Sign In

Communications of the ACM

ACM News

Managing the Demise of Privacy


Privacy key on keyboard

Credit: amarklogistics.com

Silicon Valley's tech culture chafes at restrictions it believes will slow innovation, including those that consumers demand to protect their privacy. But speakers at the Privacy Identity Innovation conference painted a landscape in which information provided by public records and the individuals themselves creates a cloud of complete identities, which in turn spawns a new breed of business opportunities. As these businesses develop, they claim, consumers will gain greater insight intoand control overhow their information is shared.

More than 150 people attended the all-day event, held on November 15th in the "VC row" area of Menlo Park's Sand Hill Road. Participants' numbers equally represented entrepreneurs, investors, established firms, and policy professionals. Conference producer Natalie Fonseca, who has held similar events in Seattle, argued for the need for privacy discussions away from Washington, D.C., which hosts frequent but regulation-focused events. "The pace of things is very different in Silicon Valley," she said. "We can't wait here for policy to be set thereinnovation moves too quickly." Underscoring that point, a breakfast forum entitled "Bridging the Continental Divide: From the Valley to D.C." preceded the conference, consponsored by the Center for Policy on Emerging Technologies (C-PET).

The influence of social media asserted itself at the event, with considerable discussion about Facebook Connect, which evolved from the company's controversial Beacon project. As the Center for Democracy and Technology's Vice President for Public Policy Jim Dempsey put it, Facebook's log-in platform has become "the reality of online identity." With Facebook Connect comes granular data sharing that consumers can control (to a point), although a Columbia University study found that 100% of surveyed users were wrong about how they had set their own privacy protections.

Jim Adler, chief privacy officer and general manager of Data Systems for information provider Intelius, asserted that such consumer-facing granular control has changed identity management. "The traditional point of departure for information on the Internet was very blunt: Either you're in or you're out. The growth of social media has tapped into something profound about human nature. We want to share, but we want private experiences to be private, and public experiences to be public. Social media is the membrane between the two, and there are a lot of companies emerging that want to help manage that interface."

At the same time that consumers are arguably gaining more control, standards have emerged for companies that collect such information from its users. Microsoft privacy staffers Kim Howell and Reese Solberg demonstrated the company's procedures by walking through a role-playing exercise in which an overeager product manager tries to get a privacy officer to rubber-stamp his launch, with the officer showing how to ensure compliance without unnecessary friction. For smaller companies lacking a privacy officer, Kevin Mahaffey of Lookout Mobile Security discussed the need to respect privacy early in a business' lifecycle. "A company's culture is like an oil tanker," Mahaffey said. "If it's heading in the right direction, great. But if it's not, it can take a mile and a half to turn it around."

The emergence of standards among both businesses and consumers has ripened the field for privacy-centered businesses, according to VC-and CEO-heavy panels at the event. Privacy and Big Data co-author Terence Craig described two opportunity categories: data collectors such as the Florida Department of Motor Vehicles (DVM) and data aggregators such as LexisNexis, which recently bought driver data from the Florida DMV for $63 million. Several speakers also outlined direct-to-consumer opportunities, among them data-control software (a browser-side information blocker named Disconnect) and single sign-on data wallets (OneID). Meanwhile, the U.S. government's National Strategy for Trusted Identities in Cyberspace (NSTIC) could potentially open up further opportunities for providers of software, infrastructure, and identity verification.

Overall, the Privacy Identity Innovationconference demonstrated a maturity of the fields of privacy and identity, although advocates for strict consumer control of privacy have reasons to be disappointed at how matters have settled. As Sidebark CEO David Cho said, "They'll sell your information to the highest bidderand to the second-highest bidder." Intelius' Adler believes that the solution will ultimately emerge from traditional offline channels. "You could always do a lot of damaging things with public data," he says. "The Fair Credit Reporting Act of 1970 is a data-use regulation, not a data-access regulation, and it's been good for forty years. I think there's a lesson to be learned there."


Tom Geller is an Oberlin, Ohio-based freelance writer.
 


 

No entries found