Happy Boxing Day from everyone at Ward PLLC. We hope that you’re all having an enjoyable, and suitably private, holiday season. For many people, today is a day of quiet, calm, reflection, relaxation, and desperately trying to find out if you can get cash refunds from Restoration Hardware for the gifts your in-laws inexplicably decided you wanted or if it’s just store credit. (Really, Janice? Another reclaimed wood candleholder?)
Some gifts are better than others, of course, and you may have gotten some new gadgets or toys that you’re excited to try. Before you do, however, it might be worth taking a look at our list of eminently returnable gifts. Sometimes, in our excitement to try something new, we don’t really think too much about the privacy/data ramifications of what we’re doing, especially after that Christmas-morning Baileys has kicked in. So, here you are, our list of two gifts to send back or to at least use with caution.
DNA Kits (Any of them)
Understanding ancestry is a fun way to bring the family together – you get to learn about your background, history, and maybe discover family members you didn’t know about. People have been doing this kind of research on the internet more or less since the beginning, and sites like Ancestry.com exist precisely because people have such a deep interest in uncovering facts about themselves. These kits are extremely popular this holiday season, and they are a massive moneymaker for the companies that sell them.
The DNA test component is, in some ways, just an extension of the online ancestry search process. You take a swab with a q-tip, send it in, and in a few short weeks you receive analysis of your background and, potentially, identification of others in your family network. The results typically come in the form of a percentage breakdown in how your DNA matches to certain countries: you might find that your results are 50% German/Austrian, 30% British Islands, 20% Spain/Iberian Peninsula.
Sounds great, right? Maybe. But these kits have data problems and privacy problems, which is a bad combination for a $50 gift. On the data side, these tests aren’t really giving as accurate a picture as one might think, largely because DNA has little to do with geography except over long periods of time. Consider it this way: if our DNA changed every time we moved to a new country, our genetic composition would be so mutable as to be effectively uncontrollable. DNA test companies know this, which is why the fine print in their products state that they can only identify traits with accuracy to a continental level: that is, if your ancestry is African and Asian, they can pretty much guarantee a good prediction to that effect. But more granular than that? Guesswork. And the guesses are only based on the data in these companies’ databases: there aren’t genetic signifiers that say “Portuguese! Thai! Chilean!” They simply match your genetic traits with others in their database to show general trends pointing to one or more countries.
And if that data matching/accuracy issue weren’t concerning enough, consider, too, the privacy implications. You have only a handful of immutable characteristics, including your fingerprints (up to a point), your retinas, your irises. But your DNA is not only a biometric identifier (proving who you are) it is a biometric storyteller. DNA reveals predisposition to disease, gene variations, near-indisputable links to other people. It is an ultimate authority on you as a physical being, forever.
And you’re going to put it in the mail and give it to a company you don’t know to be examined by people you’ve never seen.
This is not to say that every DNA kit company is out to sell your data to insurance companies (who aren’t supposed discriminate against you based on your DNA anyway) or to malicious actors. But the risk is high enough, for instance, that the Pentagon has issued guidance to servicemembers that DNA kits are a security risk that can pose problems for advancement and future security clearance. Also, consider whether you can really identify every third party that will review, see, access, or use the DNA data you provide. Or how sure you are that your DNA data will be stored, securely, forever, and not stolen in a mass biometric data breach. Or stolen by a foreign government. And whether you’re happy to be sharing your DNA data, which happens to be related to the data of literally everyone in your family, including unborn grandchildren or unknown cousins.
We’re not necessarily saying to never use a DNA kit. We’re just saying that you should consider the risks, to yourself and others.
Amazon Ring
Oh my. If….if someone got you one of these, then it might be time to sit them down for a talk about surveillance. This is one of those tools that, on its own, seems like a fantastic idea: the ability to see who’s at the door, to buzz them in remotely, to have a built-in security system, all with the easy UI of an Amazon project. Plus, now you can find out who keeps stealing your Prime Now orders from Whole Foods.
Of course, as the video above makes clear, keeping track of what’s going on at your front door is a central value proposition for the Ring. It’s also why they have become extremely popular with police departments. In fact, some departments are now offering to give Rings out, for free, in exchange for the right to review the footage recorded. And that’s nothing compared to the surveillance bonanza uncovered earlier this year showing that, whether you’ve consented or not, Amazon has shared vast stores of recordings with police departments around the globe. And there’s not much of a limitation on how the data is shared: Amazon has, at various times, agreed to provide 12 hours of video at a time within a range of half a square mile.
Again, this is not to say that you cannot or should not install a Ring system. There’s nothing wrong with wanting a secure system to monitor or protect your home, or the ability to remotely allow someone access to the front door. It’s the secondary aspects of the Ring that require serious consideration and, like the DNA kits, those aspects often involve the rights and privacy of other people. Before you make it a component of your own life, determine whether there are other methods for achieving the same outcomes that give you the same kind of functionality with fewer tradeoffs. We imagine that you’ll find there are, but if not, you can always exercise more control over the setting of your device to limit the privacy consequences.
The Law of Unintended Consequences
The reason we selected these two gifts for discussion is because they represent a phenomenon that bears scrutiny: the unintended, third-party consequences of our usage of devices and services. It’s one thing to use a product and know (as many of us intuitively do) that we’re trading our privacy and/or data for the convenience it provides. Yes, we realize that the phone company will know our precise location when we use cellphone service, but we’re willing to make that trade largely because we accept it as a condition of what we want. But now we’re beginning to see the reality that underlay these tradeoffs more clearly: there are always other effects to the sharing of data or an agreement to monitoring. When it isn’t just your image, privacy, or identity at stake, the calculus of when we should agree has to change.
It’s certainly true that any product has tradeoffs, and that any service comes at a price. And it’s also true that most things we may buy come with consequences for other people, like the constant droning of the toy bagpipe set my kids got for Christmas (thanks again, Janice). But avoiding inconvenience or annoyance are in a different class than protecting sensitive personal data or personal identity. Even when something is free (like a gift), that doesn’t mean that it’s something without cost or, indeed, without value. That’s equally true when it comes to what belongs to someone else, as when we trade someone else’s privacy for our convenience, a problem made all the worse by the fact that privacy and personal identity aren’t gifts, they are rights.
The point in all of this is that until we know more about what these tradeoffs look like, it’s difficult to make a meaningful assessment of the merits and costs. You need the relevant information before you can reach an informed decision, which means that we all need to continue pushing for an open, transparent approach to data and privacy. Rings and DNA kits are, supposedly, all about providing visibility and disclosure, but like anything that touches on personal identity and privacy, you shouldn’t use them until you’ve taken a close look at them under the light.
