Every time we swipe our bank card, upload a photo to Facebook, watch a video on YouTube, use a loyalty discount, hand over a prescription, read an article online, we’re giving ourselves away. In 2018, a detailed, digital record of our lives is a valuable commodity. Companies, governments, and even charities can use what we reveal about ourselves to make money. But they can also use it to make our lives easier, our cities smarter, and our societies fairer. This new marketplace of information exists without any broadly agreed master plan, or rules.

/

What does it mean to be savvy in a digital world?

Most of us don’t have the time or energy to keep track of all the information we’re sharing online. We just trust regulators are doing their jobs and keeping us safe. Is that naive? Katie Kenny reports.

I start my day, almost every day, with the same three words: “Hey, Google. Stop.” I then roll over and go back to sleep, until a second alarm jerks me awake.

It’s the first of more than 100 interactions I have with the search giant during an average 24-hour period. More than half of these interactions are via the search bar, around 30 per cent are websites visited, and the remaining portion is made up of YouTube videos watched and voice assistant commands.

Google has long allowed users to view and download data collected from and about them. Through Google Takeout, you can export your information, from search history to emails to chat logs to photos. But if you just want to see an overview of what you’ve done on Google’s products, head to My Activity.

I can’t tell you whether my Google activity is normal. Google can’t (or won’t) tell me, either. (“We don’t provide this information,” a spokesman said.)

Of course, I spend a lot of time online as part of my job. But I also just love searching stuff. Missed call from an unknown number — I’ll look it up before calling back. My cousin’s got a new job in London — I’ll check out the office on Street View. What’s the best seat to book on a plane? How many people die during surgery? Why is my kentia palm yellowing? Define: Lollygagging.

Anyone who’s ever cleared a browser history or had an embarrassing Spotify recommendation knows what it feels like when technology throws us back at ourselves. My Google data, combined with my bank card transactions, social media messages, health records, and more, could tell you more about me than I could.

That’s not necessarily a bad thing. Data allows companies, and governments, to make their services faster, smarter and more personalised. It’s the trade-off we make, living in a data-driven society. But do we gain more than we lose? It can be hard to say, when we don’t really know how much we’re giving away.

Most of us don’t have the time or energy to keep track of all the data we’re shedding online, or read all the terms and conditions when downloading an app. (Ten years ago, two researchers at Carnegie Mellon found it would take the average internet user 25 days per year to read every privacy policy on every website they visited.) We trust regulators and industry leaders are keeping us safe.

But policy makers are struggling to keep up with the pace of technological advances. The number of devices collecting and analysing information in real time, otherwise known as the internet of things, is expected to exceed 50 billion by 2020.

Recent, high-profile data breaches, such as Uber’s loss of 57 million users’ information, and political firm Cambridge Analytica’s misuse of Facebook data relating to 87 million users, show even when we think we’re being careful online, we’re not always safe from harm.

01000100 01000110 01010011

Legislation has the tricky job of balancing business needs and individuals’ expectations, says Mike Flahive, founder of consultancy Simply Privacy. The speed at which it’s become possible, and cheap, to collect and store huge amounts of data has meant organisations have rushed ahead without pausing to consider the consequences.

Europe’s General Data Protection Regulation (GDPR), possibly the world’s toughest data protection rules, came into effect in May. Beyond Europe, companies around the world have updated their policies to meet the new requirements, which allow individuals to request their data and restrict how businesses collect and use the information. Facebook said all users would benefit from updated privacy controls. Air New Zealand’s Jacqueline Peace said GDPR was just “best practice”, and the Kiwi airline offered those rights globally.  

New Zealand’s own privacy bill is making its way through Parliament, set to repeal and replace the 25-year-old Privacy Act. However, some public submissions say the bill doesn’t go far enough in strengthening individual privacy.

“I think it’s fair to say Europe’s ahead of us,” Flahive says. “We’re not far behind, we have complementary legislation. But I think as a culture — that’s about people’s understandings and expectations in that space — we haven't quite caught up yet.”

More data means more responsibility for those collecting it, he says. As individuals, we also don’t exercise enough scrutiny of who’s collecting our data and what they’re doing with it.

“If you’re engaging someone to build your house, you wouldn’t just blindly sign a contract with a builder without looking at the details of what they’re going to provide, and so on. Relationships in the digital space are very similar. It’s incumbent on us to understand what we’re getting into, to be wise in that space. And if it looks too good to be true, then it probably is. Nothing’s free.”

But even if we read the fine print, it’s often too vague to be helpful. And given many apps and mobile network operators repackage and sell data, there’s no way of knowing where it ends up.

In August, The Associated Press published an investigation into how Google handles its data, which revealed the company stored location data even when users explicitly told it not to. While Google said opting out of a setting called Location History on mobile devices would prevent the company from remembering where you’ve been, a privacy researcher found some Google apps automatically stored time-stamped location data without asking.

As well as public criticism, the investigation resulted in at least one lawsuit. Google also updated its Location History support page on its website. It now reads: “This setting does not affect other location services on your device, like Google Location Services and Find My Device. Some location data may be saved as part of your activity on other services, like Search and Maps.”

Online privacy matters because so much of what we like, what we dislike, and what we care about, is held online, says Andrew Cushen, of Internet NZ. “That information is valuable to us. It’s also valuable in terms of companies wanting to target and advertise things to us. And, unfortunately, it’s valuable to people who wish to use it for nefarious purposes.”

Greater public concern has prompted more privacy-protecting services. From password managers to encrypted cloud storage to disposable email addresses and phone numbers, those with a bit of extra time — and money — can attempt to buy their way out of the data-for-services economy.

But Cushen thinks there are already plenty of free, accessible tools available, like exercising our legal right to request information held about us by companies. Habits as simple as checking and rechecking privacy settings on social media, or favouring messaging apps that offer encryption, such as WhatsApp or Signal.  

“These tools aren’t necessarily perfect or precise, but we do all have them at our disposal,” Cushen says. “Ultimately, we can choose to opt out of services, and turn around and say we’re not happy with the deal they’re giving us. We do have options.”

Sean Lyons at NetSafe, New Zealand’s independent online safety organisation, agrees. “The Privacy Act is a really good tool for Kiwis dealing with local companies. But the difficulty comes when you’re living in New Zealand but the company that you’ve signed up with is based in Tunisia, or wherever, and they’re not bound by the same laws.”

While he acknowledges there’s “a degree of complacency” among the general public, “naive” is a “troublesome word”.

“It suggests that people are not thinking things through, and I don’t think that’s what drives people to make the mistakes they make,” he says. “But should we be investing extra time and effort into this? Absolutely. I see the downstream effects when people don’t.”

I interact with Google more than 100 time per day, on average. Those interactions can be broken down into four categories: “said” (voice commands); “watched” (YouTube videos); “visited” (web pages visited); and “searched” (using the Google search bar). This chart shows my interactions, by category, for one, random day in August.

I interact with Google more than 100 time per day, on average. Those interactions can be broken down into four categories: “said” (voice commands); “watched” (YouTube videos); “visited” (web pages visited); and “searched” (using the Google search bar). This chart shows my interactions, by category, for one, random day in August.

I interact with Google more than 100 time per day, on average. Those interactions can be broken down into four categories: “said” (voice commands); “watched” (YouTube videos); “visited” (web pages visited); and “searched” (using the Google search bar). This chart shows my interactions, by category, for one, random day in August.

Even with my 'Location History' turned off, Uber rides, bank card transactions, public library loans, gym check-ins, and New World Clubcard purchases do a pretty good job of tracking my movements.

I examined my Clubcard results with a forensic interest. On May 22, 2016, I paid $3.89 for a 250g block of Pams Colby cheese at New World Wellington Central. I buy a lot of chocolate, and chardonnay. What’s that doing for my demographic profile?

It took 30 days, and multiple emails and phone calls, to get a copy of that spreadsheet. For some requests, such as applying for my credit score, I had to provide more personal information (passport details, phone numbers) to access data already held about me. That seems unfair, doesn’t it?

While it’s an inconvenience to prove my identity to access historical data, it’s only because systems are set up to save me having to do that on a regular basis, says Privacy Commissioner John Edwards. If I had to authenticate my identity every time I scanned my Clubcard, I wouldn’t bother using it. But to see data about me, I have to prove I’m really Katie Kenny.

The same sort of aversion to hassle is why people don’t enable two-factor verification, Edwards says. Also known as two-factor authentication, the added security layer requires a code, sent by text message or from a special authenticator app, to be typed in after you fill in your password.

In 2014, a phishing scam targeted Jennifer Lawrence and other Hollywood stars, illegally accessing private information, including nude photos and videos. The trove of photos spread across the internet, and Lawrence denounced the attack as a “sex crime”. A two-factor authentication on their Apple iCloud accounts would have prevented the scam, Edwards says.

“I have two-factor authentication,” I say, perching on the edge of a couch in Edwards' office.

“Good.”

Opting out completely is also an option, of course.

When Kendall Flutey was in her final years of high school in Christchurch, her friends were uploading “everything” onto Facebook, which was just becoming popular in New Zealand. “From what I recall, there was no consideration of privacy. I think everyone could see everything you, or others, put up online about you. I didn’t really like the idea of that.”

Facebook has 3.2 million monthly active users in New Zealand. But Flutey, now 27 and co-founder and CEO of financial education platform, Banqer, is a “Facebook-never”.

At school, her peers were surprised she didn’t create a Facebook account, given she was known as “one of the students most into tech”. She admits not having one was, at times, socially isolating. “But it also made it a lot more obvious when someone really wanted me to come to an event, or catch up, or get to know me.”

Five or so years ago, she noticed people starting to “give-up” on social media. Rather than acting shocked when she told them she didn’t have Facebook, they confessed they wished they also didn’t have accounts.

But she’s quick to say her decision to stay off Facebook wasn’t “a revolution of some kind”. She uses Gmail, Twitter, Snapchat, LinkedIn, and Instagram (so, in some ways, Facebook does have her data).

“It’s hard to explain, but I think the rationale here is that I like the microservices approach. Think about Facebook — it’s this monolithic social media platform that will take any kind of data on you it can, and that is very time-consuming to keep updated. It wants you to upload photos, text, videos, locations, relationships, friend networks, all in one place.

“I’d rather break those services down and have a more intentional audience and voice on each platform.”

British philosopher Onora O’Neill, in a 2001 paper on informed consent, anticipated some of the issues relating to personal data society is navigating today. When individuals are swamped with information so complex in content and in organisation, few are in a position to provide “genuinely informed consent, or informed dissent”, she wrote.

“If I am right in this surmise, we are likely to face a deep tension between the limits of available human capacities and the sorts of choices about policies and cases that will actually arise and require justification or rejection.”

So who’s responsible for finding a solution — technology companies, governments, or us?

It’s easy to become fatalistic about our privacy online. Updating social media settings can feel like bailing buckets of water from a sinking ship. “It’s inevitable that we, or others with the right skills, can find out information on you, no matter how hard you try to lock it down,” says Mike Gillam, of private investigative firm The Investigators.

“The instant cash loan you tried to get five years ago, that left a footprint. When you moved house and redirected your mail, that left a footprint. Everybody’s got a footprint.”

Around 10 per cent of inquiries to his firm are from someone who’s been affected by identity theft, or, increasingly, revenge-style postings.

One case involves a woman whose name and photo has been uploaded to sites such as “She’s a Homewrecker”, Gillam explains. Those pages now show up in the top Google search results for her name.

“It makes it quite difficult for her from an employment perspective.”

Usually, the victims know who’s responsible, he says. In those situations, a strongly worded legal threat will usually do the trick. If not, another option is manipulating search results, so the distasteful links are pushed off the first results page of a Google search.

But most people aren’t private investigators, or even capable of finding much other than “surface level information,” he says. “I would always say it’s absolutely worth watching social media settings and hiding friends lists, that sort of thing.”

Towards the end of my day, my Google activity tends to drop off, save for the odd flurry of keyword searches. Take a random evening: “spiralizer”; “julienne peeler”; “julienned, define”; “julienned”; “wide peeler”; “how to julienne carrots”. No prizes for guessing what vegetable I was preparing for dinner that night. Later on, more of the interactions are via voice command.

Google and Amazon, the leading sellers of smart speakers, say the assistants only store audio only after they hear specific keywords, such as, “OK, Google”, or, “Alexa”. By default, they’re always listening. I’m aware I waive a certain amount of privacy for the convenience they provide.

“You can believe or not that they don’t store this information,” an artificial intelligence engineer tells me. “But people put these tools in their bedrooms, because they’re  convenient, completely ignoring the fact they’ll never have a private argument with their partner ever again.”

Later that day, I unplug my Google Home. But my routine — from waking up, to listening to podcasts, to winding down with a bedtime playlist — is thrown off. It’s not that I can’t live without the device — obviously — but simply that it makes my life easier.

So within days, it’s back.

“Hey, Google,” I say. “Set alarm.”

/

MOVE FAST, BUT FIRST, DO NO HARM

Regulators are struggling to keep up with advances in artificial intelligence, automation, and analytics. So technologists, and society at large, are turning to our sense of right from wrong. Katie Kenny reports.

American science fiction writer Isaac Asimov, in his 1942 short story “Runaround” introduced three, now very famous, laws of robotics.

The first law — "a robot may not injure a human being or, through inaction, allow a human being to come to harm" — is reminiscent of the so-called Hippocratic Oath: "primum non nocere", or, "above all, do no harm".

Both axioms are at odds with the startup slogan popularised by Facebook founder Mark Zuckerberg: "Move fast and break things".

But the shine has worn off Silicon Valley, as scandals and controversies have revealed a technology industry culture more opportunist than idealist. Zuckerberg distanced himself from the slogan as the social network faced allegations of spreading fake news, and allowing Russian meddling in America’s election and Britain’s “Brexit” vote in 2016.

Then, in March this year, it was reported 87 million Facebook users had their data harvested by Cambridge Analytica, a political consultancy. In short, the consultancy, with the help of an app that appeared to be a personality test, used Facebook data to build psychological profiles of a large portion of the United States’ electorate (and some 64,000 Kiwis). Its goal was to manipulate voter behaviour.

The social network has since promised to do more to protect users’ privacy. But that hasn’t eased public concerns about the trillion-dollar business of personal data mining. Combined with recent advances in artificial intelligence, automation, and analytics, society is at an ethical crossroads about how to employ these emerging technologies.

As governments grapple with regulations on data protection and privacy, industry leaders are updating codes of conduct — overseas, and closer to home.

“People are turning their focus on to ethical guidance, because legal rules and policy measures are fast being outpaced by the speed of advancements in information technology,” says Richman Wee, project manager of the Law Foundation’s Information Law and Policy Project.

Technologists are more deeply involved with the details of the technology, so it makes sense they should lead these discussions, he says. However, “the responsibility belongs to each and every person and organisation in society”.

01000100 01000110 01010011

In July this year, New Zealand’s AI Forum and others signed an international pledge to stop killer robots: “We will neither participate in nor support the development, manufacture, trade, or use of lethal autonomous weapons.”

The Forum’s executive director, Ben Reid, is fascinated by the field of AI ethics, and drawn to discussions about the long-term future of autonomous intelligence, and science fiction, post-human scenarios.

“The field of AI ethics is at an early stage globally,” he says. “I think people in the last year have become aware of the intrinsic risks. The main areas are ensuring systems are fair, so identifying and removing bias.

“And safety is a big deal. From autonomous vehicles on our roads to the concept of, yes, lethal autonomous weapons.”

The global reach of firms such as Facebook means they’ll never please everyone, Reid says. “They’re trying to approximate ethical models that appeal to billions of people.”

But can we trust technology companies to self-regulate, at the expense of profits? Reid sounds uncertain: “They’re in a difficult position, because their business models depend on basically being able to generate value from large amounts of aggregated private data.”

After copping criticism for helping the US military to develop AI tools, Google this year published new AI principles, committing the company to building AI applications that are "socially beneficial," avoid creating or reinforcing bias, and are accountable to people.

The world’s largest organisation of computer scientists and engineers, the Association for Computing Machinery, also issued a new code of ethics for computing professionals. The principles ask computing professionals to contribute to society; avoid harm; be honest and fair; respect privacy.

President Cherri Pancake wrote technology is “similarly personal” to medical treatment. “Today, technologists’ work can affect the lives and livelihoods of people in ways that may be unintended, even unpredictable. I’m not an ethicist by training, but it’s clear to me that anyone in today’s computing field can benefit from guidance on ethical thinking and behavior.”

Last year, Chartered Accountants Australia and New Zealand (CAANZ) published a report saying Kiwi companies should be transparent with customers about their data-harvesting AI systems.

“We have a window of opportunity to step back and purposely design an AI world that ushers in a more inclusive global society and economic system than exists today,” the report said. “If we fail to build the ethical dimension into each stage of our AI journey, an alternative route that perpetuates the current polarisation of wealth and resources within and between societies seems inevitable.”

Following stories about the weaponization of social media — “concerns around fake news and Twitter bots” — Karen McWilliams of CAANZ says, “I think we’re at a tipping point.”

“Until there’s a global agreement as a baseline, businesses can develop their own frameworks. For example, if we have algorithms involved in our decision-making, we’ll get them verified to make sure they’re doing what they say they will, and we’ll get them checked on a regular basis.”

Emerging technologies such as artificial intelligence present new, ethical dilemmas. In the absence of appropriate laws and regulations, technologists are turning to medicine-like morality to guide the way. Credit: JEMMA CHEER AND ALEX LIU/STUFF

Emerging technologies such as artificial intelligence present new, ethical dilemmas. In the absence of appropriate laws and regulations, technologists are turning to medicine-like morality to guide the way. Credit: JEMMA CHEER AND ALEX LIU/STUFF

Emerging technologies such as artificial intelligence present new, ethical dilemmas. In the absence of appropriate laws and regulations, technologists are turning to medicine-like morality to guide the way. Credit: JEMMA CHEER AND ALEX LIU/STUFF

Increasing demand for data scientists has seen the introduction of “quick courses” that train people to apply algorithms, but lack an emphasis on the scientific method and ethics, says one data scientist, who has worked at high levels across both public and private sectors. (To protect his identity, I’ll refer to him as Aaron.)

It used to be a career for those with the highest academic qualifications in data science and statistics, but standards have slipped, he says.

That’s why we’ve seen behaviour such as Facebook’s manipulation of almost 700,000 users’ home pages for one week in 2012 to study “emotional contagion”, he says. And, of course, the more recent Cambridge Analytica scandal.

“If you go through university as a scientist, any experiment that you do has to go through ethics boards. The results you produce have to be solid and you have to check them. As in any scientific and engineering discipline, you have a responsibility for the outcome.”

Cambridge Analytica has become an example of bad practice because the data was accessed illegally and used unethically. (The company didn’t help itself by boasting of using honey traps, fake news campaigns, and operations with ex-spies to swing election campaigns.) But mining personal data and using it to inform online campaigns is a familiar strategy to anyone working in marketing today. So who decides where the line is?

Marketing companies have developed different metrics to assess how well a message, or campaign, is being received; “applause” (from social media likes), for example, and sentiment analysis.

Someone like Aaron is able to go back to his client — a media organisation, perhaps, or government agency, or energy company — and say what appears to have worked, and why. Then, he’ll tweak the message, depending on the target audience, and put it out again.

Isn’t this just a digital version of, say, the sneaky psychology of supermarket layout? He nods, slowly. “I think it’s another version of that.

“But, traditionally, those tactics were based on massive metrics which generalise a population. With AI, you have the potential to make a better, more personalised system.”

He’s referring to micro-targeting, the algorithmic social media phenomenon that means the messages I see online are different to those you see, owing to our different personalities, habits, and views on political issues. Let’s say you’re at one end of the political spectrum and I’m at the other — not only do we disagree, we don’t even have ready access to the same information. This is how echo chambers exist.

So, does he feel like he’s manipulating people? “I mean, it really comes down to the cause. I’ve worked on a lot of positive campaigns. Around protecting people, the environment, those sorts of things. If you can help get a message across like, ‘Don’t drink and drive’, by adjusting the message and learning from things like applause rate and what really appeals to people, then you’re making a positive impact.

“Cambridge Analytica was the flipside of that. And this is where ethics boards come in. You can equally use the technology to do something bad.”

That’s also where public pressure comes in. While there have been large protests in the US, New Zealand’s response has been, well, minimal.

Advocacy group, Action Station, in March published a petition arguing for better regulation of social media platforms: “The only long term solution to these problems is government regulation of the mega-companies making massive (and often untaxed) profits from the use of our personal data.

“Only government action can prevent further breaches of privacy and erosion of our democracy by Facebook, it’s time for the government to step in.”

It has fewer than 700 signatures.

But Aaron says he was surprised by the backlash following Cambridge Analytica. “Me, personally, I thought the trend was going towards, everyone being happy to share everything they had. Until Cambridge Analytica. When that happened, I was like, ‘oh, so people can actually make a change’.”

Historically, governments have seen digital technology as a matter for private arrangements, says Dr James Every-Palmer QC, a barrister at Wellington’s Stout Street Chambers and author of Regulation of new technology: Institutions and processes, published in March and funded by the New Zealand Law Foundation.

“But people are now asking questions,” he says. “How does social media affect people’s happiness and how can it be manipulated by foreign interests? What rules should apply to people promoting Bitcoin? Should Uber drivers have the same protections as employees? New Zealand hasn’t answered these questions, but nor has any other country.”

He says a “technology commission”, mandated to address these questions along with other authorities in New Zealand and overseas, would help. He admits it’s a bit of a radical proposition, to devolve legislative powers to a bureaucracy, even only on an interim basis.

“However, the rapid pace of technological change is likely to require faster regulatory responses than is possible through Parliament.”

Plus, he says, New Zealand has a history of creating innovative regulatory and commercial solutions: “For example, the deployment of Eftpos technology, the development of a wholesale electricity market, the creation of Fonterra and the creation of our own ‘space law’ to allow launches by Rocket Lab.”

Consumer engagement is a chicken-and-egg situation. Without regulations requiring transparency, consumers aren’t aware of what data is collected and how it’s commercialised and transferred, and how it affects their online experience. Better understanding of that would give consumers a more active role, Every-Palmer says.

Given this lack of transparency, by default, the onus has to be on companies and governments to provide evidence that what they’re doing is fair, and accurate.

Finally, as though participating in an international hokey-tokey dance, governments around the world are starting to step in. In May, the European Union enacted new privacy rules, known as the General Data Protection Regulation. Heralded as a strong protector of digital privacy rights, the law has shifted global expectations for best practice. Its heavy emphasis on consent could see an end to the sale of email lists and convoluted terms and conditions.

That same month, closer to home, then-Government Digital Services Minister Clare Curran and Statistics Minister James Shaw commissioned an audit of all algorithms in use across government; Otago University launched a Centre for Artificial Intelligence and Public Policy; and the Privacy Commissioner and the Government Chief Data Steward jointly developed key principles “to support safe and effective data analysis”. Meanwhile, a new Privacy Bill is making its way through Parliament, set to repeal and replace the 25-year-old Privacy Act.

Ali Knott, an associate professor at Otago University’s Department of Computer Sciences and a founder of the Centre for Artificial Intelligence and Public Policy, says thinking about ethics before policy “is the right order”.

The centre aims to encourage discussion about these issues in academia and public domains. Currently, it’s focused on predictive AI systems used by government agencies. These systems take personal data and predict an outcome such as likelihood of a criminal reoffending, a student dropping out of university, or a child being abused.

“They’re analytics, or statistical tools — barely AI systems — but we thought it was a good place to start because it’s very concrete and these tools are already out there being used by publicly-funded bodies. If we want to put in place policies, they can be directly implemented. We like the idea that New Zealand can be a model, in terms of how it regulates its own use of these tools.”

However, some industry sources worry delegating ethical standards to auditing bodies will make the general public even more complacent. (Why should we worry about these issues if more qualified people are working on them?)

But Knott says there’s value in a seal of approval. “I quite like the idea that you can have a seal of approval that says you can trust this system, it’s passed this and this standard criteria, it’s being evaluated regularly, and it’s explainable.

“But I fully agree there’s some other level where you want everyone to think about ethics. It’s everyone’s business. You want ethical principles to be running right through the development process of these systems.”

Ethics is knowing the difference between what you have a right to do and what is the right thing to do, according to former US Supreme Court Justice Potter Stewart. New Zealand’s use of emerging technologies will reflect its values as a nation, and communicate those to the world.

If only technologists, or even public officials, are involved in those decisions, then their visions will become our reality.

In the book, Framing the Commons: Cross-Cutting Issues in Regulation, Victoria University professor of law Susy Frankel analysed commentary on New Zealand and looked for characteristics that were said to be important for Kiwi “attitude and style”. Top of the list was, “the land”. Other themes included: “trade dependent”; “agricultural economy”; “social equality and community”; “Māori”; “innovation”.

Indigenous communities around the world are calling for sovereignty over their data, and asking questions around whose ethics, whose decisions, are determining how their data is being used.

In New Zealand, Te Mana Raraunga, the Māori Data Sovereignty Network, argues Māori data are living taonga, and should be subject to Māori governance.

Māui Hudson, an associate professor in the Faculty of Māori and Indigenous Studies at the University of Waikato, helped establish Te Mana Raraunga. He’s based in Hamilton, but currently has the schedule of a famous author on a book tour, such is the interest from government agencies on how to encompass both conventional ethics and tikanga Māori.

Taonga is associated with value, Hudson says. Everything has inherent value, but in some cases, it has extrinsic value as well. Think about plants, he continues. “All of the plants in the environment have their own value and contribute to biodiversity. But then there are plants that can be used for particular purposes, such as weaving, or carving.

“All of a sudden, you’ve added extra value to that thing and you’re going to look after it in a slightly different way.”

All data has value, Hudson says. But some data, in certain contexts, has more value that needs to be protected and maintained.

How? “That’s the sort of thing we’re working through at the moment.”

/

Taking ownership of our digital selves

Technologists are trying to take back the internet for the more than 3 billion people who use it. Giving people total control of their own digital data has been described as a ‘key task of this century’. But are we ready for that? Katie Kenny reports.

There’s a line of what looks like glitter on the floor. The line is 182 centimetres long and 1 millimeter wide, though stray sparkles blur its straight edge.

Luke Munn is also 182cm tall, and he made the line, in more ways than one. He posted the holiday photos, wrote the status updates and birthday wishes. The glitter is data; his entire Facebook history, downloaded onto CDs then shredded and arranged for this project, titled ‘Timeline’.

