Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

3/26/2019
02:30 PM
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger?

Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.

Facebook CEO Mark Zuckerberg became the latest tech leader to release a corporate manifesto focused on digital privacy and the future of the Internet. In a blog post, Zuckerberg outlined his company's pivot to becoming a "privacy-focused messaging and social network platform."

After years of data breaches, data mining, and nonconsensual data sharing, technologist manifestos suggest the future of the Internet. Tech giants see the regulatory writing on the wall. Pessimists may see these manifestos as a preemptive strategy, while optimists may point to a cultural shift within the tech industry. Either way, technologist manifestos show the growing prioritization of privacy, which is disrupting business models, branding, and product road maps across the tech industry. While the first step is acceptance, action is required to drive the business and reputational benefits of privacy.

Since late 2017, public opinion has shifted significantly in favor of greater regulation for tech giants. Many point to the Cambridge Analytica data-sharing scandal as the tipping point, but the shift was already underway by the time the public learned about it. Between November 2017 and February 2018, a 15-point shift in favor of data privacy regulation occurred equally across both political parties. Privacy now ranks as the most important social issue for Americans.

These shifts reflect the beginning of a groundswell that led to a year of testimony by Google, Facebook, and Twitter, as well as victims of high-profile breaches, which continued earlier this month, with Marriott and Equifax executives testifying to a Senate subcommittee. As public opinion has changed and executives found themselves interrogated for their own personally identifiable information during testimonies, it became clear that privacy was a competitive advantage for tech companies.

With its manifesto, Facebook joins the ranks of other tech giants in embracing privacy as a competitive advantage. Last year, Microsoft declared its commitment to the EU's General Data Protection Regulation, extending the privacy rights not just to EU citizens but to its consumers across the globe. This was in sharp contrast to Google and Facebook's decentralized approach to the regulation, with unequal privacy applications. In November, Apple CEO Tim Cook's keynote address in Brussels chastised the data industrial complex and reiterated Apple's commitment to strong privacy laws. He leveraged this platform to distinguish Apple from the tech giants that monetize personal data. And just last month, Cisco advocated for US federal data privacy regulation, and similarly criticized the monetization of personal data.

In each of these manifestos, privacy serves as a business differentiator and is especially aimed at competitors without explicitly mentioning them. The Facebook manifesto is no different. Zuckerberg never mentions Facebook's ad-based business model and instead takes a stance against working in countries with poor human rights and privacy records. He acknowledges the global diffusion of data localization legislation that requires data stored within sovereign boundaries and often contains a government access component. By refusing to adhere to those policies, Facebook signals that it's willing to lose market access if it means weakening privacy and security. Following the manifesto's playbook to distinguish itself from competitors, Facebook punches at both Apple and Google through the secure data storage promise. Apple has been forced to host data and even encryption keys in China to maintain market access, while Google's Project Dragonfly was working on a Chinese search engine and was revealed only after information about it was leaked. Facebook, which currently does not have a presence in China, can use data storage as a competitive advantage.

Facebook's manifesto isn't just pushing back against data localization laws but also the growing global encryption debate. End-to-end encryption across all messaging platforms is a core feature of the manifesto. With frequent reference to replicating this privacy-supporting feature of WhatsApp, Zuckerberg takes a strong stand against countries like Australia, which recently passed a bill requiring access to encrypted data, as well as India, which is currently debating legislation that would require messaging traceability that would ostensibly break encryption.

Facebook is also flipping the Chinese business model on its head. Zuckerberg's vision includes not just creating a privacy-based platform for messaging and social networks but also aspires for the company to be a one-stop shop for finances, health, and more. By the end of the post, it appears Zuckerberg is attempting to build an American WeChat — the Chinese app that dominates that market but is also linked to the government and often offers personal data when requested from the government.

Looking ahead, we should expect to see more tech manifestos. So far, corporate executives have produced the majority of them. Given the prominence of the FAANGs, it's likely that Google, Netflix, or Amazon may be next in this trend toward privacy-branding manifestos. But it would be short-sighted to assume only executives produce manifestos; labor also has a voice. Google has already had to contend with one employee manifesto, an open letter protesting Dragonflyprotests against working for the Pentagon, and an employee walkout due to gender inequity and the handling of sexual harassment claims. Meanwhile, Microsoft employees sent their executives an open letter demanding the company cancel a $480 million contract with the US Department of Defense.

These manifestos are tightly connected and indicate the significant inflection point affecting the future of the Internet and privacy as a fundamental right. Manifestos alone are great for messaging, but now is the time for action. Too much is at stake to simply give lip service to privacy as a branding exercise. Expect more organizations to see the competitive advantage in pursuing privacy-preserving business models while being forced to decide between market access and privacy as the two conflict with authoritarian legislation. Those that truly follow through on their privacy pledges will be the great disruptors and innovators of this century.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Dr. Andrea Little Limbago is the chief social scientist at Virtru, a data privacy and encryption software company, where she specializes in the intersection of technology, cybersecurity, and policy. She previously taught in academia before joining the Department of Defense, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
StephenGiderson
50%
50%
StephenGiderson,
User Rank: Strategist
4/14/2019 | 11:31:22 PM
Regain trust
The reason why they shared their manifesto is to regain back the trust of their users which has sadly been lost. Major data breaches have occurred after so many years of becoming their loyal member. Thus, the only way is to assure the users that they have indeed came up with a plan to salvage all that's lost.
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Pledges to Not Pay Ransomware Hit Reality
Robert Lemos, Contributing Writer,  6/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12280
PUBLISHED: 2019-06-25
PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.
CVE-2019-3961
PUBLISHED: 2019-06-25
Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a users browse...
CVE-2019-9836
PUBLISHED: 2019-06-25
Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.
CVE-2019-6328
PUBLISHED: 2019-06-25
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329.
CVE-2019-6329
PUBLISHED: 2019-06-25
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6328.