Like virginity, lost privacy is gone for good -- CES panelist
Far from the barrage of gadget announcements, a comparatively unsexy discussion on the future of privacy and cloud-stored data unspooled at CES 2013.
LAS VEGAS -- The future of privacy and the cloud occupied a sidestage at CES 2013 this morning, with one panelist comparing privacy lost to something else that can't be replaced.
"Getting your privacy back is like getting your virginity back," said Jim Reavis, Executive Director of the non-profit Cloud Security Alliance, from a room on the second floor of Las Vegas Convention Center North building. The on-stage conversation between Reavis and other privacy experts focused mainly on desired changes to how to make the nebulous concept of online privacy more user-friendly.
Sid Stamm, lead privacy engineer for Mozilla, suggested that just because more and more data is being hosted remotely, "in the cloud," that doesn't mean that it's automatically less safe. "If we introduce transparency, we can make people feel safer about where their data is being stored," he said.
He also said that he thought that developers have to start matching data and privacy management to user expectation. "We should be engineering products which only do what [end-users] expect them to do. It may be harder, but it's in our best interests," he said.
All four panelists -- a group that included Rip Gerber, the CEO of Locaid Technologies and K. Scott Morrison, CTO of Layer 7 Technologies -- agreed that not enough was being done to protect the privacy of the individual. That's not exactly a revolutionary sentiment in the age of regular database breaches on improperly secured servers, although each panelist suggested slightly different fixes.
Morrison noted a common problem with applying desktop privacy norms to the modern, mobile world. "It's not reasonable to read a 50 page EULA on this thing," he said, holding up his iPhone. "I don't know what better transparency looks like, but we're getting closer to it."
Gerber, clad in a leather jacket despite the overly warm room, explained some of his company's approach to customer privacy. "We follow three basic tenets: You have to ask permission (from the user before collecting their data), you have to notify (the user when you plan on doing something with their data), and you have to offer more control (over the data to the user)."
The panelists also addressed what they saw coming for privacy in the next year. "One thing we can bet on happening this year is acceleration in innovation," said Stamm. "I think we're going to see more innovation in privacy. We're going to be empowering users to use their information."
Reavis offered a concrete solution, from his own company's practices, called format-preserving encryption. "Entrepreneurs are encrypting information before it goes up to the cloud. It's been wholly transformational, and prevents a company from seeing what's on its own database."
Reavis was not wholly enthusiastic about the future, though. "It's the bad guy's Internet, they just let us use it because it suits their financial interests," he said grimly.
Stamm agreed that this was a precarious time for user protections and privacy. "The worst thing that could happen in the next year," he said, "would be a privacy breach that we don't understand."