“It’s really about embodiment, taking something immaterial and making it material,” says Munn, from his home in Dairy Flat, north of Auckland. “I’m interested in the collapse between the virtual and real worlds.”

The Christchurch-born artist, whose works have been featured around the world — from Barcelona to London, New York to Istanbul — says he’s always been interested in contemporary technologies, and how they shape our everyday lives.

Eight years ago, he committed “Facebook suicide”. He was uncomfortable with the notion a Californian technology company was profiting off his social activity. He’s not the only one.

WHO OWNS YOU? /

The hard core programmers who helped build the web feared commercialisation. Of course, that was inevitable, and has allowed it to flourish as a platform for creativity and innovation. Things that you traditionally had to pay for (the news, for one) became freely available online.

As the internet grew, so did the amount of data users generated. And we didn’t keep control of that data. Instead, our digital information became a kind of payment for free or cheap services. Hence the truism: “If you’re not paying for it, you’re not the customer; you’re the product being sold.” (Slate’s Will Oremus penned perhaps a more accurate but ungainly alternative: “If you aren’t paying for it with money, you’re paying for it in other ways.”)

The big data business model was born; allowing advertisers to target us, companies to personalise pricing, government agencies to make predictions about us, and technology giants to train artificial intelligence systems (such as Google’s reported use of data from Android devices to help its algorithms predict our behaviours).

Our digital selves are now scattered across tens, or possibly hundreds, of different sites. For a long time, we’ve been OK with that. We’ve become comfortable with the idea that Facebook owns our social circle or Google owns our search history.

But as more intimate data, such as medical records (everything from medications to diagnoses to whether you’ve had an abortion), becomes digitised, a growing number of people are asking how we want it used, by governments, universities, and corporations, during our lifetime, and beyond.

Let’s focus on healthcare data, for a moment. Legally, a deceased person can’t have their privacy breached under New Zealand’s Privacy Act 1993. While the Health Information Privacy Code prevents disclosure of personal data for 20 years after death, there are few other barriers to the posthumous use of digitised healthcare information. This information has incredible potential to improve care, but also to be commercially exploited, says Dr Jon Cornwall, a senior lecturer at Otago Medical School’s Centre for Early Learning in Medicine, who’s researching the issue.

“Most people would be happy to donate their information for the benefit of everyone, but as soon as you attach financial value to that, you have problems.”

Giving away personal data with every online interaction can feel as inconsequential as scattering glitter, or shedding skin cells. It’s not until we take a step back and see what can be made of it, that we realise its true value. Cornwall says giving away sensitive data, such as, say, genomic information, is more akin to donating an organ.

“People can decide [whether or not] to donate their organs after death,” Cornwall says. “But, at the moment, people aren’t choosing to donate their data. They’re not given that option.”

But in one recent case, they were. And when given the chance to opt out, most didn’t.

In July this year, DNA testing service 23andMe, announced a new deal with pharmaceutical company GlaxoSmithKline (GSK). For $460m (US$300m), the drug giant gets access to 23andMe’s database. 23andMe said its five million-odd customers could opt out of their data being used for drug research, but the vast majority opted in — perhaps not appreciating they were essentially paying to donate their data to a huge company conducting a for-profit research project.

THE DATA POLICE /

What would happen if 23andMe lost control of its data? Or if GSK used it for some nefarious or distasteful purpose? Currently, a patchwork of insufficient regulations is all that’s keeping misuse in check. New laws such as Europe’s General Data Protection Regulation (GDPR) are lifting expectations of best practice. In response, companies around the world had to update their policies by May 28 this year to comply with the tough privacy rules, which include ‘the right to be forgotten’, or, the right to require a company to erase all of your personal data and halt third party processing of that data.

Many of the public submissions about the Privacy Bill introduced to Parliament this year, to repeal and replace the Privacy Act 1993, refer to the GDPR as exemplary. The key changes provided for by the bill are: giving more power to the Office of the Privacy Commission to issue compliance orders; introducing criminal offences with fines up to $10,000; and making it mandatory for organisations to report privacy breaches that “pose a risk of harm to people”.

However, the likes of the Privacy Commissioner and InternetNZ have said the bill doesn’t go far enough. It doesn’t, for example, include the right to be forgotten.

Technology itself is another line of defence. For many years, technologists have been working at ways to secure our digital personalities. Now that the issue has become a mainstream concern — and technology has sufficiently advanced —  groups in New Zealand and around the world believe they’re on the cusp of so-called self-sovereign identity systems.

Tim Berners-Lee is leading the development of one of these systems at the world-renowned Massachusetts Institute of Technology (MIT). The world wide web founder this year wrote an open letter laying out his concerns about the concentration of power online, with “a new set of gatekeepers” controlling which ideas are seen and shared.

“What’s more, the fact that power is concentrated among so few companies has made it possible to weaponise the web at scale.”

Mark Pascall, of blockchainlabs.nz, shares concerns that cyberspace has become cyburbia — privately owned and operated.

Cryptocurrency and blockchain circles are typically populated by slick, self-described experts with bombastic presentations. Pascall stands out not only for his height but for his softly-spoken, unassuming manner. Like those early programmers, he believes in creating an accessible, safe and sustainable web.

“The world has moved into what many people would argue is a very dangerous place, where a handful of companies now own and control our personal information at an unprecedented scale in order to drive profit to their shareholders,” he says.

A decade ago, technology enthusiasts began buzzing about a new cryptocurrency called Bitcoin. This form of digital money, invented by a programmer, or programmers, named Satoshi Nakamoto, proved it was possible to exchange value online without an intermediary such as a bank. All Bitcoin transactions are registered, chronologically, in blocks of data. Those blocks of data are then linked to all previous blocks, and stored on hundreds of thousands of computers around the world that make up the network. The resulting record is called the blockchain.

This software architecture has been replicated and tweaked to store all kinds of data anonymously, yet securely. The data is distributed, meaning it isn’t stored in a central place, and it’s decentralised, meaning it’s not owned by a central agency. If you’re familiar with Google Sheets, this is kind of like an encrypted, read-only sheet.

“The blockchain gives some very powerful tools that we as developers, entrepreneurs, disruptors, can start to use to rethink privacy and how we control our data,” Pascall says.

If you believe the hype, blockchain is the future. But critics say the technology still has issues with efficiency, and scalability. There are few applications of it in the real world.

Pascall thinks the race to create identity systems is helping change that. “I feel people are genuinely becoming more nervous about the amount of control organisations like Facebook and Google now have over us,” he says. “We don’t have any better alternatives, currently, but I think we’ll see a shift that will change the face of commerce and society.”

