Don't Bet the Business

At the risk of dating myself, I grew up at a time when cell phones were non-existent, a visit to the library was required if you wanted to research something, and the internet was essentially a novelty with limited practical application. 

While there were many things to be concerned or to worry about coming of age in that era, privacy was not one of them. Beyond typical gossip, there was little concern that a private conversation with a friend or roommate would remain private or that the excitement (or failures) of the night before would be remembered beyond the next few days. 

Through today’s lens, the late 1990s and early 2000s seem technologically antiquated. The past 15-20 years, however, brought astonishing advancements in technology that have changed countless aspects of our lives and one of the largest is privacy... or the lack thereof.        

The ubiquity of cell phones, including camera and smart phones, set us on a path that would alter the very nature of privacy and how we value it. A “connected” world now seems second-nature and a demand of most consumers.  The result: dramatic technologies that improve many of our lives. But this same technology should also have us questioning what we may be giving up in exchange for the bells and whistles – especially when securing your data likely cannot be guaranteed.    

For example, activity trackers (i.e., Fitbit), have become a commonplace gadget to help improve physical fitness – running the gamut from those looking to take a few extra steps each day to professional athletes trying to maximize performance. In addition to distance walked or run, many also track geo-location, caloric intake, heartbeat, and quality of sleep, and the data gathered is commonly used in conjunction with a fitness/health app or service. 

Presuming that your data is secure and only used for the intended purpose, it is rather innocuous. But consider if this data is sought by law enforcement or it ends up in the wrong hands and a criminal is now aware of your daily routine, when you will be away, or when you will be sleeping. These concepts are not so far flung as this data is already being used in criminal proceedings including one murder case in Connecticut and another in Germany where activity and geo-location were correlated.         

Another example, the JetBlue airline announced that it would begin testing facial recognition check-in for limited flights as a way to streamline boarding.  Delta Air Lines will also be testing similar technology for checking luggage. In San Jose, California, the city planned to install "smart" streetlight, equipped with facial recognition, cameras and recording capabilities.

While facial-recognition may be limited presently, it could take a large leap forward with the launch of the iPhone X’s Face ID technology. This feature certainly offers convenience but not without risk. Will the data comprising your facial scan remain secure? Will it be used for purposes other than unlocking your phone? Could your phone be unlocked without your consent? These questions, and others, will most certainly end up before the courts, especially in criminal cases where phones are seized during an arrest (as with numeric passcodes and fingerprint scans).                 

In the home, we are seeing a whole host of internet of things (IoT) devices ranging from vacuum cleaners to baby monitors to climate systems.  By virtue of the “smart” capabilities, all of these devices (and their companies) are recording, processing, and communicating data, much of which is personal in nature – and in many cases without the user knowing of the “privacy” that is lost.

The CEO of iRobot, maker of the Roomba vacuum cleaner, recently made headlines when discussing the newer models’ “smart mapping capabilities, driven by infrared lasers, internet-connected cameras, new sensors, and software that helps the machine track its own location within the home.” But the real buzz came when he discussed, a “rich map of the home” that would be sold to companies like Amazon, Apple, and Google. Samsung was previously criticized for its always-on voice detection microphones within its smart TVs – a function claimed by WikiLeaks to be particularly vulnerable to spying (by the government or cyber criminals).                 

Certainly, no one wants their personally identifiable information (PII) in the hands of hackers, but it is unclear how motivated consumers are to protect against this risk. One study found that approximately "50% of U.S. broadband households are willing to share data from their smart devices for discounts on electricity.” Contrast this with only 25 percent of U.S. customers wanting to share cell phone numbers. Yet most consumers do not take advantage of security tools readily available to them, such as two-factor authentication to access email accounts or more sophisticated password protection.

Perhaps it is a lack of awareness or perhaps consumers are choosing not too burden themselves with what they view as needless complications. Whatever the case may be, there’s good reason to be concerned.

The Federal Trade Commission found that it took only nine minutes for hackers to attempt to access a leaked database of 100 fake customers. As our world becomes more connected and more of your PII is circulating, we should all rethink what privacy means to us… and, perhaps more importantly, what life would be like without it.