As the fallout from the NSA scandal continues to deepen, organizations that collect and share data — whether compelled by law or not — must be open with consumers about their actions.
In the weeks following revelations that the National Security Agency [NSA] has a domestic spying network that taps the electronic and telephone communiqués of nearly every American — a data-gathering exercise that crosses domestic boundaries — consumers have become more vocal about their concerns with corporate complicity in government data snooping.
Mikogo, an online meeting and web conferencing provider, recently sent out a newsletter in response to the many questions it has received from users asking where its servers are based, how it handles user data, and the origins of the company. Mikogo’s response is telling:
[B]ecause we are not a U.S. company, we are not bound by the Patriot Act. Consequently, by no means are we ever obliged to give anybody access to our users’ data.
Mikogo’s user community’s skittishness leads to the question: Are we at the beginning of a consumer backlash that will stymie expected economic growth related to data-sharing? Or are consumers resisting the inevitable: a new era of diminished privacy?
Time will tell.
Recent Harvard graduate Melissa Oppenheim (now working in policy development for Facebook) submitted a thesis in 2012 called The Dark Data Cycle: How the U.S. Government Has Gone Rogue in Trading Personal Data from an Unsuspecting Public, suggesting that a vicious cycle exists between the U.S. government and corporations that need to consume data and citizens that produce that data. This Data Cycle has three ‘nodes,’ according to Oppenheim:
- The government mandates and collects certain pieces of information from Americans under the premise of using that information for specific purposes (voter registration, for example).
- This information is later given or sold to private third parties for other purposes, unlimited in scope. Many private companies enhance or augment the government’s data by associating the government’s datasets with externally gathered personal information. As individuals increasingly share large amounts of personal information online, private companies capture this information and use it to enhance government datasets and turn a profit.
- The information originally collected by the government from individuals is later repurchased or re-acquired in its enhanced version by the government, using taxpayer dollars. The government agency that acquires this information may use the enhanced version for purposes other than that for which the information was initially collected, and the cycle continues again.
In her paper, Oppenheim argues that although this data cycle is clearly eroding American’s information privacy, individuals may not defend their rights to information control. Why? We’re growing neurologically addicted to the online activities that fuel the cycle’s existence.
In her conclusion Oppenheim suggests that the continuation of this data cycle will pose “serious, counterproductive” implications for society. The rub? “Individuals have become so dependent on the technology that supplies data to the Data Cycle, they may not even find the practices objectionable.”
But even if individuals are not yet ready to throw in their mouse in protest of lost privacy rights, companies that capture their data are speaking up (if for no other reason than to cover their assets).
A coalition of tech companies — Apple, Google, Facebook, Microsoft and Yahoo! among them — along with investors, trade and non-profit groups, recently sent a letter to the Obama Administration urging more transparency — and a release from the NSA’s secret court order that requires them to share customer data.
Perhaps more tellingly, international bodies from the European Commission to the Chinese government are raising concerns about US tech companies’ data gathering and sharing propensities, whether legally required or not. In a speech earlier this month, the European Commission’s vice president, Neelie Kroes, issued a clear warning to the U.S. government — and U.S. tech companies:
Concerns about cloud security can easily push European policy makers into putting security guarantees ahead of open markets; with consequences for American companies.
Privacy is not only a fundamental right, it can also be a competitive advantage. Companies focused on privacy need to start coming forward into the light and help them do that. That would be a smart company indeed. And 2013 is the year. That includes European companies who should take advantage of interest to provide services with better privacy protection.
The cloud has a lot of potential. But potential doesn’t count for much in an atmosphere of distrust. European cloud users and, American cloud providers and policy makers need to think carefully about that.
The economic impact of a cross-border lockout would put a squeeze on organizations that collect consumer and customer data. According to Investors.com, a hefty amount of tech companies’ revenue comes from abroad:
Last quarter, Google reported that 55 percent, or $7.1 billion, of its revenue came from overseas. Likewise, Facebook reported that about half of all its revenue, or $2.5 billion, came from outside the United States. Microsoft reported much of the same breakdown.
What’s a company to do, then?
I posed the question to Nate Cardozo, staff attorney with the Electronic Frontier Foundation. The EFF, along with more than 20 organizations from across the political spectrum, filed suit this month against the Obama administration challenging “an illegal and unconstitutional program of dragnet electronic surveillance.”
“Be open,” says Cardozo. “Every company who collects consumer data and shares it in any way with the government should be transparent about it. That is heavily recommended.”