Current online privacy protection regulations are based on 1960s-era policy, and are inadequate in an age of big data and the constant collection of personal information, says WPI cybersecurity professor Susan Landau, in an essay published in the Jan. 30, special issue of the journal Science.
In the essay, Landau says the only way to effectively protect privacy is to control the use of data. “Controlling use is complex,” Landau writes, “but combining technology, policy, and law is the best way to control incursions from business and government.”
Landau, former senior staff privacy analyst at Google and a widely respected authority on cybersecurity, privacy, and public policy, joined the WPI faculty as a professor of cybersecurity policy in March 2014.
“Data is too valuable to society to expect that we will stop collecting it. We need to control how it is used,” she says. “Notice and consent are not working. People don’t look at privacy notices, and in any event these notices can’t keep up with all the ways data is collected.”
Notice and consent are typically negotiated through the use of privacy agreements, through which users click a box or button to grant permission for their data to be collected and used. But as the volume of data collection has grown, and as users are confronted regularly with requests for their consent, privacy agreements have become an ineffective means for accomplishing notice and consent, Landau writes.
“Data is collected in small bits everywhere. We can’t expect to get permission for each use,” she says.
Landau notes that it is not only the collection of massive data sets that threatens privacy, but the ability to use the tools of big data to cross-reference information from various sources to find patterns that can lead to privacy violations. She cites the case of a retailer predicting a teenager’s pregnancy based on her purchases and a ride-sharing app recognizing patterns in pick-up and drop-off data that hinted at one-night stands. The value of big data and predictive analytics will likely outweigh these risks, Landau says. “Massive amounts of data create such personal and societal benefits that collection is unlikely to stop.”
Landau’s essay in Science can be seen here.
Landau is a frequent contributor to national conversations about the impact of modern technology and government policies on personal privacy and Internet security. She has written about such topics as the Edward Snowden revelations, the NSA’s practice of collecting massive volumes of information on domestic telephone conversations and social media posts, and the growing quantity of personal information being held in corporate and government computers in the Washington Post, the Chicago Tribune, the Christian Science Monitor, Scientific American, the Huffington Post, and numerous other publications. She has also appeared frequently on National Public Radio.
She has held faculty positions at Wesleyan University and the University of Massachusetts Amherst and visiting faculty posts at Cornell, Harvard, and Yale Universities and the Mathematical Sciences Research Institute in Berkeley, Calif.