Editor’s Note: This is the first of a two-part podcast with security researcher Chris Soghoian.
It’s a truism that the pace of technological change outstrips society’s ability to grasp the impact of that change. For the most part, the consequences of this are benign and the remedies straight-forward –think: “mobile phones ringing in the movie theater.” Not infrequently, however, our failure to grasp the true significance of technological innovation can have tragic consequences. There’s the Gatling gun during the American Civil War, or the rapid increase in traffic fatalities that came with the adoption of the automobile.
Chris Soghoian, an independent security and privacy researcher, thinks that we’re aga
in in a period of extreme, technology-fueled dislocation. The rapid growth of online social networking Web sites and the proliferation of Internet connected, location-aware mobile devices have empowered for-profit firms like Google, Microsoft and Facebook to collect reams of private information and then hand it to advertisers – often just different divisions within the same company. Consumers, Soghoian argues, are stuck with a cornucopia of free applications, but ones that readily collect and then “spew” their personal information, or provide meager privacy features that are spotty and difficult to use.
And, like auto executives who argued vehemently against federal seat belt requirements, executives of major Internet firms say there’s no problem with any of this. Most users aren’t asking for more privacy protections, and enjoy a great service for free.
Soghoian isn’t buying it. Like the Ralph Nader of online privacy, he’s spent much of the past three years tilting at Internet giants and trying to force the hand of a reluctant U.S. government to stand up for consumers.
In 2010, he filed a complaint with the FTC demanding that the commission force Google to amend its privacy policy to reflect shortcomings in the data protection features that Google offers. He similarly exposed weaknesses in the security of cloud storage firm DropBox, and inaccuracies in its promises to customers about how it protected their data.
Even if privacy isn’t a top concern for many users of Facebook and Twitter (and recent studies suggest it isn’t), the free market is failing to provide secure options for those who are concerned about it, Soghoian argues.
“There is no way to buy a version of Chrome that doesn’t violate your privacy,” Soghoian said.
The result is that Internet users are coerced into divulging personal information by sites like Facebook, which offer the (false) choice of protecting their privacy and enduring social isolation, or allowing firms to invade their privacy so that they can engage with friends and loved ones online. “To maintain privacy is to be ostracized,” Soghoian said. “It would be fairer if there was a situation where consumers could choose privacy,” he said. The result is firms, like Facebook, that constitute near monopolies that violate consumers privacy, but that consumers continue to use because there are no other alternatives.
In the first half of our two-part podcast interview, recorded in February at the Kaspersky Lab Security Analyst Summit in Cancun, Mexico, Soghoian talks with Threatpost Editor Paul Roberts about the crisis in online privacy, paying for Twitter and how the free market is failing online consumers.