SAN FRANCISCO – Privacy has been in a stranglehold for a long time. Some believe it’s a fleeting concept done irreparable harm by the Snowden revelations. Others believe it’s merely in a transition until the norms of Internet behavior are sorted out.
The privacy chiefs of Google, Microsoft and Intel Security tried to do some table-setting today at RSA Conference 2014, lobbying for even more transparency in reporting government requests for user data and explaining how the notion of privacy has been flipped on its ear.
Microsoft chief privacy officer Brendon Lynch reiterated a point made by CSO Scott Charney a day earlier that Microsoft has never had a request for bulk of data, and how it would fight such a request if it ever landed on their desk. Google senior corporate counsel Keith Enright enforced the point too that the company never granted the government direct access to internal Google systems.
“Our leadership has been clear and vocal,” Enright said. “We are leading the charge for increased transparency. It’s important people understand what their governments are doing. Transparency is the only way we have accountability and are able to push for change.”
Recently, the Department of Justice reached a settlement with major Internet companies, establishing new reporting norms around government requests for data in the form of National Security Letters and Foreign Intelligence Surveillance Court orders. Since material in the Snowden documents intimated on several occasions that the National Security Agency (NSA) had some sort of access to Google, Facebook, Yahoo and others, the providers believed their hands were tied by reporting restrictions.
“Some of the reporting was hyperbolic and there were some frustrations not being able be as transparent as we could be,” Lynch said. “We are now able to refute reports of unfettered access to data and bulk collection. I’m happy report that those requests impact only a fraction of 1 percent of customer data.”
The panelists, including Intel Security chief privacy officer Michelle Dennedy, emphasized too that this is a global issue impacting economies worldwide since the NSA proved it had a long reach when it was disclosed the agency was tapping overseas connections between data centers to intercept data.
“It’s not just one government, it’s all governments,” Dennedy said, emphasizing the S.
On a less global scale, the experts contemplated how Web-based services and social interaction online necessitates a compromise and redefining of privacy.
“Privacy is about user expectations. User engage with a service and on some level recognize data moves,” Google’s Enright said. “This requires us to be responsible, inform users and give them meaningful control. If a service is appropriately designed and users understand what they’re engaging with and the transactions their making, I don’t think there’s a net loss of privacy.”
The panelists also lamented the depth and breadth legal counsel requires them to provide in privacy statements that are largely ignored by users. Users are also forced to make changes to settings in services or browsers they’re unlikely to seek out or understand. Google, for example, offers its users the option to turn off behavioral targeting within their ad settings. The Do Not Track option in web browsers is also available to users, but standards hang-ups leave it up to websites to decide whether they’ll honor the DNT signal.
“Privacy is not synonymous with secrecy,” Dennedy said. “It’s the processing of personally identifiable information. You’re not giving up privacy when you choose to communicate with another person. We want our customers to stick with us. We want transparency to be a differentiator; that’s a good thing.”