Last month, Apple chief exec Tim Cook gave an impassioned speech chiding tech companies such as Facebook and Google about their data collection and monetization practices and how they’re stepping on consumers’ “fundamental right to privacy.”
For a recent Searchlight article on the topic, I talked with three privacy experts to get their take on whether other digital companies — and their customers — are starting to care more about consumer privacy now that a tech bigwig like Apple is speaking out. The consensus: Apple is among a (loud) minority, and there is a lack of incentives for companies and consumers alike to value data privacy and security.
One common thread is the apathy most consumers have about data collection, particularly when the fine print is hard to decipher and they’re getting free and personalized services out of it. While a recent survey by the University of Pennsylvania’s Annenberg School for Communication found that more Americans are certainly becoming conflicted about this trade-off, 451 Research analyst Garrett Bekker believes consumers’ overall attitude toward data privacy and security has not really shifted yet.
One big reason, he said, is the lack of companies’ transparency on how they collect and use data, but another is “how much personal information people are willing to divulge unsolicited.” Bekker was talking about the personal information people share on social media, especially Facebook and LinkedIn, something that puts them at risk: Hackers can mine and use the information as part of targeted social engineering attacks.
For instance, if a hacker wanted to target a specific company, he could easily look for the company’s employees on those social platforms and gather as much personal information as he can, then use that data to create customized emails that sound as if they’re coming from someone who knows the employees — what’s known as spear phishing. (And many of these attacks are successful: An estimated 91% of hacking attacks start with phishing or spear-phishing emails, according to Wired.)
There’s more to the security angle of the consumer privacy issue, as fellow 451 Research analyst Adrian Sanabria brought up. Despite the frequency with which breaches expose precious sensitive data, including consumer data, these days a breach can — paradoxically — actually help many a company and its reputation, he said.
“If [their PR departments] handle it really well and they look really sorry, there’s this whole concept that after a company is breached, you actually feel more comfortable doing business with that company and using their product — because now everything’s out in the open, and you know that they have to take security seriously,” he wrote in an email.
Companies that haven’t yet been breached or encountered a major security issue, on the other hand, haven’t had the chance to publicize that they’ve been hit, been able to handle the screwup, and now take security seriously, said Sanabria.
“Everyone is an unknown until they’ve had this issue,” he added.