Internet Services - Trust, Privacy and Safety

A week ago, I hosted few friends for a dinner. During and after the dinner, our conversations went from religions to politics to how Internet-based technologies are changing our personal, social and work lives. During the technology discussions, in which I was the most vocal for the obvious reasons, one of my friends said that she felt safer having TurboTax Tax Desktop Application in lieu of the online version of TurboTax that stores everything in the Intuit’s data center. I immediately challenged this comment with a rhetorical question as why she thinks that storing her information on her desktop is more secure than storing the same data in an Internet-based service. Thereafter, we all spent considerable time debating around the privacy and trust of contemporary Web 2.0 Internet services.

On a related note, yesterday, I met few ex-colleagues for a lunch in San Francisco. During our discussions, one of them said that she looking for the cheapest price for a book. My first recommendation was Amazon but she had already looked at Amazon and didn’t feel that the available options were cheap. My next recommendation was eBay and to my astonishment she replied that she does not feel safe opening accounts on multiple websites. Amazon was kind of known name to her but she didn’t feel safe opening an account on eBay. I was baffled.

These two discussions provoked a thought process within myself on why people have a perception that Internet-based personal business services are not safe and would expose their personal data. Is it because that the use of Internet-based services makes us more susceptible to the marketing and advertising schemes? Why do they think that a laptop or desktop at home or in a car is more secure than the hardened data centers of the industry giants? After some analysis, I have come-up with three broad categories of reasons that are causing these data protection concerns from my friends.

The first category is the personal data loss statistics, manual opt-out targeted advertisements debacles, and debates of personal data ownership over the last few years. The year 2007 was the worst year in terms of personal data loss statistics. More than 79 million personal records were part of identity theft, an increase of over 400% from the year 2006. These statistics instill fear in all of us and will require some major work from the involved companies to gain back the trust of their employees or customers whose records were part of the loss or identity theft. In the similar fashion, the FaceBook’s Beacon debacle didn’t help the situation. The users were furious as why their web actions (i.e. purchases) were shared with the friends without their explicit permissions. In another example, the recent Google Reader’s sharing feature is still generating debates on the boundaries around the sharing.

The second category represents the proliferation of obscene pop-ups, phishing emails, and spam emails among many other techniques used by the Internet thieves to steal personal information of the Internet users. For technical people, this might be a non-issue because they can interpret phishing URLs, malware, spam, websites and hacker techniques. However, the non-technical people (normal people) cannot necessarily discern a real email send by a provider from a phishing email sent by a hacker; though, the latest browser versions have come-up with built-in features to protect these normal users. But as it happens in technology industry, the hackers will come-up with the new ways to trick our normal users. And the safety issues will remain there. We can only hope that the issues will decrease with time because more of these safety issues will result into less and less use of the Internet services.

The third category is the education (or lack thereof) around the data privacy rights and laws. As I was writing this article, I came across this blog entry on the data privacy protection. It talks about the data privacy day of 2008, to be celebrated tomorrow (01/28/2008). I could not agree with the concept and the effort. My recent discussions with co-workers, ex-colleagues and others friends have made me realize that the most of the Internet users are simply not aware of data privacy rights and laws.

I have described the major reasons of my friends’ comments, but what can we do to fix these reasons remains a challenge. Briefly, I would say that the privacy education is a very good first step towards the solution. Additionally, we need advancements in the database technology to assure anonymity and data encryption in the database tapes and storage. These advancements (anonymity and data encryption) will assure privacy of the users’ data even if the hackers are able to get hold of raw data or tapes. Lastly, we must make computers to be as safe as our cars are. Of course, the education for the drivers (users of the computers) is also important part of it as the car’s (computer) safety has a major dependency on the skills of its driver (user).

If you have a suggestion, please feel free to leave it as a comment to this blog entry.