Home / Blogs

Would You Like Your Private Information to be Available on a VHS or Betamax Tape?

Don't miss a thing – sign up for CircleID Weekly Wrap newsletter delivered to your inbox once a week.
Jonathan Braverman

When I was a young child growing up in the late 1980s, my parents were lucky enough to be able to afford to have both a VHS-tape video-recorder in the living room and a Betamax tape recorder in their bedroom. This effectively meant that to me, the great video format wars weren't a decade-defining clash of technologies, but rather they consisted mainly of answering the question "in which room can I watch my favorite cartoons?". It is only now with the perspective of time that I realize that my small dilemma was the result of two distinct groups with contradictory interests bidding for control of a massive market of home video users.

I was reminded of this piece of digital archeology with the recent news regarding the repeal of the FCC rules regarding internet privacy, partly because I'm starting to recognize similar patterns to the video wars in the field of digital privacy, the kind of patterns that should give business leaders and stakeholders in privacy-sensitive business pause as to a potentially strategic business consideration that lies in the immediate future.

It comes as no news to privacy practitioners that there is a long-existing schism between the European approach to digital privacy and the American approach to the subject: The US legislative and administrative bodies generally tend to adopt more business-friendly regulations prohibiting the abuse of information but permitting its commodification and trade, while the European stance is to consider digital privacy as a human rights issue (in some European-influenced jurisdictions, such as Israel, the concept of privacy is even explicitly designated as a basic human right and afforded constitutional protection).

The European legal institutions have consistently shown that they are not deterred by the international implications of their rulings (as demonstrated recently by the repeal of the Safe Harbour program that took place following the October 2015 decision in Schrems v. DPC, necessitating the expedited negotiations of the Privacy Shield agreement) — which is why I believe we're on the verge of a major event, one in which the distance between the two legal perceptions of privacy systems becomes impossible to bridge.

When one takes into account the EU's General Data Protection Regulation (set to enter into effect in spring of 2018) and contrasts it with the recent repeal of the FCC's rules, it is impossible not to notice that battle lines are being drawn. This is particularly true given the fact that the GDPR applies not only to data processed or located inside the scope of the EU itself — but also applies personally to the citizens of the EU nations themselves, even if they are not physically currently in the EU.

Under this principle, the latest move by American authorities not to prohibit ISPs from selling information that was until now accepted as private poses therefore an interesting challenge: if a German citizen purchases the services of an American VPN provider to mask her IP address, and said VPN provider routinely sells the information of its clients — would it be allowed to sell the sensitive information it gathers regarding the browsing habits of its German customer? Alternatively, if an American citizen purchases the services of an Estonian VPN — would the information gathered by the Estonian ISP be eligible for sale under the FCC's new, slimmer rules? Furthermore - suppose a more remote but still possible case in which an ISP with multiple local subsidiaries or partnerships wishes to balance the load on its network by routing some of its Icelandic or Irish traffic through its New York sister-company. Would the information of the Irish users be available for sale under the laws of the United States, and if so, to what extent would the sale be permissible?

It will be interesting to see if these trends will fully materialize into radically distinct views of the concept of digital privacy. The ever-growing distance between the two views is slowly but surely leading to a situation in which Europe's stance on digital security and privacy is not only noticeably stricter than the American interpretation, but it is also becoming effectively incompatible with it. This may eventually force all of us to choose whether to comply with either the American rules or the European rules, as we will be unable to conform to both at the same time.

Both sides have strong arguments, and both can make compelling cases for their position, but both sides also have weaknesses in their positions and neither are immune from criticism. But more interestingly, both sides also have significant economic advantages and disadvantages that can quickly turn the debate from a principled discussion on what privacy means and how it's enforced, into a stand-off between two of the world's largest economies.

If the debate between the two approaches eventually evolves into a business decision at the level of independent corporations and people, then much like the video format wars of old, it is only a matter of time until eventually one set of rules triumphs over the other, as markets are wont to do. But unlike the question of where a young boy in Mexico will spend the early hours of a lazy weekend in front of the television, the decision as to who can access our browsing habits and for what purpose can have far more comprehensive ramifications. Which approach will ultimately triumph remains to be seen.

By Jonathan Braverman, Legal and Operations Officer at Cymmetria

Related topics: Cybersecurity, Internet Governance, Policy & Regulation, Privacy

 
   

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Verisign

Cybersecurity

Sponsored by Verisign
Afilias Mobile & Web Services

Mobile Internet

Sponsored by Afilias Mobile & Web Services
Afilias

DNS Security

Sponsored by Afilias

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Industry Updates – Sponsored Posts

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll