Get Over It
You have zero privacy. Get over it. -- Scott McNealy
Six years ago, Sun Microsystem's CEO Scott McNealy spoke those words, and ignited a very public furor. Passing through this knee-jerk reaction, though, are some harsh realities about privacy that any public policies in the area of privacy must take into consideration.
Availability of personal data
Unfortunately for us, much of our personal data does need to be public. If you place a personal ad, you need to leave contact information a telephone number. If you order a product, you need to provide a mailing address, and possibly a billing address. Hiding this sort of data is technically possible, but in practice the effort is prohibitive. After all, we can't all have PO Boxes to hide our addresses, nor call screening to weed out uninteresting phone calls. Basic data about every one of us will leak out, and we are powerless utterly powerless to prