Tech companies and the U.S. government’s agreement Monday on NSA disclosure issues doesn’t mean the tech industry will go back to its knitting. The companies will likely to keep the pressure on Washington for other changes in the government’s data collecting and surveillance programs.
Politico says there’s enough for both sides to call a victory. Controversial, however, is a provision that would allow the government to take advantage of a new technology or platform created by services less than two years old without disclosing for two years, as the New York Times wrote. That could potentially leave start-ups more vulnerable.
What about companies’ role in data collection and security? I haven’t bought into the logic that what the NSA has been doing in terms of data gathering is akin to data collecting by Google, Facebook and other firms. After all, I want my data forever, and I trust that companies use whatever data they get from me to make their products better or offer services I might want. And besides, what about potential harms? Governments grab data then put dissidents in jail. Google just gives me a different Ann Taylor ad.
But it’s getting harder to maintain that position with each new disclosures. The Angry Birds report Monday, as the Mercury News’ Brandon Bailey wrote, throws a spotlight on the vulnerability of personal data on mobile applications. Are some companies just collecting data because they can, like personal contacts, and not because they need it? And then are they storing data in the digital equivalent of a leaky back shed?
Companies are “drunk on big data,” Joseph Lorenzo Hall, chief technologist at the Center for Democracy & Technology, told me. They have resisted asking themselves whether they should collect the data in the first place, he said, and have focused instead on the NSA and improving their own security.
The data sitting on servers or moving between data centers is potentially an attractive resource for many governments, writes Danny O’Brien of the Electronic Frontier Foundation on the occasion of Data Privacy Day. He says:
It’s expensive and difficult to keep personal data private from adversaries like Russian and Chinese hackers or the NSA and GCHQ. And it gets worse, as companies hoard greater and greater amounts of unnecessary and intrusive information. Companies may insist they take steps to protect their users’ data, but the best form of data security is simply not collecting that information in the first place.
Hill says 2014 will be the year of security, with venture firms backing startups focused on the issue and companies changing how they store personal data.
It should also be the year when companies also ask whether it’s time to rethink all that they collect.
Above: President Obama speaking earlier this month about NSA reforms. (AP Photo/Carolyn Kaster, File)