Last month I participated in my first Mozilla Festival hosted at Ravensbourne University in London. It was the 10th anniversary of the festival, celebrated by a brass band and a huge cake! We were all given a lovely book to keep titled 'How to MozFest: An Open Book for the Internet Health Movement', with lots of interesting articles about the last 10 years and the future.
The weekend part of the week-long festival is split into a series of talks, workshops and debates all happening at the same time! This year's theme was Healthy AI, with themes on each level from Privacy & Security and Decentralisation to Digital Inclusion and Openness. Looking at the timetable, I had difficulty choosing which to take part in as there were several events of interest at the same time. After much deliberation, I set out my plan for the weekend as follows:
Are Data Unions The Future of Data? - Innovation Lounge
I actually managed to stick to the timetable only missing the Fediverse session as I was having a great chat with people from the previous workshop. I filled a whole notebook over the course of 2 days so I'll try to give a brief summary of what I learned.
An interesting idea, using the familiar concept of unions to act on behalf of users as a middleman to buyers of their data - using a decentralised network to route the transaction. While this gives more power to users, redistributing the asymmetry with internet monopolies, should we move towards the American notion of personal data as a property right? The monetisation of data could cause another asymmetry, between those that can afford to keep their data private and those that can't.
From the view of a Canadian political staffer, ministers deal with so many problems, data and privacy is quite a specific problem that needs a lot of people to flag up for it to be recognised.
Policy comes to life in 3 ways:
Our rights in the digital systems are determined by where companies put their assets. Governance acts on different kinds of rights for fairness in the context of each individual case. Enforcing data laws starts with clear definitions. Data trusts are another way of controlling who has access to your data. The grantor puts an asset into a trust, which gives control of the asset to a trustee for a purpose, on behalf of the beneficiary.
The leader of the workshop discusses his experience with protecting children's data in India and the difficulty of managing information on the massive scale of the Aadhaar system. In groups, we discussed the issues around protecting children's data, clustering them into 4 main themes: Ownership, Agency/Autonomy, Consent, Rights of Children. We debated who had the responsibility for keeping the data private. What it government, local authorities, schools, or parents? We concluded that all have a collective responsibility, with a focus on educating not only children but parents in order to have truly informed consent.
A panel on bringing together the security, privacy and life cycles of IoT devices. Mozilla partnered with Consumers International to advocate better standards to manufacturers with 40 principles. There are many hazards with connected devices, smart locks can be hacked, appliances can be power-cycled to explode. Privacy standards are not as established as security standards. The partnership created *privacy not included to put privacy into principles that consumers understand. It's hard to implement privacy by design into complex supply chains and cheaper to manufacture without standards. Raising awareness with consumers can motivate retailers and manufacturers to change.
The argument used is that encryption stops law enforcement from stopping criminals. While it helps support criminal cases, it has never rested on the content of an unencrypted message. The debate around encryption has become emotional, how do we make it more rational? Backdoors are like leaving the keys under the doormat, it makes the whole system less secure. The more complex the platform is the weaker the security, on average every 50 to 100 lines of code, there is a vulnerability. Regulation is key in stopping governments stockpiling zero-day exploits. If they know about it, so could bad actors. Private companies don't prioritise security as it doesn't gain them a new user base. We need to make it a competitive advantage, buy our product because it's safe for you and your data.
Creating a pattern library for decentralisation. Everyone is working on the same problems in silos. How can we bring together expertise and crowd-source solutions? The first problem is defining and explaining terms. We then split into groups to work on applying existing patterns and designing new ones to help real startup decentralised platforms.
Online targeting is highly personal, Trump ran 5.9 million different versions of ads during the presidential campaign to A/B test in order to get the best Facebook engagement. Mozilla made an extension to analysis ads on Facebook through the 'Why am I seeing this?' button, it was blocked by the platform after a few months. Facebook aren't the only culprits but they have the weakest toolchain and what they say, compared to what they do is the greatest.