TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Tech | Why Media Scrutiny Can Be the Privacy Pro's Best Friend Related reading: New Operating System Brings Cheers and Privacy Concerns



Microsoft has made headlines this week for the release of its highly anticipated Windows 10—a free service for those already using Windows 7 or 8. In the wake of the Windows 10 release, Microsoft will also change its privacy policy and services agreement, and because of that, the company’s changes are under predictable media scrutiny. The headlines include, “Windows 10 may be free, but it comes at a huge price to your privacy,” “Windows 10: Here are the privacy issues you should know about” and Brian Krebs’ “Windows 10 Shares Your Wi-Fi With Contacts,” to name just a few.

Though some might think these pieces cast Microsoft in a negative light, I’d say they’re a good thing for privacy pros, and probably Microsoft as well.

Here’s why.

In releasing this massive new operating system in conjunction with a massive new privacy policy, Microsoft has made careful decisions on what to offer their consumers by way of product benefits and privacy protections.

Let’s start off with its new "Wi-Fi Sense." This new feature shares an encrypted version of the user’s WiFi password with her Skype, Facebook, Outlook or Hotmail accounts. This, in turn, allows those contacts, assuming they visit the house, to jump right on her home WiFi without having to ask for a password. Since the password is encrypted, the guest will not see the password.

I can see why Microsoft would implement such a feature as a user-friendly add-on for friends and relatives visiting the house. Plus, it helps you save on your cellular data and battery life as you bounce around visiting your contacts.

In its Wi-Fi Sense FAQs, Microsoft spells out where the user can go to control Wi-Fi Sense, clearly stating the need to use location services and how to change the settings.

It’s true, there’s definitely privacy and security concerns with this new feature, and Brian Krebs offers a candid look at the potential issues with Wi-Fi Sense, calling it “a disaster waiting to happen.” He notes, “Given the myriad ways in which social networks and associated applications share and intertwine personal connections and contacts, it’s doubtful that most people are aware of who exactly all of their social network followers really are from one day to the next.”

Privacy is part and parcel of the product release. That will become a consumer expectation. If a rival releases a new software product and it doesn't come with a FAQ that addresses privacy concerns, that becomes a competitive differentiator. While Microsoft might suffer some slings and arrows regarding the choices it has made, what it has also done is reframe the conversation to include privacy. If Microsoft trusts its choices, it'll be confident that this new frame is good for the company in the long run. 

Look at some other privacy responses around the web.

A column for The Next Web highlights what it considers to be privacy issues with Windows 10. The column cites data-syncing by default; Cortana, or the “sexy spy in the machine”; the amount of data Microsoft will now collect, including what apps that run on Windows; the unique advertising ID on each device, and curiously, adds the benefit of a backed-up encryption key to its concerns.

Okay, but they found this information in Microsoft's privacy policy. That's a bit different from the stories we're used to, where white-hat hackers uncover issues and mistakes. The goalposts have moved.

In a bit of a stretch, too, the column refers to Microsoft’s “good faith belief” that sharing personal data “to protect our customers or enforce the terms of governing the use of the services” as proof that it “can disclose your data when it feels like it.” True, the wording does allow Microsoft to have some flexibility, but it is specifically tying that to protecting customers and enforcing its terms of use. Can’t really fault them for that.

Information Age points out that the new 17,000-word privacy policy is not, counter to Microsoft’s claims, the most straightforward privacy policy in existence. It also points out all of the new “privacy invasions” inherent in the virtual assistant, Cortana. The column notes “that Microsoft collects and uses data from calendars, apps, emails, text messages, phone calls, contacts and browsing history as well as device location and usage behavior around music, alarm settings and Internet purchases.” But really, it needs access to these features to work—it’s an inherent necessity if the virtual assistant is to work.

Though it might seem like a constant barrage of privacy-policy bashing from the media, this kind of scrutiny is good for privacy pros. These types of responses to changes in privacy policies and services demonstrate the important role privacy pros play in the product and service lifecycle. In addition to appropriately rewriting a privacy policy, they need to be there from the design phase of a new product, stay there with the marketing and PR folks during launch and remain there to help react and, often, learn from vulnerabilities or misunderstandings in the media.

For companies that want to push the envelope, make their services user-friendly and privacy-sensitive, they’re going to have to heavily rely upon privacy pros to make these rollouts as smooth as possible. Privacy is a sensitive thing, and headlines touting another “privacy invasion” will continue.

In a way, the Brian Krebs of the world are a boon to privacy pros, and the fact that they exist is proof positive of the value privacy pros provide to the organization. Media scrutiny ensures that companies stay on their toes. It’s the privacy pros that will help make that happen. And just think what will happen to organizations without privacy pros on board.

Editor's Note: An earlier version of this blog referred to Wi-Fi Sense automatically accepting terms of use for wifi networks. This remains true of Windows 8.1 phones, but is no longer the case with devices running Windows 10. As this blog discusses the Windows 10 release, we removed the reference and updated the FAQ link to the one for Windows 10. Previously, we linked to the Windows 8.1 Wi-Fi Sense FAQ here, which is referred to in Brian Krebs' post on Windows 10. 

photo credit: An Archer's Arrows via photopin (license)

Editor's Note:

Investigative reporter and cybersecurity expert Brian Krebs will be a keynote speaker at this year’s Privacy. Security. Risk conference in Las Vegas, NV.

Editor's Note:

If you want to comment on this post, you need to login.