Baby, it's a smart world outside

I have re-used the title of the first video from "the power of nightmares". It was "Baby, it's cold outside" from an older US-song. The "smart world" was the topic at a recent IBM conference which I attended and where a large group of computer science profs met to discuss the vision of a world full of data and data analysis.

The conference presented positive visions of such a world e.g. by showing environmental gains through data mining and intelligent sensors. Better optimization of energy use, prevention of clogged streets and much more. Negative visions were also used: if we do not achieve this "intelligent" world the environment will suffer and as a consequence we will suffer too.

While market and economic agendas were present they were not explicitly part of the smart planet vision.

The conference's main method was "anything goes": we do not talk security and social consequences right now. We try to find out the technical options and possibilities first. While this is a legal approach it makes you feel rather uncomfortable once you realise that a naive implementation of those techniques within the current social and economic structure will have a major and negative impact on citizens and customers. I am going to discuss some of those effects in the next paragraphs.

Let's begin with the smart vision first. It starts with the installation of countless numbers of sensors to extract data from people or groups of people. This is done via "intelligent" sensors which can extract those data, process them, cause actions and communicate the data to certain receivers.

By collecting those data receivers can optimize transportation, energy usage (avoid running costly power plants without need etc.) and avoid negative environmental impact as much as possible. This part of the smart planet vision is a positive one without any doubt and there are few reasons to argue against this use of our data.

Actually it is necessary to understand three important points here: the first one is that for this specific vision to work, our data NEED TO BE PUBLIC .- at least that's how it looks. The second thing to understand is that computer science is NOT ABLE TO PROTECT those data once the get collected. The third one is that this is NOT A PRIVACY ISSUE in the usual sense: I am not talking about private data used to embarrass me in public or to find out about my political orientation. I am talking about data used to micro-control me by setting the parameters for my self-optimization mechanisms. In other words: everyday data about me, my actions and behavior used to control my decisions because I can't avoid making those decisions.

Why do my data have to be public? Let's use the example of intelligent power meters for the "smart power grid". The individual user data transmitted by the intelligent meter are analyzed at the power provider. It calculates rates depending on its cost vectors and an estimate of the users willingness to pay for the services rendered. It can offer special rates at certain times, much like it is or was done in the mobile phone networks with their endless numbers of tariffs with specific time windows. This scenario would lead to a complete domination of the provider over the customer because the provider knows so much about the customer that it can adjust the parameters for the customers self-optimization.

This has dramatic consequences: it will make markets for price finding disappear. So for now to create at least some form of market and competition we will need to make sure that our customer data goes to ALL possible providers so they can all make an offer.

So much for the privacy of our data and we all know how well our data are protected within corporations not to speak hundreds of competing corporations...

Why are we unable to exercise control over out data once they are collected? Computer science simply does not know how to do this. We can safely transport data across distances. We can make data unreadable except for a specific receiver but once the receiver has removed this layer of protection e.g. to process the data, they are again unprotected. We can add secret signs to our data to find out who gave them away (watermarks) but this does not prevent data from being available beyond our control. It is just a way to punish a sloppy receiver later.

The simple fact is that once data are collected about us these data are public.

But can't we do better in computer science? At the University of Freiburg Prof. Müller is doing research in this area. The idea is roughly stated a combination of Digital Rights Management hardware, published policies on how data will be handled and auditing performed by independent agencies with the goal to ensure that companies keep to their policies. One way to do this is to enforce software that works with DRM hardware. In theory it is now possible to restrict the use of data with user and company defined policies and the hardware will not allow the transport or use of such data beyond the specified policies. The idea is a bit related to Multi-Level Security known from the mainframe and secret services world. I do not dare to give an estimate on the practical use of this approach - after all we know how well auditing worked to prevent the financial crisis, stock scandals etc.

But there are two important conclusions from the fact that we cannot restrict the use of data once they are freed: The first conclusion is that following the "smart planet" vision without regard for this problem seems socially irresponsible. Because within the given social and economic system, public and fine grained data about customers or citizens will be used to the economic advantage of corporations or the establishment of further control by governments. What would the corporate evangelists of the "smart planet" vision say if I told them that next time I would come with a team of analysts and camera men to tape and analyse their actions because it would make my ordering more "flexible"? We have a first important result in the discussion of smart planets: without a solution to the power imbalance resulting from the use and processing of private data by corporations and governments the smart world agenda is purely a neo-liberal one. It is already well seated in the economic theories about controlling, marketing etc. It uses technology to maximize profit or control.

That the proponents of a smart world are fully aware of this unequal distribution of power showed in most talks: There was talk about "the customer having to play an active role in his power consumption" (it means that the customer will have to watch the intelligent meter to make sure she gets the cheapest times for the use of electricity and no, this was not expressed as "can" but as "having to". And a specialist in mathematical optimization strategies answered one question with the question "Optimization - for whom?" He was fully aware that global optimization is not what corporations and governments want. They are only interested in optimizing things in a certain direction or for a specific interest.

The second conclusion from the impossibility of restricting data use in the wild is a rather surprising one: Given that we want data to be public and we cannot protect them in doing so it follows that we need to change the social and economic background for the use of our data. We need to think about a society where public data are harmless because they won't be used to our disadvantage. This is clearly a very futuristic view but again, it follows strongly from our premises.

