ads and standalone stickers there. Each mobile wallet was offering a cashback. But if the business is supposed to make money, how is it giving you cashback? It is because either the business entity is marking up its product and giving you some money back or it is luring you with an offer whereby you become a loyal customer and subsequently they make a profit out of it. The Mother Dairy guy and I were joking about this, “They are giving us cashback in return for our data.”

There was a gentleman standing nearby, who asked:  “Who am I? How important is my data and why should anybody be interested in my data?” Because I deal with these questions on a daily basis in my workshops and discussions, I looked at him and asked, “Everybody in this world knows the anatomy of a male and a female, then why do we wear clothes?  What is there to hide?” Then I added to the fact, “If somebody takes a chair and sits in a public place looking into your house will you be ok with that? It's not that you are doing anything wrong.” The reason why we wear clothes or we protect our privacy is we don't want everybody to know what it is. Whether it affects me or not is a separate question altogether. Because privacy affects my reputation, I don't want people to judge me based on the information that I typically deal with or have.

Unawareness on this issue is very common. And things are changing so rapidly and drastically that we cannot put the onus of being digitally aware of the citizens only. Even the media, which is supposed to enlighten us on this, isn’t fully aware of these issues. That's why we had nonsense like finding a nano chip in a 2000 rupee note. Look at what happened in the Arnabgate. Suddenly, everybody now understands that in spite of end-to-end encryption your chat can come out in the public and it is damaging. It is damaging to even the Government of India.

How would Facebook justify this end-to-end encryption description when every other day conversations are getting leaked?

We need to understand that end-to-end encryption is a nice buzzword. Let’s take an example, this pandemic has brought online teaching into the picture. When a teacher gives a Zoom call invite on a public space, anybody can enter in spite of the fact that Zoom is an encrypted application. As a consequence of this, some people played obscene and objectionable content during the online class of Kurukshetra University. We cannot pick up out of context stuff and say that we are safe. We have to look at the whole digital data ecosystem. How is the data moving? Where is it coming from? Who is controlling it? Who owns it?

Dr Abhay Chawla

So do you think we are introduced to the digital world without basic digital literacy?

Absolutely. Look at the fact that mobile phones are given to much younger people without introducing any formal digital literacy classes in the schools. How many of them are even taught about digital identity, digital privacy, digital dignity etc? Technology moves in myriad ways. And unfortunately, digital penetration and digital literacy are not moving in synchronization. Even the educated and those born and brought up in this digital age aren’t well aware, let alone the elderly and illiterate. And it’s not their fault.  When one learns to drive, there’s a proper protocol for it. A seven-year-old kid is not given a car to drive. We can’t risk that. But access to digital gadgets without the understanding of digital literacy is even more dangerous. People buy a smart TV without knowing that it has a camera installed which is connected to the internet and it can be used to peep inside their house. Alexa, for example, is listening to you and is AI-equipped. It can any day be used for surveillance on you.

But one might argue that by retrieving data from me, big tech is ultimately helping me. After peeping into my search history, they are helping me save time and energy by showing me only the products I like. What’s the harm?

The concept of surveillance capitalism lies in the fact that you are lured into big tech because it helps you.  Let’s take an example. We easily understand that the government is not a homogeneous entity. It might pick up and disseminate information which could be harmful to the people, depending on the intentions of the providers and disseminators of information. Like the government, big tech is also not a homogeneous entity. It is composed of people with various motives. And in the case of big tech, the motives are purely commercial. That’s where a regulator and the government is supposed to come into the picture to safeguard the interests of its citizens. But unfortunately, that has not happened. For example, even after the huge buzz over digital India, we still don't have a data protection law. It can be seen as a disingenuous effort and can affect not only people but also the country at large. And if I am asked if the big tech is taking data just to help me, then, I would say no. It’s taking much more.

And how do we draw that line between ethical and unethical retrieval of data by the big tech?

This is where we need public debate. Look at its power. Once we started this public debate on WhatsApp’s privacy policy, suddenly, WhatsApp is forced to give full-page explanations in newspapers justifying itself. So, I would put back the same question to the government and big tech,  “If you aren’t doing anything wrong, what do you have to hide? What does Facebook have to hide? Why don’t you put out the details in front of people? What are you doing with my data by selling it to third parties? How much money are you making from my data? What is the cost of my data?  If they say, my data is useless, then why do they need to take it? And if they think it’s useful, then what’s the cost? If my data is worth a million rupees, I should be given some per cent of the profit. Because after all, data is me. In the digital data world, my data is an extension of me. It is a part of me. I need to control it. I should be allowed to make an informed decision whether or not I want to share my data. But instead of doing this, we are tricked into these questions like “What do you have to hide?” This is to prevent us from thinking that our data is important and costly.

