GDPR: Don't forget to bring a towel!
May 25 is Towel Day, when fans of The Hitchhiker's Guide to the Galaxy jokingly adorn a towel and praise the household item as if it prepares the owner for any sticky situation. Author Douglas Adams was a master of these tongue-in-cheek references to our modern existence, helping the reader (and listener) feel as if they might one day walk across their livingroom and into a silly, star-spanning adventure.
As The Guide says, "A towel is just about the most massively useful thing any interstellar Hitchhiker can carry. Partly it has great practical value." But the true power of a towel is its role as a symbol: "More importantly, a towel has immense psychological value... any man who can hitch the length and breadth of the Galaxy, rough it, slum it, struggle against terrible odds, win through and still knows where his towel is, is clearly a man to be reckoned with."
Possession of a towel is a calming force, a reification of the mantra printed across the cover of The Guide in big letters: "DON'T PANIC".
As Towel Day 2018 approached, our e-mail inboxes filled to the brim with similar platitudes. May 25 was also the day that European General Data Protection Regulation (GDPR) went into effect. And boy, did we hear about it.
"NOTHING TO SEE HERE" is the message of the marketing barrage around GDPR. It's much more bland than The Guide's cover phrase, to be sure, but there can be no desire to panic if there's no problem.
Data collectors and data brokers are keen to remind us that there simply is no surveillance concern, that small tweaks are required to shoehorn GDPR into a well-functioning, privacy-respecting system. Website popups around the world seem to say, "Maybe the reckless corporations over there have created a nightmare, but over here we would never dream of hurting you. If we screwed up in the past, we've fixed everything now so you should forgive us."
That conversation dodges fundamental threats to our computer networks that aim to segment, classify, and surveil traffic. As we emphasize at Yale Privacy Lab, there are are also serious problems with the underlying structure of our software ecosystems.
It may be difficult to communicate these concepts via e-mail and website popups, but companies that avoid mentioning the surveillance underbelly of their business model are flat-out deceiving people. GDPR contains very stringent requirements, including explicit consent from users that would limit the data harvesting that currently powers Silicon Valley and the app economy. If GDPR were followed according to security industry recommendations, it would not only threaten Facebook and Google, but also Pornhub, Imgur, AccuWeather, Yelp, and much more obscure companies.
So, what's a data hoarder to do? An Internet meme summarizes the strategy: "Hi there. You purchased a potato from us 7 years ago and we somehow got [ahold] of your email address... we have more information for you not to read on our [Terms and Conditions] and it doesn't really matter... you don't have any choice anyway if you'd like to continue using our potatoes or celeries."
Electronic contracts are notoriously ignored by users, prompting the creation of Web browser plugins that rate terms of service and try to categorize policies via Artifical Intelligence.
Shortly after our work with Exodus Privacy exposed an entire industry of hidden trackers in Google Play, Google changed its policies to ask Android app developers to "prominently highlight how the user data will be used and have the user provide affirmative consent for such use". Warning screens and verbose agreements often become software malpractice: they not only mask the poison coursing through the system, they sedate the user into a click-through coma.
Now that GDPR has landed, we're seeing challenges to the faux-consent model. Do users have a free choice when they are a captive audience just trying to use a service?
Communication about updated privacy policies may be a mechanism to hide the fact that consent was never asked for or granted by users in the past. Silence and pre-checked boxes may be interpreted as consent, even though GDPR specifically forbids this. When the dust settles, will users even know what they may have consented to, and from which service providers?
The corporate version of GDPR is a bizarre cauldron of doublespeak, intended to elicit B.F. Skinner-style conditioned responses on the part of users. As current trends to undermine, circumvent, and twist GDPR continue, the regulation begins to resemble the Towelie character from South Park, who reminds everyone "Don't forget to bring a towel!" at every possible opportunity. In stark contrast to Douglas Adams's helpful tool for survival and comfort, the towel becomes a ridiculous suggestion that serves no utility. Mere mention of GDPR may elicit the same disdain as Towelie's character, a vehicle for jokes about uselessness and lazy inaction.
Yesterday Bytedance, the company that acquired the tween-centric app Musica.ly and relaunched it as Tiktok, was been sued by a parents' group for violating the Children's Online Privacy Protection Act by gathering, storing, and selling private information about their children. Today, they settled the case on terms that have not been disclosed.
A sweeping new tech bill from Silicon Valley Democrats promises privacy, interoperability, and protection from algorithmic discrimination and manipulation
Reps Anna Eshoo [D-CA] and Zoe Lofgren [D-CA] have introduced HR 4978, the "Online Privacy Act," which is a comprehensive set of federal rules for privacy, interoperability, and protection from algorithmic discrimination and manipulation.
Chrome’s incognito mode is useful if you don’t want your browsing history saved to your account, don’t want websites to access your cookies, or if you want to troubleshoot your browser. But it doesn’t do much to protect your privacy. Your ISP can see what websites you visit, and services like Twitter can figure out […]
So you missed Black Friday and Cyber Monday? Well, there’s one more holiday milestone coming up: Green Monday, on Dec. 16. It’s one of the busiest online shopping days for the simple reason that it will be 10 days before Christmas, which is when last-minute shoppers start to stress. Our advice? Don’t wait for that […]
Weighted blankets are officially a thing. And if you’ve ever tried one, you know there’s a reason for the fuss. Parents have known for generations that swaddling a baby has a profound calming effect, and the gentle pressure that blanket weights provide can have the same effect on restless sleepers. Pretty much all parts of […]
Walk through any office, and you will likely spot a few bobbleheads. These wobbly figurines are great fun to have around, although most celebrate people we will never meet. For something a little more personal, try Handmade Custom Bobbleheads. These mini caricatures are sculpted and painted by skilled artisans, based on any photo you provide. […]