Travis Taylor:
I’d say one of the biggest things that keeps me out about a facial recognition is the fact that, once your face is in the system, you can’t get it back out again.
Beau Friedlander:
Why?
Travis Taylor:
Just because, once they have a scan of your face, that is something that you can’t really get it off of a database. No one who takes that information is going to say, “Oh, we don’t need that anymore.” Then just delete it.
Beau Friedlander:
The other thing is, if they aren’t accurate, that doesn’t matter.
Adam Levin:
It does matter.
Beau Friedlander:
No, if you say the facial recognition systems aren’t accurate, then who cares, like yeah, sure. Do you know how many people walk up to me, and think I’m the dude who owns Pilgrim Surf Shop in Brooklyn? A lot.
Adam Levin:
Wait, you’re not the dude that owns Pilgrim Surf Shop?
Beau Friedlander:
No, that dude’s name is Chris, and I’m Beau, and we’re two different people, but we look alike. My point is that, if it doesn’t work, who cares? What’s the point?
Travis Taylor:
Well, if the Chris in question were to decide to kill someone, or steal something or what have you, and the cops are looking for you…
Beau Friedlander:
He’s a nice guy. No, but then I could say, but your facial recognition system is crap.
Adam Levin:
Well, that’s great. That’s what your lawyer has to say while you’re in custody.
Beau Friedlander:
Oh, I got you. What’s the upshot or is there anything that is being done to deal with that? Or, are we just living in a dystopia?
Adam Levin:
There are a number of cities now that are starting to back away from facial recognition technology.
Travis Taylor:
There’s also clothing that camouflages you against it.
Beau Friedlander:
Clothing?
Travis Taylor:
Yeah. Like a shirt or a jacket that has a geometric pattern on it, that throws off facial recognition scanners.
Beau Friedlander:
You know what’s so funny about Travis, Adam, is that, I wonder sometimes, if he actually thinks the show is to help criminals. Yeah. Good tip, Jeff.
Travis Taylor:
I’m here to help.
Adam Levin:
Well, sometimes you have to think like a criminal in order to avoid being taken by a criminal. I mean, when you and I were writing the book Swiped, we were wondering whether we were giving people a how to it guide.
Beau Friedlander:
I wasn’t wondering about it. I was pretty sure that half our readership was criminals, but oh well.
Travis Taylor:
Also, criminals do have a vested interest in keeping their privacy.
Adam Levin:
That they do.
Travis Taylor:
For all the wrong reasons.
Beau Friedlander:
Criminals who are listening to this show, welcome. Don’t ever tell anyone that we helped you.
Adam Levin:
To all the criminals, and consumers who are listening, welcome to What The Hack, show about hackers, scammers, and the people they go after. I’m Adam, Cyber Curiosity Seeker.
Beau Friedlander:
I’m Beau, Cyber Bookmark.
Travis Taylor:
I’m Travis, Cyber Freak.
Adam Levin:
Today we talked to one of the world’s leading privacy experts, the only three term commissioner. Information and privacy for Ontario, Canada, Dr. Ann Cavoukian. Dr. Ann Cavoukian, welcome to our show. How are you?
Ann Cavoukian:
A pleasure, Adam. It’s been far too long.
Adam Levin:
I totally agree with you. All right. First of all, Ann, where are you coming to us from right now?
Ann Cavoukian:
I’m in Toronto. My home is in Toronto, Canada, and it’s a beautiful day, but it’s getting hot. I was only four when we came here, to Canada. I was born in Cairo, in Egypt, and obviously it gets hot there. I don’t remember it, but my Mother used to say, “It’s so much cooler here in Canada.”
Beau Friedlander:
What was your family doing in Cairo, when you were born?
Ann Cavoukian:
Okay. Really quick story. I’m sure you’ve all heard about the Armenian genocide?
Beau Friedlander:
Yes, course.
Ann Cavoukian:
We’re going to get you 1915.
Beau Friedlander:
Okay.