Before I start to discuss what makes data harmful or whether the vision of smart planets could be possible without private data becoming public I need to clarify the third point from above: that we are not talking the usual privacy issues here. I am not talking about private data that show my political opinions or that make me look stupid in public. I am not talking about data on sexual preferences, intimate relations etc.- data that are usually understood as in need of protection. I am talking about everyday and simple data from everyday devices and sensors. Data that comes from the micro level of our lives and which show how we get through the day. And this data is now - due to enabling technology from computer science and hardware development - becoming available to corporations and governments at low prices and huge numbers. And by knowing those data, corporations and governments can directly influence our decision making process: steering us towards certain locations (or to avoid them), making us avoid downtown areas or forcing us to use electrical power at certain times. And much more. Control has now reached the micro-level of everyday life.

A quote from the NeoconOpticon paper (pg. 43 )describes the effects of having data on opponents quite succinctly: The key to victory in modern conflict is informational superiority. The side that enjoys the highest degree of information superiority can manoeuvre its forces quickly and decisively to achieve tactical and operational advantage over its enemy. It can also precisely and effectively engage every vital element of the enemies forces to reduce their fighting capabilities to nil. (Michal Fiszer,a Polish Air Force and military intelligence veteran) . You may say that the economic fights for survival in a capitalistic world are not battlefields but this is not a very convincing argument.

One consequence of this information superiority people ain't gonna like at all: individual prices. We will have to say goodbye to common prices for everybody. By knowing so much about your habits companies will be able to tailor prices for individual goods exactly to your buying abilities and wishes. And in most cases there won't be a way for consumers to create or use a market anymore. But perhaps the fear of individual prices will make people think twice about the costs of "intelligence" and "convenience".

Back to the question what makes data harmful. As often the answer is: the context of their use. The exact same data, e.g. showing a heart or brain condition can save your life as well as prevent you from getting health insurance. They get you into an education or prevent you from getting one. The process is called "social filtering" and it gets ever more popular through the use of automated data collection and automated access control: Taken together these mechanisms create a completely automated way of dealing with people and what they are allowed to do. This process does not let room for negotiations, for social conscience and so on. It is automated and brutal.

In our latest session on security and society iat the University of Freiburg we have been comparing two concepts of control in societies: Foucaults "disciplinary society" with its zones of explicit dominance (prisons, schools, factories) and the later concept of a "control society" by Gilles Deleuze which has control already internalized by the (in)dividual: the person as a target of statistics, data bases and TV. The "smart world" concept will go even further and enter the "remote control society" with the special property of the "remote control unit" not being visible at all: due to the data collected by sensors the decisions about the parameter values of our environment (how much does electricity cost right now? in two hours?) will be made remotely. Computers doing stream processing of trillions of event data in real-time and coming up with ever more individual prices and parameters.

So what can or should we do? Is there a way to fight against the smart planet view? There are basically two options available: one I have already mentioned. It is the creation of a society where data exposure cannot be used against a person. Pictures from a party where you got drunk cannot hurt you if they appear on facebook. Your smoking habits at the university will not prevent you from getting an administrator job with some company twenty years later. Knowing your DNA and being able to predict when you will get which disease will not affect your ability to get health insurance. This would be a society without the guiding principle of profit making. I am not saying that this is a society where things are not scarce. We are rapidly approaching a situation where things aren't really scarce anymore. Especially digital things which can be copied over and over. And knowledge which can today spread easily all over the world within seconds. We are now entering a phase where scarceness of things - the justification of most economic theories - is an artifact: digitally created scarceness. When your toner stops working after x copies because the counter is down to zero - no matter how much toner is left. When your car stops running because the programmed lifetime expired. When you can't do something because there is a patent preventing you from its use. All this is artificially made scarceness and the sensor world of the "smart planet" vision will make it even easier to enforce this artificial scarceness. That's why I say that the alternative society needs to get rid to the concept of profit making and prevent artificial scarceness from being forced onto us. The question of network-neutrality is another example of an artificial scarceness forced onto us as Lawrence Lessig described in his testimony to the senate committee.

Ok, what if you feel that this vision is just a bit too far away? Is there anything else that could be done to make data harmless again? IA good approach is when data are not collected in the first place. In an age where more data then ever are collected and data NEVER disappear once they have been collected, not from police databases nor from company data stores (and we all know that Google does not forget anything..), I have to admit it sounds ridiculous to image such a society.

But let us imagine some ways to achieve data reduction, just for the fun of it. An interesting approach here (besides all kinds of legal and democratic efforts of course) is to avoid authentication as much as possible and substitute it with authorization. Let me give an example: A ticket for a football stadium is an authorization mechanism. No need to know who the ticket owner really is. Just the need to validate the ticket and to prevent forgery. And there are many more places where we use authentication today (we validate WHO some requestor is) and where we could use authorization instead. This would allow anonymity in many kinds of transactions and is btw. the way cash works. According to Prof. Welsch IBM has developed lots of this technology e.g. in the Rüschlikon Research Center but - surprise - nobody wants to use it. State and corporations of course are not keen on giving up authentication information. They would not put billions into the development of automatic face/car/whatever identification. And customers, citizens and consumers seem to not care about being identified. And once they learn the "smart planet" means permanent identification through automated sensors, it might be too late...

What we have learned is that convenience rulez! Using tickets is a bit more inconvenient because you have to get them first. Paying cash needs you to visit the ATM every once in a while. And so on. And to top it off: the "smart planet" idea does not only bring convenience, it is also good for the environment...

Sorry to end on such a pessimistic note...