Larry Irving: We're Flying Without a Net When it Comes to Privacy

Imagine trying to write policy around privacy and the Internet back in the 1990s. It was a world with fewer than 20 million internet users, most of them based in the United States. The task was given to Larry Irving in 1994 after he co-authored a paper on internet privacy. He became the first internet advisor to the then Clinton-Gore government.

"There were implications and problem no-one was looking at," Irving said, speaking at this year’s IAPPANZ summit in Sydney. Although there were regulatory policies in place around telecommunications, cable TV and satellite TV, there was no cohesion between them. Irving's team saw an inflection point looming. There was clearly potential for crossover between these and other fields.

Irving’s report was released over 19 years ago. There hadn’t yet been any privacy violations, but Irving and his team wanted to get ahead of what they saw coming—a potential minefield.

"What did we come up with in the end it? I think the framework we developed has withstood the test of time," says Irving. "We basically requested that industry develop a voluntary-consent model. We’ve debated that model for 20 years".

On reflection, Irving says he was struck by the level of optimism at the time, but a couple of things also surprised him. The level of growth exceeded all his expectations. And when it came to privacy, "We thought consumers would care. They apparently don't."

Irving says the pervasive nature of mobile devices, especially smartphones, is a particular concern. Every one of those devices acts a beacon that can be used to track individuals. This isn’t just a potential issue, it’s already being used in commercial settings to track how a customer moves through a store—to determine the best lay out for shopping spaces. It's being used to push specific offers when the tracking data and shopping habits from loyalty programs are correlated.

The problem with this, according to Irving, is that we don’t know what data is being held, how it is being used, how it will be used in future or what controls are in place to protect individuals.

That flow of data will only increase as wearable technology such as smartwatches, Google Glass and fitness trackers deliver a rich, constant stream of personal information. The potential uses for this data extend to corporate human resources systems, insurance companies and applications we haven’t even imagined. As the number of connected devices grows from about seven billion currently, to in excess of 50 billion by the end of this decade, Irving believes we need to take stock of the implications.

The trouble is that "legacy regulatory models rule, and will continue to rule—at least in the United States—for the foreseeable future," he says. It hasn’t all been plain sailing for companies using this data either. In many cases, when a service provider or store representative knows too much about a customer, there's evidence that customers feel their privacy is being violated— even though they actually provided that data. For example, when sales staff knows what products a customer has been browsing online, when they were last in the store or their previous shopping history, there's a negative reaction.

Read more: I've got my eye on you: Google Glass

Citing recent studies, Irving notes that more than three quarters of shoppers found that the existing level of cell phone tracking is unacceptable, while more than 80 percent of shoppers were concerned their data was not safe or secure. Most also feel that the benefits of all this data access reside with the stores, not customers.

Irving says the lack of cohesive regulation for mobile devices, from platforms to apps means we're flying without a net.

In his view, the time to establish regulatory systems for these technologies is now. Foreseeable problems can be addressed before they are exacerbated. He cites analogies about companies such as Uber which enter a market and disrupt it, but are forced to wait for the regulatory environment to catch up. Irving recalls a conversation with the executive chairman of Google, Eric Schmidt. Schmidt's view was that developments should take place in isolation of the regulatory regime so that innovation wasn't stifled. For entrepreneurs, this is a challenge—balancing creativity with innovation.

"This is going to be a very interesting period of time. One that I don’t think any of us is really prepared for," says Irving.


This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags cable TVIAPPANZ SummitUnited State#iappanzInternet usersGoogle GlassClinton-Gore governmentCSO AustraliaprivacyHR systemsUberEnex TestLabLarry Irvingeric schmidtsmartwatches

More about CSOEnex TestLabGoogleUber

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts