From: Time
Microsoft’s senior advisor to the CEO argues that the collection of data is too hard to control; we should regulate its use instead.
By Doug Aamoth
Craig Mundie is Microsoft’s senior advisor to the CEO, spending his time on big-picture stuff such as (according to his bio) “key strategic projects within the company, as well as with government and business leaders around the world on technology strategy, policy, and regulation.” At the EmTech MIT conference on Thursday, Mundie leveraged his expertise in policy and regulation as it pertains to issues of cybersecurity and personal identity.
Mundie recounted the initial privacy uproar that occurred when credit cards first became available: People were worried that banks could track their credit card purchases, which was true, but ultimately decided that giving up access to this data was worth the tradeoff of convenience and having access to credit. People could control the collection and retention of their data on a simpler level — get a credit card or don’t — which has been one of the basic tenets of the data-collection model for the past 30 years. But Mundie said he thinks “it’s now failing in a gargantuan way.”
When asked why, Mundie responded, “Because there’s just too much data being collected in too many ways. And most of it now is from things where you don’t feel like you had a specific role in the transaction.”
Mundie continued, “I think now it’s just you’re being observed. Whether it’s for commercial purposes or other activities, I don’t think it’s possible anymore to decide to control things by controlling the collection and retention of the data. That’s been what we’ve done, legally, in this country and elsewhere, and I think that’s run its course and we have to move to a new model.”
In other words, instead of trying to opt out of everything that could possibly track you, let’s all just accept that a lot of data’s being constantly collected about us and instead regulate how the data is used. The cat’s out of the bag; the toothpaste is out of the tube.
Mundie contends that most people don’t care so much that data’s being collected about them, it’s that they care more about how the data is used. So instead of trying to regulate the collection of data, we should be trying to regulate the usage of data.
“I think we’re going to have to have a usage-based way of controlling this now,” said Mundie. “And one way to think about doing that is to put cryptographic wrappers and metadata around these things that control the uses of data. To do that, we have to perfect identity to a degree that we haven’t in the past and we have to make sure that the incentives for comporting with those rules are there. And that’s where the law comes in.”
Leave a Reply