Privacy for the next billion because it is Overdue
[Music]
hi
person of interest so person of interest
is a science fiction
crime drama cereal that i have used to
be really hooked on to
you know it has at its center something
called the machine
it’s been programmed by this reclusive
brilliant billionaire called harold
finch
the machine is like the proverbial big
brother it knows
everything about everyone the machine is
used to solve
crime problems and terror
potential terrorist attacks and stuff
like that
i would in fact recommend that you watch
it if you haven’t already
now what if i told you that what was
portrayed
in person of interest is not really
science fiction but a reality
a reality that is several orders more
intrusive than what the machine already
was
and that there is not one single machine
but millions of them
big and small spread out over the world
and that you and i are a living
breathing part of this reality now that
would become a tad worrisome
wouldn’t it see anecdotally we already
know that whatever we do online is
is tracked processed recorded
analyzed and so on right we feel a bit
scooped
when we talk about going on a vacation
to goa while catching up over a cup of
coffee with a friend and then next thing
we start seeing
ads for um flights to goa and
hotels in goa for on all our online
fields
right but how does this really happen
let’s peep into one world which is a
world of apps
now an app typically talks to the phone
via
something called permissions permissions
are like the vehicle wire which
data is extracted by the app from the
phone
and certain activities on the phone are
kicked off by the app
okay i like to think of uh permissions
like the good old sipping straw that we
use
while drinking from a glass of juice you
know
it’s the the straw through which data
comes out
and it’s also the straw through which
you can you know blow bubbles into the
juice as well right through
kick off some activity in the form now
most permissions are required by the
uh app for the for the app to function
okay
some of these permissions however are
what are
called highly dangerous permissions and
why are they dangerous because of the
kind of data that they have access to
or the kind of activities that they can
kick off on the phone
can severely compromise the individual’s
privacy
for example accessing your camera
accessing your microphone
or taking reading all your sms’s or
taking a look at your calendar
or your contacts now that is something
which would be intrusive
right now the story doesn’t end with
permissions and spookiness
okay all apps also have something called
external sdks which are actually pieces
of code
that are embedded in the app to create
some kind of functionality
okay now mind you these belong to folks
who are different from your app maker
okay think of
sdks as those yummy chocolate chips that
are there in your favorite ice cream
they blend so well yet they give a
little added flavor to the ice cream as
well right
now the only sar bit in these
sdk stories is that they also
get access to all the sensitive data
that gets extracted via permissions by
the app in which they are embedded
okay and now and each of them further
processes
it and store you know shares it further
and then that gets worried some think of
the number of apps you have on your
phone right and this is just
the world of apps and folds but if you
think about it the reality
is that anything out there that is smart
or anything that is online is hungrily
sucking up data about you
every app every site you visit
every smart device that is scattered
around your house
you know your smart tv the smart speaker
even the smart
doll that your daughter probably
interacts with
um the smart car um you know the
traffic’s with
embedded iot on the road the garbage
cans your smart electricity meter
the shops that you walk past with the
sensors embedded in it
every single payment that you make
or using a card or whether it’s online
or offline
every time you scan your fingerprint
even when you’re say for example
visiting a friend in her apartment
complex right
in fact when you think about it you to
think
really hard about where your data is
not being collected today you know in my
head
um i picture this phenomena like a giant
invisible
vacuum cleaner that surrounds me sucking
up data about me
all the time okay
now often when i talk about this people
find it tough to believe you know the
common refrain is that oh is this really
happening in
india so let’s take a look at some data
uh you know my company does an annual
study of
the state of privacy of indian mobile
apps and websites
and the results of the study actually
never failed to stun me
every single year despite me being in
the privacy profession
you know the study essentially tells me
that the few apps that i have loaded on
my phone
to make my life simple are enough to
have or have all of me stand exposed
for example 71 percent of the apps
on my phone know exactly where i am at
every given point in time and no these
are not
the you know taxi healing apps or the
food delivery apps
my bank knows my wallet knows my music
app knows
my news app knows okay
um approximately six out of the ten apps
on my phone have access to my camera
half of them can read my contacts
half of them can record audio so what is