Ann Cavoukian:
My grandparents were in the prison, were about to be killed the next morning. My father would’ve been three years old. I love this story. He was an amazing painter, and he was trying to think of, how can I save my family? Then, my Grandmother telling me, and she said, “We always used to carry parchment paper and charcoal, because he loved to etch. During that night, she held a candle. He etched a portrait of General Pasha, who was the Turkish general, he’d seen earlier in the day. The next morning, they’re carting him off to be killed, and he said, “Please give this to General Pasha, with my regards.” The gentleman goes, “Stupid man, what’s he going to want to do with this?” My Grandfather thought that was it. On horseback, comes riding General Pasha, waving the parchment paper saying, “Who did this? I want to know who did this. “My Grandfather says, [foreign language 00:04:35] that’s sir in Turkish. “I did it.” He said, “I like it very much. You and your family, you’re free to go.” Can you imagine?
Travis Taylor:
Wow.
Adam Levin:
See?
Ann Cavoukian:
I couldn’t believe it. I use that as an example of how, forget about looking at the odds. Never give up on what you believe in. Anyway, my parents wanted to give thanks to God. They went to the Armenian Quarter, in Jerusalem. The old Quarter, one of the Quarters was the Armenian Quarter. They went to the cathedral there, and my Grandad said, “God has saved our life. What can I do?” There was a beautiful cathedral in the Armenian Quarter, but it was horrible. He said, “If you can restore some of these frescos, and things, that would be great.” He spent two years there, Grandpa restored everything. I went there years later for a conference in Jerusalem, and I went, and the cathedral was open. The guy here wrote to the guy there, and they showed me everything my Grandfather had done.
It was amazing. Anyway, at the end of that, they were in Cairo, very close by, and there were big Armenian community there. That’s where they lived until I was four years old. Abdul Nasser came in, it used to be under British rule, Cairo. Then, they went out, Abdul Nasser came in, and my Mom said everything changed. Freedom, went out the door. Armenian’s value freedom, obviously enormously. My Father who was a very well known photographer, was appointed the official photographer of Nasser, which meant that he had no freedom whatsoever.
They literally left in the dead of the night one night. My Mother used to say eight suitcases, three children, and two grandmothers had came to Canada. My Dad’s big camera back then, cameras were huge. A colleague of his from oh, somewhere in Europe had come to visit him. He said, “Can I ship this to you? And when I’m ready, will you ship it to Canada?” He said, “Yes.” That’s how they did it. He shipped it to this guy. We came over here, and eventually the colleague was wonderful. He shipped it to Dad, here in Toronto, on way it goes. Okay. Sorry, too much story.
Adam Levin:
Well, no. Just two other little factoids, is that in addition to being an extremely internationally respected individual yourself, you have one brother, who is a very famous singer songwriter for children.
Ann Cavoukian:
Raffi.
Adam Levin:
Raffi.
Ann Cavoukian:
He’s so dear to me.
Adam Levin:
Your other brother is a very well known, and highly respected photographer, as well.
Ann Cavoukian:
That’s right. My oldest brother, Onnig, that’s O-N-N-I-G, he worked with my Dad to start a photography studio here in Canada, and it just took off. Then, my brother continued it after my father died. I’ve got a wonderful photographer as a brother, a wonderful singer. We applaud each other always. I was going to say, we have sibling rivalry, but in the nicest way, we always are applauding each other, and everyone else.
Beau Friedlander:
Raffi is a world famous singer, no?
Speaker 5:
Let’s sing Baby Beluga together.
Ann Cavoukian:
Yeah, he is. I’m so proud of him.
Beau Friedlander:
Amazing.
Adam Levin:
In his field, he’s world famous.
Ann Cavoukian:
He’s amazing.
Adam Levin:
Brother Cavouk is, I think that’s apron.
Ann Cavoukian:
Yeah, Cavouk.
Adam Levin:
He’s world famous. And Anne, you are world famous. You were the Information, and Privacy Commissioner of Ontario. In fact, the longest serving.
Ann Cavoukian:
Three terms, I’m the only one who stuck it out three terms. I loved it.
Adam Levin:
I believe 17 years, and seven months.
Ann Cavoukian:
Very good, Adam.
Beau Friedlander:
But Anne, you come from this family in the arts, and they’re very heavily in the arts. I’m curious. How does somebody who comes from such an arts heavy background, get involved in cybersecurity?