In its new privacy policy, WhatsApp is allowing the businesses to store the user’s data wherever they want. What’s your take on this?

Again, we should analyse who is using these services. How aware are the small businesses? Why doesn’t Facebook clarify the movement of data to all including the small businesses? What kind of autonomy is that if the small businesses don’t know how the entire process works?

How can the device and connection-specific information such as hardware model, operating system information, battery level, signal strength, app version, browser information, mobile network, connection information etc be misused?

Let me quote a report by Forbes, “An angry man went into a Target store outside of Minneapolis, demanding to talk to a manager. My daughter got this in the mail!” he said. “She’s still in high school, and you’re sending her coupons for baby clothes and cribs? Are you trying to encourage her to get pregnant?”

The manager didn’t have any idea what the man was talking about. He looked at the mailer. Sure enough, it was addressed to the man’s daughter and contained advertisements for maternity clothing, nursery furniture and pictures of smiling infants. The manager apologized and then called a few days later to apologize again. On the phone, though, the father was somewhat abashed. “I had a talk with my daughter,” he said. “It turns out there have been some activities in my house I haven’t been completely aware of. She’s due in August. I owe you an apology.” Charles Duhigg outlines in the New York Times how the Target stores work and how their algorithms are designed.  He talked to Target statistician Andrew Pole.

From NYT: “[Pole] ran test after test, analyzing the data, and before long some useful patterns emerged. Lotions, for example. Lots of people buy lotion, but one of Pole’s colleagues noticed that women on the baby registry were buying larger quantities of unscented lotion around the beginning of their second trimester. Another analyst noted that sometime in the first 20 weeks, pregnant women loaded up on supplements like calcium, magnesium and zinc. Many shoppers purchase soap and cotton balls, but when someone suddenly starts buying lots of scent-free soap and extra-big bags of cotton balls, in addition to hand sanitisers and washcloths, it signals they could be getting close to their delivery date.  As Pole’s computers crawled through the data, he was able to identify about 25 products that, when analyzed together, allowed him to assign each shopper a “pregnancy prediction” score. More important, he could also estimate her due date within a small window, so Target could send coupons timed to very specific stages of her pregnancy.”

We have no idea how algorithms can work. We are looking at a new world through an old lens. That’s where the problem lies. All these details like hardware model, operating system information, battery level, signal strength, browser information, mobile network etc are fed into algorithms which will give results we can’t even think of. The battery strength, for instance, can be an indicator of my age. Elder people usually keep their phones charged. The young are often comfortable with working even at 5 per cent or 10 per cent.

WhatsApp privacy policy says, “If any of your contacts aren’t yet using WhatsApp, we’ll manage this information for you in a way that ensures those non-user contacts cannot be identified.” Any comment on this.

There have been researches and investigations proving that Facebook has many shadow profiles and has been collecting a database of all the people on this planet. It holds data about you even if you are not on any of its platforms. Facebook’s founder Mark Zuckerberg faced two days of grilling before US politicians following concerns over how his company deals with people’s data. The data Facebook has on people who are not signed up to the social media giant also came under scrutiny.

During Zuckerberg’s congressional testimony he claimed to be ignorant of what is known as “shadow profiles”. Zuckerberg’s reply was, “ I’m not — I’m not familiar with that.” On this, one of the leading publishers of research-based news and analysis, The Conversation publishes, “That’s alarming, given that we have been discussing this element of Facebook’s non-user data collection for the past five years, ever since the practice was brought to light by researchers at Packet Storm Security.”

So what is the way out?

We cannot expect big tech companies to be caring about our digital rights or our human rights. That’s why we need governments to step in. For that, people have to make the governments accountable. And it is possible only when they are made aware of their digital rights, which is the task of the media. You see it’s a Catch 22 situation.

I was reading this report on how Rs 1348 crores of PM Kisan funds were given to non-eligible beneficiaries. Think about the fact that these funds are given via Aadhar, DBT etc. We were told that technology was to reduce the pilferage. But we should remember that pilferage has nothing to do with technology. It is related to processes. In fact, technology can enable pilferage. Technology ultimately multiplies the intent of the person who drives it. (chuckles) Fortunately, till now technology cannot work on its own. At least that’s what we believe.