Privacy Issues in Quantified Self Applications, A platform studies of the self-tracking applications Argus, Nike+ and Moves

(1)

MA in New Media and Digital Culture

Media Studies Department | Faculty of Humanities

Privacy Issues in Quanti0ied Self Applications

A platform studies of the self-‐tracking applications Argus, Nike+ and Moves

Joram Binsbergen jorambinsbergen@gmail.com 10444440 Thesis Supervisor: dr. C. Gerlitz Second Reader: dr. N.A.J.M. van Doorn MA-‐Thesis

University of Amsterdam 26th June 2015

(2)

Abstract

In the last few years quantiWied self applications have emerged and are rising in popularity ever since. Due to the proliferation of smartphones and new wearable devices that allow for the measurement of users' activities and biometrics, a vast amount of personal (health) data emerged. By performing a software and platform study of the quantiWied self applications Argus, Nike+ Running and Moves potential privacy issues that these new technologies present are discussed. The basis of this research is empirical as it draws on the formal regulations of quantiWied self applications. Central to this approach are the online proWiling and data strategies of the three aforementioned quantiWied self applications, the legal privacy policies and the affordances and circulation of the data that these application collect, store and share. By discussing different online proWiling practices and surveillant studies this research illustrates to what extent proWiling is apparent in the quantiWied self.

The analysis shows that the data strategy of Argus and Nike+ are to a large extent similar to each other. Both quantiWied self applications try to incorporate as much data as possible by allowing third parties to make a connection between external devices and applications and the ecosystem of Argus and Nike. Moves on the other hand facilitates an open API that gives third parties access to detailed activity data. However, users have to give explicit consent before personal data may be used by external parties. For all three analysed quantiWied self applications, personal information, including health and activity data, may only be used by the company and its direct afWiliates for marketing purposes aimed at the promotion of its own services and products. Therefore, as to date sophisticated surveillance and proWiling practices are yet to be seen in the quantiWied self. However, it will not be long before other actors such as healthcare professionals, health insurance companies, banks and governments will start to leverage of the valuable properties of quantiWied self data.

Keywords: QuantiWied self, self-‐tracking technology, online proWiling, privacy,  

(3)

List of Figures

Figure 1 -‐ Growing interest of the term [quantiWied self] in Google searches. source: Google Trends   <http://www.google.com/trends/explore?hl=en-‐US#q=quantiWied

%20self&date=1%2F2008%2073m&cmpt=q> 6 Figure 2.-‐ Screenshots from 29 May 2015 of Argus application; home screen, insights, friends and discover pages. 29 Figure 3. -‐ Screenshots from 29 May 2015 of Argus application; menu and add activity page. 29 Figure 4. -‐ Screenshot from 29 May 2015 of <http://www.azumio.com/s/argus/> comparing of running versus heart rate metrics 31 Figure 5. -‐ Screenshot from 23 June 2015 of Argus iPhone notiWication; reminder to drink a glass of water. 32 Figure 6. -‐ Screenshot from 19 June 2015 of Argus application; privacy settings Argus social sharing. 33 Figure 7 -‐. Azumio data Wlow, image adapted from original of Barooah, Jonas and Wolf sourse: forum QuantiWied Self <https://forum.quantiWiedself.com/thread-‐mapping-‐qs-‐data-‐Wlows-‐and-‐apis> 11 May 2015. 37 Figure 8 -‐. Screenshots from 16 June 2015 of Nike+ Running application; Homescreen Run setup distance and speed. 38 Figure 9. Screenshots from 16 June 2015 of Nike+ Running application; menu and Trophies screen. 40 Figure 10. Screenshots from 16 June 2015 of Nike+ Running application; social sharing settings and overview if a run. 40 Figure 11. -‐ Screenshots from 16 June 2015 of Nike+ Running application; friends overview and a friends

proWile 41

Figure 12 -‐ Nike data Wlow, image adapted from original of Barooah, Jonas and Wolf course: forum QuantiWied Self <https://forum.quantiWiedself.com/thread-‐mapping-‐qs-‐data-‐Wlows-‐and-‐apis> 13 May

2015. 45

Figure 13 -‐. Screenshots from 16 June 2015 of Nike+ browser dashboard. sourse: Nike +  

<https://secure-‐nikeplus.nike.com/plus/fuelband/home/> 46 Figure 14. -‐ Screenshots from 19 June 2015 of Moves application; activity timeline, map overview and

foursquare information. 47

Figure 15. -‐ Screenshot from 12 June 2015 of Moves application; daily overview. 47 Figure 16. -‐ Screenshot from 19 June 2015 of Moves application; weekly overview. 48 Figure 17. -‐ Overview of the data formats of Moves data Source: Moves website  

<https://accounts.moves-‐app.com/export> 49 Figure 18. -‐ Screenshot from 25 May 2014 of Moves application; daily timeline. 49 Figure 19. -‐ Screenshot from 19 June 2015 of iPhone IOS; Moves' privacy settings. 50 Figure 20. -‐ Sharing data with third parties clause of Moves' old and new privacy policy 51 Figure 21. -‐ Moves data Wlow, for an overview of all connected applications see: https://apps.moves-‐

(5)

1. Introduction

Due to a massive increase in smartphone use over the last few years, quantiWied self applications emerged. Modern mobile phones and upcoming new wearable devices have a variety of powerful sensors and technologies that allow for the measurement of user activities ranging from sports and Witness, the users’ well being and health, and other patterns such as time and productivity. The concepts of 'self-‐tracking' and the 'quantiWied-‐self' refer to the practice of gathering data about oneself on a regular basis and then recording and analysing the data to produce statistics and other data (such as visualisations) relating to one’s bodily functions and everyday habits.

While the tracking and analysis of aspects of one’s self and bodily functions are not new practices. Two aspects of the quantiWied self are new. Firstly its associated movement, which includes a dedicated website and regular meetings and conferences 1

around the world. Secondly, many new digital technologies for self-‐tracking have been developed in recent years. On the one hand popular wearable devices such as the Apple Watch , Fitbit , Jawbone UP , and Nike Fuelband have emerged and on the other hand a 2 3 4 5

large variety of self-‐tracking smartphone applications. On a blog devoted to the quantiWied self movement—created by Wired editor Gary Wolf and founder Kevin Kelly —over Wive hundred applications, tools, and devices are listed that help individuals capture and analyse information about a variety of activities. The website categorises these applications in 22 different categories ranging from Witness to mood monitoring applications . 6

It is important to recognise the distinction between The QuantiWied Self (title case) which refers to the movement and community that participates through online forums, conferences, meet-‐ups around the world and the quantiWied self label (also called self-‐tracking) which is more broader and refers to the wider ecosystem of tools,

The QuantiWied Self <http://quantiWiedself.com/>

1

Apple Watch <http://www.apple.com/watch/>

2

Fitbit wireless activity and sleep wristband: See http://www.Witbit.com

3

Jawbone Up wristband: See http://jawbone.com/up

4

Nike Fuelband activity monitor: See http://www.nike.com/us/en_us/c/nikeplus-‐fuelband

5

QuantiWied Self, guide to self-‐tracking tools <http://quantiWiedself.com/guide/>

(6)

sensors, apps, and practices that cover all manner of personal data creation and analysis (Watson 11).

The term 'quantiWied self' emerged in 2007 when two Wired magazine editors Gary Wolf and Kevin Kelly created a website devoted to the practice of self-‐tracking 7

(Lupton, Understanding Human Machine 25). In one of the Wirst posts on that website in 8

October 2007 Kelly writes that they are on a quest to "collect as many personal tools that will assist us in quantiWiable measurement of ourselves." He states that many seek self-‐knowledge of one’s body, mind and spirit, and change will happen in individuals as they work through this self-‐knowledge, but only when something is measured it can be improved. This view is also present in the website's tag line “Self knowledge through numbers”. Besides listing and discussing tools that embrace the practice of self-‐tracking the quantiWied self movement has set up over 130 quantiWied self groups in 34 countries around the world (Lupton 26). Many of these hold regular meetings where participants 'show and tell' how they have been engaging in self-‐tracking activities by answering 9

three central questions: What did you do? How did you do it? and What did you learn? (Wolf, Our Three Prime Questions).

While the term quantiWied self is gaining more and more attention in blogs and news reports since 2010, little academic research has been published on this topic. Google Trends indicates that the amount of Google searches for the term [quantiWied self] is growing rapidly since early 2010 reaching a peak in April 2013, see Wigure 1 below.

