The Federal Trade Commission on Thursday held its second annual PrivacyCon event. The all-day gathering of academics, regulators, industry representatives and consumer advocates is designed to showcase the latest research on the privacy and security implications of emerging technologies. But the elephant in the room? That would be the merits of surveillance capitalism.
Yesterday offered documentation aplenty of the growing threat to consumer privacy by new tech. Computer experts from labs at Princeton, USC, Northeastern, Penn State and Carnegie Mellon, among others, talked about the hidden privacy vulnerabilities of the smart home, the high feasibility (and invisibility) of cross-app tracking via nearby Bluetooth devices, and the exposure of personally identifiable information (PII) -- names and passwords in plain text -- by the world's most popular apps.
Those were just some of the alarms raised in the morning sessions I had time to watch online. The afternoon promised presentations on online behavioral advertising and on information security, including the ominous-sounding "Killed by Proxy: Analyzing Client-end TLS Interception Software." You can read all the papers on the Federal Trade Commission (FTC) PrivacyCon website.
Right to be left alone
"When it comes to privacy, technology has always presented a challenge," FTC Chairwoman Edith Ramirez said in her opening remarks at PrivacyCon. The challenge of reaping the benefits of technology while protecting privacy rights has been around since the introduction of Eastman Kodak's mass-produced snap camera in 1884, she noted.
That may be so. But the threat posed by the popularity of Kodak's snap camera to a person's "right to be left alone," as the great Louis Brandeis and law partner Samuel Warren argued in their landmark paper, "The Right to Privacy in America," pales beside the obliteration of consumer privacy from technologies of recent decades.
The internet, smartphones and the internet of things (and its many manifestations to come, such as smart cars that measure driver emotion and vital signs, drones that fold up and fit in a pocket and robotic vacuum cleaners that double as security systems) are collecting intel on us at breakneck pace and in massive quantities. By 2020, experts say, we will see a growth rate of 4,300% in annual data generation. Anyone who wants to be left alone had better not go online or own a mobile phone.
Some of the societal benefits and consumer privacy risks of these new technologies are similar to ones we already know about, Ramirez said. Geolocation data, for example, can help ease horrendous traffic jams on morning commutes, but it should not be collected or used without a person's consent. Risks from unauthorized geolocation information include stalking; exposure of political, health and religious affiliations; and burglary.
But there are new challenges, Ramirez said, among them the number of actors "collecting, compiling, interpreting and using data in a world that operates on big data, IoT and AI." The expanding list ranges from consumer-facing companies, device manufacturers and publisher websites to behind-the-scenes software vendors that connect IoT products to the internet to advertisers and analytics providers. "This vast array of entities makes it difficult to provide consumers with informed choices," she said.
What does this mean for the FTC? The agency relies on PrivacyCon's cutting-edge research to identify areas for investigation and enforcement. Tech researchers brought to the FTC's attention the practices of InMobi and Turn, two companies that were the subject of recent FTC enforcement actions, Ramirez said. The mobile advertising network InMobi, the FTC alleged, tracked the locations of hundreds of millions of consumers without their knowledge or consent -- even consumers who set their privacy settings to deny access to their location. The general advertising firm Turn, she said, "deceived consumers by tracking them online and through their mobile applications even after consumers took steps to opt out of such tracking."
The illegal acquisition of consumer data remains a type of consumer-privacy invasion the FTC and companies must continue to fight.
What does technology's assault on consumer privacy mean for CIOs? Invasion of consumer privacy has been going on perpetually for many reasons, but capitalism (i.e., trade) -- not criminal activity -- is perhaps the biggest driver.
As companies expand their reach into the digital domain, new opportunities for finding the perfect customer arise and with them troves of data on private information, such as the buying habits and buying power of individuals.
CIOs will be collecting and analyzing this data ever more often. At the same time, digitally connected employees are potentially revealing private company information on where they are traveling to, who are they talking to and what they are buying to snoops at competing companies.
Everyone is learning lots about everyone else. Deciding who has the right to know what, for which purposes and to whose benefit likely will fuel the agenda of many PrivacyCons to come.
CIO news roundup for the week of Jan. 9
Amazon to add 100,000 jobs over next 18 months. The Seattle-based e-commerce retailer said Thursday that the jobs would be full-time with full benefits and for people with various levels of experience, education and skill levels. Most of the new positions will be at warehouses under construction in Texas, Calif., Fla., and N.J. "Innovation is one of our guiding principles at Amazon, and it's created hundreds of thousands of American jobs. ... These jobs are not just in our Seattle headquarters or in Silicon Valley -- they're in our customer service network, fulfillment centers and other facilities in local communities throughout the country," Amazon founder and CEO Jeff Bezos touted. Amazon will continue to invest in areas such as cloud technology, machine learning and advanced logistics. Amazon currently has 45,000 robots in some 20 fulfillment centers, a 50% increase from 2015.
Altaba? Following the completion of the $4.8 billion sale of its core internet business to Verizon, Yahoo will be renamed Altaba Inc., Yahoo said in an SEC filing Monday. Yahoo owns approximately 15% of Chinese online commerce company Alibaba, and the new name is a combination of the words alternative and Alibaba. As for the fate of the company's famous CEO? "Each of David Filo, Eddy Hartenstein, Richard Hill, Marissa Mayer, Jane Shaw and Maynard Webb has indicated that he or she intends to resign from the Board effective upon the Closing, and that his or her intention to resign is not due to any disagreement with the Company on any matter relating to the Company's operations, policies or practices," according to the filing. Mayer reportedly will not resign from her position as CEO.
Google's autonomous minivans to hit the roads. Google's autonomous car division Waymo is set to launch a fleet of 100 self-driving Chrysler Pacifica Hybrid minivans on Calif. and Ariz. roads later this month. The autonomous vehicles are the result of a partnership between Google and Fiat Chrysler Automobiles announced in May 2016. Waymo is building self-driving technologies like sensors, cameras and mapping technology in-house, allowing the company to exert more control over its self-driving hardware. "We're serious about creating fully self-driving cars that can help millions of people, and to do that we have to oversee both the self-driving software and the self-driving hardware," Waymo CEO John Krafcik told the audience at the North American International Auto Show in Detroit on Sunday.
Businesses at risk from old security models. A new survey researching IT security infrastructure revealed that 83% of businesses worldwide believe they are most at risk because of organizational complexities. The study conducted by Ponemon Institute and sponsored by Citrix surveyed 4,200 IT and IT security professionals worldwide. The survey found 74% of respondents believed it's time for their organizations to implement a new security framework, while 79% said they are concerned about security breaches that involve high-value information. Seventy-five percent of those surveyed said their organizations are not prepared to deal with the security risks rising from the internet of things. "The research reveals respondents' awareness of the need to challenge the status quo of their IT security strategies and consider a new IT security architecture to safeguard their organizations from cyber risks," Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement.
Assistant editor Mekhala Roy contributed to this week's news roundup.