Posts Tagged ‘NSA

22
Aug
14

Final Lessons from the Silicon Valley Cyber Security Summit – Dealing with Data Privacy?

The third and final Cyber Summit panel brought the growing privacy issue to the fore. The esteemed panelists from DC all noted Washington’s keen awareness of damage done from the NSA debacle, which has created a big rift in public trust of the government [not that it was so great before]. There is now timidity around addressing the cyber threat through aggressive legislation that will be seen as too invasive of personal privacy, especially until NSA surveillance practices get cleared up. Senator Chambliss had claimed substantial compromise to that end in the proposed Cybersecurity Information Sharing Act over previous legislative attempts.

 

I just can’t help but think that in the immediate aftermath of a potentially significant attack, we’ll see a Patriot Act-level response out of Congress – the consequences of which would most likely be irreversible. It would be far better for proactive and more balanced legislation to be passed in the very near term, before such an attack could happen. The bottom line is that when people don’t trust their government, they won’t share information the government will need to protect them.

 
Consumer privacy is a whole other issue. Many websites pay lip service to privacy by including obscure links in miniscule font that can take visitors through a maze of pages to an ultimate opt-out page. Facebook changes its policies so often that no one can keep up. The great majority of internet users simply don’t see or use these links. Sanford Reback, Senior Technology Analyst at Bloomberg Government, spoke of the need for corporations to exercise what is known in legal terms as ‘responsible use’ of personal data – and that Washington knows legislation will be needed to enforce this.

 
He noted that ‘policy must catch up with capability and capacity.’ At a Federal level, how long that will take and what it might look like are unknowns, but 47 states and the District of Columbia have already enacted their own information notification legislation. A Federal act would need to establish notification standards but without weakening state laws already in place, and without making it so complicated that businesses wont’ be able to comply. I figure if they’ve been able to get there with Gramm Leach Bliley and HIPAA, we can get there with digital privacy requirements too.

 
There were other great insights and little pearls dropped across the Summit, but a blog post can get too long. A key takeaway for me was that while corporations will always be competitive, the seriousness and urgency of this issue create an unusual “we’re in this together” dynamic that I found hopeful. While government and business can, should and will help, the bad guys and gals are out there, looking for new ways to get at what we’ve got – and that includes YOUR data. The best defense for now is to be active about guarding what you can and help spread the word to your friends and fam. Vaya Con Dios!

10
Feb
14

So Tomorrow is “The Day We Fight Back”?

February 11 is supposed to be a day of mass protest against NSA surveillance. Named ‘The Day We Fight Back’ it is reportedly the brainchild of a 34 year old former Congressman from Rhode Island, David Segal, and supported by “hundreds” of internet companies and various other political, civil and digital rights groups – both conservative and liberal.

The intent seems to be to evoke the same kind of digital ground swell that emerged 2 years ago around the Stop Online Privacy Act (SOPA) and Protect Intellectual Property Act (PIPA), in which the Congress was so caught off guard by the power of major websites going dark or posting protest messages for a single day that the proposed legislation was immediately killed. [See my post from Jan 26, 2012]

Tomorrow’s event, from what I can find online as of today, has some fairly significant differences from the Stop SOPA/PIPA movement.

For one, I don’t see the NSA bending to public will like Congress did – votes are not at stake, the intelligence community moves in a totally different (and mysterious) way, and the White House has already outlined its plan for NSA reform.

Tomorrow’s action also has mixed goals – along with people just generally stating that they think NSA surveillance is evil and unAmerican (which is rather vague), apparently some of the protesting organizations will also “ask legislators to oppose the FISA Improvements Act, support the USA Freedom Act [how many Americans even know what those are?] and also use the event as an opportunity to commemorate Aaron Swartz, a controversial figure. While Swartz was a leader in the anti-SOPA/PIPA effort, his later prosecution for computer fraud and abuse, and subsequent suicide left a conflicted reputation.

Further, this is supposed to be an international event for others around the globe to express their outrage with the NSA reaching into their borders. I’m feeling like the message is mixed. Without a single firm goal, this effort could go the way of the Occupy movement.