Ann Cavoukian:
I was the only intellectual in our family, so to speak. My Mother, I’ll never forget when I was young, she said this to me. She said, “Annie, I don’t care what you choose to do in your life. I will support whatever you choose to do, but whatever you do, you have to excel at, because there are very few Armenians left worldwide, and we have to show the world, we really know how to do things.” I’ll never forget that. And I said, “Well, I’m very interested in legal issues, and psychology.”
Then, I learned coding, and how do you get things going? I just went through here, the University of Toronto, straight through did my Master’s, my PhD, and just loved it, and wanted to apply it to privacy. Privacy’s so important to me, it forms a foundation of our freedom. Without it, you have nothing, to me. That’s what I’ve been pushing all along. I also love to tell people, get rid of the zero sum mindset of privacy versus security, or privacy versus data utility. That’s so yesterday, you have to have both, you have to have hand in hand privacy, and data, utility, and security, and everything.
Travis Taylor:
Can you explain what you mean by a data utility?
Ann Cavoukian:
Whatever the data is intended to do. Literally, there’s a wide trough. Marketing, privacy and marketing, in terms of data utility. Believe it or not, once a year, the Canadian Marketing Association has their annual conference. They often invite me to be their opening keynote speaker. I always start by saying, “I’m sure I’m the least popular speaker here today.” Fortunately, they laugh, and I say, “Look, I want to tell you how to do marketing, so that you don’t tick off all your customers. You get their consent to do things. Then, they’ll point you to what they’re interested in receiving, and it will increase the value of what you’re doing.” A data utility make whatever data you have as useful as possible to you, and strongly privacy protected. You can do both. That’s what I love doing. I show people how to do this.
Beau Friedlander:
How many years ago was it that you first became interested in consumer privacy?
Ann Cavoukian:
Okay. I’m going to give you a little bit of my background, much to my parents’ [inaudible 00:10:42]. I left home when I was 17. I was very rebellious, and I went, and I worked actually for a marketing company. I really loved it. I did a lot of technical work for them, research, we used to do public research. There, I learned, that this particular marketing agency, and maybe others at the time, that they didn’t respect people’s privacy. They did whatever they wanted with the information they collected, and used it in ways that were never intended. Given my background as well, I always thought you had to be very sensitive towards people’s requests and needs, in terms of their personal information. That was a turnoff to me. I remember going home to my parents on a Sunday for family meal, and I was very annoyed. At that time, they happened to have invited a professor from the University of Ottawa, and he could see, I was annoyed. He could see I was interested in learning things.
Beau Friedlander:
This was at least in 1999?
Ann Cavoukian:
Yeah. (affirmative)
Beau Friedlander:
At least.
Ann Cavoukian:
You could say that.
Adam Levin:
This was before most people really, it was on your radar before it was on most people’s radar.
Ann Cavoukian:
It was a combination of my background, and how important privacy is. My Grandmother used to say, “People would always look over their shoulders. Be very careful about what they said, because they said, if you weren’t careful, if you said anything against the Turks, they shot, they killed you right on the spot.” It sounds ridiculous. To them, privacy was critical, that you control who hears what you say, and what you do, and how you do it. This was infused in me from childhood. Then, I applied that obviously, all the information, society we live in, all the online communications, and activity. I never wanted to make privacy a negative in terms of, it will prevent you from doing things. No, you do both. That’s why I created privacy by design. I won’t talk about it yet, but that’s how it all started.
Adam Levin:
Well, no, and that’s important, because we’re living in, what is clearly a surveillance economy. That must give you nightmares.
Ann Cavoukian:
It does. I tell people you don’t give up on privacy, just because surveillance is mounting, especially in the online world. I always say to people, you never say no, to groups that you think might not be doing the best job at privacy. You help them. You raise the bar, you showed them how to do it. When I created Privacy by Design, that’s why I did it. I wanted something that was proactive, that could be embedded into the design of your operations, bake it into the code, so that you could ideally prevent the privacy harms from arising.
At the time when I was appointed Privacy Commissioner for the first time, I went to the office, and there’s dozens of brilliant lawyers. They’re all telling me how they do privacy, which is to apply the law after, there’s a privacy infraction or data breach, and then you want to remedy it. All that’s valuable. I said, “But I want to prevent it. Ideally I want to be upfront proactive, try to prevent it.” They just looked at me like, “Are you kidding?” Literally, over three nights at my kitchen table, I create Privacy by Design.
