A few dozen members of the National Cyber Security Alliance (NCSA) who gathered at Twitter's San Francisco headquarters to celebrate Data Privacy Day on Thursday were guardedly optimistic, perhaps foolishly so.
They were meeting less than 24 hours after President Donald Trump signed an executive order that could threaten the existence of the EU-US data privacy shield, and many were aware of a new survey this week that suggests most Americans have directly experienced some form of data theft or fraud.
But the NCSA is a rare breed: an amicable partnership between the federal government and Silicon Valley, funded not only by the Department of Homeland of Security, but also by companies like Twitter, Intel, and Cisco, whose executives all seemed to agree that even though the Internet faces severe threats from hackers and thieves, its users are increasingly positioned to take their online safety and privacy into their own hands.
Take the automobile industry, for instance. Every car built today captures data about its performance and the habits of its driver, and its systems are increasingly connected to the Internet, whether it's a Tesla Model S sending data back to Elon Musk's crack team of engineers or a Honda Fit queuing up a Spotify playlist.
For Tony Aquila, CEO of automotive data company Solera, this combination of infotainment and diagnostics is at once fraught with risks and full of potential. On the one hand, a car can self-diagnose its problems, but on the other hand, it also knows a ton about you, the driver.
"You should be responsible enough to know you've got to wipe your car when you sell it," Aquila said at the NCSA event. He envisions a future where drivers will carry around their own on-board diagnostic (OBD) device, which will set up every car they drive to their exact specifications, but also extract all their personally identifiable information when they unplug it.
"I can do everything through the ODB port," he said. "In the future you'll carry an ODB device that will know your driving preferences, your seat position, even how to tune the car."
Whether or not such a device will ever exist is an open question, of course, since the automotive industry doesn't enjoy the breakneck pace of innovation that sustains most of Silicon Valley. But similar devices for non-automotive privacy protection are already on the market—keys that can encrypt and store consumers' website login information, for example.
The problem is that they're still largely niche products. Much of the blame for that, according to Mozilla's Chief Legal Officer Denelle Dixon, lies not with ignorant consumers, but with the companies.
"Our job as technology companies is that we need to make it easy for people, and I don't know that we've done our part," Dixon said on Thursday. "The more we innovate on privacy issues, the better it is from the standpoint of users' trust."
It is Dixon's job to be a privacy evangelist, of course, and the Mozilla engineering and product teams who are racing to stem the flow of Firefox users to Google Chrome may have other things on their minds besides privacy innovations. Still, her mea culpa and pledge to do better are refreshing, especially since they are echoed by counterparts at other companies like networking giant Cisco.
"We need to notice when information is used, shared, and deleted, and build in some controls of when, how and by whom it's done," Cisco's Chief Privacy Officer Michelle Dixon said. After all, tech companies already see their own intellectual property threatened by leaks and hacks, so why can't they view their users' data the same way? In the US, "it is a given that stealing other people's intellectual property is wrong," she said, "but when you go to China, you see that Corn Flakes is no longer a General Mills product."
Related
- The Trump Administration's Cyber HubrisThe Trump Administration's Cyber Hubris
As it does among many Americans these days, talk of China, privacy, and hacking invariably leads to discussion and speculation about the Trump administration. There was no sign on Thursday of anyone from the Department of Homeland Security, which provides about half of the NCSA's budget. Nor was there much admiration for the nation's 45th president, who this week signed an executive order to "exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information."
There was, however, a sense of optimism among the mostly female crowd, perhaps encouraged by the massive women's rights marches that took place after Trump's inauguration last week. Women currently outnumber men as chief privacy officers of American tech companies, according to the Association of Privacy Professionals—one of the only realms in Silicon Valley where that's the case. And many NCSA members want to keep it that way.
"We're living more of our lives on line, and with girls and children growing up now, I think privacy is a life skill," said Laura Pirri, Twitter's legal director for privacy. "In acquiring that life skill you'll figure out if it's a passion for your career as well."