Data Safety Starts With Awareness: Compliance is Not Enough

Episode #004

19 min listen

“Proxies are often associated with malware and other equally harmful things but I think it's a wrong approach. Computers are also associated with malware but no one blames them in anything bad. So proxy is a tool, just like a computer, which helps the community to execute their right to access data. It's not about anonymity or illegal activities, it's just a tool which helps people from different countries to access the data, to collect the data, and to do something for public good.”
Dmitry Shkolnikov and Alex Smirnoff, LinkedIn
Description

Compliance is not enough. Now more than ever, it is important to be both legal and ethical when working with data – especially when providing access to publicly available data. As questions around the legality and ethics of data collection abound, it’s crucial we look at how tools like proxies are used – and not just at what they are technically able to do.

In this week’s episode of Ethical Data, Explained SOAX team (Henry Ng, Dmitry Shkolnikov, Alex Smirnoff) explores what it means to be a trustworthy ethical data provider.

Transcript

WEDF - 00:00:00: Compliance is not enough. Now more than ever it is important to be both legal and ethical when working with data,especially when providing access to publicly available data. As questions around the legality and ethics of data collection abound,it's crucial we look at how tools like proxies are used and not just what they are technically able to do exploring what it means to be a trustworthy data provider. We have Henry Ng, Dimitry Shkolnikov and Alex Smirnoff - all from our valued partner SOAX.

Henry - 00:43:00 Good afternoon everyone welcome to this portion of the World Ethical Data Forum, my name is Henry, I'm the VP of Business Development at SOAX, we are a proxy provider. I'm joined with my two colleagues Dimitry and Alex. Feel free to pass over them for a quick introduction before I jump in.

Dmitry - 00:57:00 Okay hello everyone, my name is Dmitry and I'm Head of Compliance at SOAX

Alex - 01:03:00 Hi everyone I'm Alex I am CISO at SOAX.

Henry - 01:05:00 Brilliant thank you very much. So, yes we are SOAX, a UK proxy provider and today our topic is focused around safety and awareness that is required to create safety around the idea of ethical data. So the access to data is growing on a regular basis, year after year, day after day, and with this continued development of access to data we can no longer rely on just company compliance that is always a starting point and it will be the cornerstone of safety when it comes to data aggregation, data collection, anything in this world of ethical data. However, we need to start putting more owners on not just one party but everyone that is involved in collection of that data. This is to help maintain not only safety but the safe use of this data moving forward. You need to push past that idea of just legal and ethical data when providing and sourcing data that is publicly available across the world but we also need to help educate those that are sourcing the data from the latter end.

Today, myself and the team from SOAX, like I said a UK-based proxy provider,want to show how proxy providers are aiding in clear safeguards for both providers and data sources through education and a system of checks.

So as a starting point we will pass over to both Dmitry and Alex in terms of describing what is trustworthy data the idea that many see proxies and the use of proxies as a gray area that can be used for good or bad is a key question that we face every single day because we can be used to collect data for, you know, positive purposes in terms of advancing business and business analytics but we can sometimes be seen as an industry that can be used for negatives where some people might use it for malware or even in some cases fraudulent activity. So passing over to both Dmitry and Alex.

The first question we want to start with is the idea of proxies: good or bad? And why we need them, and whether we do need them, or whether we should just kind of eliminate them overall. So what are your thoughts Dmitry and Alex?

Dmitry - 03:15:00 Okay, so, thanks for the great question, Henry. Well, I'd like to start from the very beginning of the internet and just mention that internet was built based on the equality principles, and that means that everyone has equal rights to access the data. So proxy is a tool which helps to establish this right and to execute this right for every person. When you say malware and other bad things, okay, sometimes and maybe pretty often people say that proxy is associated with malware but I think it's a wrong approach because computers are also associated with malware but no one blames computers in anything bad, so proxy is a tool which helps the community to execute their right to access data. It's not about anonymity or some bad things, it's just a tool which helps people from different countries to access the data, to collect the data, and to do something for public good. Alex what's your thoughts here?