Adam Levin:
If we start at the beginning on Privacy by Design, how did you come up with the actual concept, Privacy by Design, and how long did it take for it to take shape?
Ann Cavoukian:
I had been appointed Privacy Commissioner, and I had been thinking about these things for a long time at my kitchen table, literally with my husband, who’s a brilliant PhD, neurophysiology. He’s brilliant. He knows everything. I was always talking to him about this stuff. The interest in coding, and learning how to embed things into design, arose from my conversations with my husband. When I took this to the office, as I said, it was foreign to them, cause they were lawyers. They just studied the law, and this was all very foreign to them.
Literally, at my kitchen table at home, over three nights, talking with my husband, I came up with Privacy by Design: The Seven Foundational Principles. I went to the office, and literally sold it. I had to sell it to my lawyers, but they got it. I wasn’t saying forget the law, no. Strong laws are very important, but I was saying, let’s minimize our need to rely on the law, if right from the outset, at the design stage, proactively you can prevent the harms from arising, and that sold, and then it took off.
Adam Levin:
What are the seven principles?
Ann Cavoukian:
First one, be proactive. You want to prevent the privacy harms from arising, as opposed to offer remediation after the fact. The second principle, is privacy is the default setting. This is huge. This has also been included in the GDPR in Europe. Privacy is the default setting, means you don’t have to wait for your customers to ask you for strong privacy measures. No, you don’t put the pressure on them to wade through your terms of service, and all the legalese, and the privacy policy. Saying, “Please do not use my personal information for any purpose, other than the primary purpose of the data collection, that I’ve consented to.” Which is this collection here. Now, very few people do that anymore. Life is short, but it doesn’t mean they don’t care about privacy. Privacy is at an all time high in terms of concern. In the last two years, all of the public opinion polls, pew internet research, et cetera, have put privacy concern at the 90% up. 90% very concerned about their privacy.
92% concerned about loss of control over their information. Back to privacy is the default setting. What that is, it’s you say to your customers, no you don’t have to ask for privacy. You don’t have to find where do I check the box? We give it to you automatically. It’s the default setting. We are only permitted to use your personal information for the primary purpose of the data collection that you’ve consented to. If we want to use it down the road for a secondary use, we have to come back to you, and ask for additional consent.
This sells like anything. This builds trust like no other, at a time when trust is fleeting. It’s just been hugely successful. Okay. That’s number two. Number three. Privacy must be embedded into design, because you don’t want people to forget about it. You want to in the design of what you’re doing, bake it into the code. You don’t always ask companies. You have a data map? And they go, “Huh?” Usually, the first instance where privacy is collected, some permission consent is obtained, but then it wades through the company, and goes to different departments that is used for other secondary uses that have not been consented to. Privacy embedded into design, means it can only be used for this purpose, and additional consent will be required for additional purpose.
Adam Levin:
What we’re saying, first of all is proactive. Secondly, it must be…
Ann Cavoukian:
Default setting.
Adam Levin:
Default setting.
Ann Cavoukian:
Embedded in design.
Adam Levin:
Embedded in design.
Beau Friedlander:
Oh my gosh. You obviously were looking at Facebook now, Meta, and you were just describing the way they did privacy, because they did it so perfectly.
Ann Cavoukian:
Beau, can I tell you something?
Beau Friedlander:
Yes.
Ann Cavoukian:
In the early years, Mark Zuckerberg invited me down to California to talk to his team. He’d heard about my Privacy by Design work. Talking early years or 2000. He won, he was really interested in privacy. That was before they hired Cheryl Sandberg. At the beginning…
Beau Friedlander:
People saw that it was a marketing point that you actually could market the idea that you were private. Are you sure they were wearing no ear plugs or something? I feel like must not have heard you.
Ann Cavoukian:
They thought they could build trust, and get people to come and join Facebook, and it would grow. Unfortunately, when Sarah Sandberg came on, the model changed completely. The marketing model, and I left, and I just said enough.
Beau Friedlander:
How did it change? How would you describe the change?
Ann Cavoukian:
She wanted to get everybody’s personal information. She had no interest in privacy, and marketing was all she wanted to do without any privacy consideration.
Beau Friedlander:
Got you.
