Modern field guide to security and privacy
AUSTIN, TX - March 12: The Center for Democracy and Technology's Nuala O'Connor and Rafael Laguna, CEO of Open-Xchange speak at Crú Wine Bar during South by Southwest (SXSW) Interactive on March 12, 2016, in Austin, Texas.
Ann Hermes/The Christian Science Monitor | Caption

Is privacy a product or a right?

In a world where our most intimate thoughts are exposed and catalogued on the Internet, citizens shouldn’t have to pay up for their privacy to be protected

Almost everything we do ends up in data that we receive and send through the Internet: our work, our personal life, our passions, our opinions.

In one experiment, researchers tracked, in startling detail, one day in the life of a complete stranger, a Swiss journalist. By simply looking at his browser history, researchers uncovered the people he met, his reading interests, and the physical addresses he visited. They did not need to intercept his communications or steal his passwords. All they needed was access to his computer for roughly a minute.

This example shows how crucial privacy is for our safety and our freedom. Even if you have “nothing to hide,” you don’t want the whole world to be able to check what you’re up to each and every moment — including the most private ones. Many wrongdoers could use this information to target you in a number of ways, such as blackmail, if all this information about you became readily accessible.

And yet, there are many different opinions on whether you are actually entitled to keep your most personal information private. Many say that privacy, in these times of pervasive electronic communications, should be a fundamental right for every human being. This is recognized even in the most fundamental of charters, the Universal Declaration of Human Rights. However, others support the view that privacy is an option, an additional service that you can buy if the market chooses to offer it.

This privacy-as-a-service phenomenon is evident, for example, when you register a domain name. Even if you are an individual who wants to set up a website and express his personal or political views under the shield of a pen name, it’s illegal to do so in the United States. If you do not want your real name and home address to be displayed to everyone over the Internet, you need to buy an additional "privacy service," a product that will make its vendor appear in your place as the owner of the domain.

In Europe, however, privacy around personal information has been recognized by law as a free and unconditional right since 1995. This is why software and services that are designed and deployed in the European Union let you refrain from supplying any information which is not strictly necessary to the provision of the service that you require; and give you the right to request correction or deletion of your personal information at any time.

Under the new EU General Data Protection Regulation (GDPR), which comes into force in just over a year’s time, software developers and service providers will have to support "privacy by design." This includes enforcing personal data protection in the technical design of the application. Developers will have to supply "privacy by default", which means that under default configurations the applications will not share anything beyond what is strictly necessary, and the user will have to consent explicitly to any further disclosure.

At Open-Xchange, a global company headquartered in Germany, we are really happy about these principles, as we are Internet users ourselves, and we would not want our digital privacy to be broken in any way. It won’t surprise you to learn we have been embracing this best practices long before they became law. We have even founded community projects such as TES (Trusted Email Services), where we invite telecommunication operators and Internet service providers (ISPs) to a roundtable on current email interception threats and new open standards, so that they can protect everyone's email from unauthorized viewers.

We believe that privacy is a right. While we understand the need for security and intelligence gathering, we also think that we shouldn’t be forced to walk naked through the Internet, bearing our most private moments for all to see simply because of security concerns. We try to embody this idea in our products services, and earnestly hope that all other developers and service providers will share our beliefs.

Vittorio Bertola is the Research & Innovation Engineer at Open-Xchange, a web-based communications, productivity and collaboration software company based in Germany.