left
and if i say that i will avoid my phone
and let’s say just use the browser and
the web interface
life is not very different over there
for example
on an average indian website there are
22 external parties those locus like
those chocolate chips
which are embedded in a regular app you
know and i’m not talking social media
and all that
okay in fact i should share with you
something that i’ve
not really shared with anybody before um
you know five years ago i was building
this picture of myself
in the year 2025 um i’m of course
several kilos
lighter i finally get that
silver nose stud that i’ve been planning
for a while
uh just that it has smart sensors built
into it that tracks my
body’s parameters and sends them to my
dock
um i finally listen to my friends and
get myself a smart
pair of spectacles which also allow me
to
record some stuff that goes on in my
meetings
um i have this fancy car which senses my
mood every single time i board and based
on that plays me some music
at the same time checks my calendar and
decides the destination
and lets my driver know accordingly
meanwhile the fridge and the
cupboard in my home have figured out
what needs to be reordered and
have placed an order automatically with
my favorite online grocery vendor
right i mean it sounded fun five years
ago today
it’s a nightmare i’m furiously
backpedaling on that dream
and uh i don’t want to go anywhere near
there
okay but the big question is
so what so what if all this data about
you
is out there what happens to this data
well at the very least it is used to
track you
profile you and build very detailed
digital personas about you
which are then further traded and used
in real time auctions by various people
who does this well these are actually
huge interconnected networks of
advertisers data brokers
profilers analysts publishers and what
have you
basically thousands of companies all
interconnected into one
tight integrated ecosystem
believe me it’s a 227 billion dollar
industry worldwide today okay and
businesses pick this up to serve you
ads to suggest products to cater to your
preferences
and so on so that’s good isn’t
it maybe but it doesn’t stop with this
the same data is used to decide
for you what you see what you read
what you watch what you hear and so on
so the news that you see is often
different from the news that your
neighbor sees
because you have two different digital
personas or if you run a search the
results that you get
are different from the results that your
colleague gets
because you have two different digital
identities
so what happens as a result of this
again the question is so what what’s the
big deal right
over a period of time this all leads to
us living in what are called engineered
eco chambers
you know um have you ever wondered
for example why do you keep seeing feeds
from people who agree with you who have
opinions or beliefs which are similar to
yours
and you don’t hear from people who have
contradictory ideas so often
is because you live in that eco chamber
and you haven’t created that echo
chamber somebody else has created that
for you
right an extreme example of how this can
pan out was the whole cambridge analytic
scandal that happened you know where
entire elections were
engineered because of this ability
and mind you that happened five years
ago so imagine
how advanced and sophisticated we are in
today’s
world right the sad
reality is that today we as individuals
have completely completely
lost control over our data
in our delight of getting everything
free online we have missed the
fundamental point
that is that we have become the product
and not actually the product that we use
i’m going to say it again we have become
the product
just that instead of paying with cash
we are paying with our data to use
certain for free facilities online
that’s the only difference
okay but the only way
this can be controlled is by bringing in
laws and regulations and standards
and best practices across the entire
ecosystem
and where very sadly india
is really lagging behind
we are a country of over a billion
mobile phones
digital india is galloping ahead smart
cities smart governance digital payments
and whatnot
all of this is spewing for data that is
being
sucked up by that all-encompassing
vacuum cleaner around us
and this data is available for the
whole world to do whatever they feel
like with it
okay which is why we urgently
need our data protection and privacy law
okay you know when i when i talk of
privacy in india many people
counter it by saying oh privacy in india
is a joke
you know we are a country where we give
our entire life history to the strangers
sitting next to us
on the plane or bus or
train right but that is missing the
whole point
for the next 10 generations we’ll keep
sharing our life histories with the
stranger next to us on the planet
but while we are swapping life stories
you know the gadgets and the
surroundings around us are sucking up
our own
oh you know all our data and flashing it
out to the whole world to play around
with it
with us having no control over it that
my friends is the problem and
that is why it is beyond time
it is long overdue that the next
billion people start taking control
back over their most precious commodity
their personal data thank you
[Music]