May 20, 2015
ACLU of NH to State’s Technology Leaders: Data Privacy Conversation Must Include Security
Encryption and businesses’ role in protecting customer and employee information the focus of private event
Concord, NH – Google and Apple are actually leaders in data security, while many government entities such as the terrorism hotline were not, until very recently, encrypted. These are just two of the facts state and national experts in cybersecurity and privacy shared at a meeting that was convened by the American Civil Liberties Union (ACLU) of New Hampshire. The meeting featured a lively and deep discussion regarding the need to use current technology to protect basic information and the balance between protecting key data in a digital world and providing access to that data to protect national and international security.
“As individuals and organizations, we have an incredible amount of information, and there are people out there who are actively trying to obtain it for the wrong reasons,” said the ACLU of New Hampshire Executive Director Devon Chaffee. “As our systems become more and more digitally connected, major security and privacy concerns arise in both the public and private arenas. It’s our hope that the hundreds of lawmakers in New Hampshire explore and understand this issue. Not being tech-savvy is no longer an excuse.”
The best way to protect consumer privacy and embrace the responsibility to protect data is through encryption, according to Chris Soghoian, principal technologist and senior policy analyst for the ACLU Speech, Privacy and Technology Project.
“There is an opportunity here for companies to fight for their customers,” Soghoian said to the group of technology leaders on May 13. “If you have data, eventually someone will try and take it; or you will be forced to hand it over. Encryption is the best way to protect yourself and your clients.”
Tech giants like Google and Apple are leading the charge by building security into their products. Google prioritizes browsing security with HTTPS authentication protocol that creates secure browsing channels over insecure networks, and Apple built strong encryption into phones so police require a warrant and PIN number to access information from them.
“At one point, most emails were not encrypted and our daily lives online were not secure, so the NSA and their partners could tune in and access whatever they wanted,” Soghoian said. “In the last five years, companies have started to encrypt, forcing the government to go to Google, for example, to get the information because the Internet is slowly defaulting to secure browsing.”
But that’s not enough.
Companies across all industries and sizes should encrypt by default, from websites and intranets to phone and email messaging, according to Matt Cagle, a technology and civil liberties policy attorney for ACLU of Northern California. Doing so protects not only a customer’s data, but also the company, as Internet security is a private issue in the eyes of the law.
“The law is lagging behind, Cagle said. “Go above and beyond what the law requires and only relinquish data if there’s a subpoena. Be transparent with consumers and about information requests received from state and federal organizations. Make sure your customers know that you will fight for their data when local police come knocking on the door.”
Cities also have the opportunity to boost economic development by embracing privacy and security standards and creating a business-friendly community that protects data better than competing cities. One way to get started, according to the ACLU, is to consult with an expert to ensure you have the data you need to make business decisions, but don’t have a treasure trove of data that’s largely useless for you but attractive to hackers. Consider how long you really need to keep data on file, and find the right balance between privacy, risk and profit.
“Why do supermarkets have databases of hundreds of millions of credit card numbers?” Soghoian said. “We don’t have a system in place for how this information is handled; we don’t have a financial regulation; we need responsible data governance within our organizations.”
And responsible governance begins with a conversation about privacy. According to a new poll conducted by the ACLU, there are three standout situations when people are generally receptive to discussing and acting on issues of privacy. The first occurs when a private conversation – perhaps accessing financial information or medical records, for example – is intercepted and intruded upon. The second is when people are empowered to decide how and when they share (and stop sharing) content, regardless of the perceived sensitivity of that content. While a young professional may want to selectively share business accomplishments through social media platforms, he or she may prefer to hide personal details from family or business contacts, the study shows. Lastly, the ACLU found that people are generally open to discussing privacy matters in terms of legality and whether law-abiding citizens should be subjected to the same surveillance guidelines as convicted or suspected law-breakers.
“We want to start this conversation with individuals, businesses and local government, and expand the discussion about online privacy to include data security,” Chaffee said. “There are serious concerns about our state’s physical infrastructure; those concerns need to also extend to digital infrastructure and to allocating resources to make sure our information superhighways are as safe as our roads and bridges.”
The ACLU of New Hampshire is a resource for companies looking to create policies that protect privacy and free speech, tackle critical privacy issues, navigate federal and state laws, and consider emerging technologies and the impact they may have on individual rights. To learn more about the ACLU of New Hampshire or find resources to address data security for your company, visit aclu-nh.org or contact Devon Chaffee at 603-224-5591 or [email protected].
About The American Civil Liberties Union of New Hampshire
The ACLU of New Hampshire is a nonprofit, nonpartisan organization dedicated to defending the individual rights guaranteed in the Bill of Rights and the New Hampshire Constitution. The organization has over 3,000 members and has been advancing civil liberties throughout the Granite State for over forty years through litigation, community education, and legislative and policy advocacy.