Earlier this month we held our 3rd Annual Consumer Trust Summit, co-hosted by MEF members Dentons. In the shadow of the Washington Monument experts from the app community assembled alongside regulators from the US and Europe. The question on everyone’s lips wasn’t “is privacy and building trust still important?”, rather, twelve months on from the Snowden revelations it was: “how can we speed up the process?”
Simon Bates, MEF Senior Advisor for Policy & Initiatives, shares his impressions.
Simon Rice of the UK’s Information Commissioner’s Office was on hand to provide the EU perspective. He was clear that developers must learn how to communicate better with their customers. They have to do a better job of explaining why an app needs access to personal data. According to their research, in a lot of cases privacy policies have simply been cut and pasted from one app to another.
3rd Annual MEF Consumer Trust Summit
Across three panel sessions, listen to the whole of the 3rd Annual Consumer Trust Summit in full. Navigate the three sessions using the chapter headings.[youtube=http://www.youtube.com/playlist?list=PLRqxWUlaeOT60NqrtjvGKieON1OuChNuz&h=300&rel=0]
Jeff Larrimore of the Federal Reserve Board talked through some great research they’d done into mobile banking habits. He explained how important it was for businesses and regulators to work together to find the right balance between innovation, commerce and consumer trust.
Clete Johnson of the Federal Communications Commission pointed out that this is the first time any threat has been able to cross borders without the government being able to challenge it.
He issued a clear call to Industry: please help us explain to consumers what they need to know and the choices they need to make. Also, how can we help developers see consumer trust as a commercial issue so they are pro-privacy.
The discussion opened out to look at the Internet of Things; Big Data’s rival as the issue everyone’s talking about, but no one can quite define!
Debbie Matties of CTIA said companies are patenting proprietary solutions with competing standards, which is creating silos within the network. For example, the devices in your car are not yet ‘talking’ to the devices in your garage, which in turn fail to connect to the devices in your home.
What’s wrong with that? Asked Martin Sokalski, Director at KPMG LLP who focuses on risks related to mobile technologies. I want to keep a level of discreet separation without compromising the benefits this can have on quality of life. My home appliances should talk to other home appliances but not to others outside the front door, at least not without my explicit permission. When data on intimate and personal behaviors and lifestyles (i.e., what time I wake up, what I eat and watch on TV, etc.) is combined with data from my office/car/credit/employment history, it becomes very ‘rich.’ Aggregation and analysis of such data with other online/offline data can have great benefits to personalized experience but can also be chilling when you look at it from privacy and cyber-security perspective.
Rick Fant of Mozilla doused these flames with Mozilla’s ‘practical, pragmatic view’. ‘We know that things will start talking to each other, and we can’t stop that, but the user has to stay in control.’ Built in to the device by design, the user must be able to control which data the devices generate and share. Consumers will soon get the message that the devices that allow that level of control have more value than devices that don’t.
Patrick Parodi explained how Wireless Registry allows consumers to take control of the wireless identifier from all their connected devices. You simply register the MAC ID of any device and all companies registered with them are bound to ‘forget’ any device that has been registered as ‘do not track’.
Larry Magid of CBS News introduced the final panel of the day by saying that privacy issues fall into three ‘buckets’. You’re protecting your data either from people in your life; from companies; or from the government. With that he prompted a discussion on the new and emerging technologies that might threaten privacy…or provide a solution.
Chris Davies of InMobi started by making the point that it’s hard for consumers to opt-in or out of something they don’t even know is happening! Realistically, how can they even know data is being shared and with whom? He talked about the ways he and MEF are trying to empower developers – to give them the tools they need to be transparent.
David Perry of F-Secure then issued a stark warning. Smartphones these days have two cameras, two microphones, GPS, telephony, wifi, and Bluetooth. ‘The potential abuse from this device is nearly unlimited! It can tell where I am, who I associate with, what I say, text, email.’ He therefore put it to Larry that he’d forgotten a privacy ‘bucket’: protecting data from criminals. Shockingly, he told us that the security community are seeing a million new unique malware samples every day.
Rich Qiu of TRUSTe called out research that shows people are concerned by privacy, but do very little about protecting it. He said that puts responsible developers in a difficult position.
Finally, Tim Sparapani of the App Developers Alliance made two predictions. First, that regulation would soon coalesce into a series of ‘thou shalt nots’ that will be harder for third party data handlers (ad or analytics firms, for example) to adhere to than first parties (the app developer/publisher).
Policy & Initatives
Second, that because we know nothing about how to communicate effectively with consumers, future breakthroughs will be less about privacy by design and more to do with creating better user interfaces.
I was left with a lot to consider.
Up to now we’ve all been wondering how we secure the massive amounts of behavioural and lifestyle data generated by a single device: the smartphone. What happens when the number of wireless devices collecting data from my family and I numbers in the dozens or even hundreds…?
One thing’s for sure: the industry’s work on building trust in these and other mobile services has only just begun.