Website of the QuantiWied Self Movement <http://quantiWiedself.com>

7

6_{What
is
the
QuantiWied
Self?
<http://quantiWiedself.com/2007/10/what-‐is-‐the-‐quantiWiable-‐self/>}

Accessed on 14th May 2014

_{These
'show
and
tell'
presentations
are
captured
on
video
and
uploaded
on
the
QuantiWied
Self
group
on} 9

(7)

Figure 1 -‐ Growing interest of the term [quantiWied self] in Google searches

A recent report by the Pew research Center found that most Americans engage in self-‐ tracking practices for health reasons. Of the 3014 respondents 60 percent track health indicators such as weight, diet, or exercise routine (Fox and Duggan 2). One-‐third track any other health indicators like blood pressure, sleep patterns, headaches or other symptoms. But it is noteworthy that only one in Wive use technology to keep track of their health status. The others prefer to use older technologies such as pen-‐and-‐paper or simply to commit details to memory. Only thirty-‐four percent of trackers share their records with others, either online or ofWline. And of those half of them share their data with a clinician (3).

Recently the public debate about (online) privacy grew intensely after Edward Snowden revelations about the National Security Agency (NSA) surveillance practices (Lyon, Surveillance, Snowden, and Big Data 2). Simultaneously, critiques on the privacy policies of huge online companies as Google and Facebook grew. However, currently not much research focusses on privacy concerns of quantiWied self applications. To address potential privacy issues of quantiWied self applications this research focusses on online proWiling practices, surveillance studies and formal regulations of three speciWic quantiWied self applications (Nike+ Running, Moves and Argus, which will be introduced below). The purpose of this research is to answer the following question: To what extent do quantiWied self applications create privacy issues for their users?

(8)

This question is divided into two parts. The Wirst focusses on the formal regulations of the quantiWied self applications and is formulated as follows: How is the privacy of users of the three quantiWied self applications protected by the privacy policy and the software interface?

This research turns to the concept of software studies in which it follows the 10

medium by analysing the privacy policies, application settings and the interface. These technical objects are often neglected in research. What rights do the users have concerning their data? In which ways can they protect their data through privacy settings? Does the application allow for the export of users' own data and how can the user control how his or her data is being shared and used within the ecosystem of the application?

The second part focusses on the circulation of user data by analysing the application ecosystems by asking how user data of the quantiWied self application is being aggregated, shared and used by advertisers, third party developers and other stakeholders.

By following the data trails this research question aims to map out how different stakeholders such as advertisers, third party developers, healthcare professionals and government agencies gain access to and use the data generated by users of the quantiWied self applications. By analysing the interoperability and differences in data strategies of the three quantiWied self applications this research points towards potential privacy issues imposed by the speciWic ecosystems of connected third parties applications and external stakeholders.

A third research question brings it together by asking how the three different quantiWied self applications deal with the different data contexts in comparison to each other concerning the privacy of the users.

This research question compares the speciWic privacy policies of the three quantiWied self applications according to the context in which the data is created. So, does the context in which the data are created give rise to different gradations of privacy protection?

This research contributes to the Wield of software studies by providing empirical evidence of how online proWiling practices are situated in the quantiWied self, and what

See: Fuller, Matthew. Software Studies: A Lexicon. The MIT Press, 2008. and: Manovich, Lev. Software

10

(9)

data strategies quantiWied self platforms employ. Furthermore it adds to the privacy debate as the research points to potential privacy infringements.

To answer the research questions this research uses a case study approach as that allows a comparison between different data strategies and privacy protections. As a case study three popular but notably different quantiWied self applications are selected. The three applications below are chosen because they are widely used and represent 11

different types of quantiWied self usage. Here Nike+ Running only tracks speciWic running activity, Moves passively tracks users activity on the background and Argus acts as a digital health dashboard with many different self-‐tracking metrics. The data they collect and the context in which the data are created give rise to different gradations of privacy concerns. This research tries to answer how these applications handle the potential privacy issues according to the context in which the data is created, shared and used. The following quantiWied self applications are selected:

