The American public is changing their behavior as a result of the privacy and security failures across the private sector business policy landscape. As the latest NTIA survey data reveals again, online commerce is being impacted and government agencies are now trying to further communicate there is a growing problem:
Lack of Trust in Internet Privacy and Security May Deter Economic and Other Online Activities
May 13, 2016 by Rafi Goldberg, Policy Analyst, Office of Policy Analysis and Development
Every day, billions of people around the world use the Internet to share ideas, conduct financial transactions, and keep in touch with family, friends, and colleagues. Users send and store personal medical data, business communications, and even intimate conversations over this global network. But for the Internet to grow and thrive, users must continue to trust that their personal information will be secure and their privacy protected.
NTIA’s analysis of recent data shows that Americans are increasingly concerned about online security and privacy at a time when data breaches, cybersecurity incidents, and controversies over the privacy of online services have become more prominent. These concerns are prompting some Americans to limit their online activity, according to data collected for NTIA  in July 2015 by the U.S. Census Bureau. This survey included several privacy and security questions, which were asked of more than 41,000 households that reported having at least one Internet user.
Perhaps the most direct threat to maintaining consumer trust is negative personal experience. Nineteen percent of Internet-using households—representing nearly 19 million households—reported that they had been affected by an online security breach, identity theft, or similar malicious activity during the 12 months prior to the July 2015 survey. Security breaches appear to be more common among the most intensive Internet-using households.
This survey is indeed only one facet of a much larger topic and pervasive problem. Digital Trust is the output of making affirmative "Trust Decisions" with computing devices. Whether they are machine-to-machine, person-to-machine, or machine-to-person requires several technology engineering elements and business rules, that are understood and agreed upon. The question is by whom?
Consumers who are using the Internet for communications and commerce and are the victims of Identity theft, stolen funds or other fraudulent schemes, are just the first wave of targets for transnational organized crime (TOC). We have known this since the invention of virus scanners and bug bounty programs, in the early days of the 21st century.
Yet fifteen plus years later, the government is doing a study on the consumers feelings about privacy and security. As a business or a consumer, we understand that the speed of commerce and technology is always far ahead of the regulations and the laws. When enough people or businesses seem to be harmed, then the momentum begins for policy shifts and new laws are sometimes enacted after thousands of pages of semantic negotiation.
The answers and the outcomes we seek will come. However, they will not first be solved by politicians and lawyers. They will be mostly solved by our brilliant mathematicians, software engineers and data scientists. At this point in time, we are getting so much closer to achieving digital trust through new innovations and inventions. Just look at IBM Watson.
It is now time for business and commerce to begin the process of finding the truth. Why do we continue to allow the levels of known bad actors to operate inside and within our networks? It's a numbers game and it is because the criminals also employ the smartest social engineers and data scientists.
Digital Trust in the next fifteen years will mean something different than it does today. We will have found the formula along the journey, the new equations and the rules agreed upon by all to make online and digital commerce more safe and secure. So what will we do today and tomorrow, until the engineers and scientists save the day?
At this point in time, it is simply called "Know-Your-Customer"(KYC). If this was utilized more effectively across critical infrastructure sectors beyond finance in our digital economy, then we would be making some progress. Where are we talking about next?
The FTC and FCC are well on their path to defining those critical elements of improving the trust that consumers have using their digital tools with ICT and on service providers web sites. Yet even to this day, you still can find the criminals using and leveraging our own Internet Service Providers (ISP) to launch their attacks and perpetuate their fraudulent schemes. How will this ever be deterred? Could a version of KYC work with the ISP's?
Even with a global banking system in place you have pockets of greed and deceit. Rogue nations or territories that have become the go-to-locations for the transnational organized crime syndicates to flourish. Yet we can do much better, than we are today.
Just ask any "BlackHat" hacker from Eastern Europe who they prefer to do business with. Query the experts that exist on the dark side and you will find the ISPs they prefer to do business with. One day the regulators will realize this is where the business of e-crime has an opportunity for change and additional reform. It will be more than just opening an account to gain access to the Internet. It will be about scaling up our systems to a future horizon with new rules and robust real-time behavioral predictive analytics. In the mean time:
May 11, 2016
In testimony before Congress today, the Federal Trade Commission outlined its work over the past 40 years to protect consumers’ privacy at a hearing convened to examine privacy rules proposed by the Federal Communications Commission.
Chairwoman Edith Ramirez and Commissioner Maureen Ohlhausen testified on behalf of the Commission. The testimony before the Senate Judiciary Committee’s Subcommittee on Privacy, Technology and the Law provided background on FTC law enforcement efforts, policy work and consumer and business education programs related to protecting consumers’ privacy.
The testimony highlighted the FTC’s extensive history of privacy-related work. The testimony noted that the agency has brought more than 500 privacy-related enforcement cases in its history against online and offline companies of varying sizes, including companies across the internet ecosystem. In addition, the testimony highlighted a number of recent cases of note.
The testimony also provided information on the FTC’s policy work in the privacy area, going back to its first internet privacy workshop in 1996. The testimony noted that recent policy work has been based on principles featured in the FTC’s 2012 privacy report, and also highlighted workshops and reports related to the Internet of Things, big data, and other issues, including cross-device tracking.
The testimony also described the FTC’s extensive consumer and business education efforts related to privacy, including the FTC’s Start With Security campaign for businesses, and the newly-updated IdentityTheft.gov.