When privacy apologetics are like 'vegan leather'

What is vegan leather? 'Vegan leather' is a term of pretence representing a leather-like product made from vegan materials. The label presumes no animals were harmed in the making of the product. In some stores, you can purchase 'vegan leather' as a dead animal hide dyed in all natural vegetable dyes made from plants.  The leather is not vegan, but the plant dyes are 100% vegan. 

Real vegans typically won't buy 'vegan leather'. They'll buy belts and shoes made from felt, rubber, canvas and vinyl. Fake leather products are not usually labelled 'vegan leather'.  They have labels or tags detailing the nylon or other synthetic materials.  However, you'll never know what kind of 'vegan leather' you might be dealing with unless you investigate further. 

'Vegan leather' can be a misleading marketing term for the ignorant and/or superficial crowds who will buy things to appear more 'conscious', rather than actually being more conscious. What would motivate someone to buy a product to openly exhibit their misappropriate ethics? Whomever they are, they feel compelled to camouflage themselves among those with high ethical standards. This is so they can witness something they'll never be committed to doing unless the standard hits critical mass. If someone is buying vegan leather, the ethical numbers have these actors & actresses on the defense.

So how are privacy apologetics like vegan leather?

Before I say anything, I respect the efforts of all privacy proponents when they actually are being proactive, regarding data ownership and using ethical privacy UX development practices.

However, there's a wide berth between professional practice of "user privacy principles" and realtime market practice of privacy.  That's why you see all the news drama and color between the license and spreadsheet firesales of PII and an employee-caused-breach leading to civil liability.  The truth is somewhere between Privacy by Design and Hasn't-gotten-caught-by-the-FTC. 

For instance, it may feel counterintuitive to ask an institution like the NSA to adopt basic privacy principles, but it isn't.  If the NSA, or any other mass surveillance aperture, is collecting PII and diverse sensitive personal information, they are responsible for protecting that information.  Every other business and institution on the planet has to regard personal data rights or face civil liability.  They must comply with the laws that protect data owners just like the Big Data 4: Google, Microsoft, Facebook and Palantir.

"BEWARE THE API"

The Big Data 4 are also the face of corporate, or privatized, mass surveillance (SEE: PRISM & Snowden Leaks). They still hunt and gather for global intelligence authorities depending on the purchase (or legal) order from mass surveillance authorities on any given day of the week.   

Do they regard privacy?  The answer is, more soberly, "When their lawyers say so." They face federal regulatory conventions that place fetters on their ability to completely disregard user privacy. The difference between them and a hacker who breaks into steal your information is a 15 pg Terms of Service agreement. This rationalizes your consent to trade use of your datasets in exchange for an account or use oftheir "free" service. 

It has turned out to be more of a faustian bargain with the devil. 

So when Facebook and Palantir, both data intelligence gatherers & InQtel startups who own large parcels of Palo Alto Real Estate, put on a Privacy Conference in Sweden it does not seem like authentic privacy standardization at work. By another label, I would call it the privatized Hearts-&-Minds Swedish massage package, as a complimentary consolation prize for sunken US Safe Harbor conventions. Safe Harbor was a years long triumph in privacy apologetics. It is being mourned by people who really don't care about authentic global privacy conventions.  I would call this occurrance a case study in gross privacy apologetics, rather than professional privacy pragmatism.   

I did think, "Oh this is just 'vegan leather' for Euros who 'lost' something in Safe Harbor."

I can assure you Palantir's rendition of 'vegan leather' won't hold a candle to Privacy By Design. Not even close.

 

 

 

 

 

 

 

 

 

 

 

 

Businesses should assume more risk for privacy

Company privacy policy can do more for the future of businesses if they forge ahead on the curve of socially responsible consumer offerings.

So much of privacy practice centers on the case for threats: threat evaluation, legal risk mitigation and management, civil liability insurance in case of a breach and information security to ward off a breach. Everything orbiting company privacy policy seems to be on some sort of fire plan for businesses.  There are reasons for that.

Most businesses aren’t on the cultural advance towards privacy. They approach digital privacy primitively. They throw a stick at it. They try to make sure they don’t lose any business due to government rules.  The matter gets so complicated so quickly, many of them are inspired to delegate the whole matter to a lawyer. The lawyers hired do what is lawfully required of a business so they don’t get sued by consumers and sanctioned by the government. That doesn’t always pair with the interests of the consumer, left in the cold from data fire sales and 3rd party information marketing.

Contemporary governments serve double standards towards corporate privacy standards.  They are an opaque partner who wants exclusive views into business operations and their customers, often without a warrant.  Governments give themselves legal means to coerce a business to give clandestine access to consumers who trust them with their information. The lawfulness of government orders are subject to an ongoing debate.  Most businesses do not want to rock the boat, denying access requests from the government. So businesses have to balance what may be legal with whether government requests are socially responsible. 

Governments treating everyone like persons of interest, make little distinction between criminal & non-criminal for targeted surveillance. They approach the best and most productive companies in the US and the world to make demands that they insert surveillance capability to watch their customers. That’s not in the business plan for most businesses.  It’s certainly not in the interests of continuing business led by consumer trust.

Consumers have different needs now. What consumers are left with in privacy means are a totally unsatisfying and treacherous experience. Consumers face diverse privacy perils if they choose to adopt a new online service or work with businesses who really don’t have a socially responsible privacy practice.  They don’t owe anyone any business who will trade up their privacy for a more cushioning of their business.

Consumers are going to do what’s best for them.  They will look for companies with good intentions and great information security practices.  The relief experienced by a consumer who has the option of adopting privacy ware is immense. For instance, a mobile device company who offers a great User Interface is a good candidate for strategic partnerships with privacy ware developers and applications store offerings.  They have a department that invests in a great user experience. It’s not illegal to produce privacy ware and produce encryption. To sell it or offer it to privacy concerned consumers opens a new market.  So why not offer more privacy provisions to customers and pass along the costs to try something new?

On the cutting edge of privacy

Privacy led development can give businesses a new edge in markets who left consumer privacy behind.  You can find ways to make privacy applications more diverse, invest in practical research (like active penetration testing & hackathons), and produce an offering that so many companies need.  However, so many data driven businesses will never see that as an opportunity.  They only see a rival.

It may be that a business just has a generally nasty attitude towards privacy compliance due to internal conflicts with branches of their business model. Companies have competed for data sales since the 80’s as a buffer against harder times. Many have also settled in comfortably with close relations with governments, developing contracts for products and services to serve their needs.  Providing non-government customers with products that curtail government access is seen as a conflict of interest. These companies have in fact become combative with privacy advocates seeking better privacy service offerings to consumers.  After taking the hard road, it would be difficult for them to conceive of the pro-sumer privacy offering.  It may also be their saving grace, especially if businesses thrive on meaningful innovations.

Business edge is about giving the customer a competitive option.  They can go to a privacy shirking business to try to get their needs met or they can go to someone else who has a real offering for them.  

Businesses need an intelligent approach to privacy that works within the marketplace.  It begins with a brave internal audit for privacy practices to meet the standards of the pro-privacy consumer.  That means recruiting people who have the right networks to help organize research and business partnerships with vendors who tailor technology suites for your customer base.  Businesses who take bold, intrepid steps to develop an internal consumer practice, that if adopted in stages, will validate consumer trust and brand loyalty. 

It may be time to allow a new privacy policy to create your loyalty leaders for the future.

-Sheila Dean

For more information about privacy logistics and social responsibility planning, please contact me for an introductory consultancy meeting.