It’s heavy stuff, for sure, but it’s also the reality of these digital days. Our hyperkinetic, hyper-connected lives mean that third parties will inevitably snack on our data trails.
Last week, we saw two significant examples of this trend. Adobe warned that 2.9 million customers’ credit card data had been compromised as part of a sophisticated cyber attack that included the theft of software source code. Separately, Bloomberg reported that Yahoo! was sued by a San Bruno, Calif. resident seeking class-action status against its practice of scanning e-mail contents to target ads and its services.
On obvious levels, these are very different storylines. But, in both, there’s a threat to personal data—one real, one perceived—but both indicative of the fact that, when your data is out of your own hands, its potential use and misuse is nothing but possibility.
There’s nothing new about cybercrime and there’s certainly nothing new about the debate over data privacy. But these high-profile incidents make it clear that the data centricity of our digital lives is the new frontier for legislation and security. Virtually every news cycle reveals evidence to this effect in the form of crimes perpetrated or lines blurred.
Google says that there’s nothing untoward about e-mail sniffing. In a separate, unrelated lawsuit filed against the Mountain View, Calif. giant, Google contends that non-Gmail users who e-mail a Gmail account have “no legitimate expectation” that their e-mails are private. According to a recent UPI article, the lawsuit cites a 1979 Supreme Court decision in Smith v. Maryland, which says “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.”
But this raises an important question: what, exactly, is voluntary?
Of course, this 1979 verdict was handed down well before the pervasive use of digital surveillance techniques, but it could (at least theoretically) leave the door open to interpretation. For example, what is voluntary in an age of digital tracking? Is visiting a website permission enough? Does this constitute voluntary data sharing?
I’ll leave these thorny legal questions for others to answer. But this I know: We can expect more debate. The boundaries around what constitutes permission and authority to collect personal data remain muddy waters. Where the rules come down on this topic will shape the future of data-driven marketing.
As for the security element of the debate, this should be red meat for innovators. Personally, I can’t think of a single technical challenge with more urgency today.