1. Nike+ Running: a widely used sports application that users purposely use to track and measure their running activity and compare their progress with friends and other Nike+ users. The application motivates runners by providing insightful information about their running activity. As of August 2013 Nike reported that the Nike+ digital ecosystem has attracted more than eighteen million global members since its start in 2006 . 12

See also: https://itunes.apple.com/nl/app/nike+-‐running/id387771637

2. Moves is an activity monitor created by ProtoGeo Oy that automatically tracks the movements of the user with GPS technology and accelerometer. Based on the speed of the users movement it determines if the user is doing a healthy activity such as walking, running or biking or that the user is merely driving a car or is sitting in public transport. It calculates the energy consumption of these activities to give an overview of total calories used that day. As of 24th of April 2014 the company is

Nike+ Running has about eighteen million users, Moves has over four million users and Argus has 75

11

million downloads of its applications.

See Nike Press Release: http://news.nike.com/news/nike-‐evolves-‐just-‐do-‐it-‐with-‐new-‐campaign

(10)

acquired by Facebook. At that time Moves reported over four million downloads . In 13

addition Moves maintains a widely adopted API which is being used by over 40 14

third party applications that built upon Moves data in one or another way

See also: https://itunes.apple.com/us/app/moves/id509204969

3. Argus: an aggregated self-‐tracking application that monitors and manages a wide range of daily activities, such as food intake, workouts, sleep, hydration, weight, and biological vitals such as heart rate, body temperature, blood pressure and blood glucose levels. Argus differentiates itself by incorporating many different self-‐ tracking metrics into one application This is possible through a connection with multiple third party wearable devices and self-‐tracking applications. Argus is developed by the company Azumio which was founded in 2011 and is based in Palo Alto, California. Azumio offers mobile applications for the healthcare industry. It offers applications for monitoring stress and heart rate. Azumio now states more than 75 million downloads of its products 15

See also: https://itunes.apple.com/us/app/argus-‐pedometer-‐nutrition/

id624329444

See: https://www.moves-‐app.com/press

13

See: https://dev.moves-‐app.com/

14

See also: http://www.azumio.com/s/contact/index.html

(11)

2. Methodological Framework

As described in the introduction, quantiWied self applications have emerged in the last few years and are rising in popularity ever since. Due to proliferation of smartphones and new wearable devices, with powerful sensors and technologies that allow for the measurement of users activities and biometrics, self-‐tracking practices have mostly moved to these devices. Consequently, the number of quantiWied self applications for Android and Apple IOS have been rising. An interesting analysis of self-‐tracking usage 16

also demonstrates the popularity of quantify self applications. With data from over 40,000 users who shared the applications they keep on their iPhone home screen (which are often the most used applications) Ramirez was able to identify 65 unique self-‐tracking applications of which Activity and Fitness are the most popular categories. This recent rise in popularity also spiked academic interest in the quantiWied self, though most scholars focus on the beneWits of self-‐tracking within the domain of E-‐health (Lupton, M-‐Health and Health Promotion, quantifying the body; Swan, Health 2050, Emerging Patient-‐Driven Health Care Models). However, the increasing data collection of these self-‐tracing practices also lead to growing privacy concerns.

This research focusses on privacy issues within such quantiWied self applications. The basis of this research is empirical as it draws on the formal regulations of quantiWied self applications. Central to this approach are the online proWiling and data strategies of the three aforementioned quantiWied self applications, the legal privacy policies and the affordances of the data that these applications collect, store and share. Two parts are central in this approach; the Wirst is how the privacy of users of quantiWied self applications is protected. This can be answered by analysing the privacy settings and privacy policies of the three quantiWied self applications. The second part is about the affordances of user data generated by quantiWied self applications. Of concern here is what happens with this data, how is this data being collected, aggregated, shared and used by the quantiWied self applications, its advertisers and partners. Central to this approach are the interfaces and the data ecologies of the quantiWied self applications. To study the second part this research draws on the disciplines of platform and software studies as its uses software applications as an object of study. Lev Manovich

QuantiWied Homescreens: http://quantiWiedself.com/2015/02/quantiWied-‐homescreens/ Accessed on:

16

(12)

points out: “Software Studies has to investigate the role of software in contemporary culture, and the cultural and social forces that are shaping the development of software itself" (10). By applying a platform studies approach one can focus on the interplay between the strategies and the technical regulations of the applications. This research also draws on the contribution of Mel StanWill in Interface Studies to improve the understanding of how speciWic design choices and functionality produce norms that conWigure the user.

Discursive interface analysis or Interface Studies examines what is possible on websites and applications as it investigates functionalities, menu options, button placement and page layouts. It focusses on what users could and could not do on a given website or application and how technological features ease or discourage certain uses (StanWill 3). Interface Studies draws on Michel Foucault’s concept of "power as productive" as it asks what power incites, encourages and produces and it focusses on normalisation rather than control. StanWill explains that web interfaces can be seen through the lens of Foucaults' concept of regulatory power "as interfaces make normative claims about its purpose and appropriate use" (2). The discursive interface analysis employed in this thesis goes behind mere function, as it examines functional affordances (what users can do), cognitive affordances (how users know what they can do, this includes structure and menu-‐labelling) and sensory affordances (seeing, hearing, feeling) broadly. These affordances combined make some uses easier (thus normative) while other uses are discouraged through the design. This demonstrates the productive capacity of interfaces. Because of this interfaces could be analysed through Foucaults' concept of 'regulatory power' (138). By combining platform, software and interface studies a better insight in how various platforms act to conWigure the user can be gained.

Bogost and Monfort, the founders of platform studies, argue that the platforms on which digital systems are built affect the design and experience of those systems (Platform Studies: Frequently Questioned Answers, 6). In short: “Platform Studies investigates the relationships between the hardware and software design of computing systems and the creative works produced on those systems” (Ibid). However, platforms are merely a single level of framing digital systems. Bogost and Montfort lay out a Wive-‐level hierarchy describing different levels one can take when studying new media artifacts (Racing the

(13)

Beam, 145). The top level, Reception and Operation, focusses on the reactions of the audience and users and how they operate a digital artifact, whether this is a video game, digital art or software platform as all sorts of media are received and understood (145). One level below we Wind the Interface, this is what sits between the core of the program and the user (146). The discipline of human computer interaction (HCI) is concerned with the user interfaces and input devises found on this level. Underneath lies the Form/

function which deals with the format and functionality of a digital system. On this level

one can Wind the core of the program, including the rules of the game, or the algorithms that govern the system. The second to last layer is the one of Code, that includes how code is created and compiled on a speciWic platform. The lowest level, or foundation, is the Platform, which usually describes the hardware a digital artifact is built upon. However, Bogost and Montfort point out that the term "platform" does not simply mean "hardware" (148). There have been many contemporary examples of software systems which Wit perfectly under the term "platform", such as the operating systems IOS and Android, but also the social network Facebook can be seen as a platform (Andreessen). Tarleton Gillespie who will be discussed in the following paragraph, also states that many types as digital media could be described as 'platform' (349). Though nearly all of these still refer to a computational infrastructure or at least a technical base upon which other programs or actions could occur. Bogost and Montfort further state that computational platforms are cultural artifacts that are shaped by various values and forces (148). They argue that because the platform is a few layers below the user experience its inWluence can easily be overlooked as its inWluence on the user experience "is mediated through code, the formal behaviour of the program, and the interface" (Bogost and Montfort, Platform Studies: Frequently Questioned Answers 6). Gillespie analyses in his article 'the politics of platforms' different types of platforms. He describes four categories of platform, the Wirst category Gillespie describes is Computational, where the term platform points speciWically to its computational meaning: "an infrastructure that supports the design and use of particular applications, be they computer hardware, operating systems, gaming devices, mobile devices or digital disc formats" (349). The second is Architectural which refers to the literal meaning of platform as a physical structure. The third category is Figurative which is the conceptual usage as "a basis of an action, event, calculation, condition, etc." In this the ‘platform’ as physical structure "becomes a metaphysical one for opportunity, action and

(14)

insight" (350). The last category Gilespie describes is Political. He describes that online platforms such as YouTube, and Facebook (I suggest that this also applies to platforms such as Nike+ and Argus) "are carefully positioning themselves to users, clients, advertisers and policymakers making strategic claims for what they do and do not do, and how their place in the information landscape should be understood" (347). As platforms have to continuously negotiate all these interest, the nature of the platform is itself culturally situated, inWluenced by business, economic, social, and other factors. This research acknowledges the different levels outlined by Bogost and Montfort and focusses on the levels Interface, Form/Function and Platform. By doing so the research looks into the speciWic data Wlows, interfaces and ecosystems of the three case studies. Following such an analysis of the various layers of the software combined with an analysis of the formal regulations described in the privacy policies, speciWic privacy concerns could be formulated and discussed. This entails not only the technical affordances of what these platforms allow but also its development which is situated in various socio-‐economic factors. This combined with Gillespies' notion of 'political' platforms allows for a clear examination of the roles these quantiWied self platforms aim to play (347). Thus, the analysis will also consider how these platforms have shaped into the quantiWied self tools they are today and how that inWluences the privacy of its users. 

(15)

3. The quanti0ied self in relation to big data and the privacy debate

The promise of quantiWied self is that the individual body becomes a more knowable, calculable, and administrable object through self-‐tracking activity (Swan, The QuantiWied self 96). Through the use of quantiWied self tools our personal lives are becoming increasingly intertwined with technology. By allowing technology into our private world one gets an increasingly intimate relationship with data as it mediates our experience of daily life. By using smartphones, biosensors, wearable devices and quantiWied self applications on top of existing transactional data, clickstreams, and social media data, more and more information about our body and behaviour becomes digitally available not only to advertisers, banks, social network companies and governments, but also to developers and connected third-‐party applications. Since recently, these actors use this type of data in aggregate to better understand consumer behaviours (Andrejevic). However this proliferation of data can also tell one something meaningful on a personal scale, especially with the recent rise of self-‐monitoring tools and applications. As of yet not much academic work is published about the quantiWied self since it is such a new phenomenon. Most academic literature focusses on the beneWits of self-‐tracking practises in the domain of E-‐health and personalised healthcare (Lupton, Quantifying the body, M-‐health and health promotion; Swan, Emerging Patient-‐Driven Health Care Models, Health 2050). Many healthcare professionals have been eager to seize the opportunities of self-‐tracking technologies as these mobile technologies make it easy to monitor and measure health-‐related habits of their patients (Lupton, Quantifying the body 396). Lupton points out that at the moment very little critical examinations of the quantiWied self phenomenon are published (Lupton, M-‐health and health promotion 2.) Besides the Wield of healthcare, scholars position self-‐tracking practices in a variety of other disciplines. This research relates the quantiWied self to online proWiling practices, surveillance studies and the privacy debate. In the following sections these theoretical perspectives are introduced.

(16)

3.1.The era of Big Data

Nowadays we live a life that is immured in data, almost everything we do generates some sort of data. Whether we drive a car or walk through a city we are being monitored by CCTV (closed-‐circuit television) video surveillance. Mobile phone providers store our approximate location and metadata about each call we make and 17

each text message we send. Banks store information about each transaction. Digital devices and mobile applications use accelerometers and GPS to capture our movements. When we maintain a proWile on a social network we reveal thoughts and feelings while it captures our interests, tastes and friendships. And on the internet all users' activity is being monitored by marketing and web analytic companies. All these interactions leave digital traces which, when combined, "offer increasingly comprehensive pictures of both individuals and groups, with the potential of transforming our understanding of our lives, organizations, and societies in a fashion that was barely conceivable just a few years ago" (Lazer et al 2). The often heard phrase 'Data is the new oil' indicates the growing interest companies have in (big)data. Data is increasingly seen as an important business asset comparable with natural sources like oil and gas (Backaitis 1; Rotella 2). Micheal Palmer blogged back in 2006:

“Data is just like crude. It’s valuable, but if unreWined it cannot really be used. It has to be changed into gas, plastic, chemicals, etc., to create a valuable entity that drives proWitable activity; so must data be broken down, analyzed for it to have value.”

