Recent Posts

The NSA, Data Mining and Civil Liberties - Who Owns the Data?

Tuesday, March 25, 2014

Today in the news it appears President Obama is calling on Congress to pass legislation which would prevent the NSA from its "bulk data collection" activities that have been in the news lately.  I am afraid legislation will not cut it, because once the public's attention is elsewhere, Congress can simply go back and change the law.  In Chapter 9 of my book I explain why only an amendment to the Constitution can really address what is happening here.  In order to fully understand the implications of how data is originated by our economic activity, we first have to ask the right question.  That question is this: Who owns the data?  When I make a call on my cell phone, I originate data on my carrier's computer network.  Who owns that data?

As part of this shameless plug to convince you to throw $3.99 my way for my book, I'll provide Chapter 9 here:  (See the bottom of this post for those who do not own a Kindle.)

Chapter 9 - Civil Liberties & the Digital Age: Who Owns the Data?

The father of a young girl stormed into the local Target angrily waving the flier he held in his hands.[1] Demanding to speak to a manager, he wanted an explanation as to why Target was sending his daughter information on products for expectant mothers. His daughter was not pregnant and it was patently offensive for them to suggest she was. The manager calmed him down and took his information so she could investigate and get back to him. A few days later the father received a letter from upper management apologizing for the offense and promising to remove his family from their mailings.

Sometime during those few days the young woman approached her father: “Um, dad, we need to talk.”

Not only had Target correctly predicted she was pregnant, they even correctly predicted roughly when the baby was due. They did this by employing an Information Technology discipline known as Knowledge Management. But before we dive into what that is, we need to step back and look at this recent controversy over the NSA collecting cell phone records of ordinary Americans. This issue actually touches on just about every part of our economic life and is like many other issues: We will not resolve this in keeping with our civil liberties until we start asking the right questions. 

The Right Question: Data Ownership

That ‘right’ question is this: To whom does the ‘data’ belong?  Whose property is it?  If we pull our cell phone bill out of its envelope, does the data shown on the bill – the numbers we have called and from which we have received calls and the date, time and duration of those calls – belong to us as a result of being inside an envelope addressed to us?  It is likely many of us see it this way. It is certain the cell phone carriers do not.

The carriers own the networks on which we make our calls. The ‘data’ which originates on their networks as a result of our use of those networks is thus ‘owned’ by the carriers. The privacy policies which are part of the typical cell phone contract may differ from carrier to carrier, but will generally acknowledge the carrier may share information about their customers in response to “lawful requests or legal process.” As such, if the NSA has been granted permission from the Foreign Intelligence Surveillance Court (FISC) to gather cell phone usage data, this “lawful request” is encompassed by the privacy policy of most cell phone contracts. However, the pertinent point must not be obscured by the minutiae of FISC warrants, privacy policies etc.:  The ‘data’ about our cell phone usage is not ours – it belongs to the carriers by virtue of having been originated on their network.

Knowledge Management: Data, Information & Knowledge

To use the Target story as an example, each purchase by the young woman at Target represents data originated on systems owned by Target. Target also has an online baby registry where expectant mothers can pick out the things they need so friends and family can choose gifts without overlapping each other. That is also data originated on a system owned by Target. The young woman does not own this data. Target can now take the data they have from the gift registry, the other spending data they have from the same expectant mother, do the same with other expectant mothers – who don’t own the data originated from their spending – and begin to build a profile of the spending patterns of an expectant mother. Or a third party firm – they’re calling them ‘Big Data’ these days – could do this by pulling in data from all sorts of retailers with a baby gift registry and sell the results to a firm like Target.

The baby registry entries and each purchase are all pieces of ‘data’. The mathematical profile of spending patterns is produced by bringing data in context with other data; this is the definition of ‘information’ in Knowledge Management. Then, if we take spending patterns of other young women not in the registry and run them against our new model, our system can spit out a number which indicates the likelihood the young woman is pregnant. Let’s say the spending patterns of the daughter of our angry father scored 95% against that ‘expectant mother spending pattern’ model. Target now sends out a flier for products which expectant moms usually buy, and encourages the young woman to use the gift registry for the upcoming baby shower!  The assertion of the likelihood a specific young woman is pregnant – based on the spending pattern ‘information’ gleaned from the ‘data’ – is called ‘knowledge’ in Knowledge Management.

So let’s now take this idea into the world about which we are learning as the NSA scandal is reported.   First, we need to be clear on how some terms we hear on the news or read in our cell phone contracts are used in the world of Information Technology. The President has used the term ‘metadata.’  While it is apparent the NSA is not listening to our calls, they are examining usage patterns – time of calls, volume of calls, duration of calls, etc. ‘Metadata’ is the industry term used to describe these facts (time, volume and duration) which can be gleaned from the ‘data’.

Most cell phone privacy policies will refer to ‘personal information’. We generally understand this to refer to data about us – gender, birth date, address, income, etc. However, as described above, in Knowledge Management, ‘information’ is derived by putting data in context with other data. If cell phone usage data is compiled on a large scale, by putting the records for each number in context with the others, and then by applying statistical methods to the ‘metadata’, a mathematical profile of ‘normal’ cell phone use can be established. This profile would be considered ‘information’ because it is the result of data in context with other data.

We can then seek to recognize and identify anomalies in these usage patterns. To use a benign example, common sense would suggest an outside sales professional’s cell phone usage patterns would deviate significantly from the ‘norm’. It becomes possible to establish a mathematical deviation from the norm which would identify a cell phone as likely being used by an outside sales professional. To say that – based on the ‘information’ of ‘data’ in context with other data – a particular cell phone is probably being used by an outside sales professional is now to have asserted ‘knowledge’.

Knowledge Management, National Security & Constitutional Liberties

With this understanding of how cell phone usage ‘metadata’ is derived from ‘data’ which can be combined with other data/metadata to provide ‘information’ from which we can glean ‘knowledge’, it is not hard to imagine applying this capability to the disruption of terrorism, or even to organized crime or the hunt for fugitives from justice. But if these benefits are to be weighed against the possible erosion of constitutional liberties, the implications of the question of data ownership have to remain at the center of the discussion.

Currently data ownership with respect to cell phone usage is asserted by the cell phone carriers – the data originates on their networks and is thus owned by them. Their handling of this data is spelled out in their privacy policies. They have asserted the right and intent to share this data in response to lawful requests and legal process. Under these circumstances it is unlikely such collecting of data and analysis of metadata will be seen by the Courts as a violation of the 4th Amendment’s prohibition of unreasonable search and seizure; they are, after all, neither searching nor seizing our property.

But it has to be asked: If illegal activity can be identified and disrupted by applying Knowledge Management to cell phone usage data, what is to prevent an Executive from applying this capability to identifying and disrupting otherwise perfectly legal opposition to its policies?  While this is no stretch in terms of the technology, it would have seemed a political stretch to suggest such – before hearing of targeted scrutiny on the part of the IRS and the criminalization of standard journalism by the Department of Justice.

Data Ownership, Privacy & the Constitution

Recent stories in the news have covered this same question surrounding ‘black box’ type devices in automobiles. It appears the government may be on the cusp of requiring these in every vehicle. The question which has not been answered, though – but at least is being asked – is “who owns this data?” Privacy advocates are campaigning to establish the owner of the vehicle as the owner of the data because they recognize this to be the only way to secure this data against a whole raft of opportunities for abuse.[2]

If, in light of the NSA scandal, we are left feeling something is very wrong with this larger picture of data collection, it is how the question of data ownership touches not only on our cell phone usage or driving habits, but on just about every other manner of economic activity. From our ATM/debit cards and credit cards to our library cards to our grocery store discount cards to our use of the Internet – both our browsing of the web and our email – our daily economic activity originates data on networks owned by others. This means we have no 4th Amendment right against unreasonable search and seizure with respect to this data – we do not own it.

The best resolution is the most difficult to attain, but is remarkably simple and easy to understand: An amendment to the U.S. Constitution stating: “All data pertaining to the identity and economic activity of a person, to include any information gathered from such data, shall remain the property of the person.”

Speaking particularly of cell phone usage and the NSAs desire to collect and analyze such data, this would immediately place the data under the protection of the 4th Amendment. If the data is personal property – ‘intellectual property’ – cell phone carriers would be required to obtain a license from the customer to make any use of the data and the government would have to meet the same standards which apply to any other search or seizure of our property.

But such an amendment would have much farther reaching consequences. At the most fundamental level, data about our DNA would be considered our intellectual property. Not just the DNA itself, mind you – but our genetic code as it might exist in bits and bytes on some computer network as genetic medicine progresses. As Americans we would have proper control over data generated by our economic activity, regardless of who owns the computer network. The preeminence of individual liberty – and the privacy which follows from it – would be returned to its proper place in the digital age. But perhaps most importantly, both industry and government would be returned to their proper places in light of individual liberty.

[1] I owe this story to a financial newsletter written by Frank Curzio about small cap market stocks. The story was told to illustrate companies which gather information and make marketing predictions for companies like Target.

[2] For an article about this see

No comments

Post a Comment

Don't Miss