[kictanet] When it comes to privacy by default, settings matter!
Patrick A. M. Maina
pmaina2000 at yahoo.com
Wed Jun 12 02:41:46 EAT 2019
My appreciation of the subject, and its sheer complexity() has evolved considerably over the last 3-6 months and I'd like to offer a slightly deeper discussion for those who may be interested.
Alice has presented the two phrases below for discussion:
Ph1: “Africans don’t care about privacy”;Ph2: “Africans do not care about privacy in the same way Europeans [and/or] Americans do";
These phrases have gained notoriety in persuasive rhetoric, both within and beyond Africa, as "truths" that justify policies or activities (whether manual or automated) that are perceived as unwarranted invasions of privacy, to varying extents, by a varying number of people - depending on context, motivation and timing.
Both phrases require us to accept a loaded presupposition that the definition of "Privacy" is universal and culture independent. This is not true: There are several cultures in Africa, for example, where it is perfectly normal and acceptable for women to be topless in public (and even to take photographs with male visitors/tourists); but in other (e.g. westernized) cultures it would be considered a gross violation of personal privacy if an "X-ray" device, say at an Airport/Mall, was tuned to see through a woman's blouse such that the resulting image appears like a topless representation of her body. So clearly there are cultural considerations that need to be accounted for - if we are to establish a common definition that would facilitate a reasonably objective cross-cultural comparison of public attitudes towards Privacy.
When collecting data about this issue, care must be taken to ensure that we are conducting the right study. For example, if using a survey, we have to be sure that we are really testing for who cares more/less about invasion of privacy, and not actually testing for which group is more informed (from the study's perspective), or which group is more assertive, or more vocal about the issue. Silence does not mean consent. People who live in societies that have historically suppressed "free speech" for example, will likely respond conservatively (or diplomatically) to certain surveys - compared to people in cultures that consider freedom of speech an absolute and guaranteed right. How do you account for such (often invisible) nuances?
Given the above considerations it is clear that both Ph1 and Ph2 are incomplete propositions and, thus, defective/manipulative arguments if used for persuasion. Either phrase would be more balanced if it articulated the specific testable circumstances and perspectives (e.g. cultural) where it can be reliably inferred that, within such a context, Africans appear not to care about privacy or appear to care less about privacy compared to Europeans and/or Americans.
Furthermore we have to dispense with yet another presupposition in Ph2, that Americans and/or Europeans "care about privacy". Granted that such a statement is already too general to be meaningful (it's like declaring "all blue strings are long"), we can still challenge its veracity as an absolute proposition by examining data/evidence that suggests the contrary.
Let's use Facebook as an example. In early 2004, Facebook founder and CEO Mark Zuckerberg was reportedly asked about how he obtained the information for his newly launched social network, and his alleged response was:
"People just submitted it. I don't know why. They 'trust me'. Dumb f*cks."
Despite well publicized scandals around privacy, fake news, radicalization and extremism involving the use of the Facebook platform, some of which were apparently considered to be of significant enough public interest as to trigger a Congressional Inquiry in 2018, approx. 69% of Americans (>200Million people - i.e. slightly more than all of African Facebook users combined) still use Facebook as at early 2019. Why? Does it mean Americans don't care much for privacy? Or to what extent do they care about privacy and under what conditions do they agree to waive this right?
This raises another interesting question: At what point does societal ignorance about privacy issues cross over to reckless negligence? What are we expected to know about privacy, by default, how do we acquire this knowledge and whose responsibility is it to ensure we have the necessary competency to make intelligent decisions about online privacy? Was Mr. Zuckerberg alluding that Americans ought to have been aware, and concerned, about online privacy but, for some reason, did not appear to care?
What about Europeans? Over 280 Million (western) Europeans use Facebook daily - and this number is reportedly trending upwards. Does GDPR truly guarantee privacy in an era of CCTV, GPS, Cell Tower Triangulation, cloud-based digital personal assistants and IoT; or does it create a convenient administrative illusion that does not reflect reality?
To put it differently, why would so many Europeans use a privacy-scandal ridden product like Facebook in the first place if indeed they had privacy concerns? Again it boils down to: at what point, and under what conditions, does privacy become an actionable concern to an individual? Does worry without action count? Consider the fact that the EU only recently voted to create a massive biometric database of all EU citizens, the Common Identity Repository (CIR), which sounds eerily similar to India's Aadhaar and Kenya's Huduma Namba.
The above analysis suggests that there is global ambiguity about the precise public attitudes around the issue of online privacy - and a significant contributory factor could be mass-scale ignorance about the emerging novel risks associated with vast quantities of pooled personal data. Would people be more concerned about privacy if they knew, for example, that their social media data (photos, engagement) could be used, without their knowledge or consent, to train Artificial Intelligence algorithms that could potentially be used, at some point in future, to negatively profile certain groups in society, for targeted persecution, based on, say, physiological features?
