Benjamin Franklin once said, “Those who give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” Yet if privacy is an essential liberty, then today many people use technology to do just that. In pursuit of the temporary safety offered via the convenience of our smartphones, many people become enslaved by them, and the myriad of applications quietly monitoring their every move from day to day – eavesdropping on private conversations to recommend more relevant advertisements a moment later, recording geo-locations to ask for reviews on local establishments recently visited, counting the miles you drive and the steps you take, everything you do from the moment you wake. Like Pavlov’s dog, we condition ourselves to respond automatically to each push notification, or vibration. “The Matrix” may not have you (yet), but your smartphone sure might.
Phones are just the beginning - the proliferation of interconnected technology makes it easy for companies of all sizes across all industries to collect frightening amounts and types of data. We might like to think all these ones and zeros will propel our innovation forward and improve the quality of life for all mankind -that the ends will justify the means. Unbridled optimists might envision a world with globally distributed supercomputers which can’t be shut down, perhaps linked with instantaneous facial recognition software operating on drones by land, sea and air-friendly robots which do our chores. But as they say, the road to Hell/Skynet is paved with good intentions. With this in mind, maybe we ought to consider Ben Franklin’s point -if not to prevent the robot apocalypse, then at least to give earth’s current inhabitants back their privacy.
Pitfalls of collecting user data
Big data is big business. In today’s environment of mass market identity theft (often orchestrated through data breaches impacting millions or even billions of people), aggregating huge data sets isn’t just big business, it’s big risk. Data can be used to unlock tremendous value – for or against you. If collecting, aggregating and learning from relevant data sets is essential for success in business today, then securing it is also.
Regardless of the size of your enterprise, there are no exceptions. Huge, well respected organisations are making headlines - yet these are the kinds of organizations with the financial resources to bounce back. Incidents at smaller enterprises may not make headlines, but can be company killers.
For many decision makers, the initial instinct is “I want all the data, the more the better. Give me everything and after I’ve got it, then I’ll decide what to use it for -better to have it than not have it. Maybe I can even market this data to 3rd parties as an additional revenue stream.” It’s not too far from a scene in Lord of the Rings; “My data, mine …my precious!” Indeed, this is how many organisations seem to operate, and this also tends to create many problems. Worse yet, this approach frequently fails to adequately respect the privacy interests of the customers whose data is being collected.
Finding a Balance
A better practice would be to ask questions like “Since data is a liability, what is the efficient level of liability for my company to accept? Which data is critical for our operations, decision making and business intelligence, and which is an unnecessary liability? At what point are we opening ourselves up to an endless stream of subpoenas or the risk of a data breach and the subsequent PR/legal fallout? Who needs access to this data, and how do we ensure that it is only available to those people, and only in the moments when they actually need it?”
A company may want to collect data about user behaviour, but when leveraging that data to learn and make informed decisions, is it really necessary to link this behaviour to the user’s actual real-world identity? In some cases, that can be highly undesirable. Of course, it is essential that only the correct user accesses their account, but modern authentication solutions can do this seamlessly without leaving a liability link between user data and users themselves.
Moreover, is it necessary for individuals to have access to entire data sets? From a mathematical perspective, giving one person administrative access to an entire database dramatically increases the risks that the database will eventually be compromised (whether voluntarily and knowingly or involuntarily and unknowingly.) As long as one human can access the entire database, we should assume that eventually the wrong human will. For each additional person with full access, you simply multiply that risk. Therefore, keeping data sets heavily compartmentalised and allowing access only to those who need it, in only the moments which they need it, is a far more secure alternative. Fortunately, this capability already exists for conscientious organisations wishing to protect their users and data.
Lastly, is the data being collected even accurate? It is well known that fake accounts are often created and used for nefarious purposes - whether that means using a platform to propagate fake news, take advantage of real people who use the platform, or just detract from the overall platform value by hurting the user experience. However, fake accounts can also skew the data being collected, leading to different business decisions than might have been made with cleaner data. Although the US doesn’t yet have a Secure Universal ID system, advocating for one could make it dramatically easier to cut down on fake accounts, leading to cleaner data and better decision making.
Privacy is Coming
On 25 May 2018, GDPR took effect. Proclaimed as “the most important change in data privacy regulation in 20 years,” it’s been in the works for many years. Adopted two years ago, the regulation replaces the 1995 European Data Protection Directive. Despite this early notice and a two year transition window, many businesses are either still not compliant, or waiting to see if the measures they’ve taken will actually protect them from the steep penalties that they may incur if they’re found in violation.
This is especially true for US companies who operate globally but may not be as attuned to the difference in perspective on privacy within the EU. Digital sharing of private information in the US is commonplace to say the least, and here there are many businesses who leverage this as the core of their revenue model. Yet for these companies, GDPR imposes new standards which can impact them even outside the EU simply by collecting and storing data from EU citizens using non-compliant methods. Moreover, the well-crafted regulation serves as a model, soon to be adopted in other areas outside of the EU. Failure to be on the leading edge of this transition can put any business at a competitive disadvantage as the principles of GDPR spread across the globe -- perhaps even to the U.S. itself.
Potential fines of up to 20 M EUR or 4 per cent of total global annual revenue ought to be very motivating, but data privacy itself is most often tangential or even counter to the organisation’s mission. Since many companies don’t foresee an ROI on GRPD compliance, the primary objective is predictably to avoid fines rather than actually improve data privacy.
This is often how compliance is viewed overall. Although clever marketers might spin compliance to prospective customers as security or risk mitigation, it’s actually neither. Because the speed of adoption for these compliance requirements is so slow, they’re frequently outdated before they’re ever fully implemented. They also tend to create blind spots, where an organisation thinks they’re covered because they’re compliant, but overlooks vulnerabilities within that compliance, failing to recognise and defend against them. Rather than simply try to check all the boxes, companies would be wise to view these requirements as minimum thresholds which ought to be exceeded wherever possible.
Liberty AND Security
Comprehensive data sets might be valuable -and they definitely can be. But just like the “one ring to rule them all” they can be used against you just as easily as they can be used by you. The more information you collect, the less your customers will trust you. With major data breaches happening so frequently, they’d be right to be afraid. Whether or not the information is being used for or against them, perception is reality and fear is a strong motivator. The US Supreme Court has consistently held that privacy is a basic human right -and asking users to waive that right by checking a box on a lengthy user agreement they’re unlikely to read is questionable at best. The need for data and the need for privacy must be effectively balanced to avoid problems.
Ultimately, any organisation would do well by using a more balanced approach to avoid creating an unnecessary liability for themselves. By adopting modern approaches to authentication and Secure Distributed Storage, which leverage “privacy by design,” they can externalise information that’s unnecessary for day to day operations and decision making while de-linking valuable user data from the individual user’s real-world identity. This not only avoids creating risks and compliance headaches for the enterprise, it protects users data and privacy, simultaneously building trust for all involved.
Although privacy and security are tangential to the mission of most organisations, with GDPR, privacy is coming. It will get here before Skynet, and if you’re not ready then it will cost you (in fact, privacy is coming sooner than winter since Game of Thrones is still a year away). It doesn’t need to be painful, and with the right approach, we can even satisfy Ben Franklin - not trading liberty for security, but instead benefiting from both.
Perry Chaffee, vice president of strategy, WWPass
Image Credit: Flickr / janneke staaks