Privacy Baked In - a Conversation with Idka co-founder, Bjørn Stormorken

We hear a lot about digital privacy these days. Data breaches and misuse of personal information top the news. Even tech industry leaders are speaking out against what we’re calling the Surveillance Economy. But, what does it mean to build solutions with privacy “baked in”? What’s the technology behind it, and why is this important for businesses, as well as individuals? How can we be sure our privacy is protected? We asked CFO and Co-Founder of Idka, Bjørn Stormorken, to help us untangle these questions on the latest show of the GoodTech Vidcast.

The Importance of Digital Privacy

Bjørn has a past of working with privacy. He started volunteering for Amnesty International back in 1978, and spent his professional life, as well as his time off, in human rights. He later became the department head of the Council of Europe, where he was working on “The Convention for the Protection of Individuals in Regards to Automatic Processing of Personal Data”.

Today, Bjørn is the CFO and Co-Founder of Idka, and he’s still actively working with digital privacy. He tells us that there are many reasons why privacy is important, but the most fundamental reason is that privacy is the underlying of freedom of thought. He says, “Without freedom of thought, you have totalitarianism. That is what George Orwell’s book ‘1984’ laid out. You can’t have independent and free thought when there is absolutely no privacy. The right to privacy is important on the public side, as well as important on a civic level. Without privacy you can’t feel secure in your own home.”

What is the lack of digital privacy doing to threaten democracy? As an example, Bjørn digs into Turkey’s president Erdogan’s political career. He says, “President Erdogan launched his political career together with the religious leader Gülen. They later had a fallout, and Gülen and his movement has now been labeled as a terrorist organization by the Turkish government. When an organization is labeled as a terrorist organization, there are special laws and punishments that are dished out to those that are violating or seem to be violating them. Consider that, a few years back, you might have written things on Facebook that support Gülen, thinking that you were also supporting Erdogan. Then, a few years later, you’re actually imprisoned, and can even be tortured, because what you wrote on Facebook is available to the security police in Turkey. This is not a theoretical thing. This actually happens. Erdogan has imprisoned thousands of people all over the country. He uses social media, very actively, in order to implement this oppressive regime.”

Bjørn gives us other examples of countries like the Philippines and Hungary, where the political elections have been influenced thanks to Facebook. “It’s a complicated matter, but if you write something about a non-contentious issue, it can come back to you at a later stage,” he says. Another example of this is Poland, where supporting free abortion could be quite risky for the individual, as there are religious groups that are willing to go far to oppose those opinions. Bjørn also brings up American abortion clinics where attacks have lead to personal harm. He says, “This means that people don’t feel free to express themselves, or their opinion, on any particular issue. Therefore, the lack of privacy has a very strong ruling affect, in addition to the fact that it’s used to spread propaganda.”

We move on to talk about GDPR. May 25th of this year marked the one-year anniversary of GDPR, but is it enough? Bjørn tells us that GDPR is of course a big step in the right direction. For example, with GDPR in place, you can no longer write privacy policies that are too long and too complex. Instead, there has to be at least a summary in the beginning, that pinpoints the important and most pertinent rights and duties that you have. Bjørn says, “So, in theory, things should become a lot better now that GDPR is implemented, for those countries where GDPR is applicable. It has strong measures to actually punish companies, which means that organizations that want to put out a public service have to be very careful.”

Privacy for Business

Now, Bjørn has told us why privacy is important for democracy, but why is it important for business? First and foremost, he tells us that companies simply want their information private for competitive reasons. They don’t want their information leaked, of course, and it’s therefore important for them to keep it as private as possible. Secondly, he thinks it’s a question about setting an example. “I think it’s really important for companies to teach their employees, and show the world that they are ethical, and they're taking privacy very seriously. If you want to have a culture that protects your clients, you also have to protect privacy for your employees. For that reason you have to embed privacy into your company,” he says.

Even though privacy is important for business, many companies tend to make promises they can’t keep. Bjørn sees three different levels of this. The first level is when companies are simply unaware of the fact that they’re not keeping promises. “This happens in different ways,” he says. “For example, your webpage might not be properly secure, which leads to third parties being able to inject malicious code of different types. Although, it is much more common that companies build home pages with ready-made codes, and these codes are used to build simple functionality into the pages. For example, these codes put a ‘like’ button which communicates with Facebook, on your page. These pieces of code are free to use, but as with everything: if they’re free, you’re paying in some other way.”

