Budny 4:00
L06
ETHICAL DATA COLLECTION
Michelle Banas (mlb163@pitt.edu)
INTRODUCTION: A LESSON IN
ENGINEERING ETHICS
In any situation there are a certain set of guidelines
people generally stick to. These could be social norms,
classroom rules, or federal laws, which were agreed to and are
considered a base line for acceptable behavior. From them we
can then derive what is acceptable, unacceptable, particularly
favorable, and so on. In some situations these norms are
governed only by opinion while in others formal written
documents explain what is acceptable and what is not. These
formal guidelines include federal, state, and local laws as well
as things such as organizational bylaws and professional
codes of ethics. Engineering, for example, has many of these
professional codes. Perhaps the most important of them is the
National Society of Professional Engineers (NSPE) Code of
Ethics for Engineers. It lays out, quite plainly, the effect
engineers have on society by stating, “Engineering has a
direct and vital impact on the quality of life for all people.
Accordingly, the services provided by engineers require
honesty, impartiality, fairness, and equity, and must be
dedicated to the protection of the public health, safety, and
welfare. Engineers must perform under a standard of
professional behavior that requires adherence to the highest
principals of ethical conduct” [1]. This is only a glimpse into
the NSPE Code of Ethics, not to mention the numerous other
codes governing specific engineering disciplines. A much
easier way to understand the ethics behind an ethical
engineering decision is, perhaps, through example.
A Glimpse into the Development of Mobile Computing
Allow me to describe a scenario: somewhere deep
within a rather nondescript building just as deep within a
rather nondescript industrial park there is work being done on
the next mobile operating system. It could be entirely new or
simply the next version of an existing standard; it’s not all that
important. What is important is that while the team of
computer and software engineers have been working
diligently, doing their best to ignore the strange, alien noises
from the lab across the hall, and pushing to meet the date the
new software is supposed to go live, a vulnerability has been
exposed. The problem is, of course, investigated and it is
discovered that an application that comes pre-installed with
the operating system is transmitting data such as geo-location,
accelerometer readings, and other sensor readings back to the
carrier without informing the user. A setting buried deep
within layers and layers of menus allows the user to turn off
the data tracking, but by default it remains on. The team lead
brings the problem to their supervisor reporting that this
security hole can be patched but the release date may not be
University of Pittsburgh, Swanson School of Engineering
2013-10-29
met because of it. The supervisor shrugs off the team lead’s
concerns. After all, the data could be useful to the carrier. It
would allow them to improve their Dynamic Base Station
Operation set-up along with improving the data pool for other
Big Data projects. The team lead is told not to worry, to leave
that application alone, and not to mention it to anyone else.
This becomes a moral and ethical problem for the
engineers involved. Are they to simply remain silent about the
issue, as instructed, or are they to defend the user and the
user’s right to privacy?
DATA CAN BE USEFUL
The Dynamic Base Station Operation Structure
In a study performed by researchers at the University
of Southern California, the University of California at Davis,
and Tsinghua University it was shown that as of 2011 the
biggest consumer of energy in a cellular network is the
operation of base station equipment. Estimates show that base
stations are responsible for 60-80 percent of the total energy
consumption. Even when a base station is experiencing little
or no activity it is still consuming 90 percent of the energy it
would at peak performance. In order to save any significant
amount of energy entire base stations must be shut down
using a dynamic approach that allows the transfer of that
station’s usual traffic to neighboring base stations [2]. This is
called Dynamic Base Station Operation Structure (DBSOS).
By reducing energy consumption by its base stations a carrier
can save a significant amount of its operating costs. Estimates
of user traffic and location can be optimized by collecting data
from individual devices, allowing carriers to get a better idea
of when and where users are making use of their towers.
Although optimization of these estimates may have positive
environmental and financial impacts, the collection of data is
still ethically questionable as will be explained further in this
essay.
