Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

3/26/2019
02:30 PM
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger?

Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.

Facebook CEO Mark Zuckerberg became the latest tech leader to release a corporate manifesto focused on digital privacy and the future of the Internet. In a blog post, Zuckerberg outlined his company's pivot to becoming a "privacy-focused messaging and social network platform."

After years of data breaches, data mining, and nonconsensual data sharing, technologist manifestos suggest the future of the Internet. Tech giants see the regulatory writing on the wall. Pessimists may see these manifestos as a preemptive strategy, while optimists may point to a cultural shift within the tech industry. Either way, technologist manifestos show the growing prioritization of privacy, which is disrupting business models, branding, and product road maps across the tech industry. While the first step is acceptance, action is required to drive the business and reputational benefits of privacy.

Since late 2017, public opinion has shifted significantly in favor of greater regulation for tech giants. Many point to the Cambridge Analytica data-sharing scandal as the tipping point, but the shift was already underway by the time the public learned about it. Between November 2017 and February 2018, a 15-point shift in favor of data privacy regulation occurred equally across both political parties. Privacy now ranks as the most important social issue for Americans.

These shifts reflect the beginning of a groundswell that led to a year of testimony by Google, Facebook, and Twitter, as well as victims of high-profile breaches, which continued earlier this month, with Marriott and Equifax executives testifying to a Senate subcommittee. As public opinion has changed and executives found themselves interrogated for their own personally identifiable information during testimonies, it became clear that privacy was a competitive advantage for tech companies.

With its manifesto, Facebook joins the ranks of other tech giants in embracing privacy as a competitive advantage. Last year, Microsoft declared its commitment to the EU's General Data Protection Regulation, extending the privacy rights not just to EU citizens but to its consumers across the globe. This was in sharp contrast to Google and Facebook's decentralized approach to the regulation, with unequal privacy applications. In November, Apple CEO Tim Cook's keynote address in Brussels chastised the data industrial complex and reiterated Apple's commitment to strong privacy laws. He leveraged this platform to distinguish Apple from the tech giants that monetize personal data. And just last month, Cisco advocated for US federal data privacy regulation, and similarly criticized the monetization of personal data.

In each of these manifestos, privacy serves as a business differentiator and is especially aimed at competitors without explicitly mentioning them. The Facebook manifesto is no different. Zuckerberg never mentions Facebook's ad-based business model and instead takes a stance against working in countries with poor human rights and privacy records. He acknowledges the global diffusion of data localization legislation that requires data stored within sovereign boundaries and often contains a government access component. By refusing to adhere to those policies, Facebook signals that it's willing to lose market access if it means weakening privacy and security. Following the manifesto's playbook to distinguish itself from competitors, Facebook punches at both Apple and Google through the secure data storage promise. Apple has been forced to host data and even encryption keys in China to maintain market access, while Google's Project Dragonfly was working on a Chinese search engine and was revealed only after information about it was leaked. Facebook, which currently does not have a presence in China, can use data storage as a competitive advantage.

Facebook's manifesto isn't just pushing back against data localization laws but also the growing global encryption debate. End-to-end encryption across all messaging platforms is a core feature of the manifesto. With frequent reference to replicating this privacy-supporting feature of WhatsApp, Zuckerberg takes a strong stand against countries like Australia, which recently passed a bill requiring access to encrypted data, as well as India, which is currently debating legislation that would require messaging traceability that would ostensibly break encryption.

Facebook is also flipping the Chinese business model on its head. Zuckerberg's vision includes not just creating a privacy-based platform for messaging and social networks but also aspires for the company to be a one-stop shop for finances, health, and more. By the end of the post, it appears Zuckerberg is attempting to build an American WeChat — the Chinese app that dominates that market but is also linked to the government and often offers personal data when requested from the government.

Looking ahead, we should expect to see more tech manifestos. So far, corporate executives have produced the majority of them. Given the prominence of the FAANGs, it's likely that Google, Netflix, or Amazon may be next in this trend toward privacy-branding manifestos. But it would be short-sighted to assume only executives produce manifestos; labor also has a voice. Google has already had to contend with one employee manifesto, an open letter protesting Dragonflyprotests against working for the Pentagon, and an employee walkout due to gender inequity and the handling of sexual harassment claims. Meanwhile, Microsoft employees sent their executives an open letter demanding the company cancel a $480 million contract with the US Department of Defense.

These manifestos are tightly connected and indicate the significant inflection point affecting the future of the Internet and privacy as a fundamental right. Manifestos alone are great for messaging, but now is the time for action. Too much is at stake to simply give lip service to privacy as a branding exercise. Expect more organizations to see the competitive advantage in pursuing privacy-preserving business models while being forced to decide between market access and privacy as the two conflict with authoritarian legislation. Those that truly follow through on their privacy pledges will be the great disruptors and innovators of this century.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Dr. Andrea Little Limbago is the chief social scientist at Virtru, a data privacy and encryption software company, where she specializes in the intersection of technology, cybersecurity, and policy. She previously taught in academia before joining the Department of Defense, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
StephenGiderson
50%
50%
StephenGiderson,
User Rank: Strategist
4/14/2019 | 11:31:22 PM
Regain trust
The reason why they shared their manifesto is to regain back the trust of their users which has sadly been lost. Major data breaches have occurred after so many years of becoming their loyal member. Thus, the only way is to assure the users that they have indeed came up with a plan to salvage all that's lost.
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3154
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2019-17190
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
CVE-2014-8161
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CVE-2014-9481
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2015-0241
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...