To what extent does mass ignorance contribute to lax attitudes about privacy in the cyber realm and how can such ignorance be addressed, if at all possible, given the realities of mass platforms ownership?
Considering the increasingly manipulative nature of "nudge" algorithms, will the idea cognitive sovereignty (free will) gain popular traction globally as a human right? Would the public care more about privacy if they consider the possibility that their personal data is being used to automate them, or turn them into human robots, for the benefit of third parties?
Has the effectiveness of securitization as a tool for achieving rapid mass-scale compliance attracted motivated malevolence - thereby turning the masses into fearful, mindless, obedient sheep, that will gladly give up their fundamental rights in exchange for protection?
Studies suggest that online crowds/mobs behave just like real mobs. Can/should they be reasoned with? Is the psychoplogy of mob behavior a factor when it comes to human rights in the digital realm?
Wighty issues, no?
Good day & brgds,
Patrick.
Patrick A. M. Maina[Cross-domain Innovator | Public Policy Analyst - Indigenous Innovations]
Links / References:
x.https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5124066/x. May 2016: The Complexity Is in the Details: New EU Data Protection Law Promises User Control
https://www.isaca.org/Journal/archives/2016/volume-3/Pages/the-complexity-is-in-the-details.aspx
x. Aug 2011: The World Is More Complex than It Used to Be
https://hbr.org/2011/08/the-world-really-is-more-compl.html
x.
x. April 2018: Zuckerberg faces skeptical Congress on Facebook privacy breaches, Russian meddling
https://www.usatoday.com/story/news/politics/2018/04/09/facebook-ceo-zuckerberg-faces-skeptical-congress-hearings-privacy-and-russian-election-meddling/499387002/
On Tuesday, June 11, 2019, 12:25:31 PM GMT+3, Grace Bomu via kictanet <kictanet at lists.kictanet.or.ke> wrote:
Interesting debate. Let me throw in this video by KICTANet associate Riva Jalipa that compiles interviews from policy activists, musicians and just ordinary phone users. I especially like the modern lady in 3:08 who explains issues that are private to her and the gentleman who translates the idea of the traditional "cube" ( mini house for older unmarried men) to privacy in the digital age.
See whole video here: https://www.youtube.com/watch?v=7GK47va5kLc
On Tue, 11 Jun 2019 at 05:05, Francis Monyango via kictanet <kictanet at lists.kictanet.or.ke> wrote:
Morning Listers,
Alice, if you look carefully at the individuals who push the narrative "Africans don't care about privacy", you will notice they are from entities that benefit from the use of personal information. So to absolve themselves from any blame when caught with their hands in the cookie jar, they will jump on to the statement and use the registration of personal information at entrances of buildings as an example of how we don't care.
Yet we all do that because the law requires us to do so. 10 years ago, we never had to write our details or leave our IDs at entrances of buildings. In any case, now that we are legislating on data protection laws, we should factor in such unique situations in our society and find ways to ensure that the data collected at the entrance of buildings is used for the purpose it is collected for and disposed adequately.
On Tue, 11 Jun 2019, 03:55 Poncelet Ileleji via kictanet, <kictanet at lists.kictanet.or.ke> wrote:
Not the case at all Alice,
The real issue we have yet to share our narrative and our stories how we are combating it at various levels. These stories are important and we do care and need toaddress it at all levels. Yes we have issues like governmental confidential papers ending up on the hands of street vendors to wrap snacks etc as a case in point. However at various levels things are happening and we need collectively to share our stories and experiences.
My 0.0001% contribution
Poncelet
On Tuesday, 11 June 2019, Alice Munyua via kictanet <kictanet at lists.kictanet.or.ke> wrote:
Many thanks Patrick for your response and great insights.I have heard this said in several spaces “Africans don’t care about privacy” “Africans do not care about privacy in the same way Europeans or both Americans do”
If this is the case/current reality? Very best regardsAlice
On 7 Jun 2019, at 02:45, esther kamande via kictanet <kictanet at lists.kictanet.or.ke> wrote:
Good insight Patrick,
I agree that "....the burden needs to shift from the consumers to the companies whereby the complexity of privacy settings shouldn’t be placed on users to figure out. The product defaults should simply align with consumer expectations."
Thanks for sharing Alice.
Regards,
Esther
On Fri, Jun 7, 2019 at 6:48 AM Barrack Otieno via kictanet <kictanet at lists.kictanet.or.ke> wrote:
Good analysis Patrick,
Provides interesting perspectives.
Best Regards
On 6/5/19, Patrick A. M. Maina via kictanet
<kictanet at lists.kictanet.or.ke> wrote:
> I recently did a side-by-side comparison of several mainstream (and some
> emerging browsers e.g. Brave) and found Firefox to be the least intrusive of
> the better browsers.
