Why Big Tech Excels in Security but Terrible with Privacy

The Paradox

Undeniability, digital technology plays an integral role in our lives. Two essential protection concepts often get intertwined which are computer security and computer privacy. While both are crucial for safeguarding our digital life, what is differences between computer security and computer privacy?

Big Tech companies have no doubt become the driving force behind technological innovation, shaping the way we interact, work, and live. With billions (billions!!) of users entrusting them with every moment of their digital life, these tech giants invest heavily in security measures to protect against cyber threats to maintain user trust.

However, a concerning paradox emerges – while they excel in security, they fall short when it comes to safeguarding or actually caring about user privacy.

"With great power comes great responsibility" is a quote popularized in Spider-Man comics written by Stan Lee in 1962.

This is definitely what Big Tech has forgotten (or maybe they just don’t read classic comics). Instead, they focus on providing formidable security and grossly profiting from exploiting your privacy. They work hard at making sure your Gmail account is not hacked or your online shopping order is not comprised. By providing security they think they are providing privacy.

Building Digital Fortresses

Computer security primarily deals with protecting digital systems, networks, computers, smartphones, and data from unauthorized access. Big Tech companies operate on a colossal scale, handling vast amounts of sensitive user data. I have worked with the security departments of Big Tech over the years including IBM, Cisco, and Microsoft and they take security very seriously. If they were not good at it the online world would come crashing down.

The Privacy Predicament: Balancing Profits with Privacy

While Big Tech excels in thwarting hackers, their challenges with privacy often stem from profit and internal factors like:

Business Models and Data Monetization: Many Big Tech companies rely on advertising with targeted ads, which drives revenue. This requires extensive data collection and analysis, raising concerns about user privacy. More they know about you the better they can show you ads that will make you buy stuff.

Data Collection and Retention Practices: Many companies collect an abundance of user data, often retaining it indefinitely (forever!), which increases the risk of data breaches and unauthorized access. Do you ever think about every time you give a piece of personal information to a company, ever ask them how long they are going to keep it?

Data Sharing: Any company that collects your personal data is probably selling it to another company and they make it legal by confusing terms in the (un)privacy policy which makes it all legal.

Lack of User Control: Despite privacy settings, users might find it challenging to understand and control how their data is used. They don’t want to make it easy.

Data Misuse and Ethical Concerns: Instances of data misuse or unethical data handling practices have eroded trust and heightened privacy concerns. Think about how Ring.com just got caught having contractors watch the videos of customer’s Ring cameras. You buy Ring for security, and you get your privacy violated. What about your own IT department, do they look at the pictures on your phone? Track your location?

Government Surveillance: Governments may implement stringent security measures to combat cyber threats but may simultaneously engage in mass surveillance and data collection, impacting individual privacy rights. They also request or purchase web surfing habits, phone records, and every text message ever sent from Big Tech to aid in profiling its citizens. In the UK they are attempting to pass a bill that allows the government to read any message on any popular platform, including encrypted private systems.

Safeguarding Personal Information

Computer privacy, on the other hand, is focused on protecting an individual's personal information from unauthorized access, use, or disclosure. It relates to the right of individuals to keep their personal data confidential and control its collection and sharing. Key aspects of computer privacy include:

Data Collection and Consent: Organizations collecting personal data must obtain explicit consent from individuals, stating the purpose and scope of data collection. The issue with this is the scope of the consent is buried in a massive complex privacy policy. Be careful with consent.

Data Anonymization and Pseudonymization: To protect user identities, data can be stripped of personally identifiable information or replaced with pseudonyms. This is rare or poorly implemented. With Big Tech this rarely happens as they want to know as much as they can about you.

Privacy Policies and Statements: Companies should provide clear and transparent privacy policies detailing how they collect, use, and share user data but they don’t. They make it as complex as possible. Having a privacy policy is just them explaining how they will violate your privacy. These are written by lawyers to protect them not you.

Data Minimization: Collecting and retaining only the minimum amount of necessary personal data to fulfill the intended purpose. If this was true, we would not be in this situation of over sharing. When signing up for a new service either online or in person has your Spidey Sense tingled because the questions they were asking you was none of their business in order for them to provide the service in question?

User Access and Control: Individuals should have the right to access their data, correct inaccuracies, and, if necessary, request deletion of their information. Big companies are getting a bit better at telling you what data they have about you (if you formally request it) as it is a legal requirement in many places. What they don’t tell you is how many companies have they shared your data with.

Secure Data Transmission: Ensuring that data shared between users and online services is encrypted to protect it from interception. Big Tech is great at securely collecting your data {wink}. Its just what they do with it once they have it.

Prioritizing Privacy

Many privacy focused organizations like Proton and Session are popping up that provide first class privacy for its users. When looking for privacy themes in online services look for:

Privacy by Design: Incorporate privacy principles into product development from the outset to ensure data protection is built into the foundation.

Data Minimization: They limit data collection to what is necessary to provide the service, reducing the risk associated with data breaches and general misuse. Chat apps like Session don’t even need an email or phone number to work, think about that!

Ethical Data Use: Establish strict guidelines for data usage to prevent any unethical practices. Are they using your email to feed their AI training? Someone else watching the video feeds from your home security system? Does your IT department have access to those M&A documents? Are you sure?

Transparency and Accountability: Be transparent with users about data practices, providing regular updates on how data is used and shared.

No Sharing: The data you provide is solely to provide you an online service and it is not shared or sold to anyone.

In Closing

No one can deny that Big Tech like Apple, Google, Amazon, Microsoft, and Facebook are security experts but what about their moral obligation in using their power to actually protect your privacy?

The paradox of Big Tech excelling in security but struggling with privacy is a multifaceted challenge that arises from their business models, data sharing practices, and government surveillance.

We are also our worst enemies as we use secure social media platforms and secure iPhones to publish our whole life online for anyone to see. Its not just the fault of Big Tech gathering our data as we are constantly online so it has become additive. We voluntarily post photos, get into online fights with strangers, and provide a continuous digital diarrhea of information online. Big Tech may provide the secure platform, but we also still many times have to click the upload button.

As technology continues to evolve, people need to demand a balance between robust security and stringent privacy measures. This will be crucial for preserving user trust and ensuring that the digital landscape remains safe and respectful of individuals' privacy rights. People also need to be accountable of what they publish publicly online.

The best way to demand more privacy is to use platforms that privacy is at its core.

Thanks for reading. If you have any questions or topics you like us to cover please reach out anytime. Thanks ~Will.