Photo via Flickr
Microsoft has an idea for how to protect our privacy online, and it’s a doozy. A top executive suggested we should slap DRM restrictions on our personal data so that people can track how it’s being used as it moves through the web.
The thinking is, just like record labels tried to control who copied and resold and pirated what was rightfully theirs, we should be able to control the use of what’s rightfully ours: our identities. Logical enough, but didn’t we learn anything from the digital music fiasco?
Videos by VICE
Craig Mundie, senior advisor to the CEO at Microsoft, floated the idea of DRM-for-data at MIT Technology Review’s EmTech conference yesterday. He said the amount of personal data on the internet is spiraling out of control, but we need to rethink the way we’re tackling the problem.
Instead of trying to stop the data from slipping through our fingers—with “do not track” options and privacy controls and the like—we should focus on how to manage it once it’s out there. There’s accumulation of swaths of user data online is inevitable, but we can supervise how it’s used.
As it is now, we give apps permission to use our data but then have no idea what’s being done with it down the line. Our online identity becomes a digital currency for wheeling and dealing data brokers and advertisers and god knows who else. And we’re not witness to those transactions.
Mundie thinks DRM can change that. Basically, any sensitive personal information—like medical data or geolocation data—would be protected with “cryptographic wrappers” and metadata, he explained. Anyone that wants to use it, namely apps, would need permission from a “central authority” that has the encryption keys. To enforce the rule, he proposed making it a felony to break the agreement.
“You’re being observed. Whether it’s for commercial purposes or other activities, I don’t think it’s possible anymore to decide to control things by controlling the collection and retention of the data,” he said at the event. “We have to move to a new model.”
Microsoft is at least trying to solve the right problem. And it’s not alone in that effort; private companies and policy makers alike are scheming up ways to help users take back control of our own data. But DRM is not the best answer.
First off, it didn’t even work for the music industry. It was considered over-restrictive and was eventually abandoned altogether in favor of a new business model. “DRM” is almost a dirty word now. It’s also not very effective. Digital locks can be picked, encryption decoded. And if you slap every hacker with a felony charge, prisons will be overrun with tech-savvy criminals.
Another conference speaker, Katherine Frase, CTO of Global Public Sector for IBM, said that while the encryption technology exists to pull this off, the execution is another thing. “From a policy perspective, how can you enforce having the app tell you where all that data will be going?” she asked.
Moreover, the idea of locking up our data with laws and regulations is just too authoritarian to sit well with Americans. The EU and China have been leading the charge to pass online privacy laws, but the freedom-minded US government’s pushed back on some of the more ironhanded proposals.
Mundie, who heads up policy and regulation for Microsoft, said yesterday that the idea was received favorably with governments and businesses at the World Economic Forum. But I don’t envy the lobbyist in charge of getting a data-DRM bill through Washington.
