On Robert Heinlein, Big Data, and No Free Lunches
How much valuable data about your personal or corporate behavior are you giving away and what risk are you embracing – without knowing it?
In 1966, Robert Heinlein published his science fiction novel, The Moon is a Harsh Mistress. He tells the story of a revolution in the earth’s moon-based penal colony. The revolutionaries/ rebels create their flag – TANSTAAFL emblazoned on a solid background. TANSTAAFL is the embodiment of the recognition that everything has to be paid for by someone – There Ain’t No Such Thing As A Free Lunch.
It is particularly important, today, with the proliferation of “free” applications for computers, tablets and smartphones and with the emergence of Big Data as a knowledge tool for businesses.
If nothing is free, then who is paying for these “free” applications and what does have to do with Big Data?
Let’s start with Big Data
Wikipedia has a good article on Big Data. Essentially, Big Data is the analysis of massive amounts of diverse data – amounts of data so large that new analytic techniques have been developed to extract useful information and insight. A major issue is the origin of these massive amounts of data. In today’s connected world, data on our individual behavior is continually generated and collected. Every time we make a purchase from a vendor with which we have a “loyalty program” membership, or every time we use a credit card, or every time use electronic payments (PayPal, ApplePay, etc.), we create a file – where we traveled, where we made phone calls or sent text messages, what we bought, from whom we bought it, where we bought it, the date on which we bought it, the time of day – not to mention our name, our gender, our address, our credit rating, our salary, ad infinitum – all that information that we supplied to get the credit cards or whatever.
On an individual basis, our personal identifiable information (PII) is redacted from the other data, allegedly “anonymizing” the data on our personal behavior. The critical problem here is that the analytic techniques used to derive meaningful customer behavior information are also strong enough to uniquely identify each person – and their behavior. MIT conducted a study showing that as few as three or four transactions were adequate to specifically and uniquely identify individuals.
Big Data can, for all intents and purposes, strip any individual person of much, if not most of their privacy.
How is this related to “free” apps? None of these apps can be used without agreeing to the Terms of Service (ToS) for the app. The ToS are problematic:
- They include numerous conditions that can permit the developer of the app to access any data generated by the app. Even if the app developer does not intend to access that data, the capability remains, because the data generated is also required by the app itself to provide the convenience for which we acquired the app.
- The ToS are intended to protect the developer of the app and so also include the right of the developer to change the ToS without our consent (this potentially allows the developer to access data that the developer had previously agreed not to access or share).
- The ToS are written in language that is difficult to understand without significant technical legal knowledge.
- The ToS are written and read/agreed to without the context of Big Data and the inherent privacy issues.
Convolved with the power of Big Data analytics and the data generated by apps (free and purchased) and many software enabled devices, such as smart TV’s, smart thermostats, smart refrigerators, etc., is the risk of data compromise as evidenced by the rash of data thefts from Target, Home Depot and other high-profile incidents over the past year.
Recognizing that virtually all apps include similar ToS, and that the only options available are to decline the ToS and the capabilities of the app/device or to use those capabilities and agree to the ToS, the bottom line remains that no one should acquire or use devices that are connected to the Internet and the associated applications without due consideration of the ToS and the risks of loss of privacy and PII associated that use. It is equally important for companies and organizations to consider those implications in their policies for the use of corporate accounts, corporate devices and the use of personal devices for company purposes.
When considering the risks of an abrupt change from “business as usual” to a disruptive “business as unusual,” companies and organizations must start from an all-hazards perspective and include the risks associated with the connected world, including those from Big Data and “free” apps. Someone, somehow is paying for that “free” app – TANSTAAFL.