Privacy, the NSA and the Pyjama Brigade

Last week, MEF hosted its Second Annual Privacy Summit in Washington DC, where leading global privacy experts and policy makers gathered to discuss this business critical issue. MEF’s Senior Advisor for Policy & Initiatives, Simon Bates, was there.

Through a masterstroke of planning, we arranged our second annual Privacy Summit on the same day news broke of US intelligence services secretly mining consumers’ data. Privacy was in the news yet again…

Washington DC provided the backdrop for the annual MEF Privacy Summit. This was no coincidence – the US and its policy-makers are still leading the debate on mobile privacy. Co-hosted with Dentons and sponsored by AVG, the event brought together the most influential regulators with the leading lights of the mobile market to debate the extent to which app users’ privacy is at risk and who should protect it.

The event was held at the Penthouse of Dentons’ downtown offices, complete with view of the Washington Monument (covered in scaffold since the earthquake in 2011). Todd Daubert, partner at Dentons and MEF NA board member, opened proceedings and welcomed the 65-odd attendees – a significant increase on last year.

I was next up, presenting the findings from MEF’s inaugural Global Privacy Report – a survey of almost 10,000 consumers worldwide and their attitudes toward mobile privacy. I also took the opportunity to plug the work of the Privacy in Mobile Apps working group which will soon launch its first key deliverable, a tool for app developers to build best practice privacy right into the heart of their design workflow.

Siobhan MacDermott, Chief Policy Officer, AVG Technologies

The first panel, moderated by Todd, featured Alejandra Lopez-Fernandini, Supervisory Policy Analyst at the Federal Reserve Board; Ryan Mehm, Staff Attorney at the FTC; and John Verdi, Director of Privacy Initiatives at NTIA. With a new bill on mobile privacy making its way through Congress, and recent enforcement action from a State Attorney General, the panel’s discussion on the case for regulation was nothing if not topical.

The panel agreed that the first option should always be self-regulation – app providers will always be better placed and motivated to understand and respond to their customer’s concerns. Ryan Mehm commented that ‘Self regulation is necessary and desirable’, that it can exist hand-in-hand with regulation and government.

John Verdi applauded the innovation and commitment from a number of app companies who want to do right by the consumer. But, as MEF’s research makes clear, consumers don’t yet understand what’s happening to their data. There’s a lot of work yet to be done to educate consumers.

Todd quizzed the panel on the risk to business posed by a ‘patchwork quilt of State Attorney Generals enforcing different rules in different ways.’ John Verdi agreed, reflecting that the FTC needs the resource to carry out an effective, centralised enforcement programme. This would reduce the need for State A-Gs to get involved.

The second panel – moderated by renowned technology journalist and internet/mobile safety advocate, Larry Magid, comprised a cross-section of the mobile community. Michael Coates, Director of Security Assurance at Mozilla sat alongside Chris Davies, General Counsel and Head of Privacy at InMobi; Siobhan MacDermott, Chief Policy Officer at security pioneer AVG Technologies; and Scott Meyer, CEO of Evidon, which allows consumers to control how their information is used online.

Todd Daubert, partner at Dentons

There was a lot of discussion over the differences – or lack thereof – between privacy on the web and on mobile. Michael pointed out that mobile devices collect far more data than websites – but also allow for far more tools to protect privacy, such as contextual, just-in-time notification. Scott summed up the difference thus: mobile equals velocity; lack-of-control; ubiquity.

The panel also offered a novel way of describing all those developers around the world who build apps alone or in very small groups. The ‘Pyjama Brigade’ will always be an important demographic within the community.

Perhaps the highlight of the afternoon was the keynote speech from Senator Mark Pryor, Chairman of the Senate’s Communications, Technology, and the Internet Subcommittee. Chairman Pryor was clear that all users should have access to comprehensible information on how their data is being used and how they can manage it. He stressed that children belong in a special category and that their parents needed help to control how their kids’ information is being used. He then opened the floor to questions and gamely gave his point of view on the NSA’s alleged access to consumer records.

All-in-all, it was an excellent event and a significant step forward from last year in terms of content, attendance and speakers. This is befitting of the progress MEF has itself made on its Privacy in Mobile Apps initiative during that time. I’d like to thank everyone who came, especially the speakers for giving up the time to share their expertise.