Prefix – I love technology. The amount that it has done for the world is incredible – not just from a quality of life perspective, but all the little things that have enabled sustained human existence and improved our ability to succeed.
However, not to be too Ron Swanson about it, I value my privacy because I grew up with the advent of big tech. As one of the first generation of users of Facebook and MySpace, I was constantly using the computer and then my cell phone for social media. I was mesmerized that I could just use Facebook to sign in to websites, information was auto-populated, and it was all FREE.
“If something is free, you are probably the product” is something that I wish I had heard over a decade ago. Terms and conditions constantly go unread. However, I started to read the fine print, and I don’t really care anymore if it is holding up the sale, we authorize all sorts of applications and services to have our data on a regular basis.
Some things may seem harmless, but what else are these companies tracking? As some of my work at Intrinium entails social engineering and OSINT (Open Source Intelligence), the inference is a powerful tool to pull together seemingly unrelated or uninteresting data points (Facebook likes, IP addresses, etc.) to draw a reasonable conclusion about someone. Meanwhile, many of these companies sell this data to advertisers and other entities for them to advance their own agendas, (marketing efforts, market research and more.)
All this is further complicated by the fact that we have not, as consumers, been given a way to reasonably understand what we are consenting to with these services or do you have an understanding or ability to opt out in most situations. There are organizations like the EFF (Electronic Frontier Foundation) that are fighting to protect us, and the passage of the GDPR (General Data Protection Regulation) in the European Union set precedence for regulation to protect citizens.
In the United States, we are still struggling to catch up. Many of the limited protections we have are as a result of the application of the Fourth Amendment, which guarantees Americans the right to not have their “persons, houses, papers, and effects” unreasonably searched or seized without a warrant. My hope is that we will pass legislation that is like GDPR in order to ensure our laws are relevant to today’s challenges and that the people will have power over their data, with informed consent when they authorize another party. Is this realistic? I’m not sure, but it starts with more people being aware of the current system and then letting them decide if they want to break the wheel.
The most recent issue with FaceApp becoming viral is an excellent case – users blindly agreed to the terms and conditions laid out in the EULA, without knowing how much they were giving the company (including a license to the photos in perpetuity, access to other data on your phone, and more – https://www.nytimes.com/2019/07/18/opinion/faceapp-privacy.html). Indeed, from the FaceApp terms and conditions:
“You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your [username], location or profile photo) will be visible to the public.”
It seems irresponsible to assume users can parse the dense legal text involved in a EULA, and we must do more to empower people to understand to what they are agreeing.
For a fantastic opinion piece that lays out the specifics of the application of the Fourth Amendment in regard to the privacy and other implications, I highly suggest you read this: https://nyti.ms/2vsvl4C