Just Because You Can Do Something…

Right before this year’s midterm elections, the New York Times ran a piece about a pair of helpful little social shaming apps with the superficially noble goal of driving voting turnout. VoteWithMe and OutVote are quasi-social networking apps that match people in your contact list with scraped public records on voter information, party affiliation and whether a given individual voted in the last election. They can then assist you in reminding—or pressuring, hounding, humiliating, whatever—the laggards in your group to get to the polls. Predictably, these apps also helpfully collected other bits of personal information that weren’t entirely necessary to achieve the stated goals of furthering civic engagement.

What these apps are doing is probably kinda mostly legal, because the data being collected and presented to the user appears to be based solely on public records, and most privacy regulations contain some sort of derogation regarding the use of data that has already been publicly disclosed. But the fact that it’s technically possible to do something and that the current regulatory environment allows you to get away with it without serious legal repercussions doesn’t mean that you should just forge on ahead.

If you’ve been following the privacy business for any length of time, you’re undoubtedly familiar with the now-infamous Strava case. But here’s a quick recap: Strava is a San Francisco-based social network that allows its users to share their workouts based on GPS data captured from wearables such as Fitbits. In November of 2017, Strava released a new “Global Heatmap” feature, in which they highlighted running and cycling routes and related data from their users’ collected GPS points. It was a nifty new way to visualize this massive data hoard, but it was quickly discovered to reveal the location and internal navigable routes of a number of secret military installations around the world.

You can argue that this was the result of a massive OPSEC failure on the part of the affected western militaries and intelligence organizations, and you can also make a strong case for this resulting from weaknesses in Strava’s notification and consent management practices, further underscored by the changes Strava later implemented in its privacy policy and opt-out functions for Heatmap data gathering. The key point, though, is that personal data is highly nuanced, it’s relatively simple to inadvertently reveal information that wasn’t explicitly included in the original data set, and novel new uses for existing data can result in disclosures the data subjects never consented to in the first place.

Exactly how one votes is generally confidential in the US. Your ballots aren’t released to the public domain, and there are no legal circumstances I’m aware of in which you would be required to divulge that information. However that’s really an academic point in today’s highly polarized political environment; if I know your party affiliation and whether you voted at all in the last election, I can likely deduce how you and everyone else in your district voted using data analysis techniques no more sophisticated than sorting a spreadsheet.

We don’t have to go very far back in history to find instances in which political affiliation caused dangerous problems, and the NYT piece offers up a small catalog of potential pitfalls of how aggregated voter information could be put to malicious purposes. There’s a reason that political affiliation is treated with the same gravity as health data in Europe, where historical memory is a bit longer than in the US. My deeper concern has more to do with the ethical considerations, the optics, and the how the intersection of the two affect the desired outcomes.

One of the most important considerations in deciding how to use personal data for any purpose is to first ask if the proposed use is something the data subject would expect and consider reasonable. If I provide my mobile number to a specialty online retailer in the process of making a purchase, I would consider it reasonable for that retailer to call me on that number with a question about my order, to let me know there was a shipping delay, etc. I would consider it reasonable for my primary care physician to disclose aspects of my medical history to an EMT if I were unconscious and heading to the hospital in the back of an ambulance. I would even consider it reasonable if a sales rep called me to pitch something if I’d dropped my business card in a fishbowl at that company’s booth at a conference. But! I would not consider it reasonable for my political party affiliation and past voting behavior to be disclosed to a client who happened to have my mobile number in her address book, and to have that information used to allow her to start to up an argument with me about my politics.

Which brings us to what this means for outcomes. I would love to see data on how these apps performed against their goals while in-market. I don’t have any doubt they did drive some additional action in the polls in tech-savvy districts, but I’m also willing to bet they created some unnecessary tension, turned some people off the process, and created a pool of data ripe for misuse in the future. It’s a surprisingly tone-deaf effort in a time when privacy and the misuse of personal data is the highest it’s been in a very long time.