Author: Nivedita Calla, pursuing LLM(IPR) from OP Jindal Global University
Abstract
Artificial intelligence (AI) as a concept can be described as machines that can learn from their own experiences and solve complicated issues in different situations – abilities we so far thought were exclusive to mankind. The working of these machines is mainly based on the availability of data and in most cases it is personal data that is used to learn and make decisions. Progress in the field of artificial intelligence is not only desirable but required to make human life more efficient and meaningful. As promising as Artificial Intelligence sounds, it is like a double-edged sword that can have subtle yet deep penetrating impacts on human life in terms of privacy. This paper is limited to AI and its impact on individual privacy. There is no doubt that machines will need personal data to improve the standard of life and assist the individual in their day to day life. Yet, at the same time, it is also important to ensure that machines do not manipulate that data to achieve some ulterior purpose. This paper will try to explain how AI works using personal data and how minimum data(s) can be used to achieve maximum results. Issues associated with the relation between AI and privacy are legal as well as ethical. This paper will investigate the policies, debates, rules and regulations associated with data privacy around the globe and its ethical dimension. This paper explores the multifaceted issue of individual privacy in this AI-driven globalized era and analyses the larger social benefits associated with AI and balancing the same with the right to privacy. Individuals need to trust AI to handle their data otherwise the contributions of AI will be limited to fields like environment, weapons etc. This paper will look into ways in which the privacy of an individual can be ensured while machines handle their data.
INTRODUCTION
The Internet of Things (IoT) is a part of our daily lives ever since it was conceptualised in 2008 and has effortlessly seeped into our homes and workplaces.[1] Since IoT has been changing ever since it was first introduced, it is difficult to affix a single definition to it. However, it can be broadly defined as a network of digital devices that have their unique identity number and can communicate with one another without any human intervention. This network most often requires the engagement of a human on the interface of one of the connected devices through which information may be collected and processed.[2] On one hand, IoT increases the level of interoperability between devices and the overall accessibility of technology, it can also cause large scale privacy threats on the other hand. The possibility of cyber-attacks and security risks associated with it comes from the vast amount of data that is processed by IoT devices. As “smart” becomes the default setting on all our devices, the possibility of managing and even controlling the data that is processed under the IoT is increasingly getting impossible. The consumer most often has no idea what is being done with their data as it flows from one device to another and the risks associated with the handling and processing of such data is not always clear. This paper will draw the link that IoT has with the Right to Privacy of individuals and examine the way it can pose a risk to the same.
INTERNET OF THINGS AND ARTIFICIAL INTELLIGENCE
This section analyses the broad definitions of Artificial Intelligence and the Internet of Things to understand the challenges they can pose to The Right to Privacy.
Artificial Intelligence
AI is a well talked about subject and the layman understanding of the term can refer to anything ranging from super-intelligent humanoids to accurate weather predictions. The Merriam-Webster dictionary defines the term as a branch of computer science that deals with the stimulation of human-like intelligent behaviour on machines.[3] While this definition is not exhaustive, we can draw a brief understanding from it that AI-systems are machines that can modify and draw from their existing algorithms to learn and adapt to better perform the function that the algorithm was designed to do.[4] This type of behaviour is often compared to human behaviour. When intelligent perception, something that only humans were thought capable of, is shown by machines, it is termed artificial intelligence. AI systems can therefore receive inputs and create outputs that are based on reasoning and perception rather than a mere algorithmic exercise.
Internet of Things
The Internet of Things (IoT) consists of a variety of devices that range from consumer-based devices that one can deploy in their homes and offices aimed at improving the quality of one’s life, to a range of applications in the industrial sector. These IoT devices are often marketed to the consumers as devices of convenience, with which one can improve one efficiency and make ones lives better and easier.[5] IoT devices can, therefore, run your washing machines while you’re at work and order your shopping list online so that you can find items delivered at your doorstep. All of this is possible due to the remote access that IoT devices give consumers via the internet. One of the major parts of this process is the large scale gathering of data that can be both sensitive and personal. Locations, biometrics, health information and other identification-related data is frequently aggregated by IoT devices to fulfil their purpose.[6] This type of data is stored, processed and shared among the IoT devices to make them functional and all of this done using the internet. This can pose a significant amount of risk in the possibility of data leaks and breaches of privacy in such events.[7]
The devices on IoT connect and collect data from various entry points. When connected to AI systems, these devices then become capable of taking decisions as well.[8]Thus, combining the efficiency of IoT devices along with the creativity of AI systems. The usage of Robots in the manufacturing sector, Smart cities and Self-driving cars are some examples of AI-enhanced IoT applications in the real world.[9]
RIGHT TO PRIVACY
Privacy is a time old concept that can be defined in various ways. For this paper, the following parameters of privacy are discussed;[10]
Freedom to choose what information is shared about oneself and how;
The freedom “to be left alone” and retract from the public gaze;
Freedom and ability to choose to what extent the person wishes to be identified when engaging in any online or offline activity;
Ability to decide the kind of impression (concerning data or otherwise) that a person gives.[11]
The concept of privacy is therefore more than a mere distinction between the public and private space and can refer to a larger concept in which the individual has complete control over the information that he or she may want to share and provide access to. The information can be sensitive and personal such as race, ethnicity, sexual orientation or can be simply personal such as food preferences.[12] With the advancements in technology, AI-enabled IoT devices have begun to blur the line between breaches of data privacy and consent drove data processing.[13] The legal and ethical issues that arise out of this are manifold and include uniquely new issues that have arisen due to IoT networks such as the stockpiling and processing of emotional data
CHALLENGES TO PRIVACY
As more and more IoT devices are introduced to the market, one cannot deny the many ways in which they can positively affect the quality of one’s life. From freeing up free time at home and work to improving health and security systems.[14] AI-enabled IoT can perform a variety of functions that can provide us with efficient and more convenient ways of life. However, these functions can only be performed by the devices via the mass gathering of data through sensors that can detect everything from thermal heat signatures to biometrics and the environment.[15] The introduction of this broad range of sensors into our social fabric undoubtedly has certain benefits, but can also hamper the Right to Privacy in ways that were not heard of before. The following section discussed some of the key ways in which privacy can be hampered by such technology;
Data Collection
The activity of a user of IoT devices is tracked through their movements and behaviours online. Information like what web pages are being accessed, where the user spending their maximum time and what is the pattern in which a user uses a website or a platform is received and processed daily.[16] The collection of data is therefore taking place in an online format, something which was previously done in “offline” ways. Apart from the time spent on the internet, with AI-enabled IoT devices, always-on microphones and sensors have entered our homes and offices via smart devices. These areas were previously considered as intimate spaces and the line between public and private is being increasingly blurred.[17] Even if a person is to avoid all forms of smart devices from entering their homes, their activities in public spaces are being monitored by retail tracking services, public surveillance and smart billboards. This large-scale monitoring is possible due to the scale at which data is being aggregated and processed by IoT devices. The large number of sensors combined with the increasing proximity of such devices in our lives opens the technology up to a possibility of misuse and criminal exploitation of our data.[18]
Concept of Private Spaces
The concept of a private space such as one’s home is also being eroded as more and more IoT devices enter these spaces.[19]Hanging up a phone call may have made an individual feel secure in earlier times for who may be listening in, however, this can no longer be said to be true, as the presence of IoT devices removes this concept.[20] The awareness that someone or something may always be listening in, even in the most private spaces of our lives can lead to a chilling effect on the behaviour of individuals. Many such effects go unnoticed as they are hard to detect and even harder to monitor.[21] This becomes a cause for concern as the existing laws on privacy, such as the third-party doctrine which states that users give up their right to expect a reasonable expectation of privacy in situations where they willingly give up their information to third parties, becomes problematic.[22] With the ever-continuous data aggregating and processing by IoT devices around us, the control over who is being observed and when that person is being observed is getting lost.
Physical and Emotional privacy
Along with the erosion of physical private spaces, IoT devices can lead to an erosion of the sense of privacy within our bodies and our emotional states as well. Fertility trackers, implantable chips and pills capable of communicating are changing the boundaries that were previously set for what kind of information may be collected without one’s knowledge.[23] Many devices also can collect and analyse emotional data such as one’s emotional state via facial analysis, voice analysis and even via typing patterns.[24]Various industries have shown interest in the applications of such data such as recruitment agencies and marketing firms. The processing of such data can, therefore, take place without even the knowledge to the consumers that such data is being collected in the first place.[25] Emotional and bodily data that is collected from an individual can be used in many ways and there is a gap in policy for this uncharted area.[26]
Role of consent
The element of choice and consent that rests with the consumer in IoT devices is largely redundant. As more and more “smart” devices flood the market, the average consumer finds it increasingly difficult to find their “dumb” substitutes. That is, it is increasingly troublesome to find devices without cameras and sensors that do not collect data.[27] Further, even if the device is bought and the user brings it into his intimate space, whether such consent is an informed one is often not the case.[28] Typically, the consent is taken from the user via a lengthy privacy policy that the consumer must agree to entirely or give up the use of the product itself. Once this agreement is made the user has little to no role to play in giving his consent for the use of the device or even withdrawing it as he may please.[29] At times it is unclear to the manufacturers themselves what kind of data is being collected and what is to be done with the data. The role of consent is therefore illusionary at best.[30]
CONCLUSION
With the advancement in technologies, the world is getting more connected than ever before. As the devices that we allow in our intimate spaces get smarter, the concept of what is considered private starts to erode significantly. As Heather Patterson from Intel puts it;
“The IoT has the potential to shift the home from a black box, what used to be a protective, safe space, to more of a glasshouse where everything that we do is now readily apparent to people who are willing to look for it.”[31]
Large-scale data aggregation and processing can lead to a multitude of legal as well ethical problems. The law in todays’ shape is lacking and cannot sufficiently address the issues. There is a need for greater discussion on the matter to push forward policy changes that may redefine the concept of privacy keeping in mind the changing technology.