Implementation of the Smart Grid
An article published in IEEE Transactions on
Wireless Communications entitled When the Smart Grid
Meets Energy-Efficient Communications: Green Wireless
Cellular Networks Powered by the Smart Grid provides some
insight into the effects of combining the smart grid system
with DBSOS. The basic infrastructure of the grid powering
our cities, and as such providing energy to cellular networks,
is moving away from the traditional and shifting to a smarter
grid. “Specifically, the dynamic operation of cellular base
stations depends on the traffic, real time electricity price, and
the pollutant level associated with electricity generation” [3].
Michelle Banas
This is all data that can be gathered from the smart grid. Even
the International Energy Agency believes “the widespread
deployment of smart grids is crucial to achieving a more
secure and sustainable energy future” [4]. The smart grid can,
unfortunately, be just as vulnerable to a security breach as a
personal mobile phone because “the increased use of wireless
networking technology and its introduction into control center
networks and field devices have compounded this challenge.
Consequently, utilities have had to establish electronic
security perimeters (ESPs) to monitor, protect, and control
their infrastructure” [4]. If utilities go to such lengths to
protect their wirelessly transmitted data, why shouldn’t the
average user be as concerned about theirs? The lengths that
companies go to in order to protect their private data should
give some indication of what the average citizen should be
doing to protect their own.
all users would like to think their mobile device is no riskier
than a traditional telephone, newspaper, radio, and a few
amusing games combined into a convenient package. The
current state of the art is distinctly unfriendly to those people,
and their security and privacy are constantly at risk” [7].
Because data collection is not only limited to use by
a carrier, a data collection door left open by a developer could
invite other malicious developers to either attack the device
itself to gather information from a specific user or to attack
the carrier’s warehouse of this data, revealing the private data
of every one of the subscribers. This is an ethical problem
because, as stated by Katie Shilton in Four Billion Little
Brothers? Privacy, mobile phones, and ubiquitous data
collection, “data reveals a lot about your regular locations,
habits, and routines. Once such data is captured,
acquaintances, friends, or authorities might coerce you to
disclose it. Perhaps worse, it could be collected or reused
without your knowledge or permission… your location might
reveal your child’s school, your regular trips to a therapist or
doctor, and times when you arrived late or left early from
work. These traces are easy to mine and difficult or
impossible to retract once shared” [8].
It has already been shown that seemingly harmless
applications can mine for data and send it overseas without
the user’s knowledge. For example, some wallpaper apps
downloaded by over a million users were actually Trojanhorses which collected personal information and sent it to
China [9]. A user is more likely to trust what comes
preinstalled with their device than a third party application. A
data collection application built into the architecture of a
device is more likely to escape notice than something
downloaded, and as such the developer is actively deceiving
the user in order to gain access to private information by not
advising the user outright that their data is being collected.
WHAT THE USER EXPECTS
As a subscriber to any wireless carrier the user has
certain expectations about the Quality of Service (QoS) and
Quality of Experience (QoE) they receive for their monthly
fee. In a study out of the University of Western Sydney it was
found that because QoE can be influenced by a user’s
environment, device, and type of service it is an extremely
subjective matter. It has been found that three important
factors make up a typical user’s QoE. They are accessibility,
retention, and integrity of service. Security is a topic that falls
directly under accessibility [5]. Another study entitled
Security and Efficiency in Roaming Services for Wireless
Networks: Challenges, Approaches, and Prospects explains
that “Seamless roaming over wireless networks is highly
desirable to mobile users, but ensuring the security and
efficiency of this process is challenging” [6]. Users expect
basic anonymity in that “activities must not be linkable by
eavesdroppers” and non-linkability that “an adversary cannot
link the communication activities of a particular user together
and thus establish the user’s profile” [6]. By collecting data
from the user that could be used to create a profile of their
activities it is a breach of the security and privacy a user
expects from their device. By doing so the carrier also
undermines the QoE it is looking to provide to its subscribers.
What is ‘Private?’
We now understand that mobile computing and data
collection can be dangerous to a user’s privacy, but what
exactly makes the data on a mobile phone ‘private,’ making
its collection an ethical concern? As explained in Information
Ethics in the Context of Smart Devices by Brian Roux and
Michael Falgoust, “Concepts of privacy vary by jurisdiction
both ethically in terms of cultural norms and legally in terms
of developed jurisprudence… As everyday things, smart
devices appear trivial, but as extensions of our cognitive
capabilities, we have a stake in protecting the privacy of our
devices” [10].
