(CNNMoney) — Free isn’t free.
“The cost of reading the New York Times for free is being tracked. The cost of being on Facebook is being data-mined,” Peter Eckersley, a senior staff technologist for the Electronic Frontier Foundation, said Friday at a panel discussion on the intersection of technology and privacy.
Eckersley’s comments came at an event organized by Google at its Washington, D.C., office to mark Data Privacy Day — an international effort by governments and businesses to draw attention to the issues surrounding individuals’ online privacy.
A seemingly constant stream of breaches, accidents and misfires have given the issue fresh visibility this year, and prompted lawmakers and regulators to consider new mandates aimed at protecting their constituents.
So as the fourth annual Data Privacy Day kicked off on Friday, the feeling of urgency in the room at Google’s event was palpable.
Getting the “wonks” and “geeks” talking in the same language is the first challenge. Engineers think linearly, like computers running code, said Alma Whitten, Google’s director of privacy product and engineering. Policymakers come at it from a different angle.
And then both sides need to be able to communicate with users, who don’t want to muck around with complicated controls and account settings.
“The people that understand tech and understand the policy side and engage really have a challenge to live up to in making how this works clear to everyone,” she said.
Unsurprisingly, the tech companies would prefer to see these problems solved through tools, not rules. Google (GOOG, Fortune 500) touted the new “two-step verification” option it will be rolling out to all accounts within the next few weeks.
The new opt-in setting gives users a second security wall. When someone logs into a Google account for first time from a new computer, a code will be sent to the phone (typically a mobile, but a landline will also work) associated with the account. That code is required for access — a step intended to keep out intruders who have obtained the account’s password.
Facebook also launched new data-protection tools this week. The biggest was a “safe browsing option” that integrates the HTTPS protocol for secure connections. That technical tweak will help solve a gaping hole that let hijackers grab control of Facebook accounts accessed through public Wi-Fi hotspots.
The EFF’s Eckersley praised the move as a key step forward.
“The thing that you should know about ‘http’ is that it’s fundamentally very hackable,” Eckersley said. “If there’s an ‘s,’ you have a good chance of protection against those kind of threats.”
In this case, though, it was a bit like bolting the barn door after the horses have fled. Facebook posted its new security tool the day after CEO Mark Zuckerberg’s fan page was hacked