How big tech designs its own rules of ethics to avoid scrutiny and accountability

Data ethics is now a cause célèbre.

"Digital ethics and privacy" shot into research and advisory company Gartner's top ten strategic technology trends for 2019. Before that it barely raised a mention.

In the past year governments, corporations and policy and technology think tanks have published data ethics guides. An entire cohort of expert data ethicists have magically materialised.

Why this sudden interest in data ethics? What is data ethics? Whose interests are the guidelines designed to serve?

To understand what is going on, it's necessary to take a step back and look at how the information landscape has unfolded.

The picture that emerges is of an industry immune from the regulatory constraints that apply to everyone else.

The shine has gone

Over the past few years the information industry has lost its lustre.

The Snowden revelations, the Cambridge Analytica scandal, social media's enabling of hate speech, the weaponisation of information and its role in undermining democratic institutions have all contributed.

The business model that monetises personal information to sell advertising is now seen as a faustian bargain – perhaps the sacrifice is not worth it, after all. From 2017 to 2018 there was a 6% drop in Facebook users in the United States in the lucrative 12-34 year old market.

These concerns have led to calls for regulation. But these have struggled to gain traction against the prevailing regulatory orthodoxy for the technology sector. This dates back to Al Gore's five principles for enabling what was then quaintly called the "global information superhighway."

Principle three was that regulatory policy would "create a flexible regulatory framework that can keep pace with rapid technological and market changes." This was code for no regulation, or self-regulation. In Australia it was known as "light touch" regulation.

Big tech acted with regulatory impunity, largely freed from the mundane concerns of the "old" economy such as consumer protection or product liability or competition law or, in particular, information privacy.

Circling closer

Europe never completely adopted this laissez-faire approach. Information privacy has always been high on its agenda, culminating in the 2018 General Data Protection Regulation (GDPR). This provides individuals in the European Union with the most comprehensive data protection rights in the world. The rights have extraterritorial reach, involve regulatory oversight, and employ civil fines of eye-watering magnitude. Other jurisdictions are beginning to follow suit.

In parallel, regulators from other disciplines are beginning to circle. Anti-trust regulators are looking afresh at information monopolies and big tech's use of market power to restrict competition.

In Australia, the ACCC has called for a new regulatory authority to monitor and investigate the effect of algorithms on ranking news and journalistic content.

The UK Select Committee on Communications report on Regulating in a Digital World has recommended a new Digital Authority to oversee the "fragmented" regulation of the digital environment around ten regulatory principles, noting that "[s]elf-regulation by online platforms is clearly failing." Human rights regulators are examining the role of algorithms in creating and entrenching discrimination.

Data means money

Big tech does not want to be regulated. It does not want its unlimited ability to harvest personal information to be restricted or for GDPR-type protections to become the global norm. Personal information is the raw material for the algorithms that enable it to monetise our attention.

For an industry that prides itself on being "disruptive," big tech's greatest anxiety is to forestall the tightening regulatory environment to avoid being disrupted itself. Data ethics is one of the means it has developed to fight regulation. It does so by appropriating the virtues associated with ethics but by emptying them of content or consequence.

Take Google's principles for AI. (AI is artificial intelligence). These are:

  • be socially beneficial
  • avoid creating or reinforcing unfair bias
  • be built and tested for safety
  • be accountable to people
  • incorporate privacy design principles
  • uphold high standards of scientific excellence
  • be made available for uses that accord with these principles.

These "principles" are strikingly similar to the feel-good homilies published on Instagram that urge us to "be good to each other" or not to "let the sun go down on our anger," and are about as useful.

Put to the test

Let's test one of Google's principles, "be accountable to people."

There are several layers of ambiguity here. Does it mean that Google's AI algorithms should be accountable to "people" in general, Google's "people," or someone else's "people" such as an independent regulator?

If the latter, will Google supply the algorithm for analysis, correct any errors, and pay compensation for any harm caused?

If Google's AI algorithms mistakenly conclude I am a terrorist and then pass this information on to national security agencies who use the information to arrest me, hold me incommunicado and interrogate me, will Google be accountable for its negligence or for contributing to my false imprisonment? How will it be accountable? If I am unhappy with Google's version of accountability, to whom do I appeal for justice?

Useful ethics involves accountability

Ethics is concerned with the moral principles that affect how individuals make decisions and how they lead their lives.

Ethics have been studied and debated for aeons. Within western traditions, ethics are traced back to Socrates. They include philosophical positions such as deontological (duty-based) ethics, consequentialism, utilitarianism and existentialism, to name but a few. Unsurprisingly, none of these produce the same answers to questions about what an individual must do in any particular circumstances.

"Applied ethics" aims to bring the principles of ethics to bear on real-life situations. There are numerous examples.

Public sector ethics are governed by law. There are consequences for those who breach them, including disciplinary measures, termination of employment and sometimes criminal penalties. To become a lawyer, I had to provide evidence to a court that I am a "fit and proper person." To continue to practice, I'm required to comply with detailed requirements set out in the Australian Solicitors Conduct Rules. If I breach them, there are consequences.

The features of applied ethics are that they are specific, there are feedback loops, guidance is available, they are embedded in organisational and professional culture, there is proper oversight, there are consequences when they are breached and there are independent enforcement mechanisms and real remedies. They are part of a regulatory apparatus and not just "feel good" statements.

Feelgood, high-level data ethics principles are not fit for the purpose of regulating big tech. Applied ethics may have a role to play but because they are occupation or discipline specific they cannot be relied on to do all, or even most of, the heavy lifting.

The harms linked to big tech can only be addressed by proper regulation.

Explore further: What are tech companies doing about ethical use of data? Not much