Privacy matters

The Wall Street Journal has been running an important series about the collection and exploitation of personal information on the Net. As part of that series, it is featuring a debate today between me and the Cato Institute’s Jim Harper about online privacy – more particularly, the tradeoff between privacy and personalization.

My essay begins like this:

In a 1963 Supreme Court opinion, Chief Justice Earl Warren observed that “the fantastic advances in the field of electronic communication constitute a great danger to the privacy of the individual.” The advances have only accelerated since then, along with the dangers. Today, as companies strive to personalize the services and advertisements they provide over the Internet, the surreptitious collection of personal information is rampant. The very idea of privacy is under threat.

Most of us view personalization and privacy as desirable things, and we understand that enjoying more of one means giving up some of the other. To have goods, services and promotions tailored to our personal circumstances and desires, we need to divulge information about ourselves to corporations, governments or other outsiders.

This tradeoff has always been part of our lives as consumers and citizens. But now, thanks to the Net, we’re losing our ability to understand and control those tradeoffs — to choose, consciously and with awareness of the consequences, what information about ourselves we disclose and what we don’t. Incredibly detailed data about our lives is being harvested from online databases without our awareness, much less our approval …

And here’s the start of Harper’s piece:

If you surf the web, congratulations! You are part of the information economy. Data gleaned from your communications and transactions grease the gears of modern commerce. Not everyone is celebrating, of course. Many people are concerned and dismayed—even shocked—when they learn that “their” data are fuel for the World Wide Web.

Who is gathering the information? What are they doing with it? How might this harm me? How do I stop it?

These are all good questions. But rather than indulging the natural reaction to say “stop,” people should get smart and learn how to control personal information. There are plenty of options and tools people can use to protect privacy—and a certain obligation to use them. Data about you are not “yours” if you don’t do anything to control them. Meanwhile, learning about the information economy can make clear its many benefits …

9 thoughts on “Privacy matters

  1. Maxim Kharchenko

    I concur with Jim Harper that there are trade off associated with privacy. One of them is privacy vs. productivity, another – privacy vs. trust.

  2. MatthewSchafer

    In February of 1996 USA Today called the Internet an “Electronic Pandora’s Box,” the Star-Tribune wrote that the public was “selling their privacy,” and today the Los Angeles Times conceded that most Internet users are painfully aware that “they have little or no control over [their] data.” It’s unclear whether Congress will move on privacy legislation and while the Federal Trade Commission is expected to release a report in support of a Do-Not-Track list, for now it appears that the user is on his own. The best solution to confronting privacy online may be taking it into your own hands.

    Read More: http://bit.ly/b32VvQ

  3. melanie gould

    I’m happy to hear this is a subject in serious debate…..all I know is my personal privacy and my ability to control it is “toast”…I really appreciate your wading thru the shallows to help us all at the deep end….guess that makes me part of your fan club? “:^) M.Gould

  4. Tom Lord

    Neither article considers in depth the question of economics. Without surveillance features, most popular web services would have no investors and very little revenue. In other words, they could not exist in their present form.

    Both articles seem a little bit to focused on the classic web model: user faces browser calls up server gets back page. That old model is falling apart in three key ways:

    1) Many pages that you see in a browser, these days, are not from a single server or a single company. They are a composite of services. Information is shared or withheld in complex ways among the various services and with the browser. Experts have trouble telling, without careful study, where the privacy leaks are on a given “page” and to which service providers what data might be linked. There is little hope for regular users to figure this out.

    2) Access to popular media services (e.g., video content) is moving increasingly to “meta-services” and devices. For example: if I buy the right box for my TV it acts like a “cable box” and lets me search youtube, hulu, whatever. Additionally it comes with a subscription-based service for any video I myself upload (and, my camera automates that). Any video I buy online gets routed through that service. I get a special program to sync and watch the same video collection on my laptop. There’s a pad app that ties into the account…..