[1]Dave Evans, The Internet of Things How the Next Evolution of the Internet Is Changing Everything (Cisco White Paper) (2011), https://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf (last visited May 13, 2021)
[2]Chao Li & Balaji Palanisamy, Privacy in Internet of Things: From Principles to Technologies, 6 IEEE Internet of Things Journal, 488-505 (2019)
[3]Definition of Artificial Intelligence Merriam-webster.com, https://www.merriam-webster.com/dictionary/artif icial%20intelligence (last visited May 13, 2021)
[4]Iria Giuffrida, Fredric Lederer and Nicolas Vermeys, A Legal Perspective on the Trials and Tribulations of AI: How Artificial Intelligence, the Internet of Things, Smart Contracts, and Other Technologies Will Affect the Law,68 Case W Res LRev 747(2018)
[5]Darla Scott, The Internet Of Things (Lot) And The Concerns Of Convenience, Symantec Connect: Thought Leadership (2016)
[6] Charlotte A Tschider, Regulating the Internet of Things: Discrimination, Privacy, and Cybersecurity in the Artificial Intelligence Age, 96 Denv L Rev 87(2018)
[7]AI And Iot Blended - What It Is And Why It Matters? (Clariontech.com, 2021) <https://www.clariontech.com/blog/ai-and-iot-blended-what-it-is-and-why-it-matters#:~:text=The%20convergence%20of%20AI%20(Artificial,%2C%20business%2C%20and%20economies%20functions.&text=While%20IoT%20deals%20with%20devices,from%20their%20data%20and%20experience.> (last visited May 13, 2021)
[8]Shanika Perera, The Power Of Combining AI And Iot(Medium, 2021) <https://towardsdatascience.com/the-power-of-combining-ai-and-iot-4db98ac9f252> (last visited May 13, 2021)
[9]Id.
[10]Anna S Slavko and Oleksii I Datsenko, Definition and Context of Privacy Right against Private and Family Life of an Individual, 2018 JE Eur L 92(2018)
[11]Sandra Wachter, Normative challenges of identification in the Internet of Things: Privacy, profiling, discrimination, and the GDPR, 34 Computer Law & Security Review, 436-449 (2018)
[12]Federica De Santis and Filippo Frigerio, Right to Privacy and Government's Intelligence Activities: Where Is the Balance, 5 Bocconi Legal Papers 83(2015)
[13]C. A. Tschider, Supra note 6
[14]S. Perera, Supra note 8
[15]Gilad Rosner and Erin Kenneally, Privacy And The Internet Of Things Emerging Frameworks For Policy And Design (Center For Long-Term Cybersecurity 2018) <https://cltc.berkeley.edu/wp-content/uploads/2018/06/CLTC_Privacy_of_the_IoT-1.pdf>(last visited May 13, 2021)
[16] Joseph Turow, Michael Hennessey, and Nora Draper, The Tradeoff Fallacy: How Marketers Are MisrepresentingAmerican Consumers And Opening Them Up to Exploitation, Annenberg School of Communication White Paper (2015) <https://www.asc.upenn.edu/sites/default/files/TradeoffFallacy_1.pdf>
[17] Stacey Gray, Always On: Privacy Implications of Microphone-Enabled Devices, Future of Privacy Forum White Paper (April 2016)<https://fpf.org/wp-content/uploads/2016/04/FPF_Always_On_WP.pdf>
[18]D. Evans, supra note 1
[19]Margot E. Kaminsky, Robots in the Home: What Will We Have Agreed To?, Idaho Law Review 51, no. 3: 611 (2015)
[20]Id.
[21]Gilad Rosner and Erin Kenneally, Privacy And The Internet Of Things Emerging Frameworks For Policy And Design, Center For Long-Term Cybersecurity (2018)<https://cltc.berkeley.edu/wp-content/uploads/2018/06/CLTC_Privacy_of_the_IoT-1.pdf>(last visited May 13, 2021)
[22]Joel Reidenberg, Privacy in Public, University of Miami Law Review 69, no. 1: 141 (2014)
[23]David C. Sarnacki, Analyzing the Reasonableness of Bodily Intrusions, Marquette Law Review 68, no. 1: 130(1984)
[24]Rinky Solanki and Pragya Shukla, Estimation Of The User's Emotional State By Keystroke Dynamics, International Journal of Computer Applications (2014)
[25]G. Rosner, Supra note 21
[26]Andy McStay, Emotional AI: The Rise of Empathic Media, London: Sage Publications(2018)
[27] Office of the Privacy Commissioner of Canada, The Internet of Things: An Introduction to Privacy Issues with a Focus on the Retail and Home Environments, Policy and Research Group of the Office of the Privacy Commissioner of Canada (2016)<https://www.priv.gc.ca/en/opc-actions-and-decisions/research/explore-privacy-research/2016/iot_201602/> (last visited May 13, 2021)
[28]Id.
[29] Scott Peppet, Regulating the Internet of Things: First Steps Toward Managing Discrimination, Privacy, Security, andConsent, Texas Law Review 93(2014)
[30]G. Rosner, Supra note 21
[31] Id. Heather Patterson (Intel), in discussion with the authors, August 2017