Entrepreneur is on the ground at SXSW. Watch our coverage for highlights throughout the festival.
As technology speeds ahead, we’ve struggled to keep our privacy intact. Recent current events drive this home, from the hacking scandals dogging the last U.S. election to the CIA leaks that surprised many this month with revelations about vulnerable Android devices and smart televisions used as two-way devices.
Hosting the FBI for conversation on cybersecurity at SXSW might seem particularly on point. In fact, initial guest FBI Director James Comey was too busy grappling with these issues in real life, so he could not attend. Two days before the start of SXSW Interactive, on the heels of unproven accusations from President Trump, the festival announced that Comey would be replaced. In the new programming, Newseum CEO Jeffrey Herbst would interview FBI general counsel James Baker instead.
We caught up with Herbst ahead of the talk. We wanted to get a sense for what’s been missing in truly understanding digital privacy. In this chat, the political scientist and author explores how mishandling these issues can impact everything from marketing to public safety to democracy itself. He also explains what he thinks will drive change in the short-term and the important role entrepreneurs can play. The talk takes place Monday, March 13, at 5 p.m. and is limited to registered attendees.
This interview has been edited and condensed for clarity and brevity.
What do you want most from the talk?
I think the context really is that the technology on a couple of different fronts has outstripped the regulatory and legal framework it operates in. There’s a variety of different reasons for that. Technology moves at a different speed than government. And also government has been paralyzed in terms of lawmaking for some time now. So we want to understand how does the bureau think through how it operates in terms of trade-offs between privacy and security.
In your research for the chat, what surprised you the most?
I’m just astonished at how little guidance they’re getting from what I would call traditional sources. The FBI should not be making policy on its most basic level. It should be enforcing the law. If you go back to to the San Bernadino cell phone case [where the FBI unlocked a shooter’s iPhone] there was nothing, really, in terms of guidance. The FBI, for better or worse, came to a solution which did not allow the case to be adjudicated. They hired a hacker to break the cell phone. And that was unfortunate because that would have gone through the courts and that might have provided us with something of a framework.
And the importance of that framework is easily lost.
We don’t want the FBI or any law enforcement agency to be making policy. I think we want to debate this as a country through the normal political standards and come to some kind of a consensus. That’s the democratic ideal. When you have ad hoc responses to things that come up -- and let’s face it, lots more things are going to come up that are entirely new to everyone -- then I think people are going to be surprised and we won’t develop democratic consensus and we just won’t have a democracy.
It’s very difficult to get people to take cybersecurity seriously. The most popular password is still “123456.” What’s getting lost in the privacy discussion?
I think people should ask, "What is a reasonable expectation for privacy in this age?" For instance, people have the wrong legal view of privacy in the workplace quite often. They expect more privacy in the workplace than they are legally entitled to. We haven’t even begun to have the "What is your expectation of digital privacy?" discussion. We haven’t in part because things are moving so fast. And in part because some of this is cloaked in national security or law enforcement and it’s difficult.
I think the bigger discussion is: What is our privacy need? What do we expect? And what do we think is reasonable for law enforcement? And this is very complicated, but what is the role of the big technology companies that are supplying us with all these things? As a society, I think we haven’t come to any conclusions about that yet. But I think we have to start having those discussions.
In your research, are there frameworks or approaches in place that seem promising?
I think it’s nascent. I think people are starting to have really good thoughts. But to my mind, it hasn’t penetrated the political arena yet. Politicians are not discussing this thoroughly. We’re not having difficult debates. If you asked yourself, what were the privacy platforms that any of the major candidates, and I’m not just talking about the last two, I think you’d be hard pressed to know. I don’t think we’re there yet. We just have to go through that messy business. But we’ve got to start because technology’s not waiting for us.
So many people don’t mind if, say, their smart refrigerator can track their every move. What are the risks of not having a closer eye on privacy?
I think we haven’t begun to understand if people can access that data and how they can aggregate it and use it in ways that [the refrigerator] is not necessarily approved for. What if people could hack into all the refrigerators and draw conclusions. Say, people who have certain foods or certain amounts would be targeted for ads or political purpose? It’s one thing to let it all hang out there, but we have to think, what are people going to actually use this data for. One thing is for certain, if the data is available, someone will figure a use for it.
Will reveals like the recent CIA revelations make people sit up a little bit straighter?
I do think they were useful in teaching people that if it’s connected to the Internet, it’s potentially open. Harry Potter used to say in a lot of the books, “Never trust a magical device.” Any device that had magic in it was questionable. So what people got to understand -- and before their smart refrigerators are hooked up -- is that any device that’s connected to the internet makes you open. And we we only have, in the common parlance, the most primitive notion of encryption. Some things are more encrypted than others.
And people still don’t have a good understanding of what data is important. For instance, who you call is actually much more important than the content in your phone calls. That question, the whole question of the meta data, I don’t think that people have focused on yet, because they don’t want to.
What needs to change to get to those mindset shifts?
Let’s face it, most people have the same attitude toward their mobile phone as they have to their cars. Which is, "I know how to drive, but I have no idea how the transmission works." They think if they can manipulate it and make it work, they don’t have to give any thought to what’s under the hood. But in this case, it’s a lot more complicated. This is really something where if you’re going to integrate your life into, you should learn some basics about privacy.
What is the lesson for entrepreneurs? How can they be proactive?
Isn’t this screaming that there’s a market out there for privacy? It’s just screaming. It has to be done in a way that doesn’t turn people off. I’m a political scientist by training. It’s something where the world doesn’t think what you do is that interesting but you guys think it’s fascinating. That’s true of computer people, too. They think that the ins and outs are so fascinating but most people just want to get on with their lives and have these things work. So making it simple and easy and providing a real benefit -- that screams "entrepreneur."
What will drive these conversations going forward?
Fiascos. Disasters, both on a national scale and something people understand like credit cards being hacked. And personal stories that people hear. Identity theft wasn’t a thing a few years ago but now it is because people have heard individual stories about it. Our society, many societies, are propelled forward by bad experiences.
If we don’t develop the legal framework and start doing something pre-emptive with it, then we really will be governed by responding to the most recent crisis and those are the times when you make the least good decisions.All of this is what I call the normalization of America in terms of our vulnerability to the rest of the world. The rest of the world has always been vulnerable to outside interference and problems that we in America, partially because of two oceans, partially because we’re powerful, we never thought of ourselves as vulnerable. Now we’re going to start thinking about these things. And it’s nothing the rest of the world hasn’t been worried about for a long time, but I think it’s an issue for us now.