> Using a network traffic monitor, I peeked under the hood to see what the
> browsers were secretly doing in the "background" and lo-and-behold, Chrome
> was so aggressive that it looked like a data-harvesting malware, even with
> add-ons and extensions disabled. I did some research on it and noted that
> users who had raised similar issues (several years earlier) had apparently
> been stonewalled for some reason. This led to a prompt and permanent
> uninstall of Chrome on that device.
> Surreptitious data harvesting is problematic because it enhances online
> risks (e.g. risk of "spear phishing" attacks, as well as theft of business
> trade secrets - including theft by inference). This should be of concern to
> emloyees, enterpreneurs and government workers. So why aren't users
> switching in droves to less intrusive browsers?
> I have two hypotheses about this:
> 1. Privacy awareness campaigns don't appear to be strategically
> contextualized and/or targeted. For example, the word "privacy" has a
> personal activity context connotation and may not trigger alarm bells in
> official contexts. I think words like "spying" or "snooping" or "stealing"
> need to be used a lot more as they convey, with far greater clarity, the
> idea of surreptitious activity and/or motives, while instilling a sense of
> urgent need for action.
> 2. Alternative browsers have to overcome network effects (and build their
> own). This requires long-game strategies that, on casual inspection, don't
> appear connected to browser adoption / lock-in. The strategy has to align
> with (and leverage) anthropological insights as well.
> Let's use Chrome as an example:
> Chrome users are locked-in to Google's strong network effects, which exist
> at the Android ecosystem level (developers, tech support, advertisers and
> end-users).
> Google works hard to grow/maintain its dev community by offering a vast
> array of tools as well as monetization opportunities. Google's secret value
> proposition across all their products is... wait for it... "success".
> Once onboarded, cool, proprietary (but apparently inconsequential) features
> tempt devs to tailor their webapps towards Chrome as the "main" browser and,
> slowly but surely, dev lock-in creeps in. The difference between Google and
> Microsoft in terms of dev lock-in strategy is that Google's approach is more
> subtle: it doesn't cause hard breaks in functionality on different browsers
> (which would be a big no-no for devs - it only degrades it.. quietly passing
> the UX pain to end users as "punishment" for using the "wrong" browser).
> This leads to "works best on Chrome" advisories on millions of help pages /
> documentation, which in turn *heavily* influences end-user (and tech
> support's) preferences and more importantly, perceptions about quality and
> performance advantage. It's like a massively viral reverse ad campaign where
> the advertisers pay you to advertise *your* product.
> Humans are creatures of habit and consistency. So the browser you use more
> frequently (or at work) is likely the one you'll want to use on your
> personal devices. Soon the user starts "advising" others on which browser is
> "best" (more free marketing). This reinforces the user's own perception of
> preferences, boosting perceived loyalty and making it even harder to switch
> even when the browser has issues the user doesn't like (cognitive
> dissonance).
> I noticed this effect on myself when switching from IE (after almost two
> decades) to Chrome, and a few years later, from Chrome to Firefox. Switching
> is hard.
> To get users to change their browser habits, it makes sense to target the
> dev & support ecosystem agressively with a different value proposition (i.e.
> "success"). This could mean being more flexible and pragmatic on certain
> core philosophies like FOSS, which pushes poor/hungry/enterpreneurial
> developers into the arms of monetized platforms. Food is no longer FOSS
> (unfortunately)... people need money to eat, and bills have to be paid. FOSS
> values are noble and important, but they become elitist when implemented as
> universal dogma without regard to economic context (e.g. for devs in low
> income countries).
> Legal and policy tools have to be leveraged as well. Google rode on
> antitrust regulations, for example, to penetrate Microsoft's IE moat and
> give chrome a chance on the PC (they then cheekily went on to do what
> Microsoft had been penalized for doing, with their inbuilt OS integrated
> apps).
> Slightly off-topic, but might be of interest to some.
> Good day & brgds,
> Patrick.
> Patrick A. M. Maina[Cross-domain Innovator | Public Policy Analyst -
> Indigenous Innovations]
>
>
> On Wednesday, June 5, 2019, 5:40:42 AM GMT+3, Alice Munyua via kictanet
> <kictanet at lists.kictanet.or.ke> wrote:
>
>
> https://blog.mozilla.org/blog/2019/06/04/when-it-comes-to-privacy-default-settings-matter/
>
>
>
> What if I told you that on nearly every single website you visit, data about
> you was transmitted to dozens or even hundreds of companies, all so that the
> website could earn an additional $0.00008 per ad! This is a key finding from
> a new study on behaviorally targeted advertisements from Carnegie Mellon
> University and it should be a wake-up call to all of us. The status quo of
> pervasive data collection in service of ad targeting is untenable. That is
> why we’re announcing some key changes to Firefox.
