The views expressed by contributors are their own and not the view of The Hill
Opinion>Cybersecurity

Failings by WhatsApp, Signal and others highlight the need to take back our privacy

by Jakub Kokoszka, opinion contributor

Over the past year, conversations around personal data and privacy have been at the forefront of scandals, breaches, and bugs. Loss of trust and confidentiality is at its historical peak. Consumer concerns have pushed tech giants to increase their transparency and security efforts, and it has encouraged government leaders to pass legislation that addresses these concerns — but only you have the power to truly regain your privacy.

As consumers, we have a right to know where our data is going and how it’s being used. While we should remain conscious of what we agree to when we accept privacy policies, we should also have a choice to opt out of widespread use of our own data. Businesses also have a responsibility to use consumer data reasonably and to keep this information safe.

{mosads}Europe’s General Data Protection Regulation (GDPR) was a step in the right direction in giving consumers control over their data. Since then, consumers have seen a multitude of privacy policy update notifications, and businesses are still trying to keep up in order to avoid fines. Republicans on the House Energy and Commerce Committee wrote to executives at Apple and Google this month to try to uncover, once and for all, the details of the corporations’ third-party access, data collection, and use of data, and whether smartphones collect location or audio data on consumers without their knowledge. California just passed a similar bill to the GDPR, the Consumer Data Privacy Law, which is a major stepping stone for privacy regulation in the United States.

 

While both policies have great intentions for consumers, they are simply not enough. Less than two months after the GDPR went into effect, the European Consumer Organization in Brussels (BEUC) reported that major corporations like Apple, Google, Facebook, and Amazon still fall short, in that they aren’t providing consumers with enough information about how they use their data and why they might need to collect it. The California regulation doesn’t go into effect until 2020, and it’s hard to tell whether businesses will be fully compliant when it hits.

One other issue we face as consumers is that there are too many programs and apps that promise privacy or user control, but in reality, they all have backdoors that are prone to hacks, data retrieval, or software bugs. In the recent investigations of Paul Manafort and Michael Cohen, the FBI had easily retrieved hundreds of pages of messages and call logs from the “encrypted” communications platforms, WhatsApp and Signal.

What was supposed to be a secure way to communicate turned out to be another case of back doors and broken promises. Contrary to what we might think, WhatsApp allows manual and automated scheduled backups to iCloud, where files are no longer protected by the app’s end-to-end encryption. Manafort and Cohen were victims of the same blunder.

Signal, another widely used messenger application, recently had a bug in its system, in which messages didn’t actually delete when users opted in for the self-destructive messages feature. While both apps have been believed to be safe ways to communicate, we see that by design, they still had flaws.

The fact is, while many of these communication apps and social networking services that we use on a daily basis are “free,” they aren’t, because we are paying with our privacy. If you think that consumers are generally indifferent about their privacy or personal data, ask your colleague or boss for the passcode to unlock his or her phone, Google account, or Facebook page, or perhaps offer yours to someone else. Just because you haven’t done something wrong, or you’re not hiding anything, doesn’t make it right.

We’re told it’s normal for someone to have access to our personal information, but it’s not. We don’t have to give up our privacy. It’s a basic human right, and it’s not okay to let others take our most personal information and sell it or share it to whomever they want, whenever they want, without proper consent.

We should fight for our liberty and fight for security. It’s time to take control of our own privacy, and it’s time for businesses and the government to step in and do everything they can to help bring that back. Imagine a world where you are the only one to decide what part of your life belongs to you.

Jakub Kokoszka is co-founder of Usecrypt, a secure communication technology and Warsaw-based privacy movement.