Is privacy even possible in this Golden Age of Data Breaches?

Privacy seems like a pipe dream when everyone’s data seems vulnerable. Do we just give up on it though?

face superimposed on keyboard privacy hacker
Thinkstock

In 2018 the number of internet users, worldwide, rose to 3.6 billion. If you’re a collector of anecdotes or technology milestones, that’s more than half the world’s population to be specific. Make no mistake, that’s a lot of users, a lot of data being bandied about the ether and, if you’ve been following any of the data breaches making headlines in recent months, your next deduction must surely be that that’s a lot of potential vulnerability.

The Privacy Paradox

With so many internet users consuming online products that require increasing amounts of personal data in order to provide better, more innovative and personal experiences for these consumers (not to mention vendor monetization of personal data), we increasingly have a “privacy paradox,” as Mary Meeker, of venture capital firm Kleiner Perkins Caufield Byers, reminded us in her highly-anticipated 2018 Internet Trends Report, released in May.

The term, which has been bandied about the tech industry for some years, refers to the conundrum arising from the idea that tech companies must use more data to enrich their customers’ experiences without betraying their trust and how consumers, in turn, must give up their privacy in exchange for services like Gmail, Facebook and so on.

There is no comfort zone for consumers when it comes to online privacy. Every nugget of personal information we hand out is a source of concern, and data privacy scandals like the Facebook/Cambridge Analytica calamity, the Equifax breach and more recently the eFail debacle do little to make us feel any safer or more comfortable online.

Off the grid, ostrich approach, or another solution?

You might argue that the answer is to simply get offline completely, and undoubtedly many folks have done exactly that in the wake of the aforementioned data privacy fails. Others advocate, by example, the ostrich approach of burying your head in the sand – if you can’t see it, it can’t be real. Neither are viable options for anyone who intends to live, work and contribute to society in any meaningful way. The future is a connected one, and the challenge is to make it a secure one.

Yet, as recently as May 14, 2018, a team of Belgian and German researchers upended the world as we know it with their disclosure of vulnerabilities in the ubiquitous email encryption schemes PGP and S/MIME. Dubbed eFail, this revelation spread like wildfire across the inter-webs, sowing fear and doubt and spawning such ill-considered solutions as disabling email encryption altogether – a bit like leaving your front door open because there as so many burglaries happening, so why bother?

The timing of eFail couldn’t have been worse either, coming just 11 days before the May 25 GDPR deadline and exposing a data privacy fail that, as email security innovator Cryptshare, reveals is not a quick fix because it requires action from software vendors, standardization bodies and end-users and will therefore take months to achieve the required sum of necessary measures.

Another solution

All is not lost, however. There are several companies that made it their business to develop user-friendly, email security solutions that make it simple to keep online communications, and by extension personal data and larger files, secure, auditable, GDPR-compliant, and unaffected by the eFail vulnerability. Vendors like Cryptshare, CounterMail, and Virtru are safe against the PGP vulnerability and known implementation errors of certain PGP clients.

"In today’s business world, fast and reliable electronic communications are key factors for success. Messages and files regardless of size need to be exchanged with contacts around the globe with speed, security and auditability. Business users, like consumers, don't want to give up their privacy or fall victim to criminal activity when using technology tools as ubiquitous as email. They want simple, reliable security solutions that don't get in the way and that all of their staff can use" shares Mark Forrest, CEO of Cryptshare.

If the recent data privacy scandals have taught us anything, it’s that data privacy cannot be left in the hands of outmoded encryption standards; that social media platforms and internet service providers will sell their users’ information; and that if business is to continue to have the prerogative of access to its consumers’ personal data in order to gain a competitive advantage, then that access comes with a strict privacy obligation that speaks to the very heart of GDPR.

This article is published as part of the IDG Contributor Network. Want to Join?

SUBSCRIBE! Get the best of CSO delivered to your email inbox.