The Interview: Dan Weitzner, former White House deputy CTO for internet policy (video)

13 Feb 2015

Dan Weitzner, of the MIT CSAIL Decentralized Information Group and former White House deputy CTO for internet policy

What people want to know about privacy and surveillance is that their data is not being misused, says former White House deputy CTO for internet policy Dan Weitzner, who helped draft Obama’s Privacy Bill.

At the time of writing, the President of the United States Barack Obama is about to sit down with the CEOs of some of the most powerful corporations in America, including Apple CEO Tim Cook, to discuss cybersecurity. The CEOs of Google, Facebook, Microsoft and Yahoo! it seems are too busy, but have sent their experts. Go figure.

On the one hand the issue is the powerful hacker attacks on Sony Pictures Entertainment and Anthem Inc. But on the other hand the heart of the issue is also data, the privacy of that data and the responsibility of those who gather it to protect it. This includes the fallout of Edward Snowden’s revelations about mass surveillance by NSA, GCHQ and many other intelligence agencies around the world and just how involved Silicon Valley tech giants are in facilitating this.

In Dublin this week to address a Digital Realty Group conference on data privacy was Daniel J Weitzner, former White House deputy CTO for internet policy who helped in the drafting of President Obama’s Data Privacy Bill which has yet to work its way through Congress.

Weitzner is currently of the MIT CSAIL Decentralized Information Group and teaches Internet public policy in MIT’s Computer Science Department. His research includes development of accountable systems architectures to enable the Web to be more responsive to policy requirements.

Recalling his time at the White House Weitzner said: “One of the key priorities we had was to establish an up-to-date and innovative privacy protection regime so that all of the extraordinary new technologies we see developing around the world, the new services and a lot of the research that’s so important in areas like health could proceed in a way that we could learn and grow as an economy, but also assure people that their core privacy rights were protected.”

It’s complicated

I put it to Weitzner that America’s relationship with data privacy is complicated when you consider the whole world uses Silicon Valley’s best technologies and yet the rest of the world is suspicious as a result of Edward Snowden’s revelations.

“I think the whole world is in a complicated relationship with privacy questions. It’s true that some of these technologies originate in America but the usage rates for Facebook, YouTube and Twitter are just as high in Europe as they are in the US and in some cases higher.

“So everyone is using these services, people get value from these services. We see all kinds of economic benefits from these services but at the same time it is exactly as you say, people are worried about what privacy will mean to them in this new environment.”

He said that it’s not good enough to say to people don’t put your information out there on Facebook and so it’s fair game for anything.

“We want people to feel comfortable using these services but know that the information won’t be abused.

“On the surveillance side I think that in fairness to the law enforcement agencies, our personal lives are more and more moving online. So it’s not surprising that their investigative activities would move online with us.

“That’s where we interact so when police are investigating a crime or when the intelligence agencies are trying to detect terrorism they are going to go where the action is.

“What I think we haven’t yet worked out is a clear set of legal rules that allows a police and security services to protect us in a way that is proportionate and managed and that we make sure we don’t have abuses in that environment.”

I mention Edward Snowden’s lawyer Ben Wizner who pointed out that the mass surveillance by the NSA and its cohorts in many cases fails to yield anything usable and if anything, complicates investigations and in the end just tramples over people’s privacy.

“What’s important is first of all the collection of data is happening by the private companies, not by the State agencies so the data has been collected. The question is that Ben raises is are the intelligence agencies making effective use of this data or not?

“I guess what I would say is I think in the first instance that it is kind of up to them how to do their job. What I want to be assured of as a citizen is that once they have data about me they are not misusing it.

“That if somehow my name shows up incidentally in some terrorism investigation I want to make sure that that is not being passed along because maybe it shows that I was also speeding at the same time and therefore get a ticket.

“That’s the kind of unfairness we have to make sure that citizens can be protected from. I want to give law enforcement agencies a fair amount of latitude in exploring how they can use these new technologies to detect crime and to stop crime, but they’ve got to do it within the bounds of law.

“They key problem that Snowden revealed was that we didn’t have clear rules in place and most importantly we didn’t have a way to make sure we could tell whether these agencies that have our data are using it in a way that is fair. We had no accountability mechanisms in place that the public could really feel confident about.”

Watching the watchers

Gary Keogh, Digital Realty; Daniel Weitzner, former White House deputy CTO for internet policy; and US Ambassador to Ireland Kevin O’Malley

As a technologist Weitzner seems both fascinated and appalled by what has emerged in terms of technology today, and if anything feels good minds should be put to work to create tools for empowering people to manage their data more effectively.

“I think that what I am most interested in as a technologist is how to take some of the incredible analytic tools that we have that allow us to learn things about people, predict people’s preferences, etc, and take some of those technical approaches and actually apply them to privacy protection.

“I want to be able to watch the watchers, analyse what law enforcement is doing and make sure they are sticking with in the rules.

My research at MIT is largely about developing what we call accountable systems. We want to make sure that in the same way you give your money to a bank at some point you can look at the bank’s financial statement and say is my money still there, have they handled it properly, have they paid me the right interest, etc. I want to be able to do the same thing with data. We depend so much on data in so many different systems in the world, the reality is there is very little public accountability or even internal accountability about whether that data is used correctly.

“Uber got into trouble recently for their so-called God View of data, their chief marketing officer said I know where all reporters are and I can even tell where they spent a night in some place they maybe shouldn’t have, that speaks the potential for enormous misuse of data.

“When I take an Uber, which I like doing, I am not doing it for the purpose of helping them to figure out whether I am sleeping with the right person at night, I just want to get from point A to point B. I want to know if they are handling my data in a respectful way that follows rules that say yeah they can use it to get the car to me and they can even use it to figure out to sell me another service, I’m happy with that. But I don’t want to use it to make inferences about my personal life.

“Right now we have such a huge volume and scale of analytic capacity.

“We want to be able to develop accountable systems to be able to apply some of that analysis to how data is used and therefore build trust for users to make sure they are confident about how these services are working.”

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com