The Future of Online Privacy

I am giving a keynote speech on this topic at the upcoming MEF Global Consumer Trust Summit in San Francisco, and, as such, thought I would share some of my thinking regarding consumer trust and online privacy.

Unless you live in a cave and have never touched a computer or smartphone, your most intimate secrets and personal information are for sale.

Indeed, it’s now old news that everything you do online is captured, packaged up, resold and used for a variety of purposes.

But what most people don’t understand is how quickly online privacy invasion is evolving.

Online Privacy Issues and Concerns Are Accelerating

Historically, you’ve been told that the companies you interact with online take steps to safeguard the privacy of their users and, while they may sell data in anonymous or aggregate form, they absolutely do not share their users’ personal information directly with other companies.

In the past few years, that “red line” of privacy protection has been crossed.

For example, if you look at this infographic from Neustar, you’ll see an example of how companies are now using personal information that is specific to an individual to sell things to them.

In the infographic, a hotel website uses Neustar’s “Authoritative Identity” system and can determine that an individual named Chris who is visiting the hotel website lives in the mountains of Denver, visits Hawaii twice a year, is enrolled in one hotel loyalty program and two airline mileage programs, has a P.O. box and no landline, uses 4 different email addresses, and owns a mobile phone, tablet and laptop.

Clearly, Neustar knows a lot about Chris, including, no doubt, his full name. The fact that Neustar doesn’t directly provide the name to the hotel site is not that relevant to a robust discussion on online privacy issues. Everything about Chris is known and his private life details have been collected, packaged up and monetized.

Data Mining on Steroids

Data mining is the technology that companies use when they aggregate consumer data and use it to target offerings to them.

The advent of Big Data took data mining to new heights. Before Big Data, we didn’t have affordable computer, database, storage and processing technologies that had the scale to sift through massive amounts of data. In 2006, that started to change with the introduction of big data software like Hadoop, which used distributed storage and distributed processing to introduce a new era of data mining that could handle quantities of data that previously were too big to mine.

Today, Big Data is a big business. We’ve layered in machine learning technologies to process all of the personal data that has been aggregated and the companies that possess this technology know everything about us — and often more than even we know about ourselves.

Remember the case in which Target’s data mining software determined that a young woman was pregnant even before her father knew it? That was four years ago, a lifetime in the world of technology evolution. With the many improvements in personal data mining since then, one can only imagine what companies can determine about us now.

And guess what? The biggest limitation of Big Data data mining is about to go away. Hadoop and other vendors solved the software problem for analyzing vast quantities of data but that just led to hitting another bottleneck: hardware.

The computers’ inability to put more data in memory is what is currently limiting Big Data solutions from handling the next order-of-magnitude increase in data volumes. Co-creator of Hadoop says that new memory technologies that are coming “give you orders of magnitude faster access to persistent storage and also, combined with that, hardware that lets you access that memory over a network without involving the remote CPU, so basically every machine on a cluster can have micro-second-level access to all the memory in that cluster. And that’s going to be a game changer. “

A game changer indeed. Your personal information and your online privacy, as compromised as they are to date, will now be sliced and diced, bought and sold, in ways that you cannot even imagine.

Think about what could be concluded about you by feeding every email you have sent and every website you have visited and every credit card purchase you have made into a massive big data engine that uses artificial intelligence to make conclusions about you.

The Internet of Things

The Internet of Things will dramatically increase the number of touchpoints for digital privacy invasion. When all of the Things that we interact with are online, all of the private information about what Things we own and how we use them will undoubtedly be cut up and sold to the highest bidders.

If your car or refrigerator knows something about you, trust me that data miners are going to want to feed that information into their datasets.

Technology Breaches

So far, I’ve only discussed legal uses of your personal data.

Now, take into account that your personal data exists in countless databases out there.

With each passing week, there seems to be a new high-profile security breach in which personal data is stolen by cybercriminals. Again, your private data is packaged up and sold, whether the aim is to steal from you or from your company.

Databases are not the only target for cybercriminals. Telephony, email and instant messaging systems hold vast amounts of personal and private data, as well as vast amounts of private corporate data.

Accordingly, these platforms are targets for cyber-crooks, and in many cases, they are easy to breach, especially when corporations have not addressed the shortcomings of personal, consumer-oriented technologies that employees bring to work with them on their smartphones.

We at Infinite Convergence are addressing the massive problems and privacy threats that companies have with employees using BYOMP messaging solutions to work. Our offering, NetSfere secure messaging for enterprises, ensures that corporate and personal data are protected, and we are pleased to play an important role in stemming the onslaught of privacy invasions at both the individual and entity level.

But these privacy issues have gotten me thinking about root cause solutions.

Specifically, how can we limit the possibilities for privacy intrusions at the source?

The Solution: Giving Consumers the Privacy Controls They Need

The only way we fix this problem is to flip it on its head.

Currently, consumers must “opt out” of all the solutions that track their personal information.

A friend of mine recently mentioned to me that he was very surprised to learn that all of his movements for the past two years had been tracked by Google here — https://www.google.com/maps/timeline?authuser=0 — because he had location tracking activated on his Android smartphone. Despite Google’s assurances that nobody else had access to this data, my friend quickly opted out.

This story highlights the root cause problem.

We must opt out of invasions of privacy. To do that, we have to know that there has been an incursion. Unfortunately, we have no way of knowing who has what data of ours.

It’s true that other solutions have been proposed to this problem, most notably Do Not Track technology. But few would argue that these solutions will have any real impact on safeguarding online privacy.

It’s painfully obvious that the only way to reverse the online privacy problem is to make it such that no company can keep, access or sell our private information without our expressly opting in to give them the information and allowing them to sell it. The law must be changed to make it illegal for them to do what they are doing.

If they want your personal information, you should be the one who decides if they can have it, how they get to use it and you should never have to opt out of an invasion of your privacy.

Will It Work?

Implementing this simple solution is anything but simple. Money is at stake and billions are being made by monetizing our private data. As you would expect, the companies that benefit from the status quo are actively lobbying legislators around the world to leave things as is.

The question, then, is: Can we, the people, get what we want — peace of mind that our personal and private information will remain private?

Sadly, in the modern era of failed democracy, one would be hard-pressed to be optimistic that “opt in” privacy will become the law of the land.

But the invisible hand of the market economy may yet tip the balance in favor of privacy.

An MEF study recently concluded that trust-related concerns could hamper the adoption of the Internet of Things (IoT), projected to be a massive business opportunity for many companies. In other words, lacking consumer trust that is building because of today’s privacy and security problems may threaten tomorrow’s profits.

This means, in effect, that the tech industry is now shooting itself in the foot. Playing fast and loose on consumer privacy matters has eroded trust to the point where the opportunity costs — slower progress to IoT — are material enough that well-funded companies may decide to advocate for more privacy and security protections now in order to pave a path for bigger profits in the future.

Rimma Perelmuter, CEO of MEF, explains it well: “The business opportunities surrounding IoT are clear, but only if industry heeds the lessons of the broader mobile ecosystem when it comes to the paramount importance of building consumer trust at the outset. Our 2016 Global Consumer Trust Report demonstrated the demand for transparency in mobile apps and services with 64% saying it’s important to be told when an app is collecting and sharing personal information. This new report reaffirms the need for all stakeholders in the ecosystem to take action now to secure a viable future for such technologies.”

In other words, if you are a C-suite decision maker at a large technology or data company, it’s probably in your best interests to support my proposed “opt in” solution for protecting consumer privacy and security.