The second level of companies making promises they can’t keep, is when they purposely deceive you. Bjørn tells us that companies often say that they will never sell your private information to anyone. But, it all comes down to a matter of definition. What companies mean when they talk about your private information is the information you give them, which is your name, gender, address, age, and so on. They won’t sell that information, because it’s of no value to them. Bjørn explains, “What they actually do is get information from what you upload, which links you press, what people you know, what kind of articles you read and how long you read them, etc. All of that is fed into Big Data algorithms, which then produce derived data, or metadata. That is the real sensitive data. The derived data knows what you do on the internet, what your sexual leaning is, your political preference, and your opinion on topics like weapons, abortion and whatever else. The companies gather this information, and then say that the information isn’t yours, it’s theirs, and that they’re free to sell it.” So, Facebook tells you that your derived data isn’t your private information, and that they can use it. Even if you delete your Facebook account, your derived data will still be accessible for Facebook to use, forever.

The third level that Bjørn talks about is that some companies say they’ll only share and sell your data to their business partners or distributors. Although, you have no idea who most of those partners are. That means that they take the right to sell and share your information to their partners, but they don’t tell you who their partners are.

What is Privacy By Design?

We ask Bjørn to explain what Privacy By Design really means. He tells us that the slogan, “Privacy By Design” was first made popular by people working with GDPR. Although, Idka has always had those words as a foundation for their platform. “We wanted to have a platform with privacy from the bottom up,” he says. “In order for you to be private and stay private, access to Idka cannot be purchased by anyone, and it’s not possible to inject content by third parties. Everything you upload and share is yours, and we as a company have no right to what you upload. That was very important, and is something that set us apart from other services, at the time.” He continues, “Idka can’t track you, see what you’re doing, what buttons you’re clicking, etc. All of that is absolutely private.”

Sadly, there are a lot of companies that don’t have privacy “baked in” from the start. But is it possible for them to turn around and make things okay? According to Bjørn, we should never say that companies can’t improve. Although, it is far fetched. He says, “Facebook recently said that they’re going to be a privacy company, and that is very difficult to take seriously. That’s not because we have to think that Zuckerberg is a bad person, but because of their business model. Their business model is simply based only on one thing: to gather information about you. The more detailed it is, the more valuable it is. In the beginning, they did all kinds of stuff without any - in my mind - ethical consideration. Now, as things have evolved, they start to ask for permission. But, they keep causing scandals, and it’s because of their business model. They have to change their business model in order for it to be a believable proposition for them to be a privacy company.”

Unlike Facebook, Bjørn explains that privacy is implemented in all of Idka’s functionality. For example, you can create a group on Idka and decidewhether it’s going to be open, hidden or closed. If you choose hidden, or closed, you won’t be able to open it up later. “You can’t make things less restricted,” Bjørn explains. “If you search for a person’s name through a search engine, you immediately get links to their Facebook account. Your account on Idka is hidden, so it’ll never show up when you search for someone’s name. You also have the right to delete all of your information, as well as your account. Idka does not keep it after it’s deleted, like many other platforms. So, all in all, Idka does not just have one aspect of staying private. It has all of these other things that make you safe when you use the platform.”

We ask Bjørn to tell us more about Idka. What makes it different from current platforms out there? “There are a lot of reasons why Idka is different,” he says. “Most of the other services out there have a single purpose. You go to Dropbox to handle your files, or to Signal to chat. Idka, on the other hand, is a platform where you get everything integrated. You can do all of your work in one place, instead of jumping from one place to another. For example, Slack is a fantastic tool, but it’s mostly made for chatting and messaging. It doesn’t handle files properly. On Idka, you get a cloud storage integrated into the service. You automatically have cloud-based storage when you create an account on Idka, and if you have a contact or a friend, you can immediately drop your files to them. You can also create groups, and you immediately get integrated storage in that group.”

Bjørn tells us, “Idka is a very effective tool. It’s multipurpose, easy to use, and integrates all of the things that you need. If you have a football team, a company, or a small business, you can create an organization account and get all the benefit an organization gets. The usage is very much modeled on the tools that you already know, like Facebook’s posts, Snapchats chatting... but all of that is, of course, with privacy.”

Ready to join Idka? Bring your groups and your friends to a platform that has privacy baked in. Connect, share and store anything - all in one safe place. Sign up here today!

If you want more of GoodTech you can watch it LIVE every other Thursday at 6pmCEST, or watch previous shows on our YouTube channel. GoodTech is also available to listen to as a podcast on any podcast platform you use.