An operating system is the all-seeing eye and software brain of a computer. From the moment a computer or smartphone is powered on (and potentially even when it is “sleep” mode) the operating system acts as the switchboard for every mouse movement, keyboard button pressed, sound within the microphone’s range, sight within the camera’s view, screen output seen by the user, and data bit stored on the device. The ability to survey at the level of an operating system is equivalent to the reach of a camera with x-ray vision in the home, able to scan a diary within microseconds. If we do not act to protect operating system data, privacy in the modern age is meaningless.
Although there is no true comparison to the amount of data an operating system can collect, the only one that comes close is an internet service provider (ISP). The Federal Trade Commission has stated that “large platform providers [like internet service providers] that can comprehensively collect data across the internet present special concerns.” IPSs sit at the gateway of the internet, routing data from individual users to the rest of the web. A leading academic called ISPs the “single greatest point of control and surveillance.” Yet, ISPs pale in comparison to the offline reach of operating systems.
ISPs inherently involve transmission of data, but operating systems do not. Operating systems operate offline and do not transmit data unless an internet application is used. For example, journalists’ word processing activities and filmmakers’ editing processes take place offline. Simply because a computer or smartphone can be connected to the internet does not mean that all of its activity should be subject to surveillance. Driving a car onto a public road does not entitle anyone, much less a car manufacturer, to access everything one has ever done or said in the car, especially while it was in his or her garage. Operating systems create this virtual space on enclosed private property—our hobbies, inventions and passing thoughts—that should be kept free from prying eyes.
Absolutely Necessary to Properly Function or Secure Standard
Operating system data collection should be regulated by a rigorous standard: data should be collected only if it is absolutely necessary to ensure the functioning or security of the operating system. Microsoft has taken the position that it needs the data it collects in its Windows 10 operating system in order to diagnose the causes of computer crashes and to deliver security updates. However, among the data Microsoft collects is information that is not necessary to diagnose crashes or security. For example, Microsoft collects text typed in an address bar or search box in a web browser, as well as incoming and outgoing calls in Skype, in addition to document reading activity. A Microsoft spokesperson recently publicly stated, "In the cases where we've not provided options, we feel that those things have to do with the health of the system.” It is simply not true that the aforementioned data are necessary to ensure the health of the system. In order to diagnose a crash, only data pertinent to the crash need be reported. That means a few second snapshot of activity closely related to the event that triggered the crash. The interest to maintain the health of the system should not lead to overinclusive collection that invades users’ privacy.
Require Consent for Every Transmission
Operating systems should require consent before transmitting data. Microsoft Windows historically only transmitted crash diagnostic data after an issue arose and with explicit user consent, but it has since changed its approach and now transmits usage data automatically without consent. Microsoft responded to recent public outcry over automatic transmission of user data in Windows 10 by including some privacy opt-out functions; however, Windows 10 still does not give users the option to disable all data transmission as it did in the past. Microsoft is not alone in eliminating consent requirements from its operating system. A software engineer recently discovered that his Android telephone was transmitting data to the operating system developer without his knowledge or consent. Simply put, there is no reason users should be deprived of an off switch for these transmissions.
Microsoft claims that it seeks to make the “experience better for everyone” by collecting everyone’s data. This is similar to car company monitoring the driving habits and accidents of the vehicles it sells in order to measure the reliability of their cars. Car companies are required to comply with rigorous safety standards before distributing their cars instead of using the public as test dummies. The same rules should apply for operating systems. We should not be Microsoft’s test dummies at the expense of our privacy, unless we choose to do so.
Require Consent for Log File Recording
Operating systems should not store long-term user activity, unless the user consents to the storage. Microsoft claims that it “tries to avoid collecting personal information wherever possible (for example, if a crash dump is collected and a document was in memory at the time of a crash).” That means users are expected to rely on Microsoft, Apple, Google and others operating system developers’ goodwill to filter out the patent application or love letter being written at the time of a crash, after the operating system has already read its contents. Moreover, if an operating system stores users’ data, hackers may have the opportunity to intercept a large historical mosaic of personal information. Operating system developers can also entice or mislead users to share their log data years after the fact. At that time, users may not fully understand the breadth of the data that will be shared with the developer.
The hard truth of the digital age is that without knowledge of the operating system code (which is often inaccessible intellectual property), or the use of sophisticated programs to audit the operating system, it is difficult to determine precisely what data operating systems collect and transmit. Digital switches do not function like circuit breakers of old, where the flick of a switch could cut all power to the circuit. Instead, a data transmission setting-switch could appear off, but the computer could still be logging or transmitting data. Because operating systems control these switches, privacy law must be strictest at this level or the stored data could be later exploited.
Data Anonymization not a Viable Solution
Do not be misled by claims of anonymization. Many operating system developers claim to anonymize data. It has been shown that, “data can either be useful or perfectly anonymous but never both.” This is because powerful correlation analyses can stitch together seemingly innocuous data sets and tie them to an individual user. For example, using a zip code, date of birth and gender an individual can be uniquely identified with 87% accuracy. The utility of demographic data would be hampered if any of those three factors were removed (for example, the ability to determine gender within a zip code, or date of birth of different genders). In sum, if data were truly anonymous, it would not be useful.