Vulnerabilities / Threats

3/26/2019
02:30 PM
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger?

Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.

Facebook CEO Mark Zuckerberg became the latest tech leader to release a corporate manifesto focused on digital privacy and the future of the Internet. In a blog post, Zuckerberg outlined his company's pivot to becoming a "privacy-focused messaging and social network platform."

After years of data breaches, data mining, and nonconsensual data sharing, technologist manifestos suggest the future of the Internet. Tech giants see the regulatory writing on the wall. Pessimists may see these manifestos as a preemptive strategy, while optimists may point to a cultural shift within the tech industry. Either way, technologist manifestos show the growing prioritization of privacy, which is disrupting business models, branding, and product road maps across the tech industry. While the first step is acceptance, action is required to drive the business and reputational benefits of privacy.

Since late 2017, public opinion has shifted significantly in favor of greater regulation for tech giants. Many point to the Cambridge Analytica data-sharing scandal as the tipping point, but the shift was already underway by the time the public learned about it. Between November 2017 and February 2018, a 15-point shift in favor of data privacy regulation occurred equally across both political parties. Privacy now ranks as the most important social issue for Americans.

These shifts reflect the beginning of a groundswell that led to a year of testimony by Google, Facebook, and Twitter, as well as victims of high-profile breaches, which continued earlier this month, with Marriott and Equifax executives testifying to a Senate subcommittee. As public opinion has changed and executives found themselves interrogated for their own personally identifiable information during testimonies, it became clear that privacy was a competitive advantage for tech companies.

With its manifesto, Facebook joins the ranks of other tech giants in embracing privacy as a competitive advantage. Last year, Microsoft declared its commitment to the EU's General Data Protection Regulation, extending the privacy rights not just to EU citizens but to its consumers across the globe. This was in sharp contrast to Google and Facebook's decentralized approach to the regulation, with unequal privacy applications. In November, Apple CEO Tim Cook's keynote address in Brussels chastised the data industrial complex and reiterated Apple's commitment to strong privacy laws. He leveraged this platform to distinguish Apple from the tech giants that monetize personal data. And just last month, Cisco advocated for US federal data privacy regulation, and similarly criticized the monetization of personal data.

In each of these manifestos, privacy serves as a business differentiator and is especially aimed at competitors without explicitly mentioning them. The Facebook manifesto is no different. Zuckerberg never mentions Facebook's ad-based business model and instead takes a stance against working in countries with poor human rights and privacy records. He acknowledges the global diffusion of data localization legislation that requires data stored within sovereign boundaries and often contains a government access component. By refusing to adhere to those policies, Facebook signals that it's willing to lose market access if it means weakening privacy and security. Following the manifesto's playbook to distinguish itself from competitors, Facebook punches at both Apple and Google through the secure data storage promise. Apple has been forced to host data and even encryption keys in China to maintain market access, while Google's Project Dragonfly was working on a Chinese search engine and was revealed only after information about it was leaked. Facebook, which currently does not have a presence in China, can use data storage as a competitive advantage.

Facebook's manifesto isn't just pushing back against data localization laws but also the growing global encryption debate. End-to-end encryption across all messaging platforms is a core feature of the manifesto. With frequent reference to replicating this privacy-supporting feature of WhatsApp, Zuckerberg takes a strong stand against countries like Australia, which recently passed a bill requiring access to encrypted data, as well as India, which is currently debating legislation that would require messaging traceability that would ostensibly break encryption.

Facebook is also flipping the Chinese business model on its head. Zuckerberg's vision includes not just creating a privacy-based platform for messaging and social networks but also aspires for the company to be a one-stop shop for finances, health, and more. By the end of the post, it appears Zuckerberg is attempting to build an American WeChat — the Chinese app that dominates that market but is also linked to the government and often offers personal data when requested from the government.

Looking ahead, we should expect to see more tech manifestos. So far, corporate executives have produced the majority of them. Given the prominence of the FAANGs, it's likely that Google, Netflix, or Amazon may be next in this trend toward privacy-branding manifestos. But it would be short-sighted to assume only executives produce manifestos; labor also has a voice. Google has already had to contend with one employee manifesto, an open letter protesting Dragonflyprotests against working for the Pentagon, and an employee walkout due to gender inequity and the handling of sexual harassment claims. Meanwhile, Microsoft employees sent their executives an open letter demanding the company cancel a $480 million contract with the US Department of Defense.

These manifestos are tightly connected and indicate the significant inflection point affecting the future of the Internet and privacy as a fundamental right. Manifestos alone are great for messaging, but now is the time for action. Too much is at stake to simply give lip service to privacy as a branding exercise. Expect more organizations to see the competitive advantage in pursuing privacy-preserving business models while being forced to decide between market access and privacy as the two conflict with authoritarian legislation. Those that truly follow through on their privacy pledges will be the great disruptors and innovators of this century.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Dr. Andrea Little Limbago is the chief social scientist at Virtru, a data privacy and encryption software company, where she specializes in the intersection of technology, cybersecurity, and policy. She previously taught in academia before joining the Department of Defense, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
StephenGiderson
50%
50%
StephenGiderson,
User Rank: Apprentice
4/14/2019 | 11:31:22 PM
Regain trust
The reason why they shared their manifesto is to regain back the trust of their users which has sadly been lost. Major data breaches have occurred after so many years of becoming their loyal member. Thus, the only way is to assure the users that they have indeed came up with a plan to salvage all that's lost.
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11515
PUBLISHED: 2019-04-25
core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files.
CVE-2019-11511
PUBLISHED: 2019-04-25
Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.
CVE-2019-11513
PUBLISHED: 2019-04-25
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action.
CVE-2019-11514
PUBLISHED: 2019-04-25
User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens.
CVE-2019-11506
PUBLISHED: 2019-04-24
In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to Expo...