Twitter and Facebook are the beacon examples of this issue. People like being famous, and we want followers! And the evidence shows, the more personal information we put out there, the more people consume it. Today, on International Data Privacy Day, we explore the social and technical norms and issues of privacy in the network and the cloud.
International Data Privacy Day is an event that asks, "In this networked world, in which we are thoroughly digitized, with our identities, locations, actions, purchases, associations, movements, and histories stored as so many bits and bytes, we have to ask - who is collecting all of this - what are they doing with it - with whom are they sharing it? "
One of the official sponsors of Data Privacy Day is the recently launched, The Privacy Projects. Interestingly, the other official sponsors include Google, Microsoft and AT&T. Each of these organizations themselves have been under intense scrutiny for privacy policies in the recent past.
Google and Microsoft have industry-leading cloud-computing initiatives. Google Apps, and Microsoft Azure both want to use the cloud for productivity applications. Also, both companies have significant investments in the future of healthcare and becoming middleware for health information online. It is clear that both of these organizations have a stake in data privacy as the physical infrastructure moves into the cloud.
Is it a Technology Problem?
We've compiled a few considerations to keep in mind about the underpinning technologies that power our online lives. Hard questions keep coming to mind: Is the system that we use to communicate secure at all? Is it even possible to build a privacy-enabled application on top of the 2010 Internet?
- Internet Protocol (IP) itself has been proven to be hackable in many ways, shapes and forms. Will it ever be possible to build a truly private experience on this protocol?
- Can the communication networks win the encryption arms race? This month, the 64-bit 3G encryption used by a majority of mobile providers was cracked. Researchers quickly demonstrated that they could optimize around this weakness and penetrate the 3G encryption. Our voice traffic and data traffic can now be seen by others - anytime.
- Anonymous data is not really anonymous. Paul Ohm's recent paper illustrates how easy it is to take current best-practices in data management and prove they're not worthy of our trust. "Scientists have demonstrated they can often 'reidentify' or 'deanonymize' individuals hidden in anonymized data with astonishing ease."
- Social networks are actually taking the opposite approach to privacy. Facebook is an astonishing example of where the rules of engagement have changed. Mark Zuckerburg's recent statements that "privacy is no longer a social norm" show with remarkable clarity that it will be especially difficult to achieve privacy if we're not actively trying.
- Search history has been a constant issue with privacy. Google is in perhaps the most difficult position by both having the history of what we look for on the Web and a reason to sell it. Recently it was reported (again), with relatively little fanfare, that Google has a backdoor that allows the federal government to view the search history for a user. Yikes!
- Virtualization and cloud computing come to the rescue (or not). The biggest trends in computing this year actually advocate taking data outside of private data centers and putting it into co-located computing centers, or running multiple instances of software on one physical host. The benefits are tremendous, but there are also significant unsolved privacy issues that are going to continue to lag the adoption of cloud solutions.
Or is it a Motivation Problem?
This all begs a question of motivation. Many companies monetize sharing data, or promote the existing state of affairs in the technology stack. Others have questioned whether it is desirable to have a tamper-proof private network solution, even if such a technology exists. Would that top technologies companies promote a private network to their customers.
- Google may have a motivation problem. By monetizing heavily on "knowing" what we do, it is hard to see how Google will be the best guardian of our online data. Google clearly wants to do the right thing, but will the approach to data management ever catch up? That being said, major progress is going on at the company that tries to not do evil, including the recent launch of the Google Privacy Center and the establishment of the five privacy principles.
- Cisco provides a good portion of the technology infrastructure for computing. Cisco was built on the IP and has wielded IP to its advantage in gaining traction in the enterprise and in voice networks. Would Cisco be willing to take an aggressive approach in guarding citizen privacy if it risked the networking architecture franchise?
- Microsoft has been criticized and brought into court for its efforts that breach anti-trust and user privacy. Microsoft may be the most experienced company in the world when it comes to seeing the challenges inherent in having the keys to peek into a user's data but choosing not to use it.
- ATT is a network company that wants to avoid be relegated to a just a "dumb pipe". The company has been brought to task in the past by the EFF and others for its use of private data and billing information. It seems that all the networks will be challenged in producing a truly private network. It is also a question of whether they have the ability - whether they're blocked on in a technical or regulatory way - to monetize personal data enough to truly be a risk for citizens.
What Should a Mere Mortal Do?
The leading thought leaders have not been silent on the balance of privacy and trust. These leaders leave us with a bit of hope that smart people, rather than smart companies may offer solutions to online privacy.
- @identitywoman - Saving the World with user-centric identity - "People are not free to leave with their info these systems if they lose trust. #ftcprivacy sorry LinkedIN"
- @adrielhampton - Govie. PI. Gov 2.0 Radio. Ran for Congress. - "RT @EFF Help EFF Research Web Browser Tracking http://eff.org/r.f82 Check out our new research site, Panopticlick! #privacy"
These people - and many more - are working to make sure our backs are covered in this new world of trade-offs between our privacy and the free Internet.
Should there be a technical solution offered for a private Internet? Under what conditions would you support it, if offered?