My Privacy: Safely Navigating Life Online

SAN FRANCISCO — Jan. 27, 2009 — Last year members of industry and government in the United States and Canada joined colleagues in Europe to celebrate Data Privacy Day, an occasion established in 2007 under a joint initiative of the Council of Europe and the European Commission to be held annually on Jan. 28. The day is intended to increase awareness of privacy and data protection issues among consumers, public and private organizations, and government.

In the United States this year, Microsoft and other members of industry are sponsoring a number of events for Data Privacy Day. Microsoft is taking a leading role, hosting a signature event, called “My Privacy: Safely Navigating Life Online,” at the San Francisco Public Library. This year’s panel includes privacy experts from Microsoft, MySpace, the Center for Democracy and Technology, Intel Corporation and the California Office of Privacy Protection, as well as a young law student active in online safety education.

In conjunction with the event, Microsoft commissioned focus group research to determine which privacy issues are most important to consumers. The findings were captured in a short documentary that will be screened prior to the panel to inform the discussion. The video is available on Microsoft’s Data Privacy Day Web Site (http://microsoft.com/dataprivacyday).

To learn more about Data Privacy Day, the research findings and current issues in the world of data protection, PressPass spoke with Microsoft’s Chief Privacy Strategist Peter Cullen this week.

PressPass: Why does data protection deserve its own day?

Cullen: The Internet offers us so much now, whether it’s free or commercial — social networks, health services, online banking, retail sites or photo-sharing sites. These services provide great benefits, but they also require consumers to share more and more information about themselves online. This, unfortunately, makes the Internet a magnet for crime. Personal information has become the new currency of crime, and “cybercriminals” are always trying to find new ways to target data for profit.

So it is essential that people are educated and can make informed decisions when it comes to complex privacy issues. Data Privacy Day is about industry and government coming together to ensure that consumers truly understand the concept of online privacy and evolving threats to online safety.

PressPass: You’ve done some research on those issues this year. What did you find?

Cullen: One big thing was that, while many consumers are very concerned about protecting online privacy, they typically have only a surface understanding of the threats they face. People take basic steps such as using spam filters, deleting cookies and installing anti-virus software, but they’re not necessarily aware of what these technologies do.

People also have a perception that once their information is online, there isn’t much they can do to protect it. Many people aren’t aware of the controls they have, such as the ability to opt out of behaviorally targeted advertising or new tools in Internet browsers.

In addition, specific concerns and risks change depending on how people use the Internet. For example, threats to privacy stemming from social networking sites are a large concern for young people and, increasingly, middle-aged professionals. Online finance issues, meanwhile, may affect older people more.

What these findings tell us is that we must do more to educate consumers. People are making privacy decisions all the time and may not even know it. They must have the right resources from industry, government and nongovernmental organizations (NGOs), so they can better educate themselves about privacy, threats to personal information and ways to safely navigate online. Much like a medical condition: consumers need to understand how the illness occurs, instead of just what medicine to take.

PressPass: Did any of the focus group findings surprise you?

Cullen: We thought the research would reveal significant differences between generations, about their perceptions and levels of awareness related to online privacy and safety.

To our surprise, the research found more similarities than differences. For example, across generations, participants reiterated concern about online privacy but admitted that the convenience of Internet use outweighs the risks. Similarly, all age segments acknowledged using tools or taking other actions such as implementing spam filters, deleting cookies and installing anti-virus software to protect online privacy, even if they aren’t entirely certain how to best use these resources. Lastly, when it comes to accountability, the participants called for shared responsibility, but reiterated that first and foremost, they hold themselves accountable for protecting privacy online, citing the importance of making intelligent decisions as to what information is shared, where, and with whom.

PressPass: Hence the Data Privacy Day events and related videos.

Cullen: Yes. In the United States, Microsoft will release a five-minute video that highlights findings from focus group research conducted in Dallas and San Francisco, examining privacy issues among certain age groups.

The video will debut at the Data Privacy Day event being held today at the San Francisco Public Library. The panel discussion that follows will focus on online privacy issues and provide attendees with practical tips and information to help protect personal data.

Also, in the European Union, Microsoft partnered with European Schoolnet to sponsor a video contest for students about online privacy.

PressPass: Give us an example of how education can promote safety online.

Cullen: Identity theft is an issue that consumers are worried about. And people do look for SSL (Secure Sockets Layer) certificates and use phishing filters to help prevent victimization. But cybercriminals are developing new techniques all the time. They use phishing and social engineering schemes to steal personal information, or to compromise PCs, and there is little understanding of them.

If consumers understand the methods employed by cybercriminals, they will more easily identify when and where their personal information is potentially at risk. They can actively avoid those situations rather than merely relying on technology to protect them. While technology is helpful, it must be coupled with consumer awareness.

PressPass: What technology has Microsoft developed to protect personal information?

Cullen: Microsoft provides many technologies for people to have a more secure and private online experience. For example, the Microsoft Phishing Filter helps protect consumers from phishing attacks that might compromise their personal information. Windows Defender is a free program that provides protection against spyware and other potentially unwanted software. Windows CardSpace helps consumers manage multiple digital identities and ensure that parties asking for digital identities are who they say they are.

PressPass: How does Privacy Day fit into Microsoft’s other efforts to help consumers protect themselves?

Cullen: Our strategy for protecting consumers’ personal information is a combination of technology, consumer education and partnerships with NGOs, government and members of industry.

We are continually evaluating our education programs to make sure consumers are getting in-depth information, and to identify new ways to get it to them. We are also developing a toolkit for legislators and NGOs, to help them educate people about privacy and online safety.

Beyond education, Microsoft has developed privacy guidelines to help companies create products and services that help customers control how their personal information is collected, used and distributed. These draw from Microsoft’s experience incorporating privacy into our development process, and they reflect what customers have told us, as well as global privacy laws.

As a leading member of the Information Card Foundation, Microsoft is working to give consumers more direct control over their online identities. This effort includes partnering with government, law enforcement, businesses and consumers to advance the use of digital identities and an identification system that enables convenient and highly secure transactions. Information Card technologies such as Windows CardSpace ultimately seek to reduce online identity theft and increase confidence in e-commerce and other online services.

Microsoft is also an established advocate for federal privacy legislation, and has worked with industry partners, policymakers and consumer advocates to develop common industry standards for privacy protection, including comprehensive privacy legislation in the United States.

PressPass: Are companies and consumers winning the fight against cybercriminals?

Cullen: While we are gaining ground, trends suggest that criminals will continue to build malware to steal personal information through social engineering schemes and software vulnerabilities. The total amount of malware and potentially unwanted software removed from computers worldwide actually increased more than 43 percent during the first half of 2008. So we’ve got a long way to go.

And everyone has an important role to play. Industry, government and NGOs must build on the already strong consumer education efforts that are under way. Those efforts must move beyond prescriptive guidance and focus on helping people truly understand the concept of online privacy and evolving threats to safety.

Together we must find accessible, innovative strategies to help people protect themselves. Events such as Data Privacy Day, new curricula for schools and public/private partnership efforts are helping, but we need more. The good news is, we have deep commitment across NGOs, government and members of industry to build on what we’ve already accomplished.