    Here, the browser has all but disappeared from equation. Worse, something like youtube’s privacy policies are made irrelevant because I’m no longer accessing youtube directly – I’m accessing it via my “tv box” – so there is at least one and possibly multiple 3rd parties who can surveille my youtube viewing just fine.

    As we move into devices (tv boxes, smart phones, etc.) there are a lot of people trying to minimize the importance of the browser and replace common uses with those kinds of meta-services and custom applications. And they look to be doing rather well at it.

    Taking TV as an example: if that became the “normal” way to watch TV, what’s left to say about privacy in that space? “Don’t watch TV”?

    3) The old user-browser-site paradigm has a volitional quality that is disappearing:

    Neither of you hit on the prisoner’s dilemma aspect of privacy. Let’s assume that my friends, my family, my employer, and I all benefit the most if privacy is strongly guarded. We all win, in that respect, if we find other ways to communicate besides facebook and gmail, other ways to share photos beside flickr, etc. And yet, without the “surveillance subsidy” – doing without those services also costs us each a little bit more. Now my employer might turn traitor and reduce the firm’s IT costs by switching to Google apps for everything. My nephew at college makes a similar decision to use Facebook. They save a lot – they’re the big winners – but now I’m forced, if I want to stay in touch with them – to switch to those services as well. Pretty soon everyone in the group is compelled to betray the others by adapting these soul-sucking, privacy-robbing services and, like the prisoners in the dilemma, we’ve managed to ensure we all lose.

    In other words, we are in an era where giving up privacy is a social and economic obligation – not much of a choice, in many circumstances.

  5. Tom Lord

    Nick,

    On the second insidious face of privacy: manipulation. Some ways to look past the simple “show you the most hypnotizing ad” threat, or Harper’s worry about “personalized news, censored just for you!”:

    1) They Get Us to Talk:

    Don’t forget making interrogation feel like a game. Consider, for example, so-called “check-in” services (e.g. you constantly announce where you are and you can win prizes if you drink more starbuck’s than anyone on your block). So here we have the technology not being used for conventional advertising, so much. Rather, its conditioning people not only to not expect privacy – but to develop the habit of actively reporting their whereabouts to the authorities.

    2) They Force Us to Keep Quiet:

    Self censorship. Back in yonder good ol’ days, at least in the US, at least if you weren’t politically or economically prominent – you could pick up the telephone or post a letter in the mail pouring your heart out to a trusted party on the other end. Now we reach an age where, increasingly, the social norm for even intimate conversation is intermediated by these big, snooping web services.

    Examples abound – this or that person had their most embarrassing letter / picture / chat session whatever snarfed and posted for all the world to see.

    Increasingly, our only choice left is to simply not say anything that could possibly be damaging to us if it were broadcast far and wide.

    I don’t think that’s us “becoming children”, I think that’s us “becoming prisoners”.

    3) They Isolate Us:

    Harper, in his essay, imagines the spooky possibility of evil sites that customize news for someone so as to remove them from the “‘national’ converstation”.

    There is no need for that big brother. Suppose that I have a few political tendencies. Perhaps I’m socially and economically conservative and, though I’d be loath to admit it even to myself, I have some race issues. (That is not an autobiographical description – it’s a hypothetical.) In the dramatic arts, let’s say I go in for broad, low-brow physical comedy, ideally tinged with a tittering sexism; I also like action flicks.

    Nobody needs to customize squat for me. They need only suss out my general demographic “type” and join the party. I’ll get my news from a tangled mess of mutually-referencing conservative blogs and mailing lists. I’ll get pointed from there to the bestest youtube channels for my tastes. Certain political campaigns will get their messages to my ears trivially while others are but a ridiculous seeming din in the distance. Paying detailed attention to what I and my fellow consumers click, and when – and with a bit of trial and error – the vendors in that space will have customized media not so much for me personally but for a crowd they’ve learned how to whip into a frenzy and lead around the block a few times.

    The surveille and manipulate thing creates, isolates, and reinforces demographic separations in media consumption. Imagine the political power to be had in quietly dominating the content in multiple, seemingly opposed demographic groups… (Calling Mr. Smith. Mr. Winston Smith… to the white courtesy telephone please.)

