Big _____: SOUSveillance capitalism and the prospect of an information civilization
Shoshana Zuboff has written an excellent article called Big Other: Surveillance Capitalism and the Prospects of an Information Civilization. A condensed version of her abstract states:
This article describes an emergent logic of accumulation in the networked sphere, ‘surveillance capitalism,’ and considers its implications for ‘information civilization.’ Google is to surveillance capitalism what General Motors was to managerial capitalism. [… We shed] light on the implicit logic of surveillance capitalism and the global architecture of computer mediation upon which it depends. This architecture produces a distributed and largely uncontested new expression of power that I christen: ‘Big Other.’ It is constituted by unexpected and often illegible mechanisms of extraction, commodification, and control that effectively exile persons from their own behavior while producing new markets of behavioral prediction and modification. Surveillance capitalism challenges democratic norms and departs in key ways from the centuries long evolution of market capitalism.
In even shorter form, she describes in her article the mechanisms that have led to the creation of a corporate Big Other (à la Orwell, but crucially distributed), monetising our everyday lives in the digital sphere through dealing in our privacy rights. We all know the biggest actors within Big Other: Google, Amazon, Facebook and Apple. Of course, there are many many more sucking up personal data.
Zuboff’s thesis is extremely convincing and requires a reaction.
Personal data and transparency
A first response is to make Big Other more transparent. This is a natural effort in light of surveillance, and in asymmetric situations is often documented as sousveillance. Over the past year, I have thus contacted lots of companies to get access to copies of my personal data. For instance, the three internet advertising firms Criteo, Turn, and Rubicon, each worth billions, have had to send me copies of my data, which also happens to be core to their business. Overall, these efforts are actually quite revealingly on what exactly is tracked and who it is exchanged with.
Personal data and control
A second stage to a response is to expand the notion of personal data as broadly as possible, since this would help individuals retain control over the information produced.
European privacy law is an excellent tool for this, as anticipated by Paul Ohm in light of the disruption brought about by new reidentification techniques (p. 1741):
In contrast, easy reidentification makes laws like the EU Data Protection Directive overbroad — in fact, essentially boundless. Because the Directive turns on whether information is “directly or indirectly” linked to a person, each successful reidentification of a supposedly anonymized database extends the regulation to cover that database. As reidentification science advances, it expands the EU Directive like an ideal gas to fit the shape of its container. A law that was meant to have limits is rendered limitless, disrupting the careful legislative balance between privacy and information and extending datahandling requirements to all data in all situations.
European privacy law can be used by individuals to expand the control they exert on data collected by Big Other, and ultimately engage on more equal footing with its components.
For instance, Coursera has had to give me copies of my keyboard keystrokes, or Uber is putting engineering effort into getting me a copy of my battery charge information. By now, these efforts have attracted (it seems) the attention of a circle of Silicon Valley privacy lawyers.
Now, assuming individuals can get control over a much broader assemblage of personal data, what could be done with it? Certainly lots of initiatives are trying to unpack personal data to help research, porting for instance the Big Data/personalisation approach to the health domain. I suspect providing more individuals access to more data would also enable new forms of advocacy, around algorithmic accountability for instance.
Here, I want however to focus on a different end use. Enabling individuals to assemble their personal data in new ways would also create many new business models. One of them, mirroring Zuboff’s words, would constitute a new form of capitalism that I will call sousveillance capitalism, for which I will present just one example.
If I go to Chipotle to eat, this is information about both me and Chipotle, which might be simultaneously valuable to someone stalking me or someone stalking Chipotle (i.e. a stock trader). In fact, it is exactly the latter type of information that enabled two individuals at a credit card company to turn $100k into $3M (archive link, case 15-cv-00269-MAK) over 3 years, or the CEO of Foursquare to confidently advertise his services on his blog. In both of those cases that outcome is incidental (more accurately, Foursquare stumbled upon a business model in such services).
The fact that Chipotle and I engaged in a transaction around Mexican food can be summarized in two ways: “I spent money at Chipotle” or “Chipotle took my money”. This subject-object inversion is key, as both statements admit vastly different generalizations in the Big Data paradigm: “I spent money at ____” implies I would be constantly tracked to figure out where I am spending money, “Chipotle took ____“ implies I could track as much information about Chipotle as I can while being there, and not just about me. For instance, pictures from within the restaurant, noise levels, number of MAC addresses in the neighbourhood or the elapsed time between starting to queue (GPS, wifi and accelerator tracked) and paying (credit-card tracked) could all be indicative of the amount of business Chipotle is getting at that moment. Any tracking I do while within Chipotle could be purely incidental, or potentially more active (maybe some would want to also log how many cashiers were working at the time).
A risky tension
Ultimately, there is also a lot of risks in the inherent tension of what constitutes personal data: the definition used in Europe will tend, as Ohm described, to broaden through re-identification techniques. As a consequence, transactions in personal data will need more regulation and slow down, hampering the development of large datasets. This would hamper somewhat research and advocacy, but could also cripple commerce.
The only way (fast) forward for Europe while respecting its core values of privacy would be to facilitate any individual’s control over their personal data: we will each want to delete some parts of our personal data, want to monetize other parts and entrust some to political or research initiatives.
Ultimately, however, we will also all be emboldened to find creative new ways to combine data, without the need for a business case or regulatory approval, and without any privacy worry.
Call for suggestion
Zuboff found a catchy name for her villain, Big Other. If anyone can find a catchy name for the sousveillance alternative I am describing here, Big _____, please help me fill the blank!
You can reach me via Twitter @podehaye or in the comments.
