Speaking at the CSA Summit, Cloud Security Alliance founder member and ACLU technology fellow Jon Callas tackled the question on whether the future of privacy is “Futile or Pretty Good?”
He claimed that it is “really easy to be nihilistic about security” and all too easy to follow the news, but he believed that we are seeing positive things happening as well and they often get drowned out. “It is pretty obvious the future of privacy is neither pretty good nor futile.”
Callas cited privacy as the “right to be left alone” and the “right to be unobserved,” but in times of technology change there is an erosion of privacy as well as an erosion of expectation. He said that in the late 1800s it was considered wrong to subpoena a diary as it reflected a person’s thoughts and feelings, so to drag it into a lawsuit was out of bounds.
“We’ve changed that, and gone back and forth on a bunch of things and now a car has less privacy and I know if I walk down the street, I will be photographed a few times if I walk into a field of view,” he said. “The consequences of how we’re going to work together is a conversation we’re going to have over the next 20, 30, 40 years.”
However, Callas believed that privacy was going in the right direction because of GDPR and the California Consumer Privacy Act, as these are making us look at “customer, user and consumer privacy in a more rigorous way.”
He also praised companies offering a “privacy focused competition” and where this has led to encryption being turned on by default, and where better stringent scanning is being done on applications in app stores “and everyone helps fuel the change.”
However, on the other hand, he was critical of mass collection of data, as this can “turn into privacy disasters” and the push for encryption backdoors by governments.
In summary, Callas said that privacy is not futile or pretty good, “but the good news is the privacy situation had gotten so bad that people want to change it” and in the next five, 10 or 20 years the pendulum will swing back to create more regulations that are “inspired by GDPR and California, and there will be actions done on behalf of consumers and all sorts of things done from a regulatory space as people have decided that they just don’t like it.”
He argued that there are still things going wrong, such as companies whose business model is selling data back and forth, and that needs to be fixed and that is part of what a new regulation will go for.