Tools and Weapons Review Part 1: A Discussion about Privacy


Within Tools and Weapons is a treasure trove of knowledge about how to appropriately balance the exhilarating speed, agility, and enabling power of technical innovation with the important aspects of protecting human rights and working towards the benefit of society.

Brad Smith comes from a background as a lawyer and general counsel of Microsoft where he has helped navigate many complex legal and ethical issues for the company and the tech sector as a whole. He has had a front row seat to complex world issues and has met and worked with leaders the world over. He has also worked hard to stay connected to the vast and unique users of not only the technology supplied by Microsoft but groups worldwide. This post is part of a series where I give some of my thoughts and takeaways from Tools and Weapons.

Privacy: A Fundamental Human Right

Stories have always been a part of humanity. They have been used to entertain, convey information, and pass down history. These stories have taken many forms over time. They’ve been conveyed orally, written page by page, printed in mass, and recently been digitized for broad distribution.

The stories of humanity, the stories and intricate details of individuals, have gotten tied up in the massive amount of data collection that is taking place as part of the digital age. This data is stored in highly redundant ways, designed to last far into the future, in many cases long after the life of the individual or group who generated it. The technology behind this data storage is designed with high levels of integrity to avoid accidental or mechanical failures.

Data is organized and becomes information. Information is analyzed and becomes knowledge. Knowledge then enables informed action. This transformation process has become integral in the information age. We’ve increasingly become better and better at transforming data into information, sometimes to a fault. The modern datacenter has been an important piece in allowing the mass collection of data. The question has changed from how to effectively store data at scale, to how to utilize all the data points pouring in.

With the ability to collect and store the tome of human kind, the question of who owns what becomes integral to not just the ownership but the applied use of the data collected. While many companies have worked to remedy this question through the use of long and complicated End User License Agreements (EULAs) that are tapped through daily without a moment’s hesitation, there still exists a deeply complicated question of ownership.

Data is no respecter of country boundaries. It has the ability to exist in many places at one time and can potentially be accessed from anywhere in the world (barring geo-restrictions and “Great Firewalls”). This has proved to be uncharted territory for many governments, especially in the world of criminal investigations which can attempt to require companies to turn over data on foriegn customers. Tech companies often exist as an international entity and have to juggle lawful requests for information access with the precedent such actions can set for their international customers and for other governments.

Brad Smith grapples with these problems throughout his book as he discusses many aspects of the concept of privacy and the complicated relationship of data collection between organizations and individuals and who actually has control of what data and to what degree. This is not a question that has a simple question and it will require lots of specific answers to very specific use cases.

Since data has global influence and persistence, so does the influence that individual countries have on the use of data. A great example of this is the passing of the General Data Protection Regulation by the European Union in 2018. The GDPR provides certain rights to the original creators of data which include customers rights to know what data a company has on them, the rights to change inaccurate data, and the right to delete their data (based on circumstance). While these protections are granted only to members of the European Union, they have created large waves worldwide. Many companies have chosen to adopt the regulations and guidelines not just for their European customers but for all of their customers.

While the GDPR is an example of data protections for individuals, what happens when another country decides to have a differing view on data use? Suppose a country decides to put into place legislation that gives companies full ownership over the data they collect. How will this affect companies as they attempt to juggle different regulations for different customers across a variety of nations that are becoming more digitally connected every day.

These questions transcend the policies or practices of a singular country. Governments will need to come together to determine what and how regulation will be put into place for data and a variety of other global issues.

”How can governments regulate a technology that is bigger than themselves? This is perhaps the single greatest conundrum confronting technology’s regulatory future. But once you ask the question, one part of the answer becomes clear: Governments will need to work together.” - Tools and Weapons pg. 300

International agreements and ventures will be critical in the coming years to provide clarity and direction on subjects of not just privacy, but other critical details regarding the digital world.

Find the Book Here: Tools and Weapons by Brad Smith