Apple's Tim Cook gave Google, Facebook and other digital companies that make a living out of collecting and monetizing their customers' data a talking-to earlier this week.
"We believe that people have a fundamental right to privacy," the chief executive told the crowd at the Epic 2015 Champions of Freedom Dinner in Washington, D.C. Cook was one of four honorees at the event, which is hosted by the Electronic Privacy Information Center.
Mining emails, search histories and photographs for personal information as a means of offering free services and personalized advertising tramples that fundamental right, Cook argued. Customers shouldn't have to make this tradeoff, and they won't, he warned. "We think someday customers will see this for what it is," Cook said.
Pot calling the kettle black? Not so, say privacy experts. Apple has made safeguarding consumer privacy a key part of its business, making money instead from its hardware, apps and music sales, and incorporating encryption into services such as iMessage and FaceTime, said Forrester Research analyst Heidi Shey. "There's a fine line between cool and creepy, and … companies such as Apple are sensitive to this," Shey wrote in a blog post.
Laziness, greed impede consumer privacy
But Apple and other companies that care about customer privacy are in the minority, said Adrian Sanabria, senior security analyst at 451 Research. And we users are in part to blame. People are shockingly complacent about data collection, he said. "The bulk of users really just don't care. Mainly, everyone is just concerned about [the product] working," he said.
And not just complacent, said fellow 451 senior security analyst Garrett Bekker.
"People are fundamentally lazy," Bekker said, and they're willing to remain ignorant in exchange for getting free services. "Personally, I'd be willing to pay for a search or email service that doesn't collect personal data, but I suspect I'm in the minority," he said.
Cue the vicious circle. Many companies don't see the point in improving their privacy policies because their customers don't care, Bekker said; customers don't care because they don't fully understand the convoluted fine print of these policies -- if they've even read them at all.
"Ignorance is bliss, I guess, but I suspect if [companies] were more up-front and explicit about what they collect and how they use it, consumers would push back," he said.
Bekker also said he finds the disconnect between public apathy over the personal data collected by companies and outrage over NSA surveillance a bit puzzling. Perhaps what the consumer market needs is a Snowden to showcase the dilemma.
There's no 'undo' button
In any case, solving a problem like data privacy won't be easy. Regulating financial information is one thing, but there are so many other types of personal data (health, home information, photographs, you name it) we give over to companies that aren't as heavily policed, Sanabria said.
"When my credit card gets stolen, it doesn't affect me financially at all; some bank assumes the fraud and the risk for it and I get a new credit card. … When somebody's nude photos get posted, there's no undo button for that," he said.
CIOs are powerless -- or are they?
What is the CIO's responsibility for protecting data privacy? Carsten Casper, privacy analyst for Gartner, said it depends. CIOs are at the mercy of the company's strategic goals, he said. If that happens to be trading personal information for services, CIOs must align their IT strategy with that, he added.
"If their goal is to collect digital bread crumbs, then the CIO should not defend them against hungry digital birds, [but] rather present them nicely on a digital plate," said Casper, who harbors no illusions about the business world's attitudes toward consumer privacy.
"No company honestly cares about privacy. Some might … but only because there is money involved if those customers go somewhere else," Casper said.
Surely the endless breaches exposing customer data to harm will rile us up? 451's Sanabria doesn't think so.
"Take Dropbox, for example. I think they've had three or four breaches, and it's had absolutely no impact on their business that I can tell," he said. He believes it will take legislation to change attitudes.
Meanwhile, impassioned speeches like the one Tim Cook gave this week could help, provided they get enough headlines to catch anybody's attention. For the time being, Sanabria suggested that CIOs and CISOs implore top-level management to take more notice of both the business and security ramifications of this issue. Privacy can be marketed as a competitive advantage.
"You can convince the business side that, 'Look, this is not only the right thing to do for customers; it can get us better sales.' If you can convince them of that, and … if you can show some numbers proving that yes, customers do care about privacy and it will help us get more customers, I think CIOs have some leverage there," he said.
451's Bekker had another suggestion: "Have them read the paper."
CIO news roundup for week of June 1
Here are more technology headlines from the week:
- The biggest U.S. government breach ever? Yesterday, the Feds announced four million current and former government employees may have had their personal information hacked -- and they're pointing fingers at China.
- Two days after coming out on the cover of Vanity Fair, Caitlyn Jenner already had 2.3 million Twitter followers. What's more, she reached 1 million followers in four hours, beating President Obama's record. See more digital marketing stats over at AdWeek.
- Good news for sports fans cutting the cable cord: Yahoo announced Wednesday that it's teaming up (pun intended) with the NFL to offer a free live stream of a regular-season game between the Buffalo Bills and the Jacksonville Jaguars this October.
- The long-forecasted consolidation of OpenStack is nigh. There was news earlier this week that IBM is buying out Blue Box, and Cisco is acquiring Piston Cloud Computing, both OpenStack vendors. Weeks earlier, Nebula, another OpenStack vendor, was shut down.
Check out our previous Searchlight roundups on Android Pay, Google's new mobile payments platform, and experts' take on enterprise cybersecurity.
More digital privacy coverage:
In the digital economy, can big data and personal data privacy coexist?
Niel Nickolaisen column: Finding a balance between data mining and its privacy risks