With lots of talk around digital privacy in the last few days, especially in the B-to-C and C-to-C messaging arena, common man is now actively involved in knowing all the risks and facets associated with digital privacy. There are a lot of dimensions around this that are actively discussed varying from strategies, business decisions, technology, government mandates and policies, the boundary layers of privacy, limiting conditions, etc. Given this scenario what are the important lessons learned regarding privacy controls and what the users can expect in the future when they sign up to similar mobile or desktop messaging or web applications.
Transparency: One of the issues that users generally have is that the important privacy related features of an application are generally hidden from the user. Even though they are available somewhere in the application, there is no real time monitoring of these features that the users can do (as an application feature). For example, let us say the user is adding a new contact. The user may not know that immediately the contact gets stored in the application’s server and also the contact person can immediately see all the details of his profile, unless the user prevents that feature willingly.
Solution: Every action, menu item or button that is related to user privacy in any application should have a notification to the user in a transparent way about the consequences of the privacy feature in question.
Default Override Notification: Once the user starts using the application, it is impossible for the user to keep track of all the privacy defaults that they can override in order to protect their private data. Unless the application can remind them the potential risks of their actions every now and then or during each login. The user can then choose to act on it by overriding the default feature.
Solution: All the default options in an application that might compromise the privacy of a user should be highlighted to the user during every login and the user should be allowed to reset the options during each session the application is opened by the user, by his volition.
Device Data Protection: Even though an application can assure end-to-end encryption of messages up until the user’s mobile device, after this point in 99% of the user devices the data is then stored and available in their device unencrypted for everyone to see.
Solution: User should be forced to enter an MFA code or set a biometric password in order to have higher order authenticated access into his/her device messages that are coming into his/her messaging inbox.
Cloud Storage Encryption: When the user wants to store data into a cloud account, the applications normally do not encrypt the messages, but store in plain text.
Solution: When cloud back-up options are enabled for the user, the application should make sure that the messages stored in the cloud back up are encrypted and protected using an MFA code option only known to the user. A Vault Option with for example KMS (Key Management System in the case of AWS cloud) backed by an MFA could be a solution.
B-to-C Application Interaction and Log Messages: It may be shocking for most users to learn that most of their B-to-C Conversations and corresponding log messages are not encrypted and, in some cases, can even be seen by other business competitors.
Solution: Any Business to Consumer interaction/log messages that involves user privacy should have different levels of encryption depending upon what the user wants to do for each B-to-C conversation they have. This option should not be at the discretion of the Business but should be controlled by the user. The options can vary from no encryption to maximum encryption.
Private Key Protection: Applications should never be handling the keys of the users, unless in extra-ordinary circumstances like national safety, calamity etc.
Solution: All keys to decrypt the encrypted messages either in his/her device or in the cloud, should be in the hands of the user and controlled by him/her. User should be advised of the consequences resulting due to the loss of the keys he/she holds, so they can have a backup somewhere. Procedures and options for the backup process can be given to the users. Override of this option can be sought by the application only under national security or individual security reasons.
Private Data Storage and Usage: Users normally are not aware of what data about them are getting stored in the application and how they are used. In some cases, user’s personal security could be compromised if the data falls into wrong hands.
Solution: Before storing the user contact information or the user location information every time, the user should be let known by the application that it is being saved and how the application will be using that information and who is the data being shared with. Also, user consent importantly should be implemented during storage and sharing of their profile & contacts data.
User data monetizing: Users data get monetized without the user having to know about it. Since user is the rightful owner of their data, he/she should be consented with before such monetizing happens. The apps should not be selling the users data without the user’s consent. The users should have a rightful say about this.
Solution: Before monetizing any of user’s private information the application should let the user know it is being done.
First Amendment Rights: In cases where a criminal act is suspected, user data is shared with government authorities. Even though this could have happened in the interest of humanity, the first amendment right of the individual need to be protected.
Solution: Before any of the user’s private information is shared with any government or regulatory authorities, in the case of an investigation, the user should be notified, about the sharing of information and what information is being shared (this clause can be invoked depending on the severity of the act that is being investigated)
User Control over their Privacy: In most cases, users get to know the last that their information has been compromised or shared without their knowledge. It will be too late for the user to act and prevent/control any detrimental domino effects of the sharing, if the data has fallen into hands that the user did not want it to (even in some cases some legitimate businesses using the data to act against the user)
Solution: The user should be able to be notified and should be in control of all choices, features and events the application will trigger when user privacy will be violated, at the time of violation or sharing of data.
The author is Raj Srinivas, CTO, SecureKloud Technologies