Return to blog
Posted on October 31, 2016

Scared Yet? Why Not?

Consumers merit a consistent set of privacy rules for their online activities, regardless of the means by which they access and use the Internet. It will leave the typical user either wryly amused or downright outraged to learn this tidbit: gambling casinos outstrip websites and apps in regards to personal privacy measures and general security.

You are literally better off playing the slot machines while three-sheets-to-the-wind in Vegas than ordering a basic set of bathroom towels from an online retailer, or (worse yet,) making simple armchair investigation about your- or your family members’ set of medical symptoms.

Just why is this, and what is being done? Websites and apps are continually excluded based on the FCC’s interpretation of its regulatory authority limits. Because of this, there are three specific issues that individuals, IT managers, and CIOs should watch in the next 12 months: drones, encryption methods and standards, and the implementation of a new privacy directive in Europe. These are important and potentially game-changing in 2016.

But some alarming business is afoot. And the people should know.

The Early Days

Anyone else old enough to remember that heady era, where the Internet (we called it the “World Wide Web,” more often than not, back then) was something of an uncharted, unpoliced free-for-all in which chaos reigned. Eventually, some self-governing began to fall into place. What’s known familiarly as the crypto-wars actually got its official start in the 1970s, when the US government attempted to classify encryption as munitions. But in what way can we clutch the concept of  freedom when governmental (and private-, for that matter,) involvement is so insidious?

The FTC’s control including regulatory authority and lawful search ability of websites and apps are counter arguments that their exclusion could harm consumer privacy protections. Yet that very exclusion creates the very real potential for conflicting rules and gaps in online privacy protections for

A Martyr For the Cause

When programmer Philip Zimmermann released free software called Pretty Good Privacy (PGP), which can encode ordinary email, the Department of Justice launched a three-year criminal investigation of Zimmermann. It’s use in other countries may have been the last straw, as American legislative authorities considered anything more powerful than forty-bit encryption illegal to export. Up until the early nineties, only large corporations and (our favorite), the government were the only legitimate users of encryption technology.

Over the past two years law enforcement agencies both stateside and overseas have been voicing loudly concerns about the “Zero-Knowledge” approach to encryption. Zero-Knowledge services allow users to encrypt sensitive communications and data using their own generated keys unlockable by service providers. Some of our tech behemoths including Google and Android have started letting users encrypt their mobile devices using private encryption keys.

The FTC and multiple other agencies are all a-twitter as they try to figure out which agency has jurisdiction for their privacy “problem.” More troubling, the Commission’s increased privacy scope, coupled with the FTC’s decreased privacy scope, could create a gap in consumer coverage, which neither entity can satisfactorily address.

Ostrich: It’s Not a Viable Approach

This year, and in the months that follow, issues regarding privacy—whether in business or in personal use—are going to take center stage in media and think tanks. However the conversations unfold, one this is certain: thing will change with regards to the way people interact with technology, and the companies that provide it.

Most computer users are unaware of how much of their data is actually stored and used, but that is poised to change as events such as the Starwood Hotel Chains and Yahoo breach (along with water cooler chit-chat involving SnapChat and PokemonGo) have folks feeling more skittish than ever. Prior, users had the mistaken impression that, by checking certain intentionally (deceptively) reassuring boxes, that their data was secure. The fallacy here is that privacy is not an “opt-out” function. The default setting for most applications, programs, and websites is this: which will enable the biggest data dump?

Social media, which many rather naively thought existed altruistically as a way to share personal, fun details of their lives, prompted a large part of the population to willingly divulge enormous amounts of private data. Facebook, Instagram, Twitter, and the rest are not non-profit public services—they are vehicles to deliver targeted advertising and earn money in our comfortably capitalist society. The more information a company can collect about a user, the more effective the demographic targeting, which leads to greater revenue. In order to fight being quite so easily pegged and analyzed, users have finally begun to take precautions to protect their privacy. And after those massive security breakdowns, some companies are finally stepping up their game, as well.

New Conflicts, New Conversations

As potential vulnerabilities become more obvious to the public, and more apps and websites are publically called-to-task for unethical and even fraudulent behavior. Even apps as seemingly innocuous as flashlights for your phone or friendly (even benevolent) ones that track your fitness, but are still culling info for marketers about you even when the app is turned off (we’re talkin to you, RunKeeper.) As potential data vulnerabilities become public, the nefariousness of seemingly harmless background apps force the hands of their creators, who must quickly take steps to make their product more “secure.” This often functions as a “benevolent” salvo, giving the people what is cynically assumed. And the PR machine continues rolling . . . faster, now.

When it comes to guarding data, whether it’s your company’s financials, your personal email, or literally anything you wouldn’t be okay with the world seeing, nothing is easy anymore. Individuals, governmental officials, and corporate interests are often at loggerheads over what can or can’t be accessed. This even happens between international allies. For example, The US and the European Union. Recently, the European Court of Justice (ECJ), struck down the 27-year-old “Safe Harbor” agreement between the EU and the US.

Consumers need and deserve to have a consistent set of privacy rules for their online activities, regardless of the means by which they access and use the Internet. This is new territory, even if the technology and availability is decades-old. The ubiquity of Internet commerce, communications, civic business, and more underscore the need for core defensive capabilities of the companies that provide critical Internet services.