    4) They Pimp Us Out:

    “Goes viral.” The invention of the “share this” button is an amazing thing. It enables advertising designed to (a) get us to do the work of spreading the ad in exchange for social recognition; (b) report, in that way, who are friends are.

    5) They Teach: “The Only Virtue is Celebrity”

    We are surveilled about how we’d rank one another and one another’s every communication. Plus-one to that post, minus-one to that post. Friend that user. Follow that user. Count your followers. Recommend. Invite. Ban. Block. Leader boards. Top posters. Highest ranked.

    On top of that, on-line, if you are not highly ranked, modded-up, widely followed, and often friended — you are nobody. You can’t walk up to a stranger at the next table and strike up a conversation. You can’t smile at the cute person browsing the same section of the bookstore as you. You can’t turn over a soap box in the square and start shouting. You’re just invisible. Not enough points. You don’t count. You’re not trusted to have a point.

    What I see again and again (and have learned to try to resist in myself) is that that form of ranking surveillance creates a game in which it is easy to become lost — to waste hours upon hours in pursuit of “celebrity” in that quantified, scoreboard manner.

    So there is an example of surveillance and behavior modification which is certainly often commercial in intent – but is not quite advertising in any conventional sense.

    (True believers will talk about how ranking, voting, etc. improves content quality — and that’s a fun, quick debate to have.)

  6. Kevin Kelly

    Nick,

    I’m wondering if there is any scientific evidence for this statement?:

    “When we feel that we’re always being watched, we begin to lose our sense of self-reliance and free will and, along with it, our individuality. “We become children,” writes Mr. Schneier, “fettered under watchful eyes.””

    It may be true; it may not. It may also depend on who is watching. Spouse? Government? Neighbors? Companies?

    Right now it seems a plausible assumption, but it also may be another urban myth. Since it is so central to your argument, I wonder if there is anything to back it up?

  7. Cogniti.wordpress.com

    I find a lot of the talk around “internet privacy” to be a bit of a red herring to one side, and an oxymoron at the other. Here’s why:

    On the oxymoron side, people seem to forget that the Internet is a ‘public utility’ much like the Interstate highway system and electric company. If I do something foolish in my car while driving, people *may* see it and make note of it. It may even invite onlookers or punishment. The “expectation of privacy” is socially enforced through mores and norms. If I act in accord with laws, rules and expectations, I tend to arrive safely and unimpeded at my destination. When I act in a fashion that draws attention, I can no longer hide behind an expectation of privacy.

    Behavior on the Internet is largely the same. Many of the ‘legends’ that are told stem from people behaving in a poor or ill-advised manner. Don’t post photos of yourself doing something embarrassing to Facebook if you’ve got coworkers, bosses, or family that you’d rather not share it with. [Good ol’ user behavior rules.]

    On the red herring side, the “information” people so often refer to is actually not owned by the person. I have little standing, if any, to lay claim over data regarding an infrastructure/ utility. The systems that create, store, and manage data regarding shopping habits at a grocery store are owned by the merchant. Same is true for those systems online. Firms doing business or providing services via the Internet have made the investment in the systems; not me nor any other individual traversing the web. There is little expectation, on my part, that I should be able to control how they use that data to provide proprietary services (yes, I’m hitting on the “Does IT Matter” points here).

    Now, both of these simple points are *not* to say that there aren’t real security issues. Part of the reason why I think there’s a red herring is that the ‘sensationalism’ around facets of privacy and personalization obfuscates the line between IT in our public and private lives. There are things we need to be aware of that are lost in the sea of hype.

    As you [Nick] so poignantly stated in Does IT Matter: “those {executives – substitute citizens} with the steadiest, least distorted view of IT’s changing role will be able to make smarter, sounder choices than their less cold-eyed and clear-headed rivals” (p.10). We need to have this conversation, but it should be structured in a way that enables IT to become a utility, not a way to keep the steam engines on our own rails.

Comments are closed.