3 minute read
THE UNPREDICTABILITY OF INTERNET PRIVACY TRENDS
from Outlook 2023
by cxoinsightme
JERMAINE CAMPBELL EMEA SURVEILLANCE SEGMENT LEAD, AT SEAGATE, ON WHAT LIES AHEAD FOR THE VIDEO SECURITY INDUSTRY
Advertisement
Immediately, all of the participants toned down their posts and deferred to the now-”known” user who had posted from a network at a prestigious organisation, proving that the individual was not just some internet lackey, but a well-respected technologist who knew a lot more about the subject being debated than the rest of the Usenet rabble.
My first experiences with the internet relied on shared terminals in a university computer lab, using the text-based Pine client to access my email. When I first logged into that email account, I had no thought about how private my emails were, as I understood that the email server admin could read every message I sent and received.
One very important email broadened my internet horizons: I was invited to participate in a Usenet newsgroup. I started to interact with people from all over the world. In the first week on Usenet, I observed that it was important to use a proxy to post to Usenet, so that other users would not be able to immediately identify me by my posts.
As we have learned from nearly every version of social media platform, something about the format of the internet breeds conflict. In the early 90s, I observed an exchange that we would now label a “flame war” on Usenet. As the posters exchanged posts, insults flew and the messages escalated, until at one point one of the users uncloaked themselves, revealing their real IP address (as they had been using a proxy up until that point).
Within my first month on Usenet, I learned that internet privacy is contextdependent and can change based on the situation. Most people want to remain anonymous on the internet, but sometimes they don’t. From a policy perspective, over the last four decades I’ve witnessed the oscillation of users between those two preferences. In addition, developers and operators of internet technologies have faced a fundamental tension between two poles of privacy policy: Allowing governments to have the ability to investigate terrorist and criminal activity from truly dangerous users, while also allowing peaceful internet citizens to protect their online identity from abuse by others.
The combination of increasing sophistication of users’ privacy preferences and the two divergent, but rationalised, policy objectives drove significant guidelines that would culminate in the adoption and enforcement of the European Union’s General Data Protection Regulation (GDPR). GDPR policies were focused on protecting peaceful internet citizens from technology companies’ and criminals’ abuse of their online identity information. And then China decided to get involved, fundamentally changing how privacy regulations would be used for their own objectives.
The development and adoption of China’s Personal Information Protection Law (PIPL) marked a new age of internet privacy policy, specifically the weaponisation of privacy laws by an authoritarian regime. In a truly Orwellian way, China used the term “privacy” in their regulation to serve as a doublespeak branding of their goal to subject any organisation that hosted the identity of Chinese citizens to onerous oversight and the potential for highly intrusive investigation and data sharing requests.
If GDPR was a shield designed to protect internet users, PIPL is a sword designed to threaten internet technology providers, foreign governments, international companies and end users. If I think back to my first experiences involving internet privacy, as crazy as those days were, I would never have predicted even 20 years ago that eventually privacy regulations would be weaponised the way they have by China’s PIPL.
As we see the global geopolitical order of the last 40 years crack, the balkanisation of privacy policies will inflict a heavy burden on technology developers, operators and users. For private companies, it will become increasingly difficult to comply with the divergent privacy policies that govern their enterprise user and customer identities. We have already observed many companies splitting off their China operations entirely to avoid tainting their rest-of-world operations with Chinese user accounts to avoid having to comply with PIPL on a global basis.
The bottom line for enterprise privacy leaders and end users: Things are probably going to get worse before they get better, and we all need to be prepared to be flexible to change our personal expectations around global internet privacy protections and the policies that companies will need to follow to comply with new regulations — as Orwellian as those policies may seem.