But I’m curious. None of us likes the idea of the NSA or any other government entity collecting information on us. The privacy issue has been building steam for a long while, and Snowden pushed it out into the open. Tomorrow is the first real organized effort, and maybe something will come out of it.  I find it interesting that the more radical Electronic Frontier Foundation is a main sponsor of the event, yet DC’s Center for Democracy and Technology, perhaps more practiced in the ways to get things done on The Hill, is not even connected with it.

I’ve been predicting [hoping for?] some sort of privacy legislation for the past couple of years. The issue is gathering steam, but change doesn’t come without the people’s voice. How many will actually feel outraged enough to call or email their Congressperson tomorrow? How many are more interested in the Olympics? Should be an interesting day.

20
Jan
14

First Steps Toward Privacy Policy?

Regardless of how one feels about Edward Snowden, he certainly has brought the privacy issue to the forefront. While the NSA has been in the eye of the media storm, private industry’s collection of personal data is on the coat tails. In President Obama’s speech last week, he alluded to directing one of his advisers to “lead a comprehensive review of big data and privacy.” That most likely will be targeted at the incredibly sophisticated Marketing practices now conducted by many corporations – and “Big Data” is just getting started.

People are becoming more aware of how much information about them is being tracked. If you compound the NSA  debacle with the impact of the 2013 holiday season Target data breach (I personally had to replace my debit card), the privacy issue is becoming a lot more real for average citizens. Government moves slow – but it looks like it is starting to move on this issue – and that most likely will mean some changes for the companies (big and small) who have gotten quite used to collecting, using, selling information about us as a core business model.

I invite visitors to revisit my white paper from last Spring where I shared some thoughts on what potential policy changes around Big Data and privacy could mean for marketers and communicators.  It included a useful piece of advice from Tim Keller, a law partner with Lindquist and Vennum’s IT, Internet and eCommerce practice (in Minneapolis), and author of the blog Big Data and The Law: “To prepare for radical shifts in data management policy, have as much knowledge about your data as you can, so when a legislator says you can’t have it, you throw away as little as possible.” It might be time to start thinking a little harder about that.

10
Jun
13

America Wakes Up – the NSA leaks and Facing the Reality About Digital Privacy (or the Lack Thereof)

I was not surprised at last week’s revelation about the NSA PRISM surveillance program involving large Service Providers and Internet companies. I am a Verizon customer, and am less than comfortable with the government tracking all of my Droid-based communications. But given my interest in data privacy and my personal study of this subject, this news was not a shock to me as it seems to be for a lot of Americans.

What is a bit of a surprise is the uproar about such government surveillance, when people freely give up far more information to corporate entities to get ‘free stuff’. With what I’ve read so far about PRISM, meta data about cell calls is collected and housed but not used in any way unless there is suspicion of association with terrorists or serious criminals, and then it can only be inspected under court order. Corporate entities, on the other hand, are actively profiling consumers and targeting them at every opportunity for commercial purposes. That’s fine and can even be good – I’m all for making money – but not when people don’t understand how they’re being tracked and are not given an easy opportunity to opt out. For more information on this topic, please refer to my recent paper “Big Data, Policy Options and the (Almost) Unrecognizable World of Communications”.

This morning I read an article based on the PRISM revelation entitled “Did Obama Just Destroy the U.S. Internet Industry?” opined by David Kirkpatrick at Techonomy Media.  He  points to the global nature and adoption of online tools like Facebook and Google, and how international users may now be concerned that their activities or data will be passed back to the U.S. government, thereby discouraging adoption and further growth. Well, that tracking has clearly already been happening, as it has with American citizens. But I don’t think our government has jurisdiction on anyone outside of the US, unless of course they are terrorists plotting an attack. While Mr. Kirkpatrick’s editorial seemed extreme, perhaps there is valid reason for serious concern.  Users are finally waking up to practices carried out by both the government and corporate titans of the digital age. Their privacy is gone.  The digital way of life is permanently entrenched, but perhaps this leak will be a watershed moment that opens the floodgates on privacy legislation across domains.




%d bloggers like this: