Natural language processing(NLP) and bots are two of the fastest growing trends in the current tech ecosystem. NLP and some of its variations such as natural language understanding(NLU) enable language intelligence in bot platforms making the interactions with users more natural from an anthropological standpoint. While NLP-NLU technologies provide incredible benefits to end users, they also introduce challenges including one that has been at the center of the public debate in recent months: data privacy.
In order to successfully process natural language constructs, bot platforms need to access the sentences in clear test which prevents any type of encryption techniques. This model contrast with the approach followed by traditional social networks in which the majority of the information is encrypted by default.
The most concerning part of unencrypted bot communication is precisely the fact that we are dealing with natural language conversations. Entities with access to the dialog data could gather a level of intelligence arguably superior to what’s available today in social networks. Conversational communication elements such as intentions, reasoning, thinking patterns, preferences or feelings at any given time, etc. Mining that information is the equivalent to listening to phone calls, except that the platforms for analyzing text data are available to anybody and they are getting better.
Unprotected communications with bots opens the door to some major risks from the data privacy standpoint. Fundamentally, different brands could have access to large volumes of transcripts of conversations with its users which opens to door for some complicated scenarios:
— Government Subpoenas: If a person is the target os a criminal investigation, the goverment could request access to his conversations with different bots. This problem is very similar to what the bit internet email providers are facing today, except that the information might be richer, delivered in near real time and clearly communicating aspects such as intention, etc.
— Hackers: Not much explanation is needed here. If malicious actors hack into a bot, they could have access to very valuable information about its users. A good ananalogy might be the recent situation Yahoo is facing in regards to the hacking of email accounts.
— Abusive Advertisement: When comes to bots and privacy we need toassumet that some brands will cross the privacy line and share user and conversation information with potential advertisers.
— Government Surveillance: The surveillance programs of goverment agencies such as the NSA or GCHQ in domestic territories have been the center of heated debates in the highest political circles. Without taking sides on those debates, we shoulassumeme that unencrypted bot communications could open the door to similar types of surveillance.
The data privacy debate in bot technology is really complex and I don’t pretend to have ansolutionsos. However, based on the lessons learned with previous technologies, I believe some of the following ideas might be worth considering:
— Legislation: At some pointgovernmentsts might have to pass legislation that regulates the nature of encrypted bot communications.
— Secure Backups: Bot providers should enable mechanisms tsecurelyly backup user conversations and only retain metadata associated with it.
-Switching Between Encrypted anUnencrypteded Modes: Bot platform should provide seamless mechanisms to turn encryption communication on/off depending of the context of the conversation.