Map your digital life by giving Immersion access to your Gmail but who else can tap into your information from this app is the question

After Edward Snowden took the lid off the United States’ National Security Agency’s (NSA) expansive surveillance programme, information called “metadata” has shot to prominence.

Metadata, or data about data, is a statistical profile of information and its movement through global networks. Unlike raw data, which takes time and effort to parse through, metadata effectively presents the “big picture” and facilitates strategic decision-making for those with access to it. For law enforcement agencies, metadata could presumably serve as a (tenuous) basis for issuing a search, or even an arrest warrant. Indeed, had it not been for the NSA’s interest in it, most netizens would not have woken up to its intrusive potential.

In email

What about metadata that universities and research institutes have access to? An application built by the Massachusetts Institute of Technology’s (MIT) Media Lab to visualise and decipher metadata is currently making headlines. Users have to log into this app, called Immersion, using their Gmail accounts and let it scan the “From,” “To,” “Cc,” and timestamp fields of all their emails. The application’s algorithms will then plot a chart of all their email interactions, displaying nodes, connections and cliques, colour-coded and attractively labelled: in other words, a digital footprint of your Gmail-life. One look at it and you’d be able to tell a lot about an individual: who they are socially influenced by, the average size of their friend circles, how important they are to different groups of people, patterns of interaction and how they have changed over time, etc. That’s the power of metadata for you.

We now know metadata are no longer consigned to the arcane world of programmers but are properties whose protection — in the post-Snowden era — needs to be explicitly guaranteed. For now, however, the use or monitoring of metadata by private enterprises is unregulated in most jurisdictions. Even seemingly innocuous apps like Immersion must come with the promise that your personal data will be secure and never shared with anyone.

Immersion is different from NSA’s PRISM surveillance programme in that it is voluntary — but what is to stop MIT from sharing this data with its online collaborators? Will research — and lest we forget, for-profit — databases like JSTOR, IEEE Xplore, ScienceDirect, etc., eventually get around to accessing our metadata through Immersion?

At the time of writing, this author was unable to find any formal terms or conditions that define the relationship between Immersion and its users. The app’s minimalist website (https://immersion.media.mit.edu/) asks you to log in using your Gmail credentials. Immersion’s creators have laid much emphasis on the app’s “secure” connection with Gmail, but once your work is done, you have two options: to simply log out, or to log out and delete the data you have shared. If you have logged out without deleting the data, who can gain access to it, and why? If you have chosen to log out and delete your data, how do you know it’s been removed? It is worth mentioning here that the MIT Media Lab is almost completely funded by government bodies like the U.S. Defense Advanced Research Projects Agency (DARPA) and other corporate sponsors.

Sharing data

Edward Snowden’s leak of NSA documents, specifically of the agency’s PRISM programme, has revealed how data from internet giants like Facebook, Yahoo! and Google, which had access to private user data, had been shared with government entities, while they continued to deny knowledge of the PRISM programme. While MIT does not run a commercial enterprise, would you still trust it to guard your e-mail metadata from the U.S. government? History does not bear kindly on the institute’s practice in this regard. The alacrity with which MIT “facilitated” the investigation and federal prosecution of 26-year-old digital activist Aaron Swartz (who ultimately took his life in January this year) is still a matter of great controversy.

That such apps are “voluntary” programmes should cut little slack with their users. In fact, many would be inclined to use Immersion precisely because it is run by MIT, trusting its impeccable record as a university. Even if MIT didn’t share metadata with third parties, it could still use the same to “train” tools it might be developing, like at its Computer Science and Artificial Intelligence Laboratory (CSAIL), to become better at using metadata — eventually selling such programmes.

The metadata on our digital lives is not only private, but also of great commercial value to enterprises that want to target consumers’ preferences more efficiently. Developers should ensure that an application that collects metadata also has safeguards in place against its misuse or unauthorised sharing.

(Vasudevan Mukunth writes The Hindu’s science blog, http://thne.ws/thecopernican; E-mail: vasudevan.m@thehindu.co.in)

More In: Comment | Opinion