A good presentation I attended this afternoon at World Summit AI 2019. Will blog about it, but bookmarking it here for now.

Read Escaping Skinner’s Box: AI and the New Era of Techno-Superstition (philosophicaldisquisitions.blogspot.com)

One of the things AI will do is re-enchant the world and kickstart a new era of techno-superstition. If not for everyone, then at least for most people who have to work with AI on a daily basis. The catch, however, is that this is not necessarily a good thing. In fact, it is something we should worry about.

Ethics is the expression of values in actual behaviour. So when you want to do data ethics it is about practical issues, and reconsidering entrenched routines. In the past few weeks I successfully challenged some routine steps in a clients’ organisation, resulting in better and more ethical use of data. The provision of subsidies to individuals is arranged by specific regulations. The regulations describe the conditions and limitations for getting a subsidy, and specify a set of requirements when you apply for a subsidy grant. Such subsidy regulations, once agreed have legal status.

With the client we’re experimenting in making it vastly less of an effort for both requester and the client to process a request. As only then does it make sense to provide smaller sized subsidies to individual citizens. Currently there is a rather high lower limit for subsidies. Otherwise the costs of processing a request would be higher than the sum involved, and the administrative demands for the requester would be too big in comparison to the benefits received. Such a situation typically leads to low uptake of the available funding, and ineffective spending, which both make the intended impact lower (in this case reducing energy usage and CO2 emissions).

In a regular situation the drafting of regulation and then the later creation of an application form would be fully separate steps, and the form would probably blindly do what the regulations implies or demands and also introduce some overshoot out of caution.

Our approach was different. I took the regulation and lifted out all criteria that would require some sort of test, or demands that need a piece of information or data. Next, for each of those criteria and demands I marked what data would satisfy them, the different ways that data could be collected, and what role it played in the process. The final step is listing the fields needed in the form and/or those suggested by the form designers, and determining how filling those fields can be made easier for an applicant, (E.g. having pick up lists)

A representation of the steps taken / overview drawn

What this drawing of connections allows is to ask questions about the need and desirability of collecting a specific piece of data. It also allows to see what it means to change a field in a form, for how well the form complies with the regulation, or which fields and what data flows need to change when you change the regulation.

Allowing these questions to be asked, led to the realisation that several hard demands for information in the draft regulation actually play no role in determining eligibility for the subsidy involved (it was simply a holdover from another regulation that was used as template, and something that the drafters thought was ’nice to have’). As we were involved early, we could still influence the draft regulation and those original unneeded hard demands were removed just before the regulation came up for an approval vote. Now that we are designing the form it also allows us to ask whether a field is really needed, where the organisation is being overcautious about an unlikely scenario of abuse, or where it does not match an actual requirement in the regulation.

Questioning the need for specific data, showing how it would complicate the clients’ work because collecting it comes with added responsibilities, and being able to ask those questions before regulation was set in stone, allowed us to end up with a more responsible approach that simultaneously reduced the administrative hoops for both applicant and client to jump through. The more ethical approach now is also the more efficient and effective one. But only because we were there at the start. Had we asked those questions after the regulation was set, it would have increased the costs of doing the ethically better thing.

The tangible steps taken are small, but with real impact, even if that impact would likely only become manifest if we hadn’t taken those steps. Things that have less friction get noticed less. Baby steps for data ethics, therefore, but I call it a win.

If you pay a monthly fee for software (Adobe, Microsoft, Evernote, etc etc) realise you are not buying the software, you only have a monthly subscription with the company providing access to that software. Do not depend on it being there. You can be cut off at moment’s notice. (The same might be true for some things, like a John Deere tractor by the way.)

Venezuelan Adobe customers will be cut off effectively immediately and are only allowed time to get their data out of Adobes servers, because of an embargo by the US government. Being cut off here also means not getting a refund, as that sort of transactions are under embargo too.

Adding another datum to the urgency to get out of subscription model software.

Google’s Chrome is not a browser, it’s advertisement delivery software. Adtech after all is where their profit is. This is incompatible with Doc SearlsCastle doctrine of browsers, so Chrome isn’t fit for purpose.

Removing Chrome
image by Matthew Oliphant, license CC BY ND

Read Chrome to limit full ad blocking extensions to enterprise users – 9to5Google (9to5Google)

Google shared that Chrome’s current ad blocking capabilities for extensions will soon be restricted to enterprise users. SEC filing: “New and existing technologies could affect our ability to customize ads and/or could block ads online, which would harm our business.”

Do you lie enough? You probably need to lie more often!
When filling out online forms that is.

Since the GDPR, the EU data protection rules, came into effect last year, many companies struggled with getting their online forms compliant. Some don’t really try, others think they’ve done it well but really haven’t, and a tiny minority actually really adapted their order flows and forms to adjust for the GDPR. (Although GDPR mostly aren’t new rules, btw, it’s just that non-compliance costs a lot more).

Since not all forms are fully compliant, I routinely fill in false information. If they don’t limit their data collection, I will take the responsibility on myself to create as much noise in their data as is prudent.

Yesterday I ordered something from an on-line retailer. The form that asked for where to send my order didn’t indicate which fields were mandatory, but clearly contained fields that weren’t GDPR compliant if they were.

I filled out only the things needed to complete the transaction, which is the delivery address, and an e-mail address or phone number to keep me informed of the process. They also asked for my birthday (we’ll send you a birthday greeting!), which at least wasn’t mandatory, and shouldn’t really be asked for such a frivolous reason.

Turns out the name (first and last name fields) of the addressee was mandatory. Not entirely unexpected, to ensure the right person at the address provided receives the package. This was after payment, and meant for the fulfilment partner. So they don’t really need a mandatory field for first name, nor a proper last name, as long as the receiver knows for who a package is.

I opted for the initials A.V.G. (the Dutch abbreviation for GDPR). And a last name that was incorrectly spelled. Previously I filled out a mandatory department name in my company as ‘Read the GDPR this form sucks‘.

20191003_100823

We probably all need to lie way more when filling out forms. Here’s the recipe.

For each field in a form

  • If it is not mandatory don’t fill it out. They are trying to get more data about you voluntarily. Unless you perceive a clear need for yourself (e.g. you want them to SMS you when the delivery van is 30 minutes away)
  • If it is mandatory, ask yourself how needed it truly is
    • if it concerns contractual aspects, your real name etc is needed. So you can rely on it later concerning warranty, tax purposes etc.
    • if there is no perceivable need, then lie, obfuscate or provide info that when read by a human is a reminder they should change their forms. “read the GDPR”… etc.

Elizabeth Renieris’ Hackylawyer blog is a very read worthy blog I’ve recently come across and added to my feedreader. This article takes the core principles of the EU GDPR and compares them to how this might play out in blockchain usage, or not. A good reference list for conversations I am bound to end up in with clients.

Read Forget erasure: why blockchain is really incompatible with GDPR by Elizabeth RenierisElizabeth Renieris (Hackylawyer)

The [post] is not meant as a commentary on the suitability of blockchain or GDPR, taking either in isolation. Rather, it is meant as an assessment of blockchain against the GDPR’s core principles. In this way, it is intended to provide a higher-level entry point into the conversation about the compatibility (or incompatibility) of blockchain and the GDPR, as well as a tool for reconsidering bold, an often unfounded, compliance claims.