TechLetters #49 - The moral values of technology design - politics already impact on technology. Facebook micro targeting. Large-scale cyberattacks on financial infrastructure inevitable.
Éditorial
Some people doubt that values-inspired technology design is possible. We show that not only it is possible, but values already influence technology.
"Values" not only guide the building of technologies in aspects such as privacy or cybersecurity, accessibility, freedom of expression, or censorship. There are past examples of political-technology clashes/interventions. On-demand decryption or OS changes are the examples. "Human, moral, and European values are clearly linked to technology ... We stress that the presence of politics in the technology sphere is already a reality".
European Union is struggling with technology standards. Its approach is maladapted to today's world. GDPR and 2G are the well known examples, but what else is there? There is a need for a change. The need for smart tech policy people to engage.
Our latest paper on technology standardisation is out in Internet Policy Review. PDF, blog post.
Security
Large-scale cyberattack on financial institutions inevitable. So says the Reserve Bank of Australia. “While the impact of incidents to date has been limited, given the large number of attempts a significant cyber event that has the potential for systemic implications is at some point inevitable”. (Report)
Russia sending domestic warning signs? Allegations of "treason" and arrest of the Group-IB boss. Because some people have begun to speak loudly that tolerating cybercrime is dangerous? Russia is sending warning signals to the domestic cybersecurity industry?
“The message is: don’t speak up about it, don’t internationalise it without FSB prior approval and, especially, localise your clients’ data on Russian soil.”
Privacy
Privacy-preserving analytics for precision medicine. With multiparty homomorphic encryption sounds exciting. Processing private data with in a way keeping it encrypted all the time. Data governance and privacy issues related to medical-data sharing. “Anonymous data, which refers to data that require unreasonable efforts to re-identify the source individuals, lies outside the jurisdiction of GDPR. Therefore, our approach has the potential to significantly simplify the requirements for contractual agreements and the obligations of data controllers with respect to regulations, such as GDPR, that often hinder multicentric medical studies”
Targeting unique Facebook users. "Researchers developed a method to deliver a Facebook ad campaign to just one person out of 1.5 billion" "based only on the user’s interests", so actually indeed on personal data. Despite authors claiming otherwise, this is ultra-targeting. Such precision is totally identifying and singling out individuals (so processing personal data). This is highly privacy invasive. It’s shocking that the researchers and the press describe it as 'without personal data'. "4 rarest interests of a user make them unique within a user base in the same order of magnitude as the worldwide population". Such result means that such targeting is bound by regulations. This is striking! Also, an impressive result. Cost of targeting: 0.12€. As I say it is likely that user interests constitute personal data. “It seems that users are identifiable by their interests in the meaning of article 4(1) of the GDPR, meaning that interests constitute personal data. The only caveat is that we are not certain how such a processing would scale.”. Precise targeting in principle could be used to hack users (malvertising), spread precise disinformation or at a scale impact on societal opinions.
Technology Policy
Apple's policy paper. Criticising/opposing demands to open up the iOS ecosystem to third-party apps. With security, they have a point, right? “iPhone is a highly personal device where users store some of their most sensitive and personal information. This means that maintaining security and privacy on the iOS ecosystem is of critical importance to users. However, some are demanding that Apple support the distribution of apps outside of the App Store, through direct downloads or third-party app stores, a process also referred to as “sideloading.” Supporting sideloading through direct downloads and third-party app stores would cripple the privacy and security protections”
In case you feel it's worth it to forward this letter further, I leave this thingy below:
You may also share here: