Balancing the need for privacy, security and profit is an ongoing debate, in fact it is the defining debate of the internet age, impacting all of our lives, writes Amanda Lieu, fraud prevention software firm SEON’s Product Marketing Manager, pictured.
Rather than being a single issue, each change to the way privacy and technology intersect needs to be re-examined. Take for example Apple’s recent decision to scan every image in its iCloud for child pornography – on one hand it serves an obviously noble end, but it could also be a ‘backdoor into your private life’.
Many of us go about our lives without giving much thought to the information available about us, others are much more worried about the potential for abuse. VPNs, the Tor network, and ad-blockers are all common tools to take back control of our digital lives, but they are also used by criminals who want to defraud companies and individuals. A balance needs to be struck between privacy and security – but how?
Scale of cybersecurity problem
Cybercrime is predicted to cost the world $10.5 trillion dollars a year by 2025. That’s 100 times more than the $100 billion in damages inflicted each year by natural disasters, ten times more than the yearly costs from climate change, and it’s five times more than the oil and gas industry earns in a year. If that amount of money were in the legitimate economy it could do an immense amount of good: stopping climate change will cost $50 trillion over three decades, ending hunger only $330 billion.
Given its sheer scale, online fraud is a global emergency, and yet not enough is being done. A lack of understanding of the problem is pervasive: individuals are still setting their password to ‘password’ and governments have been slow to make impactful changes. To make matters worse, some software developers have taken reasonable concerns about privacy too far, to the point that they compromise safety and inadvertently create tools that criminals use.
It is easy to see how the infrastructure created to facilitate ‘surveillance capitalism’ could be used for purposes other than selling advertising. However, fraud prevention is different: it is based on collecting smaller amounts of data for a limited time and using them for a very specific purpose. Anti-fraud companies are only interested in knowing if a device is part of a fraud ring trying out different stolen cards at scale, and this is done not for commercial purposes but to protect card owners and support online businesses who want to keep their customers safe.
There is an enormous gulf between this and the all-encompassing surveillance that is the business model of many of the world’s biggest companies. This is why it is such a shame that some well-meaning organisations have become overzealous when it comes to protecting privacy in ways that end up helping criminals. The Brave web browser, for example, has a mission statement that we agree with wholeheartedly: “As a user, access to your web activity and data is sold to the highest bidder. Internet giants grow rich, while publishers go out of business. And the entire system is rife with ad fraud.” However, in addition to blocking the tracking used by advertisers, their browser also blocks device fingerprinting, which is one of the methods used to help detect fraud. Fingerprinting can be used both for mass data collection in tracking, but it can also be used for protecting security in fraud prevention. Therefore, blocking all of it is bad for end users, as it can also easily lead to accidentally rejecting genuine transactions.
As privacy tools are exploited by online criminals, this makes it harder for those trying to reduce or prevent online fraud and companies and consumers around the world will lose out – without anyone’s privacy being affected in a real way. The key point here is that before blocking certain tools their purpose should also be considered.
Working together
We hear about obvious cases of overreach and outright criminality online every day, whether that’s proposals to eliminate online anonymity in the UK or the Pegasus Project to target journalists and activists. These are easy to see as unequivocally wrong, but for most of us living digital lives means constant compromises between what we want to do and what we are willing to share. Rather than making a binary choice between ‘privacy’ and ‘freedom’, we all negotiate whether the services we use are worth the risk.
Companies who create software to protect ordinary people online need to have a nuanced view of what is and isn’t a breach of privacy unless they want their software to be used by and associated with criminals. We all have to use the internet together, so it is vital that companies offering privacy protection do not adopt an absolutist position but be more open to legitimate uses for solutions that protect users against fraud.
Visit: https://seon.io/.
