Dr. Jose Nazario Crunch Network Contributor
Dr. Jose Nazario is director of security research at Fastly and the author of "Secure Architectures with OpenBSD” and “Defense and Detection Strategies against Internet Worms.”
How to join the network Every company is a digital company, from the biggest tech companies to the neighborhood corner store. A large ecosystem of partners and suppliers enables those companies to provide the services they do. And then there’s the customer, who is seeing more and more of their life become digital.
Most people understand that in order for digital services to work properly or stay free they may need to allow the services to track some of their data. For example, maps have limited appeal when location tracking is disabled. There’s a trade-off between convenience and privacy with which most people are comfortable. That negotiation occurs between the consumer and the online site or service.
But what about the businesses that provide services for consumer-facing companies? The partners and third-parties that operate behind the scenes? Typically they’re ISPs, cloud services or even content-delivery networks (CDNs), through which 45 percent of the internet’s traffic passes. They kept the Olympic games streaming fast and uninterrupted. They’re handling billions of transactions for e-commerce sites. What many people don’t realize is that these third-parties could also be tracking and selling their online behaviors as data.
The FCC is cracking down on ISPs for selling user data without consent, but now some CDNs are also getting in on the game. Waiting for regulation to stop the abuse isn’t the answer. All third-party services have an ethical responsibility to publicly and plainly disclose which data they collect. This should be available to consumers and to their business customers before signing contracts. And companies should insist that the third-party services with which they work follow these consumer-centric privacy practices.
With user data, less is more
Data collection can start out with good intentions. For example, online services can improve the user experience by knowing whether customers are using mobile or desktop devices to access their site. But data collection and retention can get more invasive when services begin to collect demographic data, like gender, to deliver content that feels a little too personal to the consumer.
It’s time to demand that all third-parties hold themselves to a higher standard and disclose what they do with consumers’ data.
For the provider, these benefits of less data actually accrue over time. If a provider doesn’t keep the customer data, then the company doesn’t have data to provide the government when faced with a subpoena. In addition, there is less data to protect from cyber attacks and data breaches. Internet service providers, and CDNs in particular, can do their jobs just as effectively without that data.
Be transparent and give control back to the users
More than 90 percent of adults agree that consumers have lost control of how their data is collected and shared online by companies, according to Pew research . It will soon be imperative that companies disclose information to their users about who has access to their data, how long that data is retained and how it might be combined with other data or reconstructed to target them with advertising. Technology giant Google leads the way in transparency around data collection, making it easy for people to choose which information they’re okay with sharing and which they are not.
What’s at stake for companies?
In Letter To Google CEO, Sen. Franken Raises Questions Regarding Student Data Collection AOL CEO Tim Armstrong Defends Verizon's Data Collection For Advertising There aren’t many laws in place governing which data can be collected or sold by companies or how long data can be retained. The regulations that do exist vary by state and aren’t very rigorous. However, it’s not wise for companies to rely on data collection as a form of revenue. The market is already showing signs of self-correcting as the popularity of online ad blockers grows. Additionally, the FCC might not stop at ISPs in its efforts to regulate data collection.
While some third-parties are content with hiding behind the data permissions a customer-facing service has with its customers, others aren’t — and rightly so. This permission by opacity may be the status quo now, but it won’t be for long. It’s time to demand that all third-parties hold themselves to a higher standard and disclose what they do with consumers’ data. Companies that resist the urge to collect, share and sell data that isn’t vital to their service will ultimately be better off.
Featured Image: Bryce Durbin