ID ME /

Wynyard Quarter describes itself as Auckland’s newest waterfront neighbourhood. Formerly an industrial port, it’s now the site of high-end residential and commercial developments. It’s also the home of an organic movement known as Wynyard Innovation Neighbourhood; comprised of like-minded, non-competitive companies sharing knowledge and supporting local innovation.

Last year, ASB Bank, Datacom, Mercury, Spark Ventures and others started working on a digital identity platform, under the stewardship of the Department of Internal Affairs (DIA). Guy Kloss, then at Spark Ventures but now at software company SingleSource, was heavily involved in the project, called Kauri ID, from the beginning and now works on it full time.

So if all these big companies are involved, who owns the project? “Nobody really owns it,” Kloss says. “That’s the refreshing thing about it. If someone claims intellectual property on it, they’re dooming it to failure. Instead, it becomes an open protocol. Something that is basic, versatile, and it’s up to everyone else to build a business model around it.”

The vision is twofold: to give power back to individuals by allowing them to be in control of their digital identity, and to take the pain out of compliance for organisations and enable “risk free business”.

“We didn’t just use blockchain because it’s hip at the moment,” Kloss says. Rather, it allows Kauri ID to be secure, immutable, and free from custodianship. Unlike with Facebook, and Google, with Kauri ID the user is in control of their own information, and who has access to it. That’s what self-sovereign means.

A self-sovereign system gives users more control even than services such as RealMe, the verified login tool Kiwis can use to prove to businesses and government departments who they are without having to hand over physical documents such as passports. While the DIA initiative has been praised for its security practices, it still involves a third party looking after the data.

Kloss hopes Kauri ID will “permeate throughout our entire life” — that people will use it to become AA members, or get a bank loan, or join their local library, or buy beer, without having to go through a third party.

The idea is the user will create their own chain of identity “hooks”, he explains. Each hook represents a different part of their identity; one hook for social networks, one for finances, another for Work and Income, perhaps, another for the local library.

“Only the individual holds the encryption key. So their information could be painted on the Sky Tower in plain sight, and no one else would be any the wiser about whose it is and what it means.”

If you need to provide your name and date of birth to use a service, for example, you unhook only what’s needed. “If I go and buy alcohol, I usually present my driver’s license, which contains all kinds of information. In the end, the retailer only needs to know, not even my birthday, just that I’m over 18.”

Ideally, he adds, the technology could be used not just throughout the country but across the globe. But that’s a long way off. Kloss expects to have a working prototype ready for testing later this year, but says “mainstream” adoption could be a decade away.

“Hopefully within one or two years, there’ll be pockets of society using it, here and there.”

Kauri ID is just one of several similar projects in New Zealand. Others include Sphere Identity and Ego Identity. On its website, Sphere says it’ll be launching this year, but that doesn’t seem to have happened yet. (CEO Katherine Noall didn’t respond to my request for comment.)

Ego Identity is a startup born from Kiwibank’s FinTech Accelerator programme, and backed by Centrality, a Kiwi “blockchain venture studio”. (Centrality also has ties with Kauri ID.)

Andy Higgs, general manager of strategic partnerships at Centrality, describes self-sovereign identity as New Zealand’s next big innovation, “like Eftpos, 30 years ago”. Higgs’ vision — and Centrality’s — is of a peer-to-peer marketplace where consumers have control of their own data.

“Data has become controlled by a few rent-seeking, ‘middle men’. What we’re trying to do is decentralise the process and distribute that data back to people who are creating the value,” he says. “It all starts with digital identity, because you can’t create a peer-to-peer marketplace unless you can identify a person, or business, and that they’re connected to a wallet address, which is basically like a bank account in the blockchain world.” (No one has to trust anyone else because it’s impossible to cheat the system, provided the software has been written correctly.)

In this marketplace, data would be “tokenised”, meaning it would have value and individuals would get rewarded for sharing it. “It’s kind of like loyalty on steroids,” Higgs says. “You might be prepared to give away your facial data for skipping the queue at customs, for example.”

In order for this sort of thinking to truly take off, Higgs acknowledges the public has to be on board. “Working on the Ego Identity project, it’s all very cool, and we feel very noble, giving people their data back, but we have to keep asking, where’s the value for the customer? How do we make people care? Well, you’ve got to give them a better experience, you’ve got to make it easier, and potentially reward them on top of that.”

If this sounds a bit far-fetched that’s because, well, right now, it is. And it’s fair to say blockchain has a bit of PR problem to work through. Bitcoin introduced blockchain to the world, which attracted public interest and money, but also buzzwords and bandwagon behaviour.

But, at the very least, these movements might get people thinking about the value of their data. Even if it’s being held by someone else, Kiwis, under the Privacy Act, have the right to request information held about them, and correct it. Organisations also have an obligation to be transparent about how they’re using it.

“We’re at a point now where there’s a groundswell of opinion around the world that this data thing needs to be sorted out,” says Peter Fletcher-Dobson. “And at the root of it is this idea of self-sovereign identity.”

Fletcher-Dobson, until recently a digital advisor to Kiwibank, now runs his own innovation consultancy. He sees digital identity as being “one of the key tasks of this century”. “I think we’ll look back and see it as amazing that we didn’t have this capability, this right if you like, to own our own data. It’ll be like not having the right to vote.”

 ‘Sent Mail Sheet’, by Luke Munn, mines data from eight years’ of emails, generating an image of life patterns and productivity. Credit: LUKE MUNN

‘Sent Mail Sheet’, by Luke Munn, mines data from eight years’ of emails, generating an image of life patterns and productivity. Credit: LUKE MUNN

‘Sent Mail Sheet’, by Luke Munn, mines data from eight years’ of emails, generating an image of life patterns and productivity. Credit: LUKE MUNN

Sent Mail Sheet, a different artwork by Munn, is a white silk sheet hanging from the ceiling. It’s covered in pale purple crosses — some spread apart, others close together, even overlapping. Each cross represents an email Munn has sent over the last eight years. Arranged by time and date, it’s another timeline, of sorts. A map of life patterns and productivity.

“Again, I’m exploring how to make the immaterial, material,” Munn says. His digital data has become an object you can walk past, and touch. It sways as people move around it.

Perhaps if we saw our data how Munn sees it, as an insight into ourselves — our preferences and behaviours — we’d better understand its value.

“There’s an apathy around privacy, and I don’t know if that will change any time soon,” he says. “One way we could think about it is not who has my information, but what are they using it for?”

/

Can big data save us all?

We’re in the age of big data, they said. It’ll solve all your problems, they said. And, sure, from sciences to sports, marketing to health, there’s a trend towards data-driven discovery and decision making. But it’s much easier to exploit big data for profits than social good. Katie Kenny reports.

Uber’s vice president of design, Michael Gough, sees his role as not only designing the company’s products, but also its reputation. As he addresses the audience gathered in Auckland’s Aotea Centre for an international design symposium, it’s clear he’s good at his job.