This privacy can be explained further, though it is
context-dependent, based on the users’ relationships with one
another. To borrow an example from Roux and Falgoust,
“Imagine an agent as she goes about a fairly mundane series
of errands. At each point, she interacts with other agents and
conducts her specific business. At the end of the day, each
agent with whom she has interacted knows something about
her business, but none of them know the complete series of
WHO OWNS THE DATA ANYWAY?
An article written by Hilarie Orman entitled Did You
Want Privacy With That? goes as far as to state “mobile
phones are dangerous to your privacy.” She is gracious
enough to explain, adding “pack all that sensing and recording
capability along with numerous useful and entertaining
applications together into a small device and you have a
treasure trove of vulnerabilities that act as magnets for
exploitation” [7]. These vulnerabilities can include situations
such as our example, where data is collected and stored
without the knowledge of the user. “Certainly, 90 percent of
2
Michelle Banas
errands, so the agent’s plans remain private. Nevertheless, if
another agent follows the first and interrogates everyone to
whom the first agent spoke. If successful, the second agent
will have a detailed understanding of the first agent’s errands.
Since the first agent has not taken the second into her
confidence, the second agent has committed an indirect
privacy violation” [10]. By allowing a mobile device to track
a user’s geo-location along with other sensor data and report
it to the carrier without the user’s knowledge the device is, in
effect, acting like that second agent. It has followed the user
everywhere and recorded the details of the experience through
various sensor readings, allowing another to see this data and
quite possibly construct a profile of the user’s day without
their knowledge of the data ever being recorded.
states bluntly in its Fundamental Cannons that “Engineers, in
fulfillment of their professional duties, shall… avoid
deceptive acts” [1]. By allowing the activity of our theoretical
application to remain hidden under layers of settings and
giving no hint of its existence in the first place the developers
are, in effect, deceiving the user. As the IEEE Code of Ethics
instructs engineers “to improve the understanding of
technology; its appropriate application, and potential
consequences” [12] it is wrong for an engineer to hide aspects
of a device from the public rather than educating them about
the potential uses and dangers as it is also their responsibility
“to disclose promptly factors that might endanger the public”
[12]. Also, to not disclose the existence of this application
publicly would be omitting a material fact about the workings
of the device, which is not allowed by the NSPE Code of
Ethics [1]. Engineers are expected “to disclose promptly
factors that might endanger the public” [12] and by not
disclosing the existence of this software the engineer may
endanger many members of the public by allowing their
information to be gathered without their consent and leaving
the door open for malicious developers to collect the users’
data as well. Last, but certainly not least, “Engineers shall not
reveal facts, data, or information without the prior consent of
the client” [1]. This is, perhaps, the most directly relevant part
of the Code of Ethics. By collecting a user’s data and allowing
it to be used by the service provider the engineer is revealing
facts about that user’s personal life, and as such breaching
their privacy.
WHY PROTECTION CANNOT BE LEFT UP
TO THE USER
Unfortunately, as of present, most users take their
devices for granted. Already “the amount of personal
information in circulation over the former is tremendous and
increasing, as are the unsanctioned uses of personal data.”
Although “some technologists have professed a goal for such
technologies to be invisible to the users… [They] can be used
in knowledge creation, but also for stalking of various sorts”
[11]. One starts to wonder how we can include, and have
included, such capable sensing devices in our everyday lives
without allowing them to become surveillance tools that
record our every move.
Data collected by mobile devices needs to be
protected and developers cannot necessarily rely on the user
to protect their own privacy, even when the option to do so is
presented to them. Although “57 percent of all app users have
at some time felt compelled to remove or avoid an app that
might violate their privacy” [7] the user cannot be expected to
search for a setting that gives no indication of its existence in
the first place. On top of that, developers have stated “If you
ask the average user to give away all their privacy to view a
cute cat video, nine out of 10 will happily click ‘yes’” [7].
