With Mark Zuckerberg testifying before Congress, it’s worth thinking about Oculus Rift and Privacy issues. Issues may not be the right word here – it’s more like a potential privacy nightmare.
Facebook’s reputation is well-known – share data, apologize when caught, promise to do better next time. Stain, rinse, repeat.
As Zeynep Tufekci argues in a must-read article in Wired, Why Zuckerberg’s 14 Year Apology Tour hasn’t Fixed Facebook, this dynamic has been going on since the early days of Facemash when Mark scraped faces from Harvard’s intranet.
If you’re interested in the early history here – and proof that Zuckerberg has been doing the same thing since 2003 – see the Harvard Crimson article where he was brought before the Administrative Board for “breaching security, violating copyrights and violating individual privacy.”
Ah, the not-so-innocent pranks born in a college dorm room.
Oculus Rift and Privacy
Adi Robertson writes in The Verge,
A VR platform like Oculus offers lots of data points that could be turned into a detailed user profile. Facebook already records a “heatmap” of viewer data for 360-degree videos, for instance, flagging which parts of a video people find most interesting. If it decided to track VR users at a more detailed level, it could do something like track overall movement patterns with hand controllers, then guess whether someone is sick or tired on a particular day. Oculus imagines people using its headsets the way they use phones and computers today, which would let it track all kinds of private communications.
From our perspective, we don’t find heatmap tracking in 360° videos particularly troubling. It’s already widely done on websites for SEO purposes (not here at Digital Bodies by the way). The larger issue of Facebook treating VR headsets like mobile devices is an entirely different matter. We all know our phones track location and other data. But up to now, our eyesight has been free. Once a mobile device is on your face and tracks your gaze, little is left except your thoughts.
You begin to see the prisoners in Plato’s Allegory of the Cave in a whole new light. And why Zuckerberg thought Palmer Luckey’s contraption was worth $3 billion (he may have gotten a bargain – Oculus was asking for $4 billion).
In 2016, former Senator Al Franken brought up the Oculus Rift and privacy issue. His letter to the company famously got a seven-page response from Oculus General Counsel, Jordan McCollum, including the following lines:
At Oculus, we believe that maintaining people’s trust is critical to the long-term growth of not just our company, but the entire VR community. It’s why privacy and security are core to our product and company principles. Our approach to protecting people’s information permeates every aspect of our organization.
That all sounds fine until a little voice in your ear mutters, “Cambridge Analytica”.
Facebook can talk a good game around privacy but it only acts when forced to and only as far as required. For example, while it’s agreed to the European Union’s far-reaching privacy protections in the General Data Protection Regulation (GDPR), it won’t extend them to the rest of its social network.
Privacy and Mixed Reality
For all the potential pitfalls around Oculus Rift and privacy, the real danger lays in augmented and mixed reality devices. We could find our gaze being tracked along with our interactions with the world.
Adi Robertson continues,
But if mixed reality technology advances, this is going to become a much more important issue. Writer and game developer Chet Faliszek points out that augmented reality glasses would collect far more data than present-day VR goggles, if you’re wearing them for long periods of time in everyday life. (I’ve written a bit already about AR’s huge privacy implications.) Facebook sees AR glasses as the future, and any precedent Oculus sets today could affect Facebook’s mixed reality privacy policies down the road.
AR Glasses will eventually become ubiquitous, transitioning mobile computing from our hands to our faces. That opens a whole new world of personal data unless some form of regulation evolves from the current (or next) Facebook crisis.
Magic Leap and Privacy
Where Magic Leap falls in this area is hard to say. So far, Rony Abovitz has talked about the data captured by their new HMD as a “life stream” that belongs to you and not the company.
You can find his (somewhat) reassuring comments in Rolling Stone,
You will have your own personal life stream. You also have your own identity and our view is that the life stream belongs to you. It’s a data set that, just like writing a book, is your personal copy. That means there is a need to make people aware that they have a life stream that has value and then connecting that to other things that you could have; goods and services and interactions around the life stream. So just like you can write a book and trade that for something, I want to license it and get paid, we believe the life stream is yours.
But the devil is in the details. Your “life stream” will have value – especially if it’s “connected to . . . goods and services.” So it sounds like Magic Leap will give you the option of selling it. And that may be the only way the broader public can afford the device given the estimated cost.
Breathe easy . . . for now
If you’re running a virtual reality project using Oculus Rift, you can relax for the moment. Many of your apps collect far more data (and do more with it) than the Rift. Virtual reality is still in its formative stage and the potential outcry over sharing data from Oculus simply isn’t worth it for Facebook.
Pound your desk in frustration over the minuscule number of VR users. This is one time when the lack of a market works to your benefit.
Keep a close eye on the Oculus Rift and privacy debate. And when expensive Mixed Reality HMDs show up, that Facebook bargain of access for data will surface front and center.
The question is: how will you – and your students – respond?