Here’s the thing about privacy: When there weren’t so many ways to compromise it, it was pretty easy to protect. But with privacy having evolved into an immensely more complicated concept than it was pre-Internet, protecting it has also become more complicated.
Perhaps more than any year that preceded it, 2018 demonstrated how little attention we’ve been paying to just how fragile our privacy has become. The year began with the ominously scandalous revelation that Cambridge Analytica had harvested millions of Facebook profiles in an attempt to influence voting behavior, and it ended with a flurry:
-Marriott revealed one of the biggest consumer data breaches ever, an incident that may have exposed the personal information of more than 300 million customers, and is now facing multiple class-actions suits;
-Google revealed not one, but two API bugs that exposed the data of more than 50 million users of its Google Plus social network. This prompted the company to say that as of April it’s shuttering the consumer version of the service, which was launched in 2011 to compete with Facebook but ultimately evolved into one of the company’s most glaring failures.
-IBM came under fire for the privacy practices of the Weather Channel app it acquired two years ago, with the City of Los Angeles having filed a lawsuit that claims the apps deceptively collected, shared and profited from the location data of millions of American consumers. (The app boasts 45 million active users.)
Consider how many apps are playing fast and loose with location data, add in AI-related privacy invasions that smart devices such as Amazon Alexa have introduced, and a clear trend becomes apparent, one that didn’t escape the notice of the privacy watchdog Electronic Frontier Foundation: tech companies shoulder most of the blame.
And as any reasonable person should assume, these cases are just the tip of the iceberg when it comes to our minute-to-minute locations, thoughts and feelings becoming public fodder. Case in point: A recent New York Times report presents a chilling case for just how rampantly mobile applications are using our locations in ways that are framed as harmless but can actually be used to pinpoint not only where we are throughout the day, but also associate that data with our identities.
Apparently, it takes this much activity to get decision makers to take notice. The U.S. has long been looked at as easily the most lax of all Westernized nations when it comes to protecting consumer privacy, but that laissez-faire approach may finally be getting some serious re-consideration. Dozens of current and former FTC officials, lawmakers and consumer advocates have, in recent interviews, called for the FTC, which has served as the country’s de facto privacy regulator, to get much more aggressive in holding companies’ collective feet to the fire.
“They have been asleep at the switch,” Sen. Richard Blumenthal, D-Conn., the ranking member of the subcommittee charged with overseeing the agency, told the New York Times.
This is not a sustainable situation if American tech companies want to remain in good global standing. In a year in which Europe’s stringent General Data Protection Regulation established new standards for protecting consumer data privacy, the gauntlet has been laid: Either get your act together, or be ready to pay the piper.
In other words, waiting for the FTC to slap your wrist before you shore up your data privacy practices is a strategy for failure. Better to proactively look for solutions that can turn data privacy into a strength.
Amid this desperate need for better privacy safeguards, a possible “magic bullet” has emerged in the form of blockchain, a technology that was created to serve as the transaction ledger for bitcoin. As a distributed list of data “blocks” linked using cryptography, a blockchain is resistant to having data modified, but perhaps more important, it removes the attractive central repository data thieves find so enticing.
All of this is why, as a recent Forbes report noted, more and more organizations in a variety of industries are experimenting with blockchain as a data privacy and security solution.
But whether or not blockchain or other technical answers to the privacy issue prove effective in the long term, consumer data privacy is destined to become a point of legislative contention in the near term. With tech firms lining up behind a proposal from the Information Technology and Innovation Foundation that calls for replacing existing federal privacy regulations, lawmakers are taking umbrage with the idea that tech companies can watchdog themselves, a battle of rhetoric looms.
Whatever privacy path results — and 2019 figures to be a pivotal year on that journey — here’s hoping the ultimate winner is consumers, who are the ones all of this grandstanding is supposed to be about.
*** This is a Security Bloggers Network syndicated blog from RSA Conference Blog authored by Tony Kontzer. Read the original post at: http://www.rsaconference.com/blogs/2018-wasnt-exactly-a-banner-year-for-consumer-data-privacy-expect-it-to-be-a-big-topic-in-2019