Motorola, Google and Others Are Missing the Boat

Continuing on the theme of a blog post from a couple weeks back I noticed this week a burst of news of internet enabled personal devices. First up, and the biggest news, was the announcement of the Moto 360, the smart watch from Motorola. Accompanying that announcement was one from Google of a flavor of Android purpose built for wearables as is used in the Moto 360.

This was preceded by rumors earlier in the week of an Apple built health-tracking application. And, below the radar but germane to the conversation, was the launch of an app that can help with the rhythm method of birth control.

What do all of these things have in common? They all will expose even more personal information to the world than we already divulge. What they also have in common is that none of these announcements mention anything significant about privacy. In our post-Snowden glow where people are hyper-sensitive to uses of their personal information, that is an opportunity lost. While I’m sure early adopters will jump to use these services in droves, I’m also betting it won’t be long before some story comes out about some perceived privacy violation from one of these devices. When that happens it that blows up in there faces in a huge way.

This has happened time and time again and there is no indication that this trend will slow down. It is this moment, just as something is announced where the conversation between the business and consumer needs to begin about privacy and security. These companies need to discuss, in a straightforward manner, about what they plan on doing, could be doing but aren’t, and what shouldn’t ever happen.

Promises need to be made that put up walls. And the sooner that happens the better. Not only will this protect these companies from future liability in the event of a data breach or other accidental privacy violation, but it will build consumer trust in addition to putting up barriers to entry for those that want to play in the space but don’t have consumer’s best interest in mind.

As things exist right now from a legal and regulatory requirements perspective, all these companies need to do, and already do, is have a comprehensive privacy policy in place, but privacy policies just don’t cut it any longer. As a mechanism for transparency the don’t work, no one reads them. And efforts for Privacy by Design are a good practice, but that is behind the scenes.

The time is now for a real public education about what is being collected, how it is being used and what sorts of controls the end-user has over the collected data. I truly believe there are no nefarious intentions by any of these companies, but I think they are missing a great opportunity to address the issue head-on before they are put into a defensive posture.

 
0
Kudos
 
0
Kudos

Now read this

Security Comprehension

Too much information is a persistent problem in the world of information security. We’re buried under threat intelligence feeds, noisy alert systems, not to mention the steady drumbeat of news on the latest breach or exploit. Add to this... Continue →