Around 2000 business people, design students, and artists have gathered for the ambitiously titled Future of the Future event, featuring Airbnb, Google, Netflix, Facebook, and Uber.

Here, glasses, Woody Allen-style, are largely non-functional. Speakers are referred to as “visionaries”. Their work isn’t simply design, but “storytelling”. And Uber isn’t a ride-hailing app, or a transport company, Gough says. No! “It’s an opportunity company.”

He perches on a stool like a country singer, top buttons of his shirt undone, and talks with his hands. “It’s virtual systems at global scale that have substantial real world impact.”

He highlights the company’s advances into food and freight delivery, and self-driving vehicles, and shares his vision of a future with flying cars. “Imagine a world where every transportation system talks to every other system.”

Imagine, Gough continues — standing again, striding across the stage — a city totally connected and constantly exchanging data between say, roads and street lights, and new systems not yet invented. “If you have all this data, you ask, what else can you do?”

In January last year, Uber started sharing it with cities and transit agencies around the world, “to make it even easier for people to move around”.

If you use Uber, you’ll be aware it collects the information you provide when you create your account, as well your location and device details when you use its services. Depending on your device settings, it’s also likely accessing your address book, tracking your location when you’re not using the app, and following your activity on other websites and services.

Not only can the data alert maintenance workers to a pothole, it can also measure the impact of major events and analyse movement patterns to help inform urban planning. (New Zealand’s public agencies don’t use this data, but do monitor traffic flows with cell phone location and Google data.)

Movement is success, Gough says. Uber can address “transport poverty”, and its consequences, including unemployment. Lofty stuff for a software company — one that continues to grapple with complaints about it flouting laws and fighting with regulators.

Of course, with progress comes unintended consequences, Gough says. Lots of people will lose their jobs. More rides mean vehicle emissions. He shrugs. “We set out to run a business, not solve global warming.”

There are many versions of this sales pitch: big data will run, and save, the world. It will combat poverty, climate change, unhappiness, and crime. But first — someone must have said — it will make the likes of Facebook and Google billions of dollars, and greatly improve our online shopping experience.

In 2007, technology magazine Wired brought the term “big data” to the masses with its article, ‘The End of Theory: The Data Deluge Makes the Scientific Model Obsolete’. Chris Anderson, editor in chief of the magazine, argued big data would do away with the scientific method. Theories and models and context were no longer needed. Only data.

“For instance, Google conquered the advertising world with nothing more than applied mathematics,” Anderson wrote. “It didn’t pretend to know anything about the culture and conventions of advertising — it just assumed that better data, with better analytical tools, would win the day. And Google was right.”

But the backlash following Cambridge Analytica, the consultancy that illegally obtained Facebook data to psychologically manipulate tens of millions of users to influence elections, is just one example of why blindly following data isn’t always the best idea.

While technology giants have ownership and control over the largest repositories of personal data, making our lives better on an individual and societal level isn’t their first priority. And with increasing public concerns about personal data mining, organisations — both private and public — fear overstepping the line and ending up on the wrong side of public trust.

So how can society strike the right balance between exploiting the economic potential of big data, and harnessing it for social good?

01000100 01000110 01010011

In May this year, Christchurch-based Jade Software revealed it had built a tool, a machine learning algorithm, which can predict the likelihood — with 92 per cent accuracy — a student will drop out of university.

Machine learning essentially means systems can learn to perform particular tasks without being explicitly programmed. Rather, they do this by analysing historical information. In the case of the dropouts, 15 years of historical student records, including students’ grade point average, age, distance of residence from campus, enrolment history, ethnicity, how they pay for their studies, and other information.

Now, the tool is able to be fed current data and predict the likelihood of a drop out as a percentage score. That score is then given to the university, which can assess the risk at an individual level and offer appropriate care and support.

Universities can also identify if certain groups are more likely to drop out, and better target those students in induction processes, explained Eduard Liebenberger, head of digital at Jade.

Speaking to me again, months later, Liebenberger says some of the public concerns in response to the tool surprised him.

“People were worried about the tool being used to profile applicants for universities to, you know, get only the good ones. And that’s something we wouldn’t engage in. That sort of profiling goes against what I personally believe in, and our brand. You can’t weed people out without looking at them individually. Data is always just one side of the story.”

People balk at the idea of machines making decisions about them, but that’s not the goal, he says. The machine simply makes suggestions, and trained professionals use that information to better inform their decisions.

“I think the key is finding the sweet spot where people are more impressed than worried.”

While it’s inevitable for-profit businesses will be faster to pick up new technologies, it’s also a commercial necessity for online content and infrastructure. As digital platforms have shifted from making money through selling advertising to making money by mining and selling personal data, they’ve been forced to innovate, often at the user’s expense.

And we’ve tolerated it. We’ve waived privacy for convenience every time we’ve hailed an Uber, or shared a photo on Facebook, or asked Alexa or Google Home to add something to our shopping list. That’s not necessarily a bad thing, it just goes to show these platforms have a huge advantage when it comes to harvesting data; the power of incentives.

We’re less likely, and less willing, to share information with non-profits, health providers, or public agencies, which in turn limits the ability of these organisations to use data for good in society.

By design, to protect our privacy, government data is siloed and difficult to access. But the potential of that data is huge, Liebenberger says. While the government is “rightfully concerned” about public opinion and potential backlash, it remains too risk-averse.

The same sorts of models that can predict what Netflix show we want to watch, or whether a student is likely to drop out of university, could be improving the efficiency of almost every health and social agency, he says.

Perhaps the thing that scares people most about machine learning algorithms and artificial intelligence in general — other than, of course, dystopian future scenarios involving immortal robot dictators from which we can never escape — is that these subjects are difficult to understand. Most of us feel as though they’re happening on another plane, and we have little to contribute to the discussion.

But by staying silent, we’re allowing a small group — technologists, mainly, or executives, or public officials — to dictate how our information is used in ways that affect all of us. The technology is coming, whether we like it or not, Liebenberger says. So we may as well make the most of it.

This is what’s happening on various online platforms in an average minute in 2018. (Content compiled by Lori Lewis and Chadd Callahan, and illustrated by Jemma Cheer.)

This is what’s happening on various online platforms in an average minute in 2018. (Content compiled by Lori Lewis and Chadd Callahan, and illustrated by Jemma Cheer.)

This is what’s happening on various online platforms in an average minute in 2018. (Content compiled by Lori Lewis and Chadd Callahan, and illustrated by Jemma Cheer.)

Eighteen million text messages sent; 4.3 million videos viewed on YouTube; 3.7 million search queries on Google; 187 million emails sent; 973,000 Facebook logins. This, and more, is what happens in an average internet minute in 2018.

