NovoJuris

Coding Discrimination

Sharda Balaji
Sharda Balaji, Founder
#Big data #Code discrimination
Posted on Wed, 28 June 2017

The pace of growth of big data and its use cases are so rapid, that over the last few years regulators, lawyers and public have spoken about some of the side-effects, one of them being intended / unintended “discrimination.” With India’s collection of incredibly huge amount of data through Aadhar, we believe India has to be at the fore-front for both, model regulatory framework and building an ethics standard, which the world could emulate. For now, we are focusing on one point –“discrimination” and its harmful side-effects. Read on… code.jpgMoneyball: The Art of Winning an Unfair Game’ a book by Michael Lewis (and the movie  ‘Money Ball’ ) demonstrates how data analytics and data mining can be of help and be super efficient, to make a baseball super league franchisee achieve the impossible with a limited budget for buying players. In the movie ‘Minority Report’, ‘Precogs’ a software using Artificial Intelligence (AI) and Data Analytics (a few of its super and sophisticated attributes) for precognition of crime. And there are many such “good” use cases. As big-data, analytics and added to it a good measure of artificial intelligence where human-like decisions can be made, we may not be far from the imaginative world depicted in the movie ‘Terminator’ where the skynet (a super AI phenomenon) rules the world. Kate Crawford a principal researcher at Microsoft during her speech at MIT in 2013 said “Some people think that big data is really quite fantastic because you're working at a mass level and therefore you can't actually conduct group-based discrimination, It's actually quite the opposite.” “Big data is not colour blind, it's not gender blind and, in fact, marketers are using big data to have ever-more precise categories about you.” A research conducted on Google ad results shows how Google search engine which uses big data analytics was racially discriminating towards blacks in USA, Ms. Latanya Sweeney (Head of Data Privacy Lab at Harvard University) in her research found that distinct sounding names often associated with blacks showed up with a disproportionately higher number of arrest record ads compared to white sounding names by roughly 18 percent of the time. Google has since fixed the issue, although they never publicly stated what they did to correct the problem. Now, to big data’s ability to discriminate…. With vast amounts of data sets and intelligent analytics, there could be an intended or unintended risk of discrimination. For this blog post, we choose to call this “coding discrimination”. There are splendidly genuine motivations to offer different costs for similar items in places with better means and living standards. Think of, a purchase order placed on an ecommerce website, through an expensive smart phone from an upscale apartment, that could be priced higher compared to an order placed through a feature phone/ not so upscale apartment.  One could argue that it is ‘free economy’ if an entrepreneur and ‘discrimination’ if a user. It will be vital to look at how algorithmically-determined decisions may complicate existing socio-economic disparities beyond the pricing of merchandise and services. In India, we are yet to discover the fallacies of digital-divide in its full form. Today private entities as well as governments, have gone to exceptional lengths to empower people to transact through internet, so that they can gather information. There are various concerns when such a great amount of information is in hands of these parties. The dangers might vary from tangible and material harms (financial loss), to non-tangible harms (breach of privacy and reputation). Another class of damages of big data can be discrimination of an individual or a group. Think of Aadhar’s data set of a particular tribe, who usually have an average life span of 30 years, denied life insurance. A possibility, right? And the tribe may not even know that they are being discriminated? An illustrative case of how one association guaranteed that a major information innovation did not accidentally discriminate, comes from Boston, where the city built up a trial application (Street Bump) in association with the Mayor's Office of New Urban Mechanics. The mobile application (app) utilized versatile GPS tracking to gather data about street conditions and reported it to mayor’s office. However, as the app was downloadable on smartphone it resulted in directing public department services to areas with more smartphones, which were for obvious reasons were owned by wealthier set of people. The entities where big data is the whole and sole of their business and services shall bear in mind that technology is changing everything, it is also changing the basis of discrimination. In a world driven by technology, discrimination is not only restricted to race, sex, religion, region and etc. Constitution of India provides for Right to Equality, Right to Freedom, Right against Exploitation, Right to Freedom of Religion, Cultural and Educational Rights and ofcourse, Right to Constitutional Remedies. For sure, these are the spirit and ethics to follow as business principles. While we are building a new digital society, it is upon us to incorporate ethics and values which will define how our society shapes up in future. Please do not trash this away as moral science, a class that we would mandatorily attend in primary school. Identity, transparency, privacy and security are few of the ethical practices that have to be addressed. Identity: Masking /anonymising data related to an individual’s identity is technically possible but Netflix controversy[1], says that such anonymization is not sufficient enough. Transparency and Privacy: What is personal anymore, do you ask? An individual’s decision of sharing personal and sensitive information is underlined by a privacy “trade-off” which has become more complicated and nuanced with the growth and evolution of big data analytics. The trade-off is between how much information is an individual willing to disclose, so as to avail benefits and features of the mobile applications or services. When government mandates providing personal information and then link it to every governmental service, then it goes to the basis of the citizen’s fundamental rights under the Constitution? Websites, mobile applications and such other online services, in their terms of use and privacy policy specifically mention that usage is subject to agreement to the respective terms and conditions and privacy policy, the individual does not have an option, either he has to accept these terms and privacy policies ‘as is’ or he shall not use or subscribe to these services. Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“RSP Rules”) mandates that any entity collecting Sensitive Personal Information shall provide the individual disclosing such information with the terms of use and privacy policy. The entity collecting any Sensitive Personal Information shall take such steps to ensure that individual disclosing information has knowledge of:

  1. The fact that information is being collected,
  2. The intention and purpose for collection of such information.
  3. The intended recipients of such information,

The name and address of the agency collecting such information and entity which will retain such information. While RSP Rules requires an active opt-in, users now are almost habituated to clicking “accept” without having read the terms or if there is a default opt-in, too bad it is not compliant to RSP Rules. Security: The above regulatory procedures are mandated to keep the information safe and secure.  RSP Rules go on to prescribe the security measures to be taken, inform about security breaches etc. The point though is that RSP Rules makes it compulsory for the body corporate to certify or conduct an audit to check the validity and effectiveness of ‘Information Security Techniques’ (IS/ISO/IEC 27001) so as to comply with the Rules.  But shouldn’t the regulators or enforcement agencies have the ability to check data use/ data discrimination practices? So, shouldn’t the Information Technology Act / RSP Rules provide for it?   Author: Manas Ingle Disclaimer: The information contained in this post is for dissemination purposes only and shall not be relied upon as an opinion. For any help or assistance please email us on  relationships@novojuris.com [1] Why 'anonymous' data sometimes isn't, https://www.wired.com/2007/12/why-anonymous-data-sometimes-isnt/

Contact us for a Solution

Contact us for more information about our services and how we can help

Contact
Disclaimer

As per the rules of the Bar Council of India, we are not permitted to advertise or solicit work. By accessing and browsing through this website, all users agree and acknowledge that the content of this website is for informational purposes only and that there has been no form of solicitation, advertisement or inducement by NovoJuris Legal or its members, in any form. No information provided on this website should be construed as legal advice and NovoJuris Legal shall not be liable for consequences of any action taken by relying on the information provided on this website.

I Agree Disagree