The 3 biggest challenges for tech in 2019

New York

IF YOU thought 2018 was a bad year for tech, 2019 might turn out to be even worse. This year was filled with revelations about privacy, security and cyberwarfare. Next year, the consequences of those revelations will unfold. And we should be very worried about what the future holds.

In 2018, it became very clear that Americans have no control over their digital information. We discovered that our cellphones could be monitored, and many of the apps on our phones are tracking us. We found out that Facebook shared our private messages with third parties and let developers using its platform harvest and exploit our data in order to influence political elections. Our data is perpetually being gathered, leaked, exploited, breached and sold.

And perhaps worse is what the future holds. We most likely aren't aware of all the companies that hold our personal data and what they are doing with it: the social media companies that know us as well as our friends do, the financial technology companies that sell our bank account transaction data, the messaging apps that hold our private photos and texts.

But 2018 was also the first year of privacy protection in Europe: The General Data Protection Regulation went into effect in May. Despite the protestations of those who complain that GDPR places an undue organisational burden on startups, it could return privacy to millions of people living in the European Union.

But those of us in the United States have no similar privacy protections. There is no way for us to know which companies have our data, and I don't think that will change in 2019. I'm also not very optimistic that any significant legislation will be passed, especially given the relationships between some members of Congress and Silicon Valley companies. The only people who have a chance to hold tech companies accountable and demand better protections are ordinary people like you and me. And I think that we will fail.

Many of us will delete apps. We will disable as much tracking as we can on our phones. We will delete our Facebook accounts. We will delete our social media histories and old emails and text messages. But it won't be enough because most people will not care: The trade-off between privacy and convenience will be worth it to them, because the loss of their privacy will have little to no impact on their day-to-day life. Most people will read (or perhaps ignore) the news stories about every new privacy scandal, and they will then go back to their phones.

There were some very large and frightening data breaches this year. Quora was hacked, and 100 million user accounts were compromised. Facebook was hacked, and 50 million users were affected. Google+ was hacked, and Facebook was hacked again, disclosing that it gave developers access to photos that users had uploaded but never posted. Then we learned that the Google+ hack was worse than we initially knew. And then Marriott realised it had been hacked, exposing the personal data of 500 million people.

The knee-jerk response this year has been to say that these companies need stronger punishments for security breaches or that we need to regulate tech companies. This response is appropriate in cases where the breach is a result of poor security practices, as appears to have been the case in the 2017 Equifax breach. But some of this year's breaches were different: The Marriott and Quora hacks seem to have been the work of malicious hackers, and in the case of Marriott, the hackers are reported to have been Chinese government spies.

It's not clear that these breaches were a result of poor security practices or corporate negligence. The truth is - and I say this as someone who has worked in Silicon Valley as an engineer - the security teams and security practices at Google and Facebook are among the best in the world.

It's not clear that stronger punishments or more regulation will fix the problem or prevent these kinds of data breaches from happening. Being the best in the world when it comes to security and following the best security practices have not protected these companies, and, ultimately, they have not kept our data safe. We will see more of these breaches in the coming year, at large companies, and our data will be exploited in ways we never could have dreamed of.

Preventing these companies from storing our data would, ultimately, protect it, but the chances that will happen are slim to none. Instead, as these security breaches become routine, engineers and their employers will accept them as an inevitability and treat them (at least internally) as a nonevent - much the same as credit card companies and credit card users treat credit card fraud today. There's a lot at stake. The spies from foreign governments hacking into American companies aren't trying to destroy you, me or any specific individuals living in the United States - they are trying to destroy the country that we live in.

Employees at tech companies like Amazon, Google and Microsoft have begun to organise. In response to an employee walkout at Google, the company changed the way it enforces forced arbitration agreements in sexual harassment cases. The company also dropped out of a competition to provide cloud computing services to the Pentagon after employees protested the company's involvement. Some of the internal protests at these companies centred on civil rights issues, such as the way that victims of sexual harassment are treated. Others, like the outcry about Google's Project Dragonfly (a censored search engine Google was building for China), were related to freedom of expression. However, a majority of the employee protests and complaints seem to have been about government-related projects.

Petition, open letter

At Salesforce, hundreds of employees signed a petition asking the company to cease working with US Customs and Border Protection. At Microsoft, employees circulated an open letter urging the company to stop working with Immigration and Customs Enforcement, and also complained about the company's bid for the Pentagon's cloud computing contract - the very same one that Google employees pressured their employer about.

And, at Amazon, employees protested the company's selling its Amazon Web Services products to the US government. It's not entirely clear if these employees are opposed to working with the government in general, reflecting Silicon Valley's strong libertarian leanings, or if they are only opposed to working with the government under the Trump administration. As historian Margaret O'Mara has argued, Silicon Valley has long been in the business of war. Amazon, Google and Microsoft were selling their commercial services to (and building customised services for) the US government long before Donald Trump took office.

But I don't recall any open letters, protests or walkouts being staged during the Obama administration. The United States is under siege from foreign governments and malicious hackers. And Silicon Valley's products are the battlefields where the war is being fought. The Russian government influenced elections in the United States through misinformation that was spread on social media, and foreign hackers phished government officials in order to gain access to their email accounts. An investigation by Politico Magazine found that Chinese and Russian spies are working at Silicon Valley companies, where they were planted to "steal US technology secrets" and to engage in "traditional political intelligence gathering, influence and perception-management operations in California."

And it's not just professional spies who are doing the spying: The same investigation by Politico found that Chinese nationals working in Silicon Valley are often threatened by the Chinese government and coerced into providing their government with this information. The United States is engaged in cyberwarfare with China and Russia, in which tech companies are inevitably involved. Employees of these same tech companies are pushing their employers to drop contracts with the US government. If they succeed, who is going to win the war? NYTIMES