Beyond all of these factors, the numerous methods that enable digital consumers to share vast amounts of personal information have exploded. In order to enjoy the benefits of no-cost social networking, email, storage, VoIP, and internet services, consumers have unveiled an unprecedented amount of private data to their CSP, social networks, and the public at-large.
On the positive side, this has created more possibilities with the sharing of ideas and information. This data can also be leveraged by CSPs to improve marketing efforts and create personalized experiences that enhance a customer relationship rather than diminish it. On the other hand, the amount of publicly available data on individuals is downright scary. You don't need a $2 billion data warehouse in Utah and a Patriot Act to snag personal details and a home photo of anyone with a phone number. Where traditional research falls short, Facebook has proven a treasure trove for news reporters and journalists. As long as consumers use no-cost services that are subsidized by data collection and monitoring, little will ever change.
Does all of this mean we are headed for a Orwellian future? And if so, can or should CSPs help us avoid it? It's important to note that while some of the tools may be in place for the theoretical real-time monitoring of U.S. citizens, there are many groups fighting hard to ensure that we never reach this reality, including the EFF, the ACLU, and numerous CSPs. The EFF has initiated numerous lawsuits against the NSA; one of the most recent focused on GPS location data. "The court came to the right conclusion," said Mark Rumold."They decided that the installation of the GPS device was a search under the fourth amendment, but held off on the more difficult question of whether tracking someone's movement is a search within the meaning of the fourth amendment." Likewise, the ACLU has challenged the NSA in court, business advocates have argued ardently against mandates that would undermine innovation and privacy , security experts have sounded the alarm regarding the potential abuse of surveillance backdoors, and CSPs have joined the Digital Due Process coalition to fight for privacy rights in Congress.
The widespread popularity of non-traditional communication is a blessing in disguise for consumer privacy as well. OTT messaging and communication is currently outside the bounds of CALEA, encrypted messaging can't be cracked (unless it originates from a CSP, i.e. text messaging), and there aren't backdoors built into the code that provide for surveillance. The safest way to communicate right now would be over an encrypted connection provided by a third-party service (not an ISP or CSP), or over an encrypted OTT service. Building real-time surveillance (not simply collection) abilities into network hardware and communication software would create such pervasive security vulnerability--the same kind of vulnerabilities that have prompted investigations into ZTE and Huawei--that is unlikely we will see this type of development anytime soon.
Data collection and monitoring is big business, but as the EFF opined in a white paper in April of 2012, "The issue is complicated because most of these technologies are 'dual use.' This means that along with the ability to facilitate human rights abuses, nearly all of these technologies can be used for legitimate purposes." The same technology that can be used to launch un-warranted surveillance can also be used to create better network and computer security, enable valuable research, and better protect citizens. It's fundamentally different if Google has personal communications data stored, than if the NSA has communications data stored. This is why it's crucial that consumers and their service providers (and their vendors) understand who has access to personal and communications data and understand exactly how that data is being used.