The Emerging Digital Privacy Marketplace
Earlier this month, at the Black Hat 2014 conference, Yahoo announced that it would implement end-to-end encryption in its Mail service by 2015. This announcement came on the heels of Google’s June announcement of a Chrome browser extension that would make it easier to do the same for data leaving the browser for a specific recipient (Yahoo’s implementation is a fork of Google’s publicly released source code).
End-to-end encryption of message content through OpenPGP, even as implemented by the savvy engineers at Yahoo and Google, is by no means a privacy cure-all on its own. However, when end-to-end is viewed along with earlier developments, like an always-on secure connection (via HTTPS) for Gmail or multi-factor authentication, it’s becoming clear that the tech industry is taking improved consumer privacy seriously, both in word and deed.
While the clamor for end-to-end data encryption was spurred in large part by Edward Snowden’s revelations of bulk Internet surveillance by the NSA, it is also the most recent evidence of a trend in product development that consumer privacy advocates and the FTC have been pushing for: “privacy by design.” Privacy by design is the concept that companies “should promote consumer privacy throughout their organizations and at every stage of the development of their products and services.” It’s not quite a set of firm regulatory requirements, but a framework of principles that encourage a number of good business practices. As Google and Yahoo demonstrate, tech companies are thinking about consumer privacy and data protection in all aspects of their product design, from when users log in to a service, to when they make a server request or hit ‘send’ on a message.
However, the idea of consumer privacy is also growing beyond a norm baked into the basic function of apps designed for other purposes (though that is definitely still a good thing!). No two individuals or group of consumers expects the same level of control over their personal or financial data. Couple varied expectations with the fact that different types of consumer data are regularly being used in unanticipated and innovative ways for increasing social and economic benefit, and there is no clear incentive for a “one size fits all” regulatory framework or technological solution. It would be unrealistic to try to address those differing expectations across the board and unwise to limit the potential positive ways consumer data might be used.
Instead, the tech industry has responded with a range of tools designed to give consumers more personally tailored control over the use and access of their data, with privacy and data protection as central features. Ephemeral messaging apps like Snapchat, which are designed to “delete by default,” are growing in popularity precisely because they allow consumers agency in sharing their information. Similarly, a number of emerging startups enable consumers to manage and benefit from the use of their personal data through storage and selective sharing tools. Not only does this empower consumers to better tune who can access their information and what it can be used for, but it also gives companies the incentive to ensure that they limit harmful uses of collected data while encouraging those that help underserved communities and provide value. DisCo has touched on several such startups before, and together they all reveal a varied ecosystem that has developed in response to dynamic consumer preferences.
The upshot of a year of Snowden revelations isn’t just that the public is aware of the bulk collection of its data by the intelligence community. It also means that the public is more aware that its data is available to a host of interests, both good and bad. Wider realization has led to increasing demand for tools, like those described above, that manage how personal data is accessed and used. No industry can ignore such strong aggregate consumer demand for long, and as a result, the (appropriately) light nudge of regulators and hard shove of Edward Snowden have created a vibrant new digital privacy marketplace. It’s one that’s capable of balancing the variety of consumer privacy expectations with the benefits of responsible data use and should be nurtured by regulators, consumers, and industry alike.