The perils of choosing convenience over privacy: When is it not worth it?
From the lightbulb and telephone to smartphones, the advanced technology of the day has always been lauded as a way to make peoples’ lives easier. But while today’s technology makes it possible to pay that electricity bill from your phone, it has also opened up privacy concerns that were unimaginable even ten years ago. In that decade, it is reported that more than 4 billion records have been stolen and 15 of the largest data breaches in history have occurred. Has technology marketed as a consumer convenience contributed to these breaches?
While George Orwell presented a dire picture of "big brother," today’s society certainly seems willing to embrace technologies that are always watching, listening and capitalizing on personal data shared in our daily lives. But what’s the true cost of choosing convenience over privacy? Let’s look at how technology has driven privacy complacency for the sake of convenience and how it has changed the way people think about and safeguard their information.
The Blurring Lines of Privacy vs. Security
If you were to ask the general public to define what privacy is, chances are the responses would be tied to their identities and how bad actors misuse that identity. But according to Merriam-Webster, privacy is defined as the quality or state of being apart from company or observation, while security is defined as being protected from crime, attack, or sabotage. Everyone wants to feel that their identity is secure but as our privacy continues to erode with each data breach or scandal, it is tough to feel confident that our personal information is not being exposed somewhere.
Technology has made such breaches of confidence easier and more common. For example, most modern communication leaves digital footprints, and social media and credit card usage also leave a digital trail ripe for hackers. That puts the onus on us all to remain vigilant and aware of what requests for personal information we choose to fulfill, and which we decline. It may be easier to have your credit card information stored in your phone for autofill, but are you confident that information is secure and visible only when you enter it? Users should not expect that privacy is the default in our interactions and not become complacent when technology makes it too easy to share personal information.
Security also means different things in different contexts: there is security against unlawful use (identity thieves and plain old thieves, for example), against unwanted use (corporate marketing efforts) and against government use (see the Justice Department’s increasing pressure on Apple to build back doors into its smart phones). Each implicates a different set of considerations and different set of policy responses.
The Rising Popularity of Biometrics
Biometrics, which provides the ability to identify people using their intrinsic physical or behavioral characteristics like fingerprints, iris maps, voice and DNA, raises these concerns to another level. Take Clear, for example -- the service scans irises and checks fingerprints to let airline passengers get to security checkpoints, sometimes faster than those with TSA PreCheck. While the convenience cannot be overlooked, the privacy implications are huge. Under what circumstances should third parties -- whether governments or private companies -- have access to databases that house such personal information?
By providing that information to a private actor (such as Clear), do I open the door to others obtaining access, whether lawfully or not? Clear, by its nature, is designed to satisfy government security needs and so, arguably, participation comes with recognition of government access. But many other models may not. And the stakes here are even higher than in other contexts: you can change a password if compromised or close a bank account. But -- unless you are in a spy movie or under deep cover -- you’re stuck with your fingerprints and irises for life. Concerns about government surveillance are warranted, and it will be crucial for consumers, businesses and government bodies to regulate the use of biometrics and how those data are shared and stored.
Opening Your Front Door to Hackers
One of the most obvious ways technology has become omnipresent in our lives is in our own homes. Consumers have embraced a vast array of smart home devices -- from cameras, smart thermometers, smart doorbells like Ring, and assistants like Google Home and Amazon Echo. Technology aimed at increasing users’ convenience has exploded -- last year, Amazon claimed that it sold more than 100 million Alexa devices and Google expects to soon reach one billion speakers sold.
These devices also implicate these concerns: a man recently hacked a Ring camera in a little girl’s bedroom, just to name one example. Amazon recently unveiled new privacy features for Alexa in response to customers’ unease over smart speakers, and other companies are taking similar steps.
Much of today’s technology is promised as a tool to help users save time, or to make their lives easier -- but at what cost? Data privacy or convenience? Consumers should always be wary of the next "cool" device or service that asks for a bit too much private information, or access to your private conversations. These devices and services don’t appear to be going anywhere any time soon, but do you gain enough for what they expect you to give up? The decision is up to each one of us.
Behnam Dayanim is a partner with the global law firm Paul Hastings LLP, where he chairs the firm's Privacy and Cybersecurity practice and its Advertising, Gaming and Promotions practice. Dayanim has been ranked globally and nationally as a leading privacy and gaming attorney and has spoken frequently at RSA Conferences since 2000. He was named Best Lawyers 2014-2015 and 2019-2020 Gaming Law "Lawyer of the Year" in Washington, DC and has been named a top gaming and gambling lawyer by Chambers Global and Chambers USA. Dayanim has been cited by Chambers Fintech and the Legal 500 for his work in privacy and data protection. He is a RSA Conference 2020 Speaker.