As October — the National Cyber Security Awareness Month — progresses, and we come together to reflect on the need to protect our transactions, and online businesses, it’s natural to also think about protecting our personal data and privacy. Between the 8.4 billion sensor devices that are interconnected — in-home electronic systems, health monitoring equipment, cars, and smartphones, our digital-first living, smart cities, relentless social networking, and other things cyber, the world is already producing approximately 2.5 quintillion bytes every day. A year ago, we sent out 3.5 million text messages a minute; now it’s about 15.2 million. And in the time it takes you to type out this sentence, 456,000 tweets would have hit the airwaves, Google will have been bombarded with 3.6 million search queries and Uber will have taken almost 46,000 rides. In that same time, more than 103 million spam email messages will also have been delivered to unsuspecting mailboxes.
And that is only one part of a huge and rising threat to online data privacy. At the other end of the spectrum, we have instances of financial fraud that can be linked to theft of digital identity. In fact, several widely publicized breaches of databases held by large and reputed organizations have constantly alerted us to escalating threats to individual privacy and control over personal data. And yet it seems like a viable solution is far from sight.
Because the problem is also complex: Sometimes the data privacy breach is not even known to the concerned individual. Unlike banking reports and financial statements that tell us if our identity has been compromised because we can clearly see if our finances have been compromised, the loss of personal information — say from a device — is more stealthy. For example, one can lose data privacy, seemingly without material loss, and end up being subjected to unsolicited commercial messages. (Personal data is invaluable for those seeking to personalize and tune their digital advertising). And even when the source of such breaches are known, the corrective frameworks lag far behind. For instance, the European Commission passed a law barring the tracking of web users in 2011; a ruling that came nearly 20 years after the world started ubiquitously browsing the Internet. Today, IoT-enabled technology and Big Data is developing at a much faster rate than lawmakers could and should act. That’s why, I am convinced that the solution to this tough problem really lies at the convergence of technology and policies.
On the one hand, as technology solution providers, we must commit ourselves to incorporating privacy-preserving functionalities even as we conceive our systems and live the commitment through every stage of its development. As engineers and developers of solutions, we must aim to build capabilities that minimize the collection of personal data or provide ‘anonymization’ functionality to make the data potentially useless to data thieves. This way, the technology being developed itself can become ‘privacy-enhancing’. The makers of policies, on the other hand, have an equally vital role to play in ruling that user documentation and notices alerting users to choice can no longer be vague in language, inadequate in scope, and non-enforceable universally across relevant applications and systems in our increasingly connected world. And to make this convergence work, the consumer of this convenience — the user and owner of his or her data must be made central to the equation.
Every user must not only be aware of the data he or she is generating and sharing across devices and platforms, but must also be made to clearly understand the security risks and implications of a potential breach. Whether technology or policy, or a combination, is used to protect this data, it must be done to enable those who own it to also control access to their information, under what circumstances, and in what manner. Because, it is unfair to be invited to participate actively in an increasingly connected world, but then be penalized with the risk of privacy loss.
Remember the frighteningly powerful Internet Company from the movie The Circle? Yes it’s dystopian fiction stretched to its limit, but still an alert to the kind of ‘unrestrictedly open’ people we could become — relying more and more on those inescapable must-have apps, products, cloud-based services, and unified systems that are offered to us to better our lives and make the most of community connectivity. And yes, it can all indeed amplify us, and make us all do and be more. But only when we can also maintain a space of existence just for oneself, and all of us together protect it zealously, conscientiously. It’s good to remember that every individual still is and must be the curator and controller of his or own content. And all the goodness comes with the choice to hit that exit button or even that power off button, at will.
This blog post has been written by Manohar M. Atreya, Vice President and Delivery Head, Cloud Infrastructure and Security Services, Infosys
