News Stay informed about the latest enterprise technology news and product updates.

PrivacyCon: Tech's assault on (obliteration of?) consumer privacy

The attack on consumer privacy by new tech is huge and growing, enabled by consumers and greased by profit; in other words, a fait accompli?

The Federal Trade Commission on Thursday held its second annual PrivacyCon event. The all-day gathering of academics,...

regulators, industry representatives and consumer advocates is designed to showcase the latest research on the privacy and security implications of emerging technologies. But the elephant in the room? That would be the merits of surveillance capitalism.

Yesterday offered documentation aplenty of the growing threat to consumer privacy by new tech. Computer experts from labs at Princeton, USC, Northeastern, Penn State and Carnegie Mellon, among others, talked about the hidden privacy vulnerabilities of the smart home, the high feasibility (and invisibility) of cross-app tracking via nearby Bluetooth devices, and the exposure of personally identifiable information (PII) -- names and passwords in plain text -- by the world's most popular apps.

PrivacyCon participants heard about the alarming disjunction between what privacy policies say and what the app or website actually does -- and about the 71% of mobile apps that apparently have no privacy policy at all, among them apps that collect PII. We learned that users, protective of their personal data, are happy to share friends' data in exchange for more personalized service; we are "privacy egoists," it seems.

Those were just some of the alarms raised in the morning sessions I had time to watch online. The afternoon promised presentations on online behavioral advertising and on information security, including the ominous-sounding "Killed by Proxy: Analyzing Client-end TLS Interception Software." You can read all the papers on the Federal Trade Commission (FTC) PrivacyCon website.

Right to be left alone

"When it comes to privacy, technology has always presented a challenge," FTC Chairwoman Edith Ramirez said in her opening remarks at PrivacyCon. The challenge of reaping the benefits of technology while protecting privacy rights has been around since the introduction of Eastman Kodak's mass-produced snap camera in 1884, she noted.

That may be so. But the threat posed by the popularity of Kodak's snap camera to a person's "right to be left alone," as the great Louis Brandeis and law partner Samuel Warren argued in their landmark paper, "The Right to Privacy in America," pales beside the obliteration of consumer privacy from technologies of recent decades.

The internet, smartphones and the internet of things (and its many manifestations to come, such as smart cars that measure driver emotion and vital signs, drones that fold up and fit in a pocket and robotic vacuum cleaners that double as security systems) are collecting intel on us at breakneck pace and in massive quantities. By 2020, experts say, we will see a growth rate of 4,300% in annual data generation. Anyone who wants to be left alone had better not go online or own a mobile phone.

New risks

Some of the societal benefits and consumer privacy risks of these new technologies are similar to ones we already know about, Ramirez said. Geolocation data, for example, can help ease horrendous traffic jams on morning commutes, but it should not be collected or used without a person's consent. Risks from unauthorized geolocation information include stalking; exposure of political, health and religious affiliations; and burglary.

But there are new challenges, Ramirez said, among them the number of actors "collecting, compiling, interpreting and using data in a world that operates on big data, IoT and AI." The expanding list ranges from consumer-facing companies, device manufacturers and publisher websites to behind-the-scenes software vendors that connect IoT products to the internet to advertisers and analytics providers. "This vast array of entities makes it difficult to provide consumers with informed choices," she said.

What does this mean for the FTC? The agency relies on PrivacyCon's cutting-edge research to identify areas for investigation and enforcement. Tech researchers brought to the FTC's attention the practices of InMobi and Turn, two companies that were the subject of recent FTC enforcement actions, Ramirez said. The mobile advertising network InMobi, the FTC alleged, tracked the locations of hundreds of millions of consumers without their knowledge or consent -- even consumers who set their privacy settings to deny access to their location. The general advertising firm Turn, she said, "deceived consumers by tracking them online and through their mobile applications even after consumers took steps to opt out of such tracking."

The illegal acquisition of consumer data remains a type of consumer-privacy invasion the FTC and companies must continue to fight.

Surveillance capitalism

What does technology's assault on consumer privacy mean for CIOs? Invasion of consumer privacy has been going on perpetually for many reasons, but capitalism (i.e., trade) -- not criminal activity -- is perhaps the biggest driver.

As companies expand their reach into the digital domain, new opportunities for finding the perfect customer arise and with them troves of data on private information, such as the buying habits and buying power of individuals.

CIOs will be collecting and analyzing this data ever more often. At the same time, digitally connected employees are potentially revealing private company information on where they are traveling to, who are they talking to and what they are buying to snoops at competing companies. 

Everyone is learning lots about everyone else. Deciding who has the right to know what, for which purposes and to whose benefit likely will fuel the agenda of many PrivacyCons to come. 

 CIO news roundup for the week of Jan. 9

Amazon to add 100,000 jobs over next 18 months. The Seattle-based e-commerce retailer said Thursday that the jobs would be full-time with full benefits and for people with various levels of experience, education and skill levels. Most of the new positions will be at warehouses under construction in Texas, Calif., Fla., and N.J. "Innovation is one of our guiding principles at Amazon, and it's created hundreds of thousands of American jobs. ... These jobs are not just in our Seattle headquarters or in Silicon Valley -- they're in our customer service network, fulfillment centers and other facilities in local communities throughout the country," Amazon founder and CEO Jeff Bezos touted. Amazon will continue to invest in areas such as cloud technology, machine learning and advanced logistics. Amazon currently has 45,000 robots in some 20 fulfillment centers, a 50% increase from 2015.

