Project update

My experience at MozFest 2019

4th November

Last month I participated in my first Mozilla Festival hosted at Ravensbourne University in London. It was the 10th anniversary of the festival, celebrated by a brass band and a huge cake! We were all given a lovely book to keep titled 'How to MozFest: An Open Book for the Internet Health Movement', with lots of interesting articles about the last 10 years and the future.

The weekend part of the week-long festival is split into a series of talks, workshops and debates all happening at the same time! This year's theme was Healthy AI, with themes on each level from Privacy & Security and Decentralisation to Digital Inclusion and Openness. Looking at the timetable, I had difficulty choosing which to take part in as there were several events of interest at the same time. After much deliberation, I set out my plan for the weekend as follows:

Are Data Unions The Future of Data? - Innovation Lounge

Demo: Come and join the world's first digital Data Union - Innovation Lounge
Approaches to Data Governance - Privacy & Security
Privacy, Ethics & Security: Framework for Children's Data -Privacy & Security
Fediverse -The true privacy-alternative to BigTech - Decentralisation
Beyond the Privacy Policy: Privacy and security norms in IoT - Innovation Lounge
Encryption - Fact and Fantasy - Innovation Lounge
Digital Ethics by Design - Privacy & Security
Remixing UX patterns for distributed systems - Decentralisation
Online Targeting and Ad Transparency - Privacy & Security

I actually managed to stick to the timetable only missing the Fediverse session as I was having a great chat with people from the previous workshop. I filled a whole notebook over the course of 2 days so I'll try to give a brief summary of what I learned.

Data unions

An interesting idea, using the familiar concept of unions to act on behalf of users as a middleman to buyers of their data - using a decentralised network to route the transaction. While this gives more power to users, redistributing the asymmetry with internet monopolies, should we move towards the American notion of personal data as a property right? The monetisation of data could cause another asymmetry, between those that can afford to keep their data private and those that can't.

Data Governance Solutions: What is Politically Feasible

From the view of a Canadian political staffer, ministers deal with so many problems, data and privacy is quite a specific problem that needs a lot of people to flag up for it to be recognised.
Policy comes to life in 3 ways:

Campaign promises and mandate letters
In response to extraordinary events
In response to collective action
The City of Toronto wanted to design a futuristic waterfront, called Sidewalk Toronto. Alphabet has won the $1.3 billion contract but it has never been done so there are no best practices to follow.

Approaches to Data Governance

Our rights in the digital systems are determined by where companies put their assets. Governance acts on different kinds of rights for fairness in the context of each individual case. Enforcing data laws starts with clear definitions. Data trusts are another way of controlling who has access to your data. The grantor puts an asset into a trust, which gives control of the asset to a trustee for a purpose, on behalf of the beneficiary.

Privacy, Ethics & Security: Framework for Children's Data

The leader of the workshop discusses his experience with protecting children's data in India and the difficulty of managing information on the massive scale of the Aadhaar system. In groups, we discussed the issues around protecting children's data, clustering them into 4 main themes: Ownership, Agency/Autonomy, Consent, Rights of Children. We debated who had the responsibility for keeping the data private. What it government, local authorities, schools, or parents? We concluded that all have a collective responsibility, with a focus on educating not only children but parents in order to have truly informed consent.

Beyond the Privacy Policy: Privacy and security norms in IoT

A panel on bringing together the security, privacy and life cycles of IoT devices. Mozilla partnered with Consumers International to advocate better standards to manufacturers with 40 principles. There are many hazards with connected devices, smart locks can be hacked, appliances can be power-cycled to explode. Privacy standards are not as established as security standards. The partnership created *privacy not included to put privacy into principles that consumers understand. It's hard to implement privacy by design into complex supply chains and cheaper to manufacture without standards. Raising awareness with consumers can motivate retailers and manufacturers to change.

Encryption - Fact and Fantasy

The argument used is that encryption stops law enforcement from stopping criminals. While it helps support criminal cases, it has never rested on the content of an unencrypted message. The debate around encryption has become emotional, how do we make it more rational? Backdoors are like leaving the keys under the doormat, it makes the whole system less secure. The more complex the platform is the weaker the security, on average every 50 to 100 lines of code, there is a vulnerability. Regulation is key in stopping governments stockpiling zero-day exploits. If they know about it, so could bad actors. Private companies don't prioritise security as it doesn't gain them a new user base. We need to make it a competitive advantage, buy our product because it's safe for you and your data.

Remixing UX patterns for distributed systems

Creating a pattern library for decentralisation. Everyone is working on the same problems in silos. How can we bring together expertise and crowd-source solutions? The first problem is defining and explaining terms. We then split into groups to work on applying existing patterns and designing new ones to help real startup decentralised platforms.

Online Targeting and Ad Transparency

Online targeting is highly personal, Trump ran 5.9 million different versions of ads during the presidential campaign to A/B test in order to get the best Facebook engagement. Mozilla made an extension to analysis ads on Facebook through the 'Why am I seeing this?' button, it was blocked by the platform after a few months. Facebook aren't the only culprits but they have the weakest toolchain and what they say, compared to what they do is the greatest.
Advocacy groups:

Conscious Advertising Network
Sleeping Giants
Stop Funding Hate

Things that are illegal to target such as alcoholics, use weak proxies such as the AA book to access these people. By default, they collect as much as they can and figure out what to do with it later.