Consumer Reports, Disconnect, Ranking Digital Rights, The Cyber Independent Testing Lab and Aspirations are all collaborating on new sets of standards that will test and evaluate digital electronic products that have the ability to violate consumers’ privacy, or unwittingly have their data collected. (See this link to find how products will be evaluated)
Although there is no timeline for when this will be completed, this is the first phase of a collaborative effort. Here are some of the highlights that stand out to me:
• Best Build Practices: Software built and developed according to industry best practices.
• Bug Bounty Program: Companies addressing reports of vulnerabilities.
• Encryption: Information is encrypted to make hackers job more difficult.
• Password: Products should require a user to set good passwords.
• Data Control: Consumers need to see and control everything a company knows about them.
• Data Collection: Consumers will know exactly what data will be collected on them.
• Privacy by Default: The default settings should prioritize privacy, to give up privacy, consumer has to actually make a change to the settings.
• Data Use: Companies have to disclose how the consumers’ data will be used.
• User notification about third-party request for user information: The company notifies the consumer if any government or a third party requests consumer information.
In light of the recent release of 8,000 pages of documents revealing the CIA have undermined encryption on electronic equipment such as iPhones, Android phones, smart televisions and anything connected wirelessly, the standards seem even more relevant. The encryption capabilities of applications such as Signal, WhatsApp and Confide have not been broken. Instead, the CIA was able to overcome the encryption on those applications by collecting audio and messages before the encryption is applied.
There is a lot of activity going on inside of our phones — applications running "behind the scenes," location tracking, etc. However, most of us really don’t seem to mind. Some free applications will decline us from using their product if we refuse to accept terms and conditions of their data collecting activities, and many don't seem to mind that either. The problem is that most of the data collected has nothing to do with the functionality of their product, so why do companies need it? (I'll give you one guess).
Admittedly, I often agree to those terms because I feel the benefit is worth someone tracking all of my movements. Free software is often very convenient, and regardless of the intent of these application companies, I feel that I still have enough self autonomy to make my own decisions. I’m not engaged in any criminal activities, and my nights out playing pool are strictly legit.
However, there’s still a part of me that feels I’m being used in some covert social experiment, like I’m a binary bit in a digital vat of big data, designed to track and monitor my movements and habits in order to make a quick buck. So what seems like a mutual symbiotic relationship looks more like a parasitic relationship, with that digital parasite living in our pocket, forever sucking the data out of us.
Even though we are a willing host, a thorough overhaul of digital privacy standards is desperately needed to bring back that symbiotic relationship. According to Consumer Reports survey, 65 percent of Americans are not confident that their personal information is private and secure.
It’s not just the data being collected, it’s what they are doing with it — forever mining for patterns and correlations on a scale that is mind-boggling. These patterns can be used in ways that affect all consumers, like tracking buying habits and finding out if someone is pregnant or sick. It's consumer targeting on another level. What if insurance companies have access to such data and decide to use it against consumers?
The new evaluation standards may not have an immediate impact — our society is exposed to plenty of warnings that, for the most part, are still being ignored. Cigarette warnings, motorcycle helmet laws and fast food calorie labels are certainly among them. But it's in the best interest of everyone to have these warnings in place. The same can be said for the new evaluation standards on digital data, some people will totally ignore them, but others will heed the warnings and take the steps to protect themselves with informed decisions.
Thomas Russell is a high school information technology teacher and retired Army Signal Corps soldier. He is the founder of SEMtech (Student Engagement and Mentoring in Technology) and an Advisory Board Member of Educating Children of Color. His hobbies include writing, photography and hiking. Contact Thomas via Russell’s Room on Facebook, or email at firstname.lastname@example.org, and his photography at thomasholtrussell.zenfolio.com.