FTC leader calls on companies to protect privacy online
The commissioner of the Federal Trade Commission urged inventors and entrepreneurs Wednesday to build security and privacy features into products that transmit data, such as health monitors and smart meters.
Commissioner Julie Brill said businesses making products that connect to the Internet and transmit data should make sure to secure that data from hackers and connect only the data they need. The agency has sued several companies that left customer data vulnerable, she said, or that supplied data to users who then took advantage of consumers.
“In order to fully reap the benefit of ‘the Internet of Things’ and big data, both must be imbued with principles of privacy,” Brill told an audience of about 150 people as keynote speaker at Carnegie Mellon University’s “Privacy Day.”
People can surf the Internet through hidden, or incognito, pages that collect less data, said Cameron Boozarjomehri, a student in Carnegie Mellon’s privacy engineering degree program. He explained to several people at a privacy clinic how to opt out of tracking on browsers through settings such as “do not track.”
“You don’t have to take a lot of steps to improve your privacy online,” he said, referring to browser preferences.
Companies are supposed to honor those requests, and if they take data, it should be the bare minimum and discarded as soon as possible, Boozarjomehri said.
But Brill said not all Internet-connected devices have user-driven privacy options, or even interfaces that require a browser.
On her recent visit to the Consumer Electronics Show in Las Vegas, she saw a variety of products that connect to Internet — Swarovski crystals that serve as health monitors, doorbells that show homeowners video of who is ringing, and even outdoor grills that alert the grill-master when it’s time to turn the steak.
Each of those items collects data, she said, and consumers need to be aware of where the data go and how someone might use it.
Brill asked technology developers in the audience to create privacy policies that are visual and easy to understand, with better possibilities to opt in or out.
“The mere collection will be something that consumers will want to know about and control,” she said.
Consumers want to share, but they want to protect their data, said Alessandro Acquisti, a Carnegie Mellon professor of information technology and public policy. People are different, and groups behave differently from one another, but even individuals aren’t consistent in the decisions they make to share or protect what they reveal through connected devices, he said.
“We may not always be able to be aware of the privacy consequences in the decisions we make,” he said.
Acquisti is interested in potential economic impacts of privacy decisions: Will data gathered from devices help or hurt people? Could companies charge two people different prices for the same product, based on what they know about a person’s purchase history?
This may be happening, he said, but it’s not widespread. With all the data that companies gather from connected devices, the means of gleaning useful information and creating profiles runs a little behind, he said.
“We are great at amassing data, collecting data,” he said, “but we are still not that great on using it.”
Brill said companies are creating demographic grouping based on information they get. A data list called “Metro Parents,” for example, contains information about people who live in urban environments on limited budgets. Lists exist of people with health issues, such as AIDS or diabetes, she said.
Whether those lists are used for good or bad purposes is part of the agency’s enforcement efforts, Brill said.
One complaint the agency addressed was based on consumer data gathered from people interested in payday loans; it was sold to non-financial companies that used the information in predatory lending practices.
“Some say that privacy is dead,” Brill said. “I disagree.”
Megha Satyanarayana is a Trib Total Media staff writer.