Unfortunately the reason behind those users clicking ‘yes’ is
often the use of cryptic End User License Agreements
(EULA’s) that make it difficult for users to understand what,
exactly, they’re signing up for. Data literacy is something that
is acquired over time, and by then it may be too late for some
users whose data is already being uploaded overseas by that
video of a cute cat. [8].
CONCLUSION: PROTECTING THE USER
To revisit our scenario from the beginning of this
paper, it should now be clear that the engineers on the project
ethically have no choice but to either fix the security problem,
making the data collection clear to the user and giving them a
choice in whether or not their data will be collected, or to
publicly expose the software issue before it can go to market.
If they do nothing, not only will they be in violation of at least
two professional codes of ethics but they will also have other
moral issues to deal with on their own. It is a violation of a
user’s privacy to have a smart device engage in data collection
without the user’s direct consent, despite any potential
benefits a carrier may gain from doing so.
REFERENCES
[1] National Society of Professional Engineers (2007). “Code
of Ethics for Engineers.”
[2] E. Oh, B. Krishnamachari, X. Liu, Z. Niu. (2011).
“Toward Dynamic Energy-Efficient Operation of Cellular
Network Infrastructure.” IEEE Communications Magazine.
(Online Article). DOI: 10.1109/MCOM.2011.5783985. pp.
56-61
[3] S. Bu, F.R. Yu, Y. Cai, X.P. Liu. (2012). “When the Smart
Grid Meets Energy-Efficient Communications: Green
WHAT THE OFFICIAL CODES OF ETHICS
HAVE TO SAY
Both the NSPE Code of Ethics and the Institute of
Electrical and Electronics Engineers (IEEE) Code of Ethics
have very firm stands on how engineers are to deal with issues
concerning the public. To start, and perhaps as enough to
close the argument all together, the NSPE Code of Ethics
3
Michelle Banas
Wireless Cellular Networks Powered by the Smart Grid.”
IEEE Transactions on Wireless Communications. (Online
Article). DOI: 10.1109/TWC.2012.052512.111766. pp.
3014-3024
[4] F. Sheldon, J. Webber, S. Yoo, W. Pan. (2012). “The
Insecurity of Wireless Networks.” IEEE Security and
Privacy. (Online Article). DOI: 10.1109/MSP.2012.60. pp
54-61
[5] F. Farid, S. Shahrestani, C. Ruan. (2013). “Quality of
Service Concerns in Wireless and Cellular Networks.”
Communications of the IBIMA. (Online Article). DOI:
10.5171/2013.794626
[6] D. He, C. Chen, et al. (2013). “Security and Efficiency in
Roaming Services for Wireless Networks: Challenges,
Approaches, and Prospects.” IEEE Communications
Magazine.
(Online
Article).
DOI:
10.1109/MCOM.2013.6461199. pp. 142-150
[7] H. Orman. (2013) “Did You Want Privacy With That?
Personal Data Protection in Mobile Devices.” IEEE Internet
Computing. (Online Article). DOI: 10.1109/MIC.2013.48.
pp. 83-86
[8] K. Shilton. (2010). “Four Billion Little Brothers? Privacy,
Mobile Phones, and Ubiquitous Data Collection.”
Communications of the ACM. (Online Article). DOI:
10.1145/1592761.1592778. pp. 48-53
[9] G. Hurlburt, J. Voas, K. Miller. (2011). “Mobile App
Addiction: Threat to Security?” IT Professional. (Online
Article). DOI: 10.1109/MITP.2011.104. pp. 9-11
[10] B. Roux, M. Falgoust. (2013). “Information Ethics in the
Context of Smart Devices.” Ethics and Information
Technology. (Online Article). DOI: 10.1007/s10676-0139320-7.
[11] K. Pimple. (2011). “Computing Ethics Surrounded By
Machines.” Communications of the ACM. (Online Article).
DOI: 10.1145/1897852.1897864 pp. 29-31
[12] “IEEE Code of Ethics.” IEEE Policies. (Online Article).
ACKNOWLEDGMENTS
I would like to thank Dan McMillan for responding
to my particularly random email in a timely manner. I would
also like to thank my historian friend Ai for inspirational allcaps typing to get me to write my paper in a timely manner
and get off the internet.
4