Ann Cavoukian:
I left. Number four is full functionality. Now this may seem odd to you, but what I hate is the zero sum mindset of privacy versus security, or privacy versus data utility, or the versus. Either or, zero sum is one wins, one loses. It’s the win lose model. It’s never privacy that wins, but nor should it be anything else that wins, in absence of privacy. I always reject that, and I talk about full functionality, which is positive sum. Positive sum means you can have two positive gains at the same time.
Beau Friedlander:
Adam, you have four fingers holding your forehead up, which tells me that you’re where I am. Do you understand the zero sum thing entirely?
Adam Levin:
I do.
Beau Friedlander:
You do? All right. Sometimes, I have to ask Travis, who I’ve been working with since 1997…
Ann Cavoukian:
Oh, lovely.
Beau Friedlander:
To explain things to me, because I’ve become a daughtering old man. Travis, explain zero sum to me please.
Travis Taylor:
If I’m not mistaken, I think the way that we view that is, that a zero sum just means that the necessary trade off for privacy, is something where the person whose information is being kept private, doesn’t get anything out of it. There’s no benefit overall.
Adam Levin:
Well, what I think zero sum, at least to me means, in order for someone to win, someone has to lose.
Ann Cavoukian:
Lose. That’s right.
Adam Levin:
If you view this as both sides win, because it’s a marketing plus, and it’s also a protection for the consumer.
Beau Friedlander:
That’s not zero.
Ann Cavoukian:
That’s no positive sum.
Beau Friedlander:
Oh that’s positive sum.
Adam Levin:
That’s positive sum.
Beau Friedlander:
I am now educated. I thank you everyone.
Adam Levin:
Praise the Lord. We’ve gotten through him.
Beau Friedlander:
I finally understand something. This is a good day. All right.
Ann Cavoukian:
Wonderful. I’m so pleased. That makes me happy.
Beau Friedlander:
Thank you. I just figured if I don’t get it, probably someone listening doesn’t get it.
Ann Cavoukian:
No, you’re absolutely right. Now I’m going to go on to number five, end to end security. While the term privacy, subsumes a much broader set of protections and security alone. If you don’t have a strong foundation of security from end to end with full lifecycle protection, you’re not going to have any privacy. In this day, of phishing attacks, and hacking all the time, you must have a very solid strong foundation of security. That’s number five.
Travis Taylor:
In that case, would this just be encryption primarily?
Ann Cavoukian:
I always focus on encryption. I love end to end encryption, but firewalls, all things. Six, visibility and transparency. I tell companies, please keep it open, and to governments. The information you collect from people, it’s not yours, it’s theirs. They’re entrusting it to you, and companies that have come back to me, who’ve become certified for Privacy by Design, they come back to me, and said, “We love this.” Because, what the people do when we open it up, they look at the data we have about them, and they say, “Oh no, that piece of information, that’s no longer true.” That was the case two years ago, now here’s the correct information. They said it increases the accuracy of the information we have, and the quality that we have. They love it. The last one is just a general one, respect for user privacy.
When you keep it user centric, focused on the user, all of this unfolds. It becomes just so obvious, and it shows respect for the individual’s privacy. That’s it, those are the Seven Foundational Principles. You might think a lot of people will hear these, and they say, “Wow, it sounds good, but it’s going to be too hard to do in real life. It’s too hard.” Wrong. We have a paper we published while I was still Commissioner, called Operationalizing Privacy by Design, which is consisting of, I think 11 papers that we did with companies, about different things. Biometrics, smart meters, personal data of all kinds. Home Healthcare, you name it. It really works. I’ll give you one thing we did with Intel, and Home Healthcare. As people get older, they still want to live in their homes, even though they’re living alone, but they might need some help once in a while.
Intel worked with us. It’s beautiful. They created these sensors that you can put on your bed, or wherever you decide to put it. You’re living alone in your house, you get up in the middle of the night to use the restroom, you don’t return within a predetermined period of time. The sensor goes off. It gets help, that you’ve consented to, you’ve agreed to at the beginning. They build Privacy by Design in it. Nobody else gets this information. It is strongly coded, protected. It only goes to the people you’ve agreed to have that information sent to. The healthcare provider, or the hospital, whatever. It helps the individual stay at home. That’s just one example. There are many other examples like that. Then, in 2010, Privacy by Design was unanimously passed as an international standard, by the International Assembly of Privacy Commissioners, and Data Protection Authorities. That was a real honor.
Travis Taylor:
You mentioned certification for Privacy by Design. Is that through Privacy Commissioners, or how does that process work?
Ann Cavoukian:
It’s through myself and KPMG. I partnered with KPMG, because I have a consulting service now, for the past two years. The Global Privacy and Security by Design Center. When people have a website, et cetera. If people want to be certified for Privacy by Design, they come to me, and with their consent, I say, “I’m going to send your information to KPMG, who will contact you, and pour through everything you do, to ensure that you are in fact following Privacy by Design.” Then, when they get certified, they can wear it on their website, wear it as a badge of honor. Then they say it gives them enormous trust from their customers. It builds trust, it keeps the customers they have, and it attracts new opportunity.
Beau Friedlander:
Anne, what I’m hearing is, it’s basically the Privacy by Design standards are similar to the lead standards. You can be gold, silver, et cetera. Is that right?
Ann Cavoukian:
This one, it’s not as complicated. You either get certified, or you don’t.
Beau Friedlander:
Okay.
Ann Cavoukian:
Cause it’s much simpler I think.
Beau Friedlander:
But it’s used as a marketing point in the same way leads is.
Ann Cavoukian:
Oh sure. Absolutely. Because, they’re offering the strongest privacy possible to their customers.
Travis Taylor:
Overall, just in the general privacy landscape, what worries you most these days?
Ann Cavoukian:
Surveillance is mounting enormously as you know, and what I fear is, everybody’s in a hurry. Everybody’s rushing around, and the tendency to just say, “Yeah, sure.” When you go to a website you’re not familiar with, you don’t know what they’re going to do with your information. People just hurry through things, which I understand, but that’s the unfortunate part. It will contribute to the growth of surveillance, and then something happens, and your information somehow flows out to unauthorized third parties, who would use your information in ways that was never intended. Then, away it goes.
Plus, apart from that identity theft, if you are not with a company who protects your data strongly, identity theft is growing enormously, and it’s a nightmare. I remember when I was Privacy Commissioner, victims of identity theft will come to me, and say, “Can you please help me? I didn’t rack up all those charges, or that’s not me that’s somebody else.” The first thing I used to say to them is, “Of course I’ll help you, but go to the police first, file an occurrence report, something that validates your claim, that your identity has been stolen.” Then, I would work with them to help them clear their name. But it could take years sometimes, it’s a nightmare.
Adam Levin:
If you were going to identify the one company in the world that you think is doing the best job, or the top three, what would you say, or are you allowed to say?
Ann Cavoukian:
Oh Adam, I haven’t done that. I’ll just tell you off the top, one of the companies that I love. Apple, they go to great lengths to give you end to encryption on your mobile device. I have an iPhone for example.
Adam Levin:
Right.
Ann Cavoukian:
I also know, I’ve looked under the hood. They go to great lengths to protect your personal information that they have. If I had to name one company, it’d be Apple. There are others, there’s a company called Identos, here in Canada, that does investigations of things, but they’re totally privacy protected. Oh gosh, there aren’t dozens of these companies, unfortunately.
Adam Levin:
The other thing we know too, is in the old days, when things were created, like for instance, the electronic health records, the issue was not privacy, and security. Despite what governments may tell you, the issue was, does it work? People were disincentivized by, they were penalized if they didn’t do electronic health records, and they were incentivized if they did, but…
Beau Friedlander:
Did they work, Adam?
Adam Levin:
They worked better than paper files, but they were not secure. That was the whole issues. They were not secure.
Beau Friedlander:
That to me, says they don’t work on some very essential level.
Ann Cavoukian:
Electronic health records are a nightmare, depending on who’s doing it. They can be used for a variety of purposes that you have not consented to. It can go into other hands, for other purposes.
Beau Friedlander:
This is not something that you can deal with just by looking at your explanation of benefits or stuff. This is behind the scenes, way behind the scenes.
Ann Cavoukian:
Right.
Adam Levin:
When you were a commissioner, this is one of the big issues you dealt with, is protected health information. Correct?
Ann Cavoukian:
We were very lucky in my jurisdiction, Ontario, Canada. We had something called PHIPA, the Personal Health Information Protection Act. It allowed me to have great strength in terms of privacy of health information in my jurisdiction. We just insisted upon this, that consent is essential. The patient has to know how you’re using your information, obviously for your healthcare provider, your general practitioner, your family doctor. You go to him, you want help, you want him to refer it to some specialists, and you got to get some tests. All of that is great, and should be allowed, because the person is in a risky state, and they’re nervous and stuff.
We said we wanted it to work again, not zero sum. So we said, “Okay, you go to your healthcare provider for seeking his or her assistance. They can share it with other healthcare providers that they’re going to refer you to, that you have consented to.” That’s fine. They can do that automatically, but the minute your health information is in any way intended to go outside of healthcare, the walls go up. You must give positive consent or you can’t send the information. We’ve had great success with this.
Adam Levin:
How do you feel about facial recognition technology?
Ann Cavoukian:
Oh, I hate it. I hate it for a number of reasons. First of all, most of the time, it’s not accurate. They use facial recognition extensively in Britain, in the UK, and 83% of the time, it’s a false positive. Can you imagine? 83% of the time it says, “Yeah, it’s you.” And it’s not you, it’s a false positive. It can do such damage to your life.
Beau Friedlander:
But the phone, I’m speaking of the Apple phone, it 100% of the time works.
Ann Cavoukian:
That’s one to one. That’s the difference Beau.
Beau Friedlander:
Oh.
Ann Cavoukian:
One to many, is my face being compared to hundreds of thousands of people in the population.
Beau Friedlander:
I gotcha. When you do a Google search on the image, and you get like, “I’m like, look, here’s me. Can you find me?” They’re like, “Yeah, here’s 1,800 50 year old men, with salt and pepper hair.
Ann Cavoukian:
One to one is brilliant. It’s me against my iPhone. Like you said. I have a Nexus card. Not that I’ll be traveling anytime soon, it’s so crazy. I used to travel to the States a lot. Nexus helped me enormously, because they use my facial recognition. When I go to the Nexus thing at the airport, they compare my live face to the image they have, which I consented to, one to one. That’s the difference Beau. One to many is a nightmare.
Travis Taylor:
What are some basic and practical things that people can use to protect their privacy, just in their everyday life?
Ann Cavoukian:
Do not disclose your information to third parties unknown. I say that, and people go, “Yeah but, I’m going online all the time. I want information. I just say yes to cookies. Yes to everything.” That’s one of the biggest problems. If you allow your information to flow, and in context of whatever you’re doing, and you’re not careful with what your consenting, I can guarantee it’s going to go to third parties unknown, that are not authorized to collect your data. Let me give you a physical example, you go into a real life store, in the world, you go into the store, and you buy something with your credit card. Often, they take your credit card, you make the payment. They might say, here in Canada, they say, “What’s your postal code?”
I of course, always say, “Oh, what would you like the postal code for? I’m really curious about that. I don’t know how that affects my privacy.” The minute I ask the question, the clerk doesn’t know what I’m talking about. They go get the manager. The manager comes back and says, “Oh, you care about privacy. We can do this, this and this.” It immediately elevates their protection of your data. I always tell everybody, the one thing you can do at the beginning of any of these, express your interest in privacy right at the beginning. It’ll take you down a different path, and I’m not saying you’re getting a perfect data protection, but you will get stronger data protection, than if you don’t raise it.
Adam Levin:
If someone is a cynic, and they say, “Hey, I don’t have a problem giving up my privacy for convenience.” Why should people care about protecting their privacy?
Ann Cavoukian:
I love it. It’s like, “I have nothing to hide. What’s the big deal? I don’t have a problem with that.” Because, it’s going to come back, and bite you in ways you couldn’t have anticipated. You don’t know how information about you can be used to harm you, in ways you can’t possibly anticipate. That’s what I learned when I was Privacy Commissioner for such a long time. I couldn’t imagine all the different ways that unknown third parties could use your data, that could cause you harm. It’s not about wanting to hide anything. I always say privacy is about control. It’s about personal control over the use, and disclosure of your personal information. If you want to give it out to the world, be my guest. That’s your right. As long as you make the decision to do so. It’s critical. It resonates with people when I’m talking. The Germans have a wonderful term called ‘informational self-determination.’ That it should be the individual who determines the fate of his, or her personal information.
