Here, we present two views of the future of privacy. One is the "get over it" approach of allowing the market to adapt to privacy concerns. The other is a more engineered approach, drawing mostly from Lawrence Lessig's book Code. These views present a picture of how market forces and engineered software could improve privacy in the coming years.

Get Over It You have zero privacy. Get over it.  -- Scott McNealy Six years ago, Sun Microsystem's CEO Scott McNealy spoke those words, and ignited a very public furor. Passing through this knee-jerk reaction, though, are some harsh realities about privacy that any public policies in the area of privacy must take into consideration. Availability of personal data Unfortunately for us, much of our personal data does need to be public. If you place a personal ad, you need to leave contact information a telephone number. If you order a product, you need to provide a mailing address, and possibly a billing address. Hiding this sort of data is technically possible, but in practice the effort is prohibitive. After all, we can't all have PO Boxes to hide our addresses, nor call screening to weed out uninteresting phone calls. Basic data about every one of us will leak out, and we are powerless utterly powerless to prevent that without crippling our ability to exist in modern society. Consumer goals Consumers want convenience. Period. Do you have one of those supermarket courtesy cards? The ones where being a member entitles you to a small discount on some items in the store? Did you fill out the form for that card and give the supermarket chain your personal information? Is a little bit of junk mail in the form of "personally tailored coupons" [Safeway Club Card Application] worth the discount at the store? Based on the number of people who have those cards - 85% of British households [Guardian] - the general public believes the answer is yes. Companies will do anything to create a more convenient experience for the consumer, and collecting more personal data is a way for them to create that experience. And we, as consumers, fall for it every time we shop at those stores because of the discounts ["The card up their sleeve"]. Dealing with privacy violations A friend of mine made an excellent analogy about privacy: she compared it to middle school crushes. We all had a few secret crushes, and desperately hoped they didn't become public. Invariably one trusted confidant tells another, the secret was leaked, and everyone in the grade suddenly knew exactly who you liked. This is like online privacy. We share personal information with one vendor and have no idea what will happen to that information. How did we deal with this back in middle school? Did the school make rules, where the teachers swooped down from the heavens and ordered no one to talk about your secret crush and hoped to put the genie back in the bottle? Not at all: that approach did not work in middle school, and it will not work in the online world either. The solution: accept a few days of teasing, realize that the secret crush really wasn't any big secret and that everyone has one, and, most importantly,get over it. Conclusion Privacy is a difficult thing to create. Information will leak out, and cannot be recaptured. Each and every one of us will sacrifice more privacy for convenience. And we vote with our dollars: the companies that collect personal information and make our lives more convenient are the companies we do business with. We all learned how to deal with invasions of our privacy a long time ago back in middle school; we learned that there are some things (however embarrassing) that we simply cannot control, and we learned to get over it.

How to ensure Privacy Privacy Failures Privacy as it exists today suffers from a critical flaw: the disconnect between how information is used, how data collection is portrayed, and the actual value of the data being collected. Information can be used for benign or malevolent purposes; the mailing address I give for my shipping order could also be used for junk mail. Privacy policies are a start for the collection of information, but privacy policies are widely variable. Some are so dense with legal language as to be unreadable, some are full of holes, and some are simply impossible to find. And the data being collected can mean so many different things. To the consumer entering his credit card number, the data is a means to make a purchase; to the vendor, this card number is a convenience that the vendor can remember, and make any future shopping experiences easier, bringing the customer back to the site and causing the customer to spend more. No current privacy conceptualization is able to reconcile all these disparate views. The W3C's P3P initiative makes links the collection of information and statements about how that information will be used, but does not provide any enforcement mechanisms nor does it provide any valuation of the data collected. Online certifications such as TRUSTe and BBB Online provide enforcement by certifying that data collection practices are observed, but again do not communicate about data collection clearly to the person whose data is being collected. A Regime of CODE Privacy is something that we as individuals, corporations, or governments will only respect if there is some incentive to doing so. The protection of privacy must grant some advantage, something more tangible than a fuzzy do the right thing feeling or even a threatening obey the law compulsion. To actually protect privacy, we need to create a system where the protection of privacy is built into the system. Consider a hypothetical shopping system, perhaps open-source, but written by experts concerned about privacy. The system respects privacy: it refuses to use information you entered for anything except the purpose for which you entered it. But the system is server software. The business chooses to use this privacy-respecting software because it makes the shopping cart easy to create, because the software takes care of collecting consumer data for purchases and billing and all the other details of the shopping system. It has value to the business, because it reduces the work the business must perform. It has value to the consumer, because it protects the consumer's privacy by design. This is how privacy will be protected. Not through legislative fiat (though laws might help) and not through free-market pressures (though market pressure will certainly have an influence), but through simple ease of use, through creating a system where the protection of privacy is implicitly tied to getting work done and the immutable code behind the software enforces privacy fairly and honestly.