This development is known as 'Big Data' in which computer scientists, physicists, economists, sociologists, among others, use computation power and advanced algorithms to gather, analyse, connect, and compare large data sets to identify patterns in order to make economic, social, technical and legal claims (boyd and Crawford 663). Many believe that Big Data could generate insights that were previously impossible because they leverage the capacity to collect and analyse data with an unprecedented breadth, depth and scale (Lazer 3; boyd and Crawford 663). Recently Big Data is an often misconceived term as Lev Manovich points out the term Big Data "applied to data sets whose size is beyond the ability of commonly used software tools to capture, manage, and process the data within a tolerable elapsed time" (Trending 1). But often work with 'Big Data' sets "can be done on desktop computers using standard software, as opposed to supercomputers" (Ibid). boyd and Crawford clarify that Big Data is less

All data about the phone interaction; such as time and duration and the receiver of a call apart from the

17

(17)

about the size of the data set than it is about the 'connectivity' of the data set. "The capacity to search, aggregate, and cross-‐reference large data sets" is leading (663). As big data is fundamentally networked its value lays in its possibilities for recombination. By making connections between pieces of data, patterns can be derived about an individual and about individuals in relation to others (664). Especially this connectivity of data produced by self-‐tracking practices is a main focus in this paper. To analyse the data streams of the selected quantiWied self applications I turn to the concept of 'platform' intraoperability.

Interoperability is deWined as the way in which services and databases are able to 'talk'

to one another and share data, in an asymmetrical power relation, across domains and platforms through the Application Programming Interface (API) (Bechmann 75). Where API refers to a "set of tools that developers can use to access structured data" (boyd and Crawford 675). API's specify how different software components could share data with each other.

Robert Sutor makes a clear distinction between Inter-‐operability and Intra-‐ operability to address the issue of dominant software companies who want to gather all data and processing capacity into their central software ecosystem (214). In this regard one could see platforms like Facebook and Google, but perhaps Nike+ and Argus as well, as intraoperable. Because these platforms try to incorporate as much data within their own ecosystems, in which developers often agree upon an asymmetrical power relationship in which they strengthen the position of these dominant platforms as data hubs (Bechmann 75). By investigating the differences in data strategies this thesis could point to different online proWiling practices and privacy implications.

Big Data is an important theme in which the quantiWied self is situated, especially now public discourse has mainly focussed on the opportunities for companies in this new data environment. However, we need a better understanding of how data impacts and integrates into our lives. To be able to discuss the implications of different data strategies on users' privacy we need to engage with literature that critically assesses how online user data is being used by companies. Many scholars have done such assessments in which they introduced related notions such as 'data derivatives', 'algorithmic identity', 'data double' and 'exosenses'. In the following section these notions will be discussed.

(18)

3.2.Online Pro0iling

The practices of big data are most visible and dynamic in online advertising and other forms of surveillance encountered at the individual level. Cheney-‐Lippold points out that in the networked infrastructure of the internet all users' activity is being monitored and tracked by marketing and web analytic companies that use Wine-‐tuned computer algorithms to make sense of that data. As a result users behaviour is being analysed and users can be identiWied through large surveillance networks online. These same processes are employed on smart phone applications which are often connected to the internet. Cheney-‐Lippold calls the product of this online proWiling a 'new algorithmic identity’ (165). Which he describes as "an identity formation that works through mathematical algorithms to infer categories of identity upon users based largely on their web-‐surWing habits" (165). Thus advertising and content is continually updated and adapted based on the history of a user’s interactions with the system also known as behavioural targeting. Important in this is that algorithmic categories are not determined by one's physical appearance, demographics or own selection. Rather, categories of identity are being inferred based on statistical calculations of algorithms based on the online activity of the user (165). This has the implication that these categorisations are in constant Wlux. Users are categorised through a process of continual interaction with, and modiWication of, this cybernetic system (174). It is likely that quantiWied self companies also use data they gather for marketing purposes. Therefore, one could assume that they also engage in sophisticated online proWiling practices.

Louise Amoore points to another data practice, namely that of risk assessment which uses what she calls the 'data derivative'. The data derivative is closely related to a new algorithmic identity. However the former is mainly deployed as risk assessment, as the data derivative is a "speciWic form of abstraction that is deployed in contemporary risk-‐based security calculations, acting on and through people, populations and objects in novel ways" (27). Data derivatives become the basis from which predictions are made about potential behaviours and actions. The crucial point here is that such decisions are the product of algorithmic agency; the decisions about who or what constitutes a risk are made by the processing and sorting powers of algorithms. So algorithms deWine how we are seen, the data derivative has become a means of dividing and separating subjects. Because the data is abstracted and categorised it can be precisely calculated on which

(19)

can be acted upon as norm and anomaly. This means that the "data derivative is not centred on who we are nor even on what our data says about us, but on what can be imagined and inferred about who we might be" (29). As the data derivative specialises in risk-‐based calculations it could have novel beneWits for health care specialists and health insurance agencies to make health risk assessments. During the analysis this research will elaborate on how online proWiling is being used for advertising and in which ways the 'data derivate' could be used in the domain of E-‐health.

