AI & ML

The Constant Privacy Invasion That Comes Along With AI and SaaS

Executive Summary

  • Privacy invasion has become a constant feature of AI.
  • This article covers the privacy invasion by Grammarly.

Introduction

Companies that use cloud and AI are habituating the population to accept close to a complete loss of privacy. As just one example, this is explained by the service that I use to perform grammar checking. 

Although, it should also be underscored that each of these services transmits the text written to a server, and each company comes up with some excuse to keep the data. 

Grammarly

Grammarly is an online grammar checker that we use that we came to find out copies all of your checked content to their servers.

Here is Grammarly’s excuse for keeping all of your data.

Once we receive your data, we protect it on our servers using a combination of technical, physical, and logical security safeguards. The security of the data stored locally in any of our Software installed on your computing device requires that you make use of the security features of your device. We recommend that you take the appropriate steps to secure all computing devices that you use in connection with our Site, Software, and Services.

We were actually not aware that Grammarly would keep our data when we began using the service. And I would wager the vast majority of subscribers do not know that Grammarly does this, and would be unhappy to learn that they do. And since many people use Grammarly for work, it means that Grammarly is assuredly presently in possession of enormous amounts of company data, those companies consider private.

This is, of course, also true of Google. 

This is increasingly what companies do.

They offer a service, and then they keep the data. The data has to be protected because Grammarly keeps it. If it deleted the data, it would not need to protect it. 

If Grammarly learns of a security system breach, we may attempt to notify you and provide information on protective steps, if available, through the email address that you have provided to us or by posting a notice on the Site. Depending on where you live, you may have a legal right to receive such notices in writing.

They may attempt to notify you. 

But they aren’t apparently making any promises. And once they are hacked, informing you does not really change the fact that now another entity has your data. Grammarly could alleviate this concern by either not keeping data or keeping data for a short period of time and deleting. But instead, Grammarly appears to keep the data in perpetuity. This is really completely unethical, and Grammarly’s reasoning for doing it amounts to nothing more than lies. 

It is curious how so many companies need to keep your data only to “improve their service” and to “better serve their customers.” No no, it has absolutely nothing to do with mining that data for a secondary business model, which in many cases turns out to be the real business model.

Grammarly much prefers to expose their subscribers to the threat of having the information leak so they can make more money. 

Removing Data from Their Servers Means Deleting Your Account With Grammarly

You can remove your Personal Data from Grammarly at any time by deleting your account as described above. However, we may keep some of your Personal Data for as long as reasonably necessary for our legitimate business interests, including fraud detection and prevention and to comply with our legal obligations including tax, legal reporting, and auditing obligations.

Unlike say Google location services, Grammarly states that the only way to delete previous data is to close one’s account.

Why?

The previous text is not necessary for processing new text.

The algorithms have already been tuned up to their current state. Grammarly is storing information; it does not need to store.

How Grammarly Intends to Monetize Its Users

It is not difficult to see how Grammarly will pitch its value to a future company that may acquire Grammarly. They won’t expect their valuation to be based upon their monthly subscriptions for the service they provide, but rather, they will want to be also valued for the data they have collected and the insights that they can gain from this data.

The natural use is like Facebook to use the data to create profiles to then sell the data to advertisers, which through the writing of the subscribers, through simple word or term count, will be able to say what areas interest the subscriber. Grammarly states that they currently do not sell data, but they do share the data with third parties. What is being shared here, and what is their definition of “sell.” If the third party just accesses the data or obtains insights of the data, but does not copy the data to its servers, then is this the definition of “sell?” Furthermore, a simple change to the terms would allow them to do just this, to hand over the data to a third party, and most subscribers would not notice. And let us say that Grammarly violated its own privacy policy. First, who would know? And second, who would protect subscribers? The answer is no one. There is no regulatory entity that looks into services like Google Docs and Grammarly. 

And subscribers only have the alternative of deleting their account, but even then, Grammarly states it can still hold on to the data as it sees fit

Grammarly Does not Monitor Your Data….as a General Rule

As a rule, Grammarly employees do not monitor or view your User Content stored in or transferred through our Site, Software, and/or Services, but it may be viewed if we believe the Terms of Service have been violated and confirmation is required, if we need to do so to respond to your requests for support, if we otherwise determine that we have an obligation to review it as described in the Terms of Service, or to improve our algorithms as described in the User Content section of our Terms of Service. In addition, if you request our human proofreading services, our proofreaders may also read the User Content you submit for this specific service, as necessary to perform our contract with you and for our legitimate business interests. Finally, your Information may be viewed where necessary to protect the rights, property, or personal safety of Grammarly and its users, or to comply with our legal obligations, such as responding to warrants, court orders, or other legal processes.

Having users go through subscriber data would be far too time-consuming, so saying they don’t is much of a concession. The objective is to run algorithms through the data that do things like perform the counts of the most common words. However, I have violated Grammarly’s term of service myself. How did I do this? I used Grammarly to check too many words for a given period. Here is the notice from Grammarly that came to my inbox. 

This notice is inaccurately named. It is titled Plagiarism Notice, but it is saying that the plagiarism check will be removed because of my high usage that violates their terms of service. 

This high usage on my part may have triggered a manual review of the material. This means that Grammarly has access to the book I am writing before I publish it, which is not what I ever intended.  

After we learned this for researching this book we installed the Grammarly browser plug-in for our Brave browser, where we do most of our browsing, and left the Grammarly plug-in for Chrome where we do writing in Google Docs and WordPress. 

The following are insightful tweets on this topic. 

Right, because Grammarly does not have them. 

That sounds like a problem. Grammarly keeps all of your corrected data and has virtually no security experts. 

What a disaster. Even if Grammarly has good intentions, they could get hacked at any time. And they are exposing all of their subscribers by keeping the information they do not need to keep. 

Grammarly does not address the security concern. 

Conclusion

This has been one example of a company that keeps data. It does not need to keep, and long beyond the point where it needs to have access to the data. This is the new business model of so many SaaS companies.

References

https://www.grammarly.com/privacy-policy#grammarlys-business-model