We should criminalize data misuse, says Microsoft exec

There is no stopping the massive collection of people’s data a la PRISM or Facebook(s fb) — that genie is long out of the bottle. But we can — and should– make it a lot more painful and expensive for people or companies that misuse that data trove, said Craig Mundie, former Microsoft CTO who now is a strategic advisor to the CEO.

“Personally, I’d make [data misuse] a felony. Without that, the downside is too low.  We should make it a serious crime to subvert those mechanisms,” Mundie told attendees of the EmTech 2013 conference at MIT’s Media Lab in Cambridge, Mass.

The problem now is when people “allow” a smartphone app to use their GPS data, for example, they have no idea where that app will pass that data downstream, he said.

“In computing there is no use without an app. So you need to force people to register the uses of apps, the use of the data an app makes and from that determine whether it’ll comport with some desire or control by the individual, the institution, or the government,” he said.

How to do that? One way is to put cryptological wrappers or metadata around pieces of data that will guide their use down the supply chain. Mundie likened that to digital rights technology used in the music and film industries.

Mundie’s mention of digital rights management (DRM) technology might be a red flag for skeptics who suspect Microsoft might be more motivated by software piracy than individual data privacy rights, but I digress.

The data protection technology is viable, but other factors remain knotty, according to other experts.

“The cryptography is viable to do this now  … but from a policy perspective how can you enforce having the app tell you where all that data will be going?” asked Katherine Frase, Ph.D, VP and CTO of Global Public Sector for IBM(s IBM) who also spoke at the conference.

This theme — that data collection (actual surveillance) is happening everywhere all the time — cropped up again and again at the conference.

Frase’s suggestion for now: “Get over wondering if you’re being hacked. You are, every day. Just figure out what you can do about it,” she said in an interview.

Longer term we need to settle on policy issues about how to get the right level of transparency around data use so you can get to usage-based decision making, she added.