More data means smarter artificial intelligence, which in turn accelerates advances in computing. It’s a virtuous cycle (or a vicious one, depending on your perspective). As a result, organisations with fewer technical resources are able to get in the game.

Humanitarian organisations are increasingly realising the value of big data, and turning to it to reduce the cost and increase the speed of their work.

Nasa’s Landsat programme has produced the longest-running database of satellite imagery of the Earth’s surface. The record is used as a resource for managing the world’s food, water, forests, and other natural resources.

Global Pulse, a new initiative by the United Nations, is working to “accelerate discovery, development and scaled adoption of big data innovation for sustainable development and humanitarian action”.

Unicef leveraged data platforms to inform its work during the Ebola crisis. Closer to home, the children’s charity is analysing real-time data in Tonga following Cyclone Gita, for monitoring the distribution of supplies.

David Parry, head of computer sciences at Auckland University of Technology, has spent a decade studying mistakes made during surgery. Specifically, mistakes made by anaesthetists during surgery. He does this by using wearable trackers to detect whether an anaesthetist is moving in a way that suggests they’re likely to make an error during simulated operations.

“The good thing in anesthesia is there are very few errors made, the bad thing is that makes them very difficult to observe and learn from,” he says.

By tracking simulations, a computer can learn the warning signs of an error. One day soon, Parry hopes, the technology will be able to monitor and warn surgical teams in real time, and prevent needless deaths.  

The study is part of a larger one looking at the rearrangement of operating theatres to reduce effort and error. Recent advances in sensors, data processing power, and deep learning (part of the broader family of machine learning), have accelerated this area of knowledge, Parry says.

However, these advances have also raised moral dilemmas; he expects such close observation, and judgement, of professionals could be a hard sell to clinicians.

“No one wants errors. But there has to be explicit understanding of what you can and can’t do with this information. Because it’s not going to be just in hospitals. It’ll be in factories, mines, any workplace where there’s risk. We’re going to have to have contracts and laws around this.

“The big danger is employers will assume that because you’ve signed up to provide this data, it can be used for anything. And that’s not acceptable.

“Let’s say you have to downsize your department, well, you can’t just look at the data and drop the doctor who’s made the most mistakes.”

As with almost everything, then, big data can be used for good and bad. “There’s potential for a lot of misuse,” Parry says. “And we’re behind the ball, as a society, we haven’t addressed that.”

Head of design at Figure.NZ, Nat Dudley, agrees: “Data isn’t benign. And the use of data to drive decision making is especially not benign.”

Set up in 2012, Figure.NZ is a New Zealand charity with a mission to make data more accessible. Its software takes data from hundreds of government sources and processes it to make it machine-readable, and easily able to be visualised. As well as publishing more than 40,000 charts and maps about New Zealand for public use, the organisation also works with schools, businesses, media, and government agencies to teach data literacy.

“When you only care about making a profit, it’s easy to ignore the complexities of humanity, and design algorithms that use data to do just that,” Dudley says. “If you want to harness data for true social good, you need to be a lot more careful about bias and data quality and your risk of discriminating against your citizens.”

Dudley says it’s good the public sector hasn’t rushed to solve social problems with big data, given the potential ramifications. “It’s tempting to think that the Government should use all this data to identify how to change the country for the better, but it’s more complicated than that.

“The data doesn’t tell the whole story about people’s lives, and to really understand how to improve things, you need to get out and talk to the people who are impacted. This all takes time and money, and these are complicated problems, so I’m actually relieved that government hasn’t just jumped into using their byproduct data to make massive decisions about our future.”

Having said that, she adds, there are plenty of good examples of agencies using data to inform their policies, such as Pharmac, when deciding which medicines and pharmaceutical products to fund.

Those examples are currently being compiled as part of an “urgent” algorithm stocktake, ordered by former Government Digital Services Minister Clare Curran and Statistics Minister James Shaw, and overseen by chief information officer Colin MacDonald and Chief Data Steward Liz MacPherson.

Also Government statistician and chief executive of Statistics NZ, MacPherson is custodian of the country’s most valuable database, the Integrated Data Infrastructure (IDI).

The IDI brings together data from a range of different sources, from government and non-government organisations to Statistics NZ surveys, and removes identifying details. It stretches back to births, deaths, and marriages data from the 1800s, but most of the data is from the 1990s.

Researchers can gain access to the IDI for projects that improve the lives of New Zealanders. There are lots of strict rules around the data, owing to its sensitivity. For example, it can only be accessed from designated laboratories set up around the country. Before any results are published, Statistics NZ makes sure they’re sufficiently anonymised.

To date, the resource hasn’t been used for machine learning, MacPherson says. While Ministry of Social Development and Ministry of Justice staff have done risk modeling work, more commonly it’s used for traditional research projects such as looking at cardiac risk factors and understanding the gender pay gap.

“I don’t think we’ve scratched the surface of what we can use it for,” she says.

Because the Government isn’t yet using more complicated and sophisticated algorithms, there’s an opportunity to pave the way with clear guidelines. “The stocktake shows we’re very early in our use of algorithms in the public sectors.”

Does this mean we’ve been too cautious? Possibly, but we need to have a nuanced approach, she says. “There are areas where there are critical decisions being made, where you’d like to have a human involved, and there are other areas where you could use more machine learning and artificial intelligence to make processes just so much more efficient.”

Although her role is primarily about public sector data, Statistics NZ also collects data from industry groups and, increasingly, the private sector.

“Some of our colleagues overseas have been experimenting with using cellphone data, with respect to understanding population movements in real time across the country. We’re starting to do that here, too. There’s huge potential here for getting a much richer understanding of how we’re moving around New Zealand.

“The issue is keeping both the value, but also maintaining trust and confidence at the same time.”

Data has become ubiquitous, yet it’s difficult to understand and can feel removed from our lived experience. For these reasons, it’s inspired many metaphors, from natural resources to be mined and refined, to byproducts such as exhaust or smoke.

Sitting in a sparse, sunny meeting room which doubles as her office in Wellington, MacPherson says data is “key infrastructure”. Society needs to fund it and look after it as though it’s a school system or a sewerage network. People need to be trained in how to use it, and follow rules.

But data is also a person, or a part of a person.

“Every dataset, is a person, a family, a community, an iwi, a hapū, a whānau. And we need to be taking data seriously from that perspective, and looking after it in a way that maintains people’s trust and confidence.”

This series was made with funding from Te Pūnaha Matatini, through the Aotearoa New Zealand Science Journalism Fund.

The content will be made available under a Creative Commons license one month after publication.

REPORTING / Katie Kenny
VIDEO / Alex Liu
EDITOR / John Hartevelt
DESIGN & DEVELOPMENT / Suyeon Son
ILLUSTRATIONS / Jemma Cheer