As we move towards intelligent assistants, I think we all should take a step back and in an informed way evaluate how our personal privacy is impacted by cloud services. Intelligent assistants, or intelligent software agents (ISA), are here in very early forms. We have things like Siri, from Apple, Google Now and others. The day is fast approaching when my personal software assistant will wake me up in the morning without me ever setting an alarm. The problem is one that we are just starting to see the beginnings of. Most software assistants rely on cloud processing and storage to do the heavy analytical lifting. There is definitely a value exchange, but are you really aware of what is being done, and what is being stored.
To illustrate this point comes an article from the weekend highlighting an oft-overlooked issue with cloud back-up. The issue is that it is out of your control and it is in the cloud. The article talks about how every Wi-Fi password you have on your Android device is stored with every cloud back-up you make. So that super-secret password to your personal network at home is now known by Google. When you sit back and take a look at this it makes sense.
Do you want life to be easy or to be safe?
If you want to live your life without risk, you are going to be disappointed. Everything you do in life carries some risk. Crossing the street, getting in your car, and even sitting in your chair all carry risk. If you think sitting in your house is not risky, just ask Hiroki Naoko about the plan that crashed into her house. We all go through a risk-benefit analysis about everything we do. With most life we are pretty aware of the risks. The problem with this trend toward more cloud computing is our assumptions and beliefs are sometimes not right.
The back-up service for Android is understandable. If you asked me before you stored that information up in the cloud, I would obviously say yes. NOTE: I haven’t reviewed the actual license terms and notifications so the language may be buried somewhere in there. The issue is one of surprise when you are first told about it after the fact. What else is stored in my back-up?
The funny thing was when I first read this article it finally dawned on me why I have had to re-enter passwords every time I transitioned to a new iPhone. It just became something I did. Now I understand why it was being done. Bravo to Apple. They may not have done it because of this surprise issue, but it feels good now that I see this article.
Fairness note. Apple has fallen down here a little with regards to the Siri cloud service. Remember an early blog post about Apple storing your vocal utterances to improve Siri?
Convenience vs. Privacy
How easy do I want my computing life to be? How much information am I willing to share to get that convenience? Today, most of the value exchange around your personal data is about getting a discount, or some type of loyalty bonus. With intelligent software assistants we are now getting into a situation where what we are getting is convenience. Imagine the day when you walk into a store, pick up the things you need and walk out without every walking past the cashier. What information does the store need access to in that scenario?
I am dreading the day that my three-legged stool metaphor breaks down as a guide. Even here though it works. There is good value here, and there is even some control. Allegedly no human is reading these, so some control. The notice is where this falls down. If I am surprised, I don’t have notice.
Intelligent software assistants are in our future. The amount of data needed to make those services useful is mind-boggling. The amount of analysis is also mind-boggling. The iPhone5 (about to be eclipsed by the 5S, as well) is almost twice as powerful as the most powerful Powerbook you could get in 2005. The progression in power and storage will only increase, but your mobile device will probably never be able to do this type of big data analysis.
So, we will be relying on the cloud. What kinds of notice will be made available to users as these services are enabled and mature? Your data will now be at the mercy of providers you may not even be aware of. I may provide access to my preferences to Apple, for instance. What third party vendors are they using on the back-side? How far down the trail does my information go?
Bake privacy into the cake
As I was thinking about those last questions, I was contemplating how best to do things and do you need to share truly personal data upstream to accomplish the analytics needed to render an ISA effective. Is the query to an upstream analytics provider merely a “provide me the furnace size for a Trane model F1234,” or is it a “ask Trane what model furnace Jane Doe has, and return the furnace size for that model.” In the first, no personal data is sent. In the second, some is. My name is now associated with the query. It becomes something I should be aware of, shouldn’t it?
I have long advocated for privacy experts to be involved in projects at an early stage. I think it is also important for privacy knowledge be taught to developers and project managers. Why? Because even if the privacy expert is at the meeting talking about a new service to provide furnace filter sizes upon request from users, they won’t be there when the query is constructed. Your developers need to think about what they are doing, and what the obligations to the users are.
Bottom line – enjoy the promise, and look both ways
There will be incredible software products coming to your life in the near future. They will make your life easier. They will make you more intelligent (well at least have more information at easy recall). They will make you so much more responsive. We all want it. Just like we want to cross the road. When you cross the road, you look both ways, not just the direction of traffic, but both ways. Even when you cross on a walk sign, you should look both ways. Same thing here. Go into it with eyes wide open and enjoy the future.