Alex - 04:31:00 Yes, thanks Dmitry for a good point that it's not really about anonymity. If you need anonymity, there are other tools like Tor that do it better and really leave no trace. Our goal at SOAX is, when providing this kind of service, is not becoming a tool of choice for the bad guys. So we are a bit proactive about security but we also care about data privacy for our customers and, well, thankfully, to technical limitations how things work here, we do not take in the user data. And I think we are doing our best both to keep our customers safe and our partners who provide SOAX proxy services. To keep everything safe for them on their side and I'm still having the great servers.

Henry - 05:30:00 Brilliant, so from, obviously, a VP of Business Dev side we look after a lot of the work that sales do on a regular basis and we always try to vet the use cases of our clients.


We actually boil it down to who we're trying to target, how we're trying to target what their use cases are, and what verticals they belong to.

Now that's a great place to start; however, there are still negative use cases that come through and in this idea of safety starting with awareness, and this is probably a great question for Dmitry, this idea of kind of data privacy and creating awareness around protection of data privacy, would you say it could be considered like a double-edged sword because what we have is one side where people are trying to use the tools and source data and from the other side people's data is being collected and kind of sourced from a latter side.So how do we make sure that we have the right kind of KYC in place to protect both the end user and the data source? What have we got in place that really helps advance the data safety and kind of awareness of how we are protecting that data?

Dmitry - 06:42:00 Yeah, that's also a very great question and it's a pretty common scenario when the same data could be used for good or for bad. From the technical perspective it's barely possible to identify which way the data is being used, so we have to perform a thorough investigation of the customer - what exactly they are doing, what is their business model, and how they are going to use the data, because if it was I'm-gonna-do-something bad, we just cannot allow them to use proxy and we sayto them: "Okay guys, thank you very much, goodbye! And let us see you never again." But if you see that the company is legit and they're doing something good, and they're creating a nice product which would help the community, then you guys are welcome

Simple example is price monitoring, when some companies try to access marketplaces and we don't know what exactly is inside the data packages, they are encrypted, we respect customers' privacy. On one side it can be the real price monitoring and the market intelligence, which is definitely good and it helps the business to grow, but on the other way it's the same technical button could be if someone is trying to bruteforce the merchant accounts of the marketplace and do something bad. In this case, compliance team breaks in and says: "Okay guys, please tell us a bit more about your business, could you tell us about your customers, could you show us some documentation?" and so on. We do some scrutiny and then look for a track record of the company and if we see that the company is doing exactly what they state then yeah, it's fine the everything is proxy. Otherwise it's too risky. 

Henry - 08:56:00 And that makes perfect sense. I think as the market develops with data collection and more and more people are getting involved in this type of industry and we see changes in markets and changes in the direction of how the industry is moving and these stricter guidelines of how KYC is applied, and how we have compliance in place, but also want to raise awareness of how data is being used. Some clients we have that come to us want to try and use proxies as a way to help improve views on things like videos and from our point of view that's a non-ethical way to utilize data. You're fooling the public and this is why not only from a compliance side but everyone within a lot of product companies, not only SOAX, are educated on these small details to look out for the areas that we need to be aware of before selling to a customer.

Now from both Alex and Dmitry's point of view that the market is moving and the market is changing, what would you say are some practices that providers should be using and players should be using to maintain the transparency in the market and maintain transparency when they're utilizing data and utilizing kind of proxy tools. 

Dmitry - 10:11:00 That's also a very good question and it's a very big topic to discuss. I'll try to be brief. My belief, I think that the providers should exchange the data about bad actors, should have some kind of a database of bad actors on the market, so no one would let them in. Speaking about the general practices, I believe that KYC is a must and every provider should do as much as they can to understand who is the customer and what exactly they are doing, why do they need proxy, why they cannot use the old school technologies and this check should be based not only on the legal basis, but also on radical principles like make no evil, do no harm. So I tried to be as brief as I could.

Henry - 11:21:00 What about you Alex, have you got any views in terms of improving transparency? Maybe from a security standpoint for both the players and the providers within the data markets?

Alex - 11:36:00 Yes that's important part that we need to be fully transparent to everyone. Also, to the end suppliers of the proxy services because this implies a partnership with people who actually run this endpoint where proxy happens, who actually provide the final data access point.

