The world is more wired than ever. Digital networks connect everything from office computers and bank accounts to baby monitors and pacemakers. Connectivity is blurring the lines between what is public and private. Privacies usually taken for granted – from web searches to heart-beats – are being steadily exploited in exchange for frictionless convenience. Meanwhile, personal data is being compromised, stolen and leaked with disturbing regularity. Promises made by cyber security companies of enhanced data privacy and protection ring hollow.
Most people do not consciously put a price on their online privacy. But what if they did? A 2020 survey of Argentinians, Brazilians, Colombians, Mexicans, Germans and US citizens did precisely this. The Technology Policy Institute, a think tank, asked respondents how much a company would have to pay them each month to disclose various types of personal data. While the exact amounts varied across countries and categories – with Germans charging the most and US residents the least – the average came out to a surprisingly affordable $10, or $120 a year.
Yet most people are still unaware of just how much data they are voluntarily sharing, much less what is being syphoned from them involuntarily. But this is starting to change. The explosion of cyber attacks, especially ransomware, now makes the headlines. US companies are paying 400% more in ransom payouts in 2021 compared to 2019. The average cost of a disclosed ransomware attack is a staggering $1.8 million, with companies forced to pay up or have millions of private records scattered across the internet. Predictably, cybersecurity insurance premiums are spiralling upward.
The pros and cons of a digitizing world
One reason people are sharing information is because it’s an unavoidable part of joining the information superhighway. Today, there are over 4.6 billion active internet users, with billions more about to plug in. Social media platforms and search engines enlist billions of users a day who voluntarily part with their private information with the expectation it will “optimize” their experience.
All this digital onboarding has a dark side, including widening the exposure of governments, companies and citizens to an array of digital harms. There are signs that intrusive data harvesting and constant data theft is triggering a techlash. Sensing the shift in public mood, some tech companies are rolling-out new safeguards and reaping the benefits of surging demand for privacy.
Try as tech companies might to quell it, the popular push-back against surveillance capitalism is gathering pace. More and more people believe that their data is less secure than ever before. A 2019 survey of 24 countries found that 80% of respondents were concerned about online privacy, with one in four saying they did not trust the internet.
Most Americans believe it is impossible to go through the day without having personal data harvested by governments or companies. Many are convinced that their online and offline lives are being tracked and monitored and that there is little they can do about it, which may help explain why they are so willing to part with it.
Mistrust of governments and companies also comes down to personal experience. The increase in cyber attacks and ransomware is undermining the binding glue of the internet: trust. According to one study, over 86% of all online consumers in 2020 were victims of some form of online fraud or data breach.
The relentless collection and reselling of personal data by private companies is hardly helping. Fewer people than ever believe they can safely and securely navigate online. This can lead to what researchers call “privacy self-defence” – withholding personal information, giving false biographical details or removing information from mailing lists altogether.
Building a more private and anonymous online experience
Forward-looking governments and companies are beginning to recognize that privacy has a price and some are developing solutions to protect it. They are responding to public calls to develop more stringent legislation, regulation and compliance to improve data protection and security. In democratic countries, at least, there is growing intolerance for intrusive harvesting and use of personal data, as the pushback against COVID-19-related contact tracing shows.
In most parts of the world, including more authoritarian corners, people value their anonymity and object to abuses of their privacy. More and more consumer groups, think tanks and universities are illuminating what governments and companies are doing with their data and how this contradicts data protection laws.
In a digitally-dependent world, securing data is more important than ever. A growing number of governments and companies recognize the importance of measuring and quantifying their data privacy and protection risks as evidenced by the European Union’s General Data Protection Regulation (GPPR), Brazil’s Marco Civil and California’s Consumer Privacy Act (CCPA), among others. Doing so can help avoid costly breaches, maintain a positive reputation and ensure compliance with basic laws and norms. Citizens too are starting to question whether the loss of privacy is worth the temporary convenience afforded by newly connected devices.
A privacy mindset is essential. One way to help mitigate exposure is through digital distancing. This includes using virtual private networks with no-log policies as well as Tor – free and open-source software that enables anonymous communication – in order to conceal user location and use from intrusive network surveillance. Encrypted emails are also essential, especially from providers and platforms that can neither read nor track user content. Regulating app permissions, installing ad blockers and avoiding social media altogether are well-known strategies to bolster online privacy and reduce one’s digital footprint.
Preparedness is vital in a world of cascading digital threats. More than ever, governments, companies and international organizations – not just individuals – need to design-in digital defences while also managing their digital presence. Installing cyber security software is only the start. Privacy amplification and managed attribution technologies can help reinforce and strengthen data protection. At a time of persistent and omnipresent online surveillance and digital malfeasance, data security needs to be built at both the enterprise and the user levels. Minimizing exposure and maximizing privacy is a core value proposition.
By Robert Muggah
About the author: Robert Muggah is co-founder of the SecDev Group and the Igarape Institute.
This article originally appeared at https://www.weforum.org/agenda/2021/09/how-to-protect-digital-privacy/ and is republished with permission.