>
> Today marks an important milestone in the history of Firefox and the web. As
> of today, for new users who download and install Firefox for the first time,
> Enhanced Tracking Protection will automatically be set on by default,
> protecting our users from the pervasive tracking and collection of personal
> data by ad networks and tech companies.
>
> It seems that each week a new tech company decides to decree that privacy is
> a human right. They tout how their products provide people with “choices” to
> change the settings if they wish to opt into a greater level of privacy
> protection to exemplify how they are putting privacy first. That begs the
> question — do people really want more complex settings to understand and
> fiddle with or do they simply want products that respect their privacy and
> align with their expectations to begin with?
>
> Privacy shouldn’t be relegated to optional settings
>
> When thinking about consumer privacy online, I’m reminded of the behavioral
> economics studies which led to 401K plans (US retirement savings plans)
> moving from voluntary enrollment to auto-enrollment. Not too long ago most
> defined contribution retirement savings plans in the US required employees
> to sign-up and volunteer to start participating. Participation rates were
> very low. Why was that? Was it because people didn’t care about saving for
> retirement? Not at all! There were simply too many barriers to aligning with
> people’s expectations and desires and the benefits of saving for retirement
> aren’t felt immediately.
>
> We are in a similar position with respect to software privacy settings.
> Pervasive tracking is too opaque and potential privacy harms are never felt
> immediately. The general argument from tech companies is that consumers can
> always decide to dive into their browser settings and modify the defaults.
> The reality is that most people will never do that. Yet, we know that people
> are broadly opposed to the status quo of pervasive cross-site tracking and
> data collection, particularly when they learn the details on how tracking
> actually works.
>
> We also know that traditional privacy features such as Chrome’s Incognito
> mode are failing to live up to consumer expectations. The feature might keep
> your spouse from knowing what you’re thinking about getting them for your
> anniversary by erasing your history, but it does not prevent third-party
> tracking. Our research shows that Firefox users are seeking out privacy
> protection, particularly through the use of Firefox’s Private Browsing mode.
> In fact, nearly 25% of web page loads in Firefox take place in a Private
> Browsing window. The good news for these users is that Firefox’s Private
> Browsing mode has long put users first by blocking tracking. The bad news is
> that this generally isn’t true for many popular browsers, which allow
> tracking even in private browsing/incognito mode. A recent study found that
> users don’t understand this and think their data is being protected, when it
> is actually not.
>
> As was the case with retirement savings plans, what this shows us is that
> the burden needs to shift from the consumers to the companies whereby the
> complexity of privacy settings shouldn’t be placed on users to figure out.
> The product defaults should simply align with consumer expectations. That is
> the approach we are taking in Firefox.
>
> Enhanced Tracking Protection by Default
>
> As stated above, new Firefox users will have strong privacy protection from
> the moment they install. We also expect to deliver the same functionality to
> existing users over the coming months. Because we are modifying the
> fundamental way in which cookies and browser storage operate, we’ve been
> very rigorous in our testing and roll-out plans to ensure our users are not
> experiencing unforeseen usability issues. If you’re already using Firefox
> and can’t wait, you can turn this feature on by clicking on the menu icon
> marked by three horizontal lines at the top right of your browser, then
> Content Blocking. Go to your privacy preferences and click on the Custom
> option on the right side. Mark the Cookies checkbox and make sure that
> “Third-party trackers” is selected. To learn more about our privacy and
> security settings and get more detail on what each section — Standard,
> Strict, and Custom — includes, visit here.
>
> For existing users, go to your privacy preferences and click on the Custom
> option, ark the Cookies checkbox
>
> If you are new to Firefox, we’d love for you to give it a try. Download the
> latest version here.
>
> When it comes to privacy, default settings matter! We hope that the actions
> we are taking can ultimately compel change in the industry. Afterall,
> consumers deserve better.
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/pmaina2000%40yahoo.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for
> people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and
> development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
--
Barrack O. Otieno
+254721325277
+254733206359
Skype: barrack.otieno
PGP ID: 0x2611D86A
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/enkamande%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/alice%40munyua.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
--
Poncelet O. Ileleji MBCS
Coordinator
The Gambia YMCAs Computer Training Centre & Digital Studio
MDI Road Kanifing South
P. O. Box 421 Banjul
The Gambia, West Africa
Tel: (220) 4370240
Fax:(220) 4390793
Cell:(220) 9912508
Skype: pons_utd
www.ymca.gm
http://jokkolabs.net/en/
www.waigf.org
www,insistglobal.com
www.npoc.org
http://www.wsa-mobile.org/node/753
www.diplointernetgovernance.org
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/monyango93%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/nmutungu%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
--
Grace Mutung'u
Skype: gracebomu
@Bomu
PGP ID : 0x33A3450F
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/pmaina2000%40yahoo.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20190611/765960b4/attachment.htm>
More information about the KICTANet
mailing list