The latest round of ongoing data collection revelations, published by the The Guardian and New York Times newspapers, suggest that the NSA and GCHQ intelligence agencies have been actively engaged in trying to break the encryption that technology firms put around people’s online communications to keep them secure.
It sets up the bizarre scenario of email, cloud storage and social network providers defending consumers from their own governments’ spying while also complying with court-ordered data requests. It’s made all the weirder by the fact that Yahoo, Google and Microsoft are now suing in the US for the right to make public the extent to which they co-operate.
Whether the US and UK security apparatus can justify breaking encryptions around emails is not for me to say. But what is clear is that these actions entirely recast the level of privacy that any consumer can expect online.
Claims in the motion Yahoo put to the court show how seriously it takes reports that intelligence agencies can access its services at will: “Yahoo’s inability to respond to news reports has harmed its reputation and has undermined its business not only in the United States but worldwide. Yahoo cannot respond to such reports with mere generalities,” it says.
Consumers seem apathetic to what has been reported, and even though their trust is often invoked as the reason behind the brand damage that Yahoo and others claim, it’s actually advertisers’ and business customers’ attitudes that are more likely to have a material financial effect. Companies are far more switched-on to how their interests are threatened when sensitive data is appropriated by those who aren’t intended to see it.
But in terms of how technology companies and marketers more widely now respond to the situation, the ‘moral hazard’ arising from consumer ignorance shouldn’t matter. It would be far too easy now for marketers to assume they have carte blanche over the way they use people’s data because the chances of them complaining are fairly low. Similarly, online businesses could give up on the development and employment of encryption technology altogether. That would be the biggest disaster of all.
Privacy remains important for consumers even if they don’t realise it, and brands have a responsibility to protect it in the course of providing the services they offer. Anybody who has had their identity stolen or a false criminal complaint attached to their record could attest to that, and just because the rest of us haven’t experienced this yet doesn’t mean it won’t happen.
Whatever governments attempt to do with consumer data, brands must stay resolute in protecting its security.