Feeds

Consumer Profile Exchange could protect privacy

If Congress would get off its ass, that is

  • alert
  • submit to reddit

Top three mobile application threats

The IBM-backed, XML-based standard enabling companies to exchange consumer data conveniently over the Web called Customer Profile Exchange (CPE) may not be quite the threat imagined by worried US consumers and privacy advocates.

The scheme itself actually includes provisions for the responsible sharing of information, such as enabling one company to make data available only to others that agree to similar use restrictions, and enabling consumers to access and even control their data profiles while confronting a single, consistent format. These could be good things, or not, depending on how the technology is used.

The true danger here is the lack of any regulatory structure requiring companies to use it in a way that benefits, or at least doesn't threaten, consumers. Simply put, technical standards don't threaten people's privacy -- people threaten people's privacy.

"If you have a technology making it easier to exchange information between different databases, the question is whether companies will respect consumers," Centre for Technology and Democracy (CDT) Senior Policy Analyst Ari Schwartz told The Register. "Even a decent policy of industry self-regulation would be helpful here."

Unfortunately, there is little in place, either among industry groups in terms of self regulation, or nationally in terms of government regulation, to prevent something potentially useful like CPE from being abused.

Certainly individual companies can enter into contractual agreements governing the use of information they supply. "If a company were to go beyond what it has agreed to do with the data, that would be a contract violation which would land them in court," Schwartz pointed out.

The companies are protected from data misuse, but of course consumers have no rights whatever under such agreements. They're not even in a position to influence the sort of standards the better class of company might aspire to. There is virtually nothing under the law that one can use to control what is essentially an extremely valuable commodity belonging to oneself.

In terms of leverage, "you don't have anything," Schwartz observed.

So if the technology is hostile to consumers, it's only because the US regulatory environment is so palpably incommodious. If that were to improve significantly, CPE could become one of the best ways yet devised for consumers to stay on top of their profile information and control what can be shared, and with whom.

It would eliminate (among its subscribers, anyway) the need to deal with myriad privacy policies couched in paragraph after paragraph of misleading legalese, unique to every on-line company one deals with.

One could set one's own standards once, and be done with it. If only, that is, the US Congress would see fit to grant something like rights to consumers. This is not exactly a gimme, as the 107th will convene under a veritable avalanche of privacy proposals, the vast majority of which are pure rubbish.

In the highly rhetorical legal marketplace known as Capitol Hill, it's not hard to imagine a comprehensive and realistic opt-out proposal getting so badly stigmatised by privacy fundamentalists that a pathetically weak opt-in proposal would succeed in its place. It would sound good, but accomplish nothing -- exactly the sort of legislation our venerable representatives support most enthusiastically.

The best of all possible worlds would be a solid, comprehensive opt-in proposal, but we've been around the Hill long enough to know that the advertising and data-mining lobbies will ensure that no such monstrous thing happens.

The next best (and most realistic) thing would be an opt-out bill with real teeth, and there CPE could be a definite boon. In the right regulatory environment, it would make it easy to opt out, and convenient for a consumer to examine what his profile contains and just how it's being used. Combine that with granting him something like rights over a commodity which common sense tells us he owns outright, and we'd have a real winner coming out of conference committee for a change. ®

Top three mobile application threats

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Sorry London, Europe's top tech city is Munich
New 'Atlas of ICT Activity' finds innovation isn't happening at Silicon Roundabout
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.