IT entrepreneur Joanne Cooper wants consumers to be able to decide who holds – and uses – their data. This is why Alexa and Siri are not welcome in her home.
Joanne won’t go to bed with her mobile phone on the bedside table. It is not that she is worried about sleep disturbances – she is more concerned about the potential of hackers to use it as a listening device.
“Because I would be horrified if people heard how loud I snore,” she says.
She is only half-joking. As an entrepreneur in the field of data privacy, she has heard enough horror stories about the hijacking of devices to make her wary of things that most of us now take for granted.
“If my device, just because it happened to be plugged in my room, became a listening device, or a filming device, would that put me in a compromising position? Could I have a ransomware attack?”
(It can happen and has happened. Spyware and Stalkerware are openly advertised for sale.)
Taking back control
Cooper is the founder of ID Exchange – an Australian start-up aiming to allow users to control if, when and to whom they will share their data. The idea is to simplify the process so that people will be able to visit one platform to control access.
This is important because, at present, it is impossible to keep track of who has your data and how much access you have agreed to and whether you have allowed it to be used by third parties. If you decide to revoke that access, the process is difficult and time-consuming.
Big data is big business
The data that belongs to you is liquid gold for businesses wanting to improve their offerings and pinpoint potential customers. It is also vital information for government agencies and a cash pot for hackers.
Apart from the basic name, address, age details, that data can reveal the people to whom you are connected, your finances, health, personality, preferences and where you are located at any point in time.
That information is harvested from everyday interactions with social media, service providers and retailers. For instance, every time you answer a free quiz on Facebook, you are providing someone with data.
Google Assistant uses your data to book appointments
With digital identity and personal data-related services expected to be worth $1.58 trillion in the EU alone by 2020, Cooper asks whether we have consciously given permission for that data to be shared and used.
A lack of understanding
Do we realise what we have done when we tick a permission box among screens of densely-worded legalese? When we sign up to a loyalty program?
A study by the Consumer Policy Research Centre finds that 94 per cent of those surveyed did not read privacy policies. Of those that did, two-thirds said they still signed up despite feeling uncomfortable and, of those, 73 per cent said they would not otherwise have been able to access the service.
And, what we are getting in return for that data? Do we really want advertisers to know our weak points, such as when we are in a low mood and susceptible to “retail therapy”? Do we want them to conclude we are expecting a new baby before we have had a chance to announce it to our own families?
Even without criminal intent, limited control over the use of our data can have life-altering consequences when it is used against us in deciding whether we may qualify for insurance, a loan, or a job.
“It is not my intention to create fear or doubt or uncertainty about the future,” explains Cooper. “My passion is to drive education about how we have to become “self-accountable” about the access to our data that will drive a trillion-dollar market,” she says.
“Privacy is a Human Right.”
Cooper was schooled in technology and entrepreneurialism by her father, Tom Cooper, who was one of the Australian IT industry’s pioneers. In the 1980s, he introduced the first IBM Compatible DOS-based computers into this country.
She started working in her father’s company at the age of 15 and has spent the past three decades in a variety of IT sectors, including the PC market, consulting for The Yankee Group, as a cloud specialist for Optus Australia, and financial services with Allianz Australia.
Starting ID Exchange in 2015, Cooper partnered with UK-based platform Digi.me, which aims to round up all the information that companies have collected on individuals, then hand it over those individuals for safekeeping on a cloud storage service of their choosing. Cooper is planning to add in her own business, which would provide the technology to allow people to opt in and opt out of sharing their data easily.
Cooper says she became passionate about the issue of data privacy in 2015, after watching a 60 Minutes television segment about hackers using mobile phones to bug, track and hack people through a “security hole” in the SS7 signaling system.
This “hole” was most recently used to drain bank accounts at Metro Bank in the UK, it was revealed in February.
Lawmakers aim to strengthen data protection
The new European General Data Protection Regulation is a step forward in regaining control of the use of data. Any Australian business that collects data on a person in the EU or has a presence in Europe must comply with the legislation that ensures customers can refuse to give away non-essential information.
If that company then refuses service, it can be fined up to 4 per cent of its global revenue. Companies are required to get clear consent to collect personal data, allows individuals to access the data stored about them, fix it if it is wrong, and have it deleted if they want.
The advance of the “internet of things” means that everyday objects are being computerised and are capable of collecting and transmitting data about us and how we use them. A robotic vacuum cleaner can, for instance, record the dimensions of your home. Smart lighting can take note of when you are home. Your car knows exactly where you have gone.
For this reason, Cooper says she will not have voice-activated assistants – such as Google’s Home, Amazon Echo’s Alexa or Facebook’s Portal – in her home. “It has crossed over the creepy line,” she says.
