The 'Dao Moment' of Privacy
As a frequent traveler, I wasn't too surprised to see a bloodied Dr. Dao dragged off a United plane last year. The rules are straightforward: Obey airline staff or face dire consequences. All frequent travelers know that flight crews are not to be trifled with.
Dr. Dao evidently wasn't a frequent flyer. He had boarded with a legitimate ticket, so evidently felt it reasonable that he should be granted passage rather than being told he had to give up his seat. The situation escalated to airport security, which resulted in the aforementioned forced deplaning.
It was a watershed moment -- a point when the accepted reality clashes with common sense. All travelers owe a debt to Dr. Dao. He didn't give in, and his actions have sparked sweeping improvements to air travel and passenger rights. The airline may own the plane, but that isn't a license to abuse.
Step Cost of As-a-Service Model
In the same vein, we also owe Facebook's Mr. Zuckerberg his due. HIs company, like so many others, has enabled terrible things with the information we unwittingly provide. Facebook, like United and Dr. Dao, exposed that the benefits of whatever-as-a-service can come at a steep cost.
As with United, Facebook may not be guilty of a crime, but it violated the trust of its users. Facebook may have permanently lost the trust of its subscribers by violating their expectations. Facebook users expressly grant the company the ability to leverage their personal information as part of its business model.
What's the risk in more meaningful ads? The risk is abuse, and now we are likely to see improvements regarding the expectations, practices, and obligations around customer data and privacy.
Privacy has been disappearing for years. Many feign hopelessness and imply that privacy is already dead. But the anger with Facebook reveals otherwise.
Technological improvements have gradually increased our connectivity, and the telltale breadcrumbs we leave behind are lucrative to many organizations. Almost every interaction leaves a trail. Clearly, our phones and computers do, but so do "dumb" things like cars, credit cards, and televisions. The data we leave behind can and will be used to sell us something.
It's not just advertisers that want our data, but law enforcement and intelligence agencies too -- and they are increasingly getting it.
The Erosion of Privacy
None of this is particularly new. Phone records and financial transactions have long been part of investigations. What's new is the sheer amount of data individuals create, the conclusions that can be drawn from it, and the tools and methods available to exploit this information.
Improved ad targeting, revolutionary a few years ago, now seems quaint. There are simply no limits to the desire to collect user data. The websites we visit are increasingly personalized with unique ads, prices, and content. It's all legal and now deemed abusive. The Faustian deal we made to trade information for services has escalated to exploitation.
We knew that Facebook has detailed information, but we didn't know that we were complicit in sharing information on our relations. The attention on Facebook has revealed similar practices with other systems, such as Google's Android platform.
For many of us, Facebook was already on double-secret probation for its part in the recent indictments that imply foreign states are using it and other digital tools "to sow discord in the U.S. political system." A highway billboard may or may not reach its potential target, but Facebook removes the uncertainty. Facebook targets and delivers personalized messaging with pinpoint precision.
Today there's a backlash against Facebook, but this is more than a scandal du jour. It's going to evolve into a broader discussion about privacy. It's the proverbial straw to a series of related privacy issues, such as recent legislation that allows Internet providers to sell and harvest our browser history (counter to majority opinion). That came after the resentment of the Equifax hack that compromised confidential financial information of 143 million people that weren't even customers.
While privacy has been eroding in the U.S., European governments are working to strengthen it with the General Data Protection Regulation (GDPR). The GDPR introduces new digital rights for EU citizens. It's backed by regulatory teeth that can impose penalties of 4% of a company's global revenue. Many U.S. companies are strengthening their privacy practices and policies to ensure compliance, though mostly only for European customers.
Which is why this Facebook event is so important. It just may represent a Dao Moment where common sense and common practices realign. It may be the impetus we need to reverse the continued erosion of privacy.
Facebook is a consumer-oriented service, but privacy is important for businesses as well. We have pockets of online privacy in the U.S., such as HIPAA in healthcare and COPPA for protecting children under 13. Outside those or other narrow protections, we have very few rules regarding how customer data should be stored, shared, and protected.
Privacy in Enterprise Communications
Privacy is particularly important in enterprise communications. It's always been important to secure basic individual data and metadata, such as who called who. However, collaboration and innovation are becoming a team sport. Entire conversations are now possible to retain, including the spoken word, messages, files, images, and more. Soon it'll be feasible for all spoken words (including phone calls and conferences) to be captured and transcribed. Biometric improvements can identify the speakers, receivers, and sentiment.
While security generally has been an afterthought in enterprise communications, we're starting to see new solutions that lead with security. Examples include:
- Cisco "breach lock" architecture, which encrypts customer data in the cloud at all times
- Politicians and organizations using ethereal messaging apps such as Wickr and Confide to ensure privacy
- NEC's video biometrics technologies that link entire workflows
- A rise in popularity of consumer messaging services that embrace encryption
- Significant growth in encrypted email services
The Demise of Implicit Trust
When Edward Snowden revealed the NSA's snooping apparatus, it was disturbing but not necessarily personal. It's now clear that the implied trust we grant our SaaS providers is flawed. Trading data for services is conceptually OK, but there needs to be more protection than complex, one-sided terms of service agreements. Implicit trust is gone.
This Dao Moment represents a positive change. Both providers and users are taking action. Fake news and exploitative marketing practices are becoming harder to implement and the targets are savvier. More importantly, data protection and privacy will no longer be a checkbox consideration, but a set of criteria that requires careful analysis and consideration.
Dave Michels is a contributing editor and analyst at TalkingPointz.
Follow Dave Michels on Twitter!