We live in dangerous times. Government agencies charged with keeping us safe must have access to information to protect us from terrorists and other threats. But we do have and need Constitutional safeguards. If last year’s revelations about the National Security Agency’s collection of Americans’ phone and Internet data taught us anything, it’s that we need a national discussion on how our information is obtained. As we search for a balance between protecting privacy and maintaining security, we must understand exactly how private our information is.
Last month, President Obama announced plans to turn over the government’s collection of phone data to private companies. The attorney general and the intelligence community have until March 28 to determine whether the data should go to phone companies or third-party entities. This move raises important questions about who should be responsible for protecting our privacy.
Transparency is key in collecting and using data. Obviously, the NSA can’t broadcast when it tracks suspected terrorists and their contacts. Still, Americans are a free people, and we have the right to know that there is a fair and adversarial process involving an independent judge before warrants are issued. And the warrants must be narrow and specific. This is vital as the Internet of Things (IoT) evolves and more objects become capable of connecting to the Internet and to each other. In a world where your connected refrigerator could be vulnerable to a security breach, you want to know your information is protected.
The tech sector can and should provide input in at least three related areas.
First, the revelation that our government is recording phone calls of world leaders is harming U.S. companies seeking overseas sales. True, U.S. spying on foreign countries is about as surprising as illegal gambling was to Rick Blaine in Casablanca (Blaine was “Shocked! Just shocked!” he said, as he collected his gambling winnings). But while many governments presumably eavesdrop to collect vital intelligence, we need to repair damaged relationships and set and follow parameters (like no listening to allies’ phone calls) so we can be welcomed back as trusted partners in business and in government.
Second, to the extent our government asks businesses such as AT&T, Google, Comcast and Facebook to intercept customer communications, each request must follow due process and the companies must be allowed to categorize, aggregate and report their actions to all of their customers. Once the government-mandated information collection is over there is no reason the cooperating companies should not be able to anonymize and report their actions.
Third, every company with a website should clearly disclose what information it is collecting and give consumers the right to opt out, or at least leave the website. Although developing standardized language may be a challenge, the industry should work with other stakeholders to tackle this issue.
Finally, the industry must help educate consumers about safeguarding their own privacy. Most of us understand the importance of protecting our online information with passwords. The same caution is important – maybe even more so – with objects connected to the IoT. A recent report on an alleged botnet that infiltrated 100,000 connected devices pointed out that owners of those devices hadn’t changed the factory password settings, leaving them vulnerable to attack. The makers of these devices need to share clear privacy guidelines with buyers to heighten awareness and help us keep our private information safe.
Government must protect our security, but it should balance security and privacy. There was no Internet when the Constitution and Bill of Rights were drafted, but the Fourth Amendment promising Americans the right to be protected against unreasonable searches and seizures without a warrant based on probable cause protects our use of the Internet against broad governmental snooping. As more aspects of our lives continue to migrate online, we have to make security and privacy priorities. This starts with the industry and the government each doing their best to protect security, be transparent and ensure the electorate understands they too can take steps to safeguard their privacy.
Gary Shapiro is president and CEO of the Consumer Electronics Association (CEA)®, the U.S. trade association representing more than 2,000 consumer electronics companies, and author of the New York Times best-selling books, Ninja Innovation: The Ten Killer Strategies of the World’s Most Successful Businesses and The Comeback: How Innovation Will Restore the American Dream. His views are his own. Connect with him on Twitter: @GaryShapiro.