They know from experience what a huge difference this can make. You can’t anticipate how things can happen to you, just know that they will, and just take a little additional measure, express your concern for privacy, and your interest, and it will elevate your protection dramatically. The reason it’s so important for the individual to consent, to have control over the use, and disclosure of their information, is because context is key. Nobody knows the context associated with the data, other than the individual. Something to one person, may not be sensitive at all. To another person, it may be extremely sensitive, because their context is different. I always say to people, to companies, you don’t know the context associated with the data. That’s another reason why it’s very important to ensure that the data are consented to by the individual. Again, that the German informational is self-determination arose from that mindset as well.
Adam Levin:
Listen, we could go on forever, and we will come back and go on forever.
Ann Cavoukian:
I hope you do. It’s been such a pleasure speaking to you all.
Adam Levin:
We really appreciate what you’ve said, and heaven knows you’ve had an incredibly stellar career.
Ann Cavoukian:
Oh, thank you. I’ve been very lucky.
Beau Friedlander:
You guys, you do realize Ann Cavoukian is a legend?
Adam Levin:
She’s a rockstar, when it comes to privacy, and security.
Beau Friedlander:
Was Raffi ever a rockstar?
Adam Levin:
Well, he’s a children’s rockstar.
Speaker 5:
One, and the two, and the three, and the four.
Beau Friedlander:
It’s all rock stars. Throw a rock kid a rockstar in their family.
Adam Levin:
That was a folk star.
Travis Taylor:
Pop star, maybe at best.
Beau Friedlander:
We have to have her back, because I didn’t even get to talk. One of the questions that I wanted to ask her about, was whether or not my phone is listening to me, which I’m quite sure it is. Travis, thank you for not saying that. I probably Googled whatever it is, I think my phone heard.
Adam Levin:
All right, friends, it’s time now for the tin foil swan, our paranoid takeaway. That’ll help keep you safe online.
Beau Friedlander:
When you get the rest of your food from the restaurant, you take it home, and it’s in a tin foil swan, take the tin foil part, put it on your head, and you’re safe. Correct?
Travis Taylor:
Not so much.
Beau Friedlander:
Okay, fine. What is our tip this week? What do we want to talk about?
Adam Levin:
Our tip this week has to do with Twitter privacy.
Beau Friedlander:
Oh, that sounds like an oxymoron. It’s military intelligence.
Travis Taylor:
Jumbo shrimp.
Beau Friedlander:
How do you do it?
Travis Taylor:
It’s fortunately pretty straightforward. You just go to settings and privacy, when you’re logged into Twitter. Then, once you’re there, you click on the privacy and safety tab, and then there’s a little sliding bar next to protect your tweets, which means that your tweets will be private.
Adam Levin:
How far should I slide the bar?
Beau Friedlander:
Come on.
Travis Taylor:
All the way.
Beau Friedlander:
All the way.
Adam Levin:
Oh.
Beau Friedlander:
There’s another thing that you can do, which is, you can just delete your account.
Adam Levin:
No.
Beau Friedlander:
Adam don’t you really want to, how many followers do you have now?
Adam Levin:
Almost 60,000.
Beau Friedlander:
That would be a big protest statement. That is like an [inaudible 00:38:33]. You just delete that account, Adam.
Adam Levin:
I like my Twitter followers.
Beau Friedlander:
Okay. Nevermind.
Adam Levin:
Travis, what’s the security benefit for me keeping my Twitter private?
Travis Taylor:
Any information you post about yourself on social media can be used against you, either to hack your accounts, or steal your identity. By keeping it private, that means that you’re putting less personal data out there.
Beau Friedlander:
Okay. But it’s social media. If you have it set private, that means that you are not actually doing what it does.
Adam Levin:
You’re not being social.
Beau Friedlander:
That is the oxymoronic situation. That’s the paradox, right? Is that social media is just not a place to be. If you want to keep your information private, period.
Thanks for listening. If you like the show, rate and review, it helps people find it, and we’ll see you next week. What the Hack with Adam Levin is a production of Loud Tree Media.
Adam Levin:
It’s produced by Andrew Steven, the man with two first names.
Travis Taylor:
You can find us online at loudtreemedia.com, and on Instagram, Twitter, and Facebook, at Adam K. Levin.
