The National Security Agency (NSA) surveillance activities revealed by former CIA contractor Edward Snowden appear to be taking a serious toll on public confidence in technology companies in America, such as Internet service providers and software companies, according to a Harris poll commissioned by ESET. The poll found that two-thirds of adult Americans who said they are at least somewhat familiar with the NSA revelations believe such companies have violated the trust of users "by working with the government to secretly monitor communications of private citizens."
That violation of trust led 60% of those Americans familiar with the NSA revelations to agree with this statement: "I am now less trusting of technology companies...as they may be assisting the government in surveillance of private citizens.”
Taken together with the changes in online behavior uncovered by the same poll and reported on We Live Security last week, these findings support the idea that economic fallout from the NSA’s activities may be broader than first thought. With well over half of the respondents signalling a decline in trust, it is reasonable to ponder the impact of this phenomenon on the uptake of technology products and services.
We already know that a small--but in my opinion significant--percentage of people are reducing their use of technology, so is there a trend toward delaying or modifying the purchase of software or Internet services? While the ESET survey did not address this question directly, I would love to see major media organizations and public opinion researchers exploring questions like this.
In fact, we did get two interesting data points from a poll released last week by Reason-Rupe. The poll covered a wide range of social and political issues in America and included this question: "Which of the following do you trust the most with your personal information?" The choices included the IRS, the NSA, Google, and Facebook. The results, which echo some of the ESET findings I will report in a moment, indicate that the two tech giants have a lot of work to do when it comes to public trust. Both the IRS and NSA were trusted more than Google and Facebook, who were ranked as most trusted with personal information by just 10% and 5% of the survey subjects respectively. Even though many Americans dislike the IRS, it was trusted by more than a third of respondents (35%), whereas the NSA was trusted by less than one in five (18%).
When it came to the second privacy-related Reason-Rupe question, "Who do you think is most likely to violate your privacy?" the NSA topped the list at 36%. Facebook was ranked second most likely to violate privacy at 26%, while Google was relatively well-regarded at 10%. We will return to this aspect of trust in a moment.
Tech distrust tempered by public safety concerns?
While the ESET survey revealed considerable levels of mistrust and antipathy toward technology companies among people familiar with the NSA revelations, arising from the apparent involvement of firms in secret government surveillance, these sentiments were not universal. A significant number of the same group of people, familiar with the NSA revelations, people told us companies should cooperate in government surveillance efforts. Indeed, just over half said companies should cooperate.
So what is going on here? Another statistic might provide a clue. We found that mass surveillance has a fair number of supporters in America. Of those Americans who were surveyed and who said that they were at least somewhat familiar with the NSA revelations, 57% agreed that mass surveillance at the scale revealed by Snowden helps prevent terrorism (versus 43% that disagreed). Note that the statement says "scale" revealed and not type, and therein may lie another clue.
I get the impression that people see value in surveillance as a defense and deterrent, but they are not necessarily happy with the way the government has gone about the surveillance. I'm not saying that's the only way to interpret the survey results, but that is my best guest, bolstered by one more finding: the number of people who "believe there should be new laws implemented to better regulate government surveillance." An impressive 81% of American adults who said they were at least somewhat familiar with the NSA revelations agreed with that statement.
Whether or not American politicians and political candidates are asking the same question and getting the same answer, I don't know. However, as the mid-term elections get closer, and position statements on surveillance legislation are publicized, we may find out.
Cyber crime vs. government surveillance vs. companies
We have already seen some political responses from the very same technology companies about whom the public has strongly mixed feelings. I think there will need to be much more of the same if said companies are to lower the level of concern we discovered when we asked: Which one of the following aspects of surveillance and data gathering concerns you the most? Well over half (58%) of Americans familiar with the NSA revelations are most concerned about surveillance and data gathering by companies for profit. Compare that to just one-in-five (21%) who are most concerned about government surveillance for national security reasons.
Just as tech companies will need to keep working on earning the public's trust, companies and organizations of all kinds will need to be vigilant when it comes to cyber crime. Why? Because our survey suggests that, when it comes to the security of their personal information, people are far more worried about criminal hackers than government data gathering.
Over two-in-five (42%) Americans familiar with the NSA revelations are most worried about criminal hackers stealing information (e.g., personal details, passwords, bank or credit card information) from a company or service they trusted (either online of offline). A further one third (33%) are most worried about criminal hackers stealing information.
I grouped those two responses in the following pie chart, which shows that only 18% of those surveyed are most worried about secret surveillance and data gathering directed by the government at private citizens such as themselves. (A small percentage are either worried about some other security risk or not worried at all.)
What should tech targets and other companies do?
If your tech company is likely to be a target of the negative sentiment reported here, you might be wondering what you should be doing to win back confidence. In my opinion the watchword is transparency. Be as open and honest as you can about how you deal with government requests for data. Publicize your policies on this and every other aspect of data privacy. Be proactive in starting a conversation about privacy with your customers.
You should also give serious consideration to taking visible political action. If there is a bright spot in the attitudes we have observed it is that 74% of people we interviewed in an NSA related survey late last year said they would admire a company “that took a stand against unlimited government access to my personal information.”
And what if you're not a tech company, or don't consider your firm to be tarnished by the Snowden/NSA revelations? I think you still need to be sensitive to the opinions we uncovered. They are yet another indicator that the American public is more sensitive than ever about how their personal information is handled. Not that the NSA is the only factor in play. There is no doubt in my mind that the massive security breach at Target, revealed in the closing days of 2013, has further fueled data privacy concerns. Again, my advice is to embrace transparency and be up front about your privacy policies and commitment to data security. Given the blanket media coverage of the NSA revelations and the Target breach, organizations can no longer claim to be surprised if there is a data breach and the data subjects get very upset.
Survey Methodology: The survey was conducted online within the United States by Harris Poll on behalf of ESET from February 4-6, 2014 among 2,034 U.S. adult adults ages 18 and older, among which 1,691 are at least somewhat familiar with the NSA revelations. This online survey is not based on a probability sample and therefore no estimate of theoretical sampling error can be calculated. For complete survey methodology, including weighting variables, please contact esetpr@schwartzmsl.com.
Survey Reporting: Unless otherwise noted in the text, percentages reported for responses refer to the 1,691 persons who said they were at least somewhat familiar with the NSA revelations.