Altaba? Following the completion of the $4.8 billion sale of its core internet business to Verizon, Yahoo will be renamed Altaba Inc., Yahoo said in an SEC filing Monday. Yahoo owns approximately 15% of Chinese online commerce company Alibaba, and the new name is a combination of the words alternative and Alibaba. As for the fate of the company's famous CEO? "Each of David Filo, Eddy Hartenstein, Richard Hill, Marissa Mayer, Jane Shaw and Maynard Webb has indicated that he or she intends to resign from the Board effective upon the Closing, and that his or her intention to resign is not due to any disagreement with the Company on any matter relating to the Company's operations, policies or practices," according to the filing. Mayer reportedly will not resign from her position as CEO.

Google's autonomous minivans to hit the roads. Google's autonomous car division Waymo is set to launch a fleet of 100 self-driving Chrysler Pacifica Hybrid minivans on Calif. and Ariz. roads later this month. The autonomous vehicles are the result of a partnership between Google and Fiat Chrysler Automobiles announced in May 2016. Waymo is building self-driving technologies like sensors, cameras and mapping technology in-house, allowing the company to exert more control over its self-driving hardware. "We're serious about creating fully self-driving cars that can help millions of people, and to do that we have to oversee both the self-driving software and the self-driving hardware," Waymo CEO John Krafcik told the audience at the North American International Auto Show in Detroit on Sunday.

Businesses at risk from old security models. A new survey researching IT security infrastructure revealed that 83% of businesses worldwide believe they are most at risk because of organizational complexities. The study conducted by Ponemon Institute and sponsored by Citrix surveyed 4,200 IT and IT security professionals worldwide. The survey found 74% of respondents believed it's time for their organizations to implement a new security framework, while 79% said they are concerned about security breaches that involve high-value information. Seventy-five percent of those surveyed said their organizations are not prepared to deal with the security risks rising from the internet of things. "The research reveals respondents' awareness of the need to challenge the status quo of their IT security strategies and consider a new IT security architecture to safeguard their organizations from cyber risks," Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement.

Assistant editor Mekhala Roy contributed to this week's news roundup.

Next Steps

Check out our previous Searchlight roundups on CES 2017 for CIOs, EU's charge against Facebook and the billion-user Yahoo breach.

Dig Deeper on Digital business management

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Will we see more regulation of technology's impingement on consumer privacy?
Cancel
Hopefully you can get someone to finally investigate Nvidia's illegal collection of data. I have tried for awhile now to get help from everyone but not one agency is equipped to handle it. Even just last year the FTC told me that they could not do anything to help me.

Nvidia backend when first released was flagged as a virus, for years I kept seeing my personal files ending up online even though I never uploaded a single one. Convinced I was being hacked I reach out to several security firms all of which told me that there was no way I was being hacked. So I turned to watching resource monitor (again) and still not convinced they were right I started filming all of the uploads from my pc. I could see Microsoft, I could see Nvidia uploading for months - but thought nothing of it, I paid for their products why would they be stealing from me?

Then I started paying attention to disk activity and caught not only Search.UI and SearchProtocol in my personal files at all times. But Nvidia's NVBackend, there it was in my documents, there it was in my photos, there in my videos too... ALL the while uploading.

After filming this time and time again I sent videos of what was happening to several security firms (over a year ago) pleading for help. I sent video to the FTC, to the FBI, I even took the matter to the whitehouse but no one cared. And no one has stopped them to this day.

I guess it's ok for a graphics card to program their files with things like "bypass_windowsfirewall" and <get_every_known_file_format> and >get_every_known_document_type>. That's absolutely everything!

I guess it's ok for a graphics card manufacturer to warn you about the penalties of altering or redistributing their intellectual property. Tell you they can sue you, the crime is punishable with prison and so on.

Then they go on to tell you how they collect data. They provide no transparency, they just simply state they collect data "not limited to system specs or performance" (really WHAT would a graphics card manufacturer need aside from these two things?) oh and that they and their partners (go to Nvidia.com and look at all those "partners") can use it in anyway they see fit.

i have their files, including the pre encrypted GUSA.dat which shows they record everything. I sent this to NVIDIA and Microsoft, as well as the FBI, the DOJ, the FTC and many others including security firms last March, nearly a year later, several appeals to congress to implement regulations on data collection, several please to all of the above offices and no one has stopped them yet.

Program files that state they're uploading my personal files to Russia, to China, to Indonesia, Germany, North Korea, and it's all ok? Too bad no one looked, nor listened to my suggestions that we should be looking at the out going data not only trying to stop in the bound attacks. No one listened when I appealed for regulations requiring these companies to have to report what they collect and where it's going - if they were to combine these two techniques , complete a federal database shared between all security vendors, and our security software was to scan (in real time) all out going traffic against it they might just prevent the next major breech.

But anyway, what do I know I'm just a fool that wasted my money on their products without realizing that by using their product meant I signed over the rights to my digital life.

Now don't get me wrong I have no problem with BASIC data collection. But not only as a mother who stores rather than shares our photos, as a daughter with very old family photos on my pc, as an artist they have absolutely no legal right to include these in their collections and allow them to be hosted on numerous for pay websites. Microsoft FINALLY at least encrypted the webcache.dat files which laid out a direct link to any file you open, you create, or transfer from another device. This was sitting there in plain english a full path to all of your personal files for at least 5 years before they encrypted the infomation in November.
Cancel

-ADS BY GOOGLE

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close