The academic literature on internet proWiling and privacy has strong roots in surveillance research (Foucault, Discipline and Punish; Lyon, Surveillance as Social Sorting Privacy) which addresses the uneven power relation between the superior commercial company or state agency and the repressed user (Benchman 74). Often, proWiling is studied from a privacy policy perspective (Stutzman, Gross, & Acquisti; Nissenbaum; Bodle) with a focus on privacy issues and cases of extreme proWiling (Benchman 75). This thesis uses surveillance studies literature and the notions of the data derivative and algorithmic identity to understand how personal data may be used in the big data ecosystem. By combining privacy debates with data interoperability of quantiWied self applications this research aims to indicate speciWic privacy concerns.

3.3.The Surveillant Assemblage

As described in the previous section digital technologies are increasingly capturing information and monitoring individuals. David Lyon emphasises four consequences of this electronic surveillance: (1) larger and more precise data Wiles are available, (2) monitoring has become more dispersed and nearly every space is surveilled, (3) tempo of dataWlows has increased, and (4) citizens, workers, and consumers are more visible and transparent than before (Lyon, The Electronic Eye 56). Subsequently the growing use of self-‐monitoring tools has allowed monitoring to move from the public to the domestic realm which creates a far more intimate relation between users and technology. In the following section different adaptions of contemporary surveillance theory are described that are important to analyse the information capturing of self-‐ tracking technology.

The historical studies of surveillance and discipline in the book 'Discipline and Punish' has made Michel Foucault a foundational thinker for Surveillance Studies. Foucault

(20)

analyses surveillance in the context of disciplinary societies. He describes the evolution from feudal societies of torture to modern disciplinary societies. In feudal societies persons were publicly executed when they disobeyed feudal law. Afterwards, in the age of punishment, defendants were punished and exterminated. In the age of disciplines, direct violence was replaced with softer forms of power in order to discipline, control, and normalise people in order to create docile citizens (Foucault, Discipline and Punish 136). For Foucault, Jeremy Bentham’s Panopticon is a symbol for modern disciplinary society (195). The Panopticon is an ideal architectural structure for a prison. It consists of a circular building divided in cells with a large tower in the middle. Prisoners stay in the cells and the guards occupy the tower. The prisoners do not have a clear view to the guards, thus this particular architecture makes it possible for the guards to observe all prisoners without being seen. Because the prisoners know that they can be observed at anytime they act as if kept under surveillance. Thus, individuals discipline themselves out of fear of surveillance. "The Panopticon creates a consciousness of permanent visibility as a form of power, where no bars, chains, and heavy locks are necessary for domination any more" (Foucault 228).

Following Foucault, Mark Poster describes surveillance as “a major form of power in the mode of information” (Poster, The Mode of Information 86). He introduces the term 'Superpanopticon' to describe new forms of surveillance in the information age. A Superpanopticon is a process of normalising and controlling masses and a new form of computational power.

“Today`s "circuits of communication" and the databases they generate constitute a Superpanopticon, a system of surveillance without walls, windows towers or guards. The quantitative advances in technologies of surveillance result in a qualitative change in the microphysics of power." (Poster, 93).

This Superpanopticon introduces unique and disturbing features as it imposes a norm in which subjects are disciplined to participate by Willing in forms, giving social insurance numbers, or using credit cards.

For Oscar Gandy surveillance is a “complex technology that involves the collection, processing, and sharing of information about individuals and groups that is generated through their daily lives as citizens, employees, and consumers and is used to coordinate and control their access to the goods and services that deWine life in the modern capitalist economy” (15). Gandy sees surveillance as a complex system of power, where

Privacy Issues in Quantified Self Applications, A platform studies of the self-tracking applications Argus, Nike+ and Moves

Privacy Issues in Quanti0ied Self Applications

Abstract

Table of Contents

List of Figures

1.

Introduction

2.

Methodological Framework

3.

The quanti0ied self in relation to big data and the privacy debate