Posted by Kalyani M. on May 28, 2013
It seems like just about every day, the news headlines give businesses and users more reasons to protect their sensitive information. From massive data breaches by hackers to data mining from social media sites like Facebook, the world of digital data storage has moved so quickly that standard privacy measures haven’t been able to catch up. But as the public grows more and more aware of the raging battle over net privacy, the call for legal protections for sensitive individual information has grown louder than ever. Through legislation like SOPA, PIPA, and CISPA, consumers have learned of the pressing need for privacy in the face of spying and user data exchanges by big corporations and even the U.S. government.
Users are learning that their data has been collected and often sold to companies without their knowledge, marking an era of legal exploitation. But a new bill is being considered in California that could help change this dangerous precedent. Known as the “Right to Know Act of 2013”, AB 1291 would give California consumers unprecedented privacy rights and industry transparency by requiring companies to disclose any data they collect and share on individual users. If passed, companies would have to provide a free report on such data mining and exchanges by customer request within 30 days. While the law currently narrowly defines “customers” as California residents, the state is a national leader in privacy legislation, so if passed it could create a ripple effect throughout the country.
According to Activism Director Rainey Reitman of the Electronic Frontier Foundation, “Under current California law, customers can contact companies and ask for an accounting of disclosures for direct marketing purposes – basically, a list of what companies got your personal data for them to send you junk mail, spam, or call you on the phone – and general facts about what types of data were disclosed…The new proposal brings California’s outdated transparency law into the digital age, making it possible for California consumers to request an accounting of all ways their personal information is being trafficked – including with online advertisers, data brokers and third-party apps.” This legislation captures growing public discontent with the current anarchic state of the market, with 69 percent of respondents to a recent national poll in favor of such transparency laws. But even in the face of wide consumer demand companies have already pressured lawmakers to weaken the bill.
Recently, a letter signed by 15 important companies and industry groups demanded that the Right to Know Act’s author, Assemblywoman Bonnie Lowenthal, D-Long Beach, pull the bill citing concerns over unnecessary strain on the industry as well as the potential torrent of lawsuits. Most unnerving of all, among the signatures was TechAmerica, a trade group representing major industry leaders like Microsoft, Google, and Facebook. According to attorney Nicole Ozer of the ACLU, “A lot of companies don’t want consumers to know what’s happening to their personal information…Companies are collecting and sharing this information with third parties.”
Sadly, the industry pressure has worked for the short term. This month, Bonnie Lowenthal decided to stall the Right to Know Act of 2013 until an undetermined time next year. TechAmerica has loudly lobbied against the California Right to Know Act, claiming that it “rests on mistaken assumptions about how the internet works.” This condescending attack on consumer right was rebutted by the ACLU, which highlighted the alarming data exchanges of private consumer information. But privacy activists and users of all sorts can still look ahead to taking up the fight again in 2014 as Lowenthal remains confident that AB 1291 will pass, awarding Californians the same protections already in place in 27 EU countries with similar laws (where companies like Google and Facebook have already been in compliance).
But until that moment comes, users can still protect their private data without relying on the government or the good graces of private industry. Many are already aware that Facebook apps mine sensitive data from user profiles including religious, sexual, and political preferences. And a whole industry of data collection rests on information pulled from social media and mobile devices. Users can start by making sure they don’t disclose any sensitive information to social media sites that they don’t want sold to other companies for advertising purposes. After that, individuals and businesses can protect themselves by storing any sensitive data exclusively to a private cloud.
Protecting Yourself In the Meantime
Many cloud services market themselves as “secure” solutions with standard data encryption as well as hashed and salted passwords. But these are just the first line of defense against security breaches and still leave sensitive data vulnerable to third party attacks (there are even whole sites dedicated to showing people how to crack hashed and slated passwords). For true user privacy, only anonymous cloud storage and sharing services like SpiderOak provides all the benefits of the cloud while protecting against hacking and security breaches.
Users store and share sensitive files with 100 percent privacy, as SpiderOak has “zero-knowledge” of consumer data and plaintext encryption keys. This means that the company and its employees don’t have access to user passwords. Instead, the data encryption key for individual passwords is exclusively stored on each user’s computer. This way, every bit of consumer data, right down to the password is kept fully anonymous.