Privacy is the most complex engineering challenge in computer science.
If you deal with privacy, the first document you need to check is Article VI of the New START agreement and its predecessors, SALT I, SALT II, and START I, beginning in 1972. The latest was signed in 2010 and expired in 2026 few months ago. Article VI of New START states: "Verification of conversion or elimination in accordance with this Treaty shall be carried out by national technical means of verification in accordance with Article X of this Treaty." The other party cannot interfere with this. This may limit your ability to provide privacy promises to your customers, at least in the United States.
Privacy has been controlled in the United States since the Fourth Amendment. It is worth considering how much the aforementioned treaties apply in the case of home offices, for example.
Safe Harbor was a 2000 agreement between the United States and the European Union that allowed U.S. companies to transfer personal data from the EU to the U.S. while complying with EU data protection rules. However, the effectiveness of such measures is questionable because of the other treaties signed by the United States above. Do you remember Solar Winds?
European regulators enacted the GDPR in 2016, which was followed by many others in other countries, such as the UK in 2018 and 2021. These laws generally provide customer protection measures such as knowing what data is collected, the purpose of its use, and the ability to download it, request corrections, and have the data deleted. These clear rules are still the standard today.
Practice entered a new era, often called the SaaSPocalypse. Government-sponsored actors known as APTs, activist groups, and criminal organizations all support hacking activities. Cloud computing allowed governments to take control of civilian systems in the name of cybersecurity, while the dark web allows criminals to spy on citizens or their competitors. The final countdown will likely add controlling the use of our data in any system.
SaaS sites were built on mutual trust; however, their user management is non-standard. Some tie accounts to an email, some to a person, and some to a company. Some cloud providers even tried to build authority by setting account standards or trying to claim whether a company account is tied to the employee at certain levels, similar to corporate credit cards.
The practice of corporate red teams testing systems may also raise questions about whether this affects compensation and bonuses, and whether it is discriminatory under the cover of secrecy.
Healthcare data affects data management through stricter regulations that reach criminal law. However, the few traditional operating systems built underneath still follow the same 1980s concepts influenced by the regulations above.
Private companies tried to build their own frameworks. NDAs are common practice in many industries. They tie the paid employee & the company together. However, these have limitations. Standardization is one. NDAs with different vendors may be incompatible. Technically, it is possible that everyone in an industry signs an NDA based on the usual terms. What is the point then?
Repercussions vary, and the general rule is the same as with credit default swaps in the 2000s. There cannot be a plan to breach an NDA, so their book value is zero. Still, many managers treat them as belonging to a corporate group, or treat them as an informal form of "licensing" due to the limitations of working with companies that have not signed. This group mentality limits the use of these 1980s constructs in the 21st century, where even Big Tech can buy datacenter capacity from each other. World trade wins.
Trade secrets are another way of protecting corporate intellectual property. Generally, these are marked with copyright and confidential notices and kept on premises. Do not leave them on a public restaurant table. Some companies, notably Apple, made news headlines when trying to find such lost items at journalists' premises. It is unclear whether such practices may loosen privacy protection by allowing Apple to be searched in case of similar claims.
The economics of information is changing significantly with generative AI. Education has long been the frontier between information sharing and licensing. U.S. private schools are often like sports teams. They are keen on hiring each other. Other countries tie local licenses to accredited degrees. This mix has always limited access to affordable higher education for many.
Many may question the effectiveness of professional licensing. Long-term contracts secured by strong degrees, job security, and financing are ways to expand the economy with limited access to money and sky high gas prices and interest rates. Similarly, local regulations on real estate improvements bring a standard that can maintain home values.
The author is the inventor of two U.S. and international patents in the area of user privacy.