Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

3/26/2019
02:30 PM
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger?

Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.

Facebook CEO Mark Zuckerberg became the latest tech leader to release a corporate manifesto focused on digital privacy and the future of the Internet. In a blog post, Zuckerberg outlined his company's pivot to becoming a "privacy-focused messaging and social network platform."

After years of data breaches, data mining, and nonconsensual data sharing, technologist manifestos suggest the future of the Internet. Tech giants see the regulatory writing on the wall. Pessimists may see these manifestos as a preemptive strategy, while optimists may point to a cultural shift within the tech industry. Either way, technologist manifestos show the growing prioritization of privacy, which is disrupting business models, branding, and product road maps across the tech industry. While the first step is acceptance, action is required to drive the business and reputational benefits of privacy.

Since late 2017, public opinion has shifted significantly in favor of greater regulation for tech giants. Many point to the Cambridge Analytica data-sharing scandal as the tipping point, but the shift was already underway by the time the public learned about it. Between November 2017 and February 2018, a 15-point shift in favor of data privacy regulation occurred equally across both political parties. Privacy now ranks as the most important social issue for Americans.

These shifts reflect the beginning of a groundswell that led to a year of testimony by Google, Facebook, and Twitter, as well as victims of high-profile breaches, which continued earlier this month, with Marriott and Equifax executives testifying to a Senate subcommittee. As public opinion has changed and executives found themselves interrogated for their own personally identifiable information during testimonies, it became clear that privacy was a competitive advantage for tech companies.

With its manifesto, Facebook joins the ranks of other tech giants in embracing privacy as a competitive advantage. Last year, Microsoft declared its commitment to the EU's General Data Protection Regulation, extending the privacy rights not just to EU citizens but to its consumers across the globe. This was in sharp contrast to Google and Facebook's decentralized approach to the regulation, with unequal privacy applications. In November, Apple CEO Tim Cook's keynote address in Brussels chastised the data industrial complex and reiterated Apple's commitment to strong privacy laws. He leveraged this platform to distinguish Apple from the tech giants that monetize personal data. And just last month, Cisco advocated for US federal data privacy regulation, and similarly criticized the monetization of personal data.

In each of these manifestos, privacy serves as a business differentiator and is especially aimed at competitors without explicitly mentioning them. The Facebook manifesto is no different. Zuckerberg never mentions Facebook's ad-based business model and instead takes a stance against working in countries with poor human rights and privacy records. He acknowledges the global diffusion of data localization legislation that requires data stored within sovereign boundaries and often contains a government access component. By refusing to adhere to those policies, Facebook signals that it's willing to lose market access if it means weakening privacy and security. Following the manifesto's playbook to distinguish itself from competitors, Facebook punches at both Apple and Google through the secure data storage promise. Apple has been forced to host data and even encryption keys in China to maintain market access, while Google's Project Dragonfly was working on a Chinese search engine and was revealed only after information about it was leaked. Facebook, which currently does not have a presence in China, can use data storage as a competitive advantage.

Facebook's manifesto isn't just pushing back against data localization laws but also the growing global encryption debate. End-to-end encryption across all messaging platforms is a core feature of the manifesto. With frequent reference to replicating this privacy-supporting feature of WhatsApp, Zuckerberg takes a strong stand against countries like Australia, which recently passed a bill requiring access to encrypted data, as well as India, which is currently debating legislation that would require messaging traceability that would ostensibly break encryption.

Facebook is also flipping the Chinese business model on its head. Zuckerberg's vision includes not just creating a privacy-based platform for messaging and social networks but also aspires for the company to be a one-stop shop for finances, health, and more. By the end of the post, it appears Zuckerberg is attempting to build an American WeChat — the Chinese app that dominates that market but is also linked to the government and often offers personal data when requested from the government.

Looking ahead, we should expect to see more tech manifestos. So far, corporate executives have produced the majority of them. Given the prominence of the FAANGs, it's likely that Google, Netflix, or Amazon may be next in this trend toward privacy-branding manifestos. But it would be short-sighted to assume only executives produce manifestos; labor also has a voice. Google has already had to contend with one employee manifesto, an open letter protesting Dragonflyprotests against working for the Pentagon, and an employee walkout due to gender inequity and the handling of sexual harassment claims. Meanwhile, Microsoft employees sent their executives an open letter demanding the company cancel a $480 million contract with the US Department of Defense.

These manifestos are tightly connected and indicate the significant inflection point affecting the future of the Internet and privacy as a fundamental right. Manifestos alone are great for messaging, but now is the time for action. Too much is at stake to simply give lip service to privacy as a branding exercise. Expect more organizations to see the competitive advantage in pursuing privacy-preserving business models while being forced to decide between market access and privacy as the two conflict with authoritarian legislation. Those that truly follow through on their privacy pledges will be the great disruptors and innovators of this century.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Dr. Andrea Little Limbago is the chief social scientist at Virtru, a data privacy and encryption software company, where she specializes in the intersection of technology, cybersecurity, and policy. She previously taught in academia before joining the Department of Defense, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
StephenGiderson
50%
50%
StephenGiderson,
User Rank: Strategist
4/14/2019 | 11:31:22 PM
Regain trust
The reason why they shared their manifesto is to regain back the trust of their users which has sadly been lost. Major data breaches have occurred after so many years of becoming their loyal member. Thus, the only way is to assure the users that they have indeed came up with a plan to salvage all that's lost.
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.