What will it take for the government to protect your privacy?

Edward C. Baig, USA TODAY

Is 2020 the year when the government finally does something real to protect your privacy? Up until now, it has been all on you, the consumer. 

When it comes to technology, it's not just Big Brother watching or even Big Tech. Your Fitbit tracker, Ring camera, Alexa voice assistant, Google searches – almost anyone seems to have access to the data of your life.

"You have zero privacy anyway." That's how then-Sun Microsystems CEO Scott McNealy put it to reporters and analysts more than a couple of decades ago. 

A majority of Americans say it is not possible to go through their daily lives without being tracked, according to a Pew Research study

Though we've grown accustomed to it, is it really something we should simply accept?  

"Just the fact that almost every day when we read the newspaper (and) see different concerning stories about privacy and security breaches, it would be almost impossible to conclude that enough is being done," Federal Trade Commissioner Rebecca Slaughter said during a privacy panel at the CES tech industry expo this month in Las Vegas. (She said the opinions were her own, not those of the FTC.)

Women of the Century: Who inspires you? USA TODAY seeks your Women of the Century to commemorate 19th Amendment

U.S. lawmakers lag their European counterparts in getting legal heft behind consumer privacy protections. The European Union's General Data Protection Regulation, more commonly referred to as GDPR, went into effect in 2018. In this country, only California, whose privacy law took effect Jan. 1, is tackling this issue head-on.

Other states are all over the map when it comes to laws governing online privacy, according to rankings from the Comparitech security and privacy research firm.

Debate continues about whether the USA needs a privacy law that covers all 50 states.

"We would like to see a national law around this," said David Limp, Amazon's senior vice president for devices and services, during an interview at CES. "Because trying to implement it state by state, with nuances in every state that are slightly different, leaves a lot more room for subjective interpretation."

The feds aren't completely neutered. Last July, the FTC fined Facebook $5 billion, a record-breaking sum that was part of a settlement for violating consumer privacy, prompted by the scandal involving Cambridge Analytica in 2018. It was not the only data rupture to stain the company.

At CES, Erin Egan, Facebook's vice president and chief privacy officer, conceded that more needs to be done while talking up the social network’s expanded privacy checkup tool for consumers. 

Her counterpart at Apple, Senior Director for Global Privacy Jane Horvath – the public appearance by an Apple executive at CES was a rarity – reiterated the company’s long-standing commitment to “privacy-by-design” principles used across all its products.

But she agreed that “there’s no way to say that at this point in time, we’ve reached a panacea.”

Though the tech industry may be saying all the right things –  and in some instances doing something about it – critics aren't persuaded. 

Washington Post columnist Geoffrey A. Fowler calls such statements "privacy white-washing: when tech companies market control and transparency over data but continue gobbling it up." It's not what we need, he said.

Amazon and Google's ring of privacy fire

The devices and services we have given free rein in our homes and our lives to make things easier have, in too many cases, become portals to privacy violations.

In December, login names and passwords of more than 3,000 customers of Amazon-owned Ring were exposed. There have been frightening reports of hackers compromising the internet-connected cameras and doorbells.

A family in Mississippi claimed a hacker gained access to a Ring camera placed in their 8-year-old daughter's room and started talking to her. 

Ring said the incident was not related to a breach or compromise of its security but rather due to the fact that customers often use the same username and password for their various accounts and subscriptions, which bad actors may obtain elsewhere.

Regarding Ring, Amazon's Limp insists, "we've had very good security in place, including what I would consider best-in-class two-factor authentication."

But, he added, in some cases, "we needed to be more strict on the path (customers) took to put high security in place. So instead of an option of two-factor authentication moving forward, we're going to make it mandatory, a lot like your bank does."

He said Amazon enabled a feature over the holidays that any new login attempt on a device that you already have installed will send you a notification to put in a code.

Always alert Alexa and Google Assistant have been caught listening when you might not have expected them to be, which wigs out many consumers. Amazon has long insisted its voice assistant is, essentially, holding its breath until it detects the "Alexa" wake word.

Limp claims Amazon is being more transparent. Amazon added an Alexa privacy dashboard portal, and you can tell Alexa to "delete what I just said." You can opt out of "human annotation," in which Amazon employees can listen to voice recordings in an effort to make the system better. Limp said only a fraction of 1% of data is seen by human eyes, and all personally identifiable information is removed from such recordings, so Amazon doesn't know it is you.

If you do nothing, he said, Amazon will keep your data in perpetuity.

Google added the ability to tell its Assistant to butt out by saying, “Hey, Google, that wasn’t for you,” which is supposed to give the Assistant a temporary case of amnesia. 

Federal Trade Commissioner Rebecca Slaughter says it doesn't look like enough is being done to protect people's privacy.

Protecting privacy is on you

Tech companies don't make it easy for the consumer.

“I’m a relatively well-educated person who specializes in privacy," Slaughter said, "and I can’t possibly figure out all the things that are being done with all my data across different services. And that’s just by the companies with whom I have a first-party relationship and doesn’t even think about the backbone infrastructure where there’s third-party data sharing."

A network of data or information brokers collect, buy or sell your personal information, typically without your knowledge.

Almost no one reads a tech or other company's terms of service. Even if you do, you may need legal training to figure out what it all means.

Beyond the short-term violation of one's privacy, Slaughter frets about the “downstream harms,” decisions based on leaky data about your future job or credit prospects, for example, or “the targeting of content to consumers in ways that could be manipulative or problematic.”

Jeff Immelt, an executive at Tuya, says bad guys advance along with technology.

And what's abundantly clear, tech evolution isn't just the domain of the well-meaning. "With every advancement in technology, the people who want to do bad things get more sophisticated as well," said Jeff Immelt, the longtime head of GE who works with smart home platform Tuya. He told USA TODAY he believes the good guys are keeping pace.

Chipping away at privacy: How technology made us bid farewell to privacy in the last decade

 Apple's Horvath rattled off some of the ways it strives to protect customer privacy. The company creates random numerical identifiers to mask data sent up to Apple’s servers when you use Siri or Maps.

Apple adheres to the mantra that privacy is a human right and uses the company's stance on privacy as a marketing tool.

Apple's position leads to friction with law enforcement when investigators seek access to evidence locked away in a privacy-infused device.

Amid all of this, one thing is apparent: It will take a lot more industry effort – combined with stricter federal intervention – to give consumers the data safeguards and level of privacy they ought to expect. 

Email: ebaig@usatoday.com; Follow@edbaig on Twitter

This article originally appeared on USA TODAY: Your privacy is at risk: Why we need a federal data law