Henry - 12:43:00 So we need to make sure that everyone knows what happens there, that we are able to protect them, and also that they are aware that this service is provided with their consent because there are a lot of proxy providers that do not have this kind of concept in place and essentially they're using a kind of botnets which is definitely not what we are going to do and we need to check our partners as well to make sure everything is ethical on that side as well.


So you've mentioned our partners and as a market the quickest way to grow, and even SOAX ourselves we have a reseller program, and the idea of resellers in the proxy world and also in the data world is a growing thing and it's a process that is going to keep developing over the next couple of years.

So how would you, from a compliance side, how would you look at resellers and remove the idea that botnets can happen, a fraudulent activity could happen? What are some safeguards that people in the data market could do in terms of raising awareness or protecting themselves from activities like this?

Dmitry - 13:26:00 That's a very good question as well. You know, there's a compliance officer. The first thing I would say is improving KYC on all sides and for all parties, so if we talk about resellers they should also implement KYC and the proxy who is working with resellers, they should demand their reseller partners to make KYC, the KYC policy and regulations should be based on the proxy regulations and policies. They should not be lighter than the original ones so no one who would not be able to pass the original proxy KYC should not be able to pass it on the reseller side.

They should be aligned and it can be done through conversations. This is the part when we need transparency on all sides so every proxy provider needs to talk frankly and openly with reseller partners, say "guys here is the policy you need to implement, you need to provide some proof that you've done this" and also they need to be open for some suggestions so it's more about conversation, I think

Henry - 14:52:00 Alex, have you got any views on the idea of removing that danger of fraudulent activity at all?

Alex - 14:55:00 Sorry, I'm not sure I understood the question.

Henry - 15:00:00 Yup, so the idea of resellers and the dangers, like you said, of botnets and potentially fraudulent activities have not only our own end users but the resellers' end users. How do we protect the resellers' end users and make sure that resellers are ethical in their own ways?

Alex - 15:18:00 I don't think I have much to add to Dmitry's words, I would say the main principle is no matter how long the supply chain is in either direction, we need to make sure that the same principles are forwarded over each step and the requirements are always the same


Henry - 15:00:00 Brilliant, so just to wrap up, really this idea of safety starting with awareness, we as a company and we see a lot of other companies who are involved in data extraction, data collection, whatever it might be within the data world, needs to raise awareness with their direct customers in the first place.

As a starting point we need to be the ones that spearhead the idea of actually knowing what our customers are looking to do with the data they're collecting or the proxies they are using so as a company SOAX has a solid foundation of KYC but we also have a solid foundation of what our use cases and approved ethical use cases will be and as part of our process when we're discussing with customers and we're discussing in forums like this we always want to raise the awareness that there is a clear divide between what is ethical and what is unethical. Our main aim is to educate everyone who is involved in the market to make sure that we have this clear divide and that those who are entering the market aren't steered in the wrong direction or have the wrong idea about how data can be used.

Overall, to kind of summarize, we want to focus on knowing our customers but not knowing just our immediate customers but every single customer down the line and within the supply chain, like Alex said, to make sure that we have a well-informed and knowledgeable base of individuals who are utilizing this data and, therefore, raising the overall awareness by education and creating a safer way to utilize both data and improve the proxy.

That is it from our side of the talk. Thank you very much for joining. If you do have any other questions please feel free to reach out to us and if you have any questions around proxies or data we are happy to answer any of those thank you very much.

Henry  - 00:26:16:

Ethical Data, Explained is brought to you by SOAX, a reputable provider of premium residential and mobile proxies, the gateway to data worldwide at scale. Make sure to search for Ethical Data, Explained in Apple Podcasts Spotify and Google Podcasts or anywhere else podcasts are found and hit subscribe so you never miss an episode. On behalf of the team here at SOAX, thanks for listening

Read full transcript

Dmitry Shkolnikov & Alex Smirnoff

Dmitry has 20 years of experience in the IT field successfully developing compliance processes for the benefit of both data-reliant organizations and their end-users, delivering innovative solutions to accommodate constantly changing data legislation.

Alex has 30 years of experience in cybersecurity and privacy. He is an entrepreneur, mentor, ethical hacker, open-source contributor, and a frequent speaker at conferences. Alex is passionate about the power of the internet and believes that residential proxies are an essential part of creating a global, transparent marketplace.