“All that data can be used in machine learning. They know what time you are in the house, what room you are in, how many people are in the conversation, keywords.”
Your data can be compromised
Speculation that Alexa is spying on us by storing our private conversations has been dismissed by fact-checking website Politifact, although researchers have found the device can be hacked.
The devices are “always-on” to listen for an activating keyword, but the ambient noise is recorded one second at a time, with each second dumped and replaced until it hears a keyword like “Alexa”.
However, direct commands to those two assistants are recorded and stored on company servers. That data, which can be reviewed and deleted by users, is used to a different extent by the manufacturers.
Google uses the data to build out your profile, which helps advertisers target you. Amazon keeps the data to itself but may use that to sell you products and services through its own businesses. For instance, the company has been granted a patent to recommend cough sweets and soup to those who cough or sniff while speaking to their Echo.
In discussions about rising concerns about the use and misuse of our data, Cooper says she is frustrated by those who tell her that “privacy is dead” or “the horse has bolted”. She says it is not too late to regain control of our data.
“It is hard to fix, it is complex, it is a u-turn in some areas, but that doesn’t mean that you don’t do it.”
It was not that long ago that publicly disagreeing with your employer’s business strategy or staging a protest without the protection of a union, would have been a sackable offence.
But not today – if you are among the business “elite”.
Last year, 4,000 Google employees signed a letter of protest about an artificial intelligence project with the Department of Defense. Google agreed not to renew the contract. No-one was fired.
Also at Google, employees won concessions after 20,000 of them walked out protesting the company’s handling of sexual harassment cases. Everyone kept their jobs.
Consulting firms Deloitte and McKinsey & Company and Microsoft have come under pressure from employees to end their work with the US Department of Immigration and Customs Enforcement (ICE), because of concerns about the separation of children from their illegal immigrant parents.
Amazon workers demanded the company stop selling its Rekognition facial recognition software to law enforcement.
Examples like these show that collective action at work can still take place, despite the decline of unionism, if the employees are considered valuable enough and the employer cares about its social standing.
The power shift
Charles Wookey, CEO of not-for-profit organisation A Blueprint for Better Business says workers in these kinds of protests have “significant agency”.
“Coders and other technology specialists can demand high pay and have some power, as they hold skills in which the demand far outstrips the supply,” he told CEO Magazine.
Individual protesters and whistle-blowers, however, do not enjoy the same freedom to protest. Without a mass of colleagues behind them, they can face legal sanction or be fired for violating the company’s code of conduct – as was Google engineer James Damore when he wrote a memo criticising the company’s affirmative action policies in 2017.
Head of Society and Innovation at the World Economic Forum, Nicholas Davis, says technology has enabled employees to organise via message boards and email.
“These factors have empowered employee activism, organisation and, indeed, massive walkouts –not just around tech, by the way, but around gender and about rights and values in other areas,” he said at a forum for The Ethics Alliance in March.
Change coming from within
Davis, a former lawyer from Sydney, now based in Geneva, says even companies with stellar reputations in human rights, such as Salesforce, can face protests from within – in this case, also due to its work with ICE.
“There were protesters at [Salesforce annual conference] Dreamforce saying: ‘Guys, you’re providing your technology to customs and border control to separate kids from their parents?,” he said.
Staff engagement and transparency
Salesforce responded by creating Silicon Valley’s first-ever Office of Ethical and Humane Use of Technology as a vehicle to engage employees and stakeholders.
“I think the most important thing is to treat it as an opportunity for employee engagement,” says Davis, adding that listening to employee concerns is a large part of dealing with these clashes.
“Ninety per cent of the problem was not [what they were doing] so much as the lack of response to employee concerns,” he says. Employers should talk about why the company is doing the work in question and respond promptly.
“After 72 hours, people think you are not taking this seriously and they say ‘I can get another job, you know’, start tweeting, contact someone in the ABC, the story is out and then suddenly there is a different crisis conversation.”
Davis says it is difficult to have a conversation about corporate social activism in Australia, where business leaders say they are getting resistance from shareholders.
“There’s a lot more space to talk about, debate, and being politically engaged as a management and leadership team on these issues. And there is a wider variety of ability to invest and partner on these topics than I perceive in Australia,” says Davis, who is also an adjunct professor with Swinburne University’s Institute for Social Innovation.
“It’s not an issue of courage. I think it’s an issue with openness and demand and shifting culture in those markets. This is a hard conversation to have in Australia. It seems more structurally difficult,” he says.
“From where I stand, Australia has far greater fractures in terms of the distance between the public, private and civil society sectors than any other country I work in regularly. The levels of distrust here in this country are far higher than average globally, which makes for huge challenges if we are to have productive conversations across sectors.”
