As seedy businesses go, you’d be hard-pressed to find many that top Ashley Madison.
While traditional dating sites allow people to find dates, relationships, and even marriages, Ashley Madison’s version of “dating” caters to people who want to fly under the radar and cheat on their spouse. “Life is short, have an affair,” as the company’s tagline says.
Except it’s no longer under the radar.
Ashley Madison’s website recently suffered a major cyber attack, with the hackers downloading an enormous amount of users’ data for the public to see. Names, email addresses, credit card numbers – basically, crucial information that users very much wanted to stay private. After all, cheaters hardly wish to be exposed!
Two users even committed suicide after their details were leaked.
The lesson from this breach is simple: Once your information goes online, it’s no longer guaranteed to be private.
Yes… even if the company taking the information promises to keep it safe.
Yes… even if you didn’t give the information voluntarily.
And yes… sometimes, even if it’s illegal to disclose the information.
For every advance in cyber security, cyber thieves are just as determined to access data, which then either becomes widely available or can cause you serious harm. Right now, nobody has an answer to this global epidemic.
Your health insurance company can’t keep your data safe. The IRS can’t keep your data safe. Even the National Security Agency – the world’s foremost experts in cyber security – can’t keep its data safe.
Much Ado About Nothing Over Spotify’s Snooping
Privacy activists and the internet went insane!
It looked like Spotify was going to collect an enormous amount of information that had nothing to do with what music you listen to. Was the company going to sell its listeners’ profiles to marketers? Was it going to use the data to create another service? Or was the company just nosy?
The truth was benign – the additional data that Spotify wanted to access was in order to help the company provide better service. Trouble is, the company did a terrible job of explaining that! Here are two examples…
Move to the Music: Spotify wanted more information on its users’ movements, not so it could stalk them, but for greater customization. When someone is walking, running, driving, or on the train, what could Spotify do with this information?
Well, one of its features is to tailor music to what its users are doing. For example, based on your listening preferences, it can chose songs that match up with a user’s running cadence. Personally, I think a music stream that would change when I move from a traffic jam to highway speeds would be pretty neat!
Smile for the Camera: Spotify also wanted to look at its users’ photos. Why? So it could create personalized cover art for albums and use a picture of the user for a profile image. But only if a user actually wanted to do those things.
So the truth is, Spotify wasn’t doing anything nefarious at all, as CEO Daniel Ek explained in a subsequent blog post.
But why the huge outrage?
There are three reasons:
- Information Abuse: We’re all understandably wary about the information we give to companies – especially now that it’s all stored online. We fear companies will abuse our privacy rights, or that it will be stolen as in the Ashley Madison case and numerous others. The more data we put out there – and the more places we put it – the more likely it is that something will be stolen. It’s bad enough when you provide health information to your insurer and it gets stolen – but at least the information was relevant to something you wanted to do. But with Spotify, nobody wants their private pictures published in some hack attack just because they wanted to listen to music!
- Corporate Ignorance… or Arrogance? Many companies simply don’t understand how wary their customers are these days and refuse to believe that their users don’t fully trust them – even though they can’t give ironclad assurances over their data security. It likely means that companies’ top management don’t pay enough attention to their own privacy agreements. For example, product designers will come up with a cool new way to use data and then lawyers will rewrite the privacy agreement to allow access to that data – except they do it in the most sweeping terms possible. That’s good lawyering, but terrible business.
- Why Do You Want My Data? There’s plenty of confusion about why companies might want access to your data, particularly when they share it with third parties. The Spotify example provided another good example of this. When it shares information with other parties, how much are they sharing and why? Obviously, they have to share information with mobile providers, just to make sure the right music goes to the right person. But when are they using it to create personalized ads, to whom are they selling the information, and when is that information specific to a user? A personalized ad based on location and behavior, but without knowing the actual identity of the user, is different from a personalized ad that goes to a specific user and is based on peeking at that user’s personal information.
These last two issues should be pretty easy to fix – and may actually go a long way toward alleviating at least some of the concerns of the first point.
Ultimately, companies like Spotify must do a better job of understanding their users’ concerns. And they must certainly do a better job of explaining why they need any given piece of information.
Or, alternatively, they can haul out their CEO to apologize after the damage to their reputation has been done.
To living and investing in the future,