Was the general public aware that all Internet businesses were harnessing their personal data and using it in unidentified or even legal ways? Did you read the Terms and Conditions of every app you installed on your smart phone? Do you know what personal information is and what it can be used for?
These are just some of the questions raised by the NSA activities that were disclosed by Edward Snowden to The Guardian and Washington Post, from June 5th 2013 onwards. Information about PRISM and other surveillance programmes that allowed collecting US and EU citizen’s bulk mobile phone metadata.
These events sparked a lot of questions from citizens concerned about what information about them was accessible to the providers of Internet services like Google, Apple, Facebook and others. Suddenly we’ve realised that our information is up for grabs to almost any class of hacker, and worse, in some cases by brands we trust or our governments. What does this all mean for you and me, and what questions arise from it?
The First question is about legislation.
What does it say and is it fit for purpose? The answer for the moment is it is not, as it neither allow users to be in control of their personal information, nor does it demand that service providers be transparent in their dealings with that same data.
Maybe that’s about to change with the new directive being worked on by EU data protection commission, under the leadership of Viviane Reding. Every use or collection of personal information will demand for written and explicit consent – no more hiding behind small print.
Take it as an example that the same piece of information can be considered anonymised and aggregated data – for instance aggregated counts for amount of users from an ISP by postal sector (i.e. in this W1B there are 400 users) – can also become personal data, if you mix it with other datasets. if you link that database with census data you can identify a specific postal sector where there’s only one inhabitant, and you can search over social networks and find out more personal information (age, preferences, employer, contacts, etc.).
Second question would be about what is being done by the key players.
Google has turned on SSL encryption by default in 2010, followed by Microsoft that includes “privacy by design” in its Windows phone’s OS. The notion of “end-to-end” encryption is key in guaranteeing that our communications (e-mail, messaging, etc.) are private and cannot be easily decrypted.
Snowden spoke extensively about this question and how companies must take this challenge on to themselves to stop competition and surveillance agencies, like the NSA from snooping into all the information exchanged digitally. There is a big difference between having to hack one location that stores information and mediates the communications between two points, and hacking into origin and destination locations, each with its own encryption mechanisms, on top of the services you are trying to hack into.
Third question, (that was raised during the live debate at SXSW) asked if there where any opportunities in the middle of all of this.
Of course there are. Would you pay $5 per month to ensure all your information was securely exchanged over the web, without having to hold a degree in computer science?
Maybe (some) end users will still say no, but companies will definitely say yes, and I believe there is people concerned enough to value their anonymity and pay for it. Probably, these first opportunities are the ones that are going to set the standards of user experience for all other ventures developing “privacy by design” compliant services and products.
As an example, WhatsApp should be developing this kind of capability right now, and potentially build an enterprise solution that would create a new revenue stream for them in the form of added value service – and if you get it cross-device and synching on the cloud (like O2 Tu Go), I bet there are companies willing to pay for that.
Finally, the striking message was the conflict between having the idea, and having the means to reach mass communities with these measures. When Google turned on SSL encryption by default, it affected their huge amount of clients, and helped set the standards for all other e-mail services, and with the help of Samy Kamkar, pressured for a raise of standards in cyber-security for other giants like Apple, Facebook and TELCOs.
When a Startup creates a concept, it will most certainly take longer to have the same impact. So there is an opportunity for large corporations to make a difference, and maybe that should be supporting those innovative Startups reach global audiences.
Most of these questions did not get asked before Snowden’s Whistleblowing, so even though the act itself did not help improving Internet security, its shockwave is, and the good part is it is generating a lot of opportunities for entrepreneurship, and improving the security of our digital existence.
Interestingly, The Guardian published this today, speaking about the difference in espionage and whistleblowing.
It is becoming clear that Edward Snowden has earned himself a place in internet history, if it is a positive or a negative event, that remains to be seen…
Tiny URL for this post: