Is Digital Privacy a Myth, or can we Win the War on Controlling our Data over the Open Internet?

The rise of the “information economy” has been fueled by a combination of efficiencies (higher performance at lower cost) in processing power and storage capacity, rabid consumer adoption of sensor-rich devices, and refinements in machine learning.  This progress has made data an indispensible component of growth for any modern enterprise. As a result, entities of all kinds – commercial, governmental, academic – are motivated to collect and analyze as much data as possible to better understand us as individuals. Whether we are tracked as customers, constituents or research subjects, more of our consumption, preferences, geographic movements, biometric information, and even our DNA is being recorded and interpreted.   The end goal may be to improve our experiences with products and services, allocate scarce resources more efficiently, cure disease, or simply gain an edge on a competitor.

Whether harmless or not, all of these data collection practices are becoming more invisible to us as we are “lulled” into giving up our digital privacy by accepting that such information can no longer be practically controlled if we are to engage as consumers in a connected world.

This raises questions around the wide array of seemingly “free” services offered via the Internet. Of course, none of these are truly costless to us, and our data is the currency we are paying with. Every time we browse, shop, make a reservation, pay, share, read, like or follow, we submit trackable, identifiers that are collected and sold to marketers, insurance agents, app developers, publishers and others who profit from knowledge of our behavior.  Disclosures about these data privacy practices may be written out in the lengthy legal agreements presented when we register for a new app or service, but they are wholly impractical for laypeople to read and understand.  So by clicking “ACCEPT”, we are effectively signing away our data privacy and rights to control how our data is being collected, resold, and used.

Are any online services truly free? What are the true but hidden data privacy costs?

To be clear, the “Internet era” did not create the practice of information management.  Long before we were blindly accepting Terms of Use, we were sharing personal information for particular purposes: to get a credit card, diagnose an ailment, travel internationally, comply with a census, etc.  In these scenarios, we were more comfortable in sharing this personal information because it was handled by an entity that we believed we could trust like a bank, government agency, physician, or co-worker.  And at that time, we could reasonably assume that such information would not jeopardize our digital privacy, and would remain with that entity, and used for only the explicitly stated purpose.

What makes us uneasy today is the notion that our personal information might be distributed to a broader group than we’d thought or used for a different purpose than we’d intended.  The notion that many disparate sets of data could be amalgamated to build a very accurate model of us is uncomfortable.  The fact that profit-seeking entities are now incentivized to accelerate and refine this process is all the more troubling<strong> because we don’t even know them, let alone trust them</strong>.

Would this change if these entities were both known and trusted? Is trust over the Internet the cornerstone to achieving digital privacy?

A host of regulatory bodies around the globe have produced rules around the ways in which personal information may be collected and used, including: US-EU Safe Harbor Privacy Principles, COPPA, HIPAA, EU privacy directives, standards bodies such as IAB, NAI, and CNIL are putting forth frameworks to set limits, and the US NITRD is actually researching the challenge as well.  Most of these groups advocate for a rigorous regime of transparency, disclosure, accountability, consent (through opt-in), and “fair use” which are necessary to preserve people’s “Datarights,” that is, the rights of individuals to control access to and use of personal data. But the elephant in the room is that this is not sufficient until the ownership structure of data is rebalanced in favor of the individual.

At the moment, the balance of power on the Internet is highly skewed towards service providers with massive capital resources, while individuals are left with a difficult choice – use the Internet and surrender some measure of data privacy, or not use these services and become marginalized from society. With the right mechanisms in place, this dilemma can be solved.

What regulatory framework is required to manage personal data online?

Twenty-five years ago, Intertrust Technologies pioneered Digital Rights Management (DRM) to protect the rights of copyright holders and continues to make significant advances to the field of trusted computing. The company’s technologies have been at the core of both first-hand and externally developed solutions to fundamental security challenges such as code tamper resistance, content protection and authentication of IoT (Internet of Things) devices. Today, Intertrust continues its work in these fields as well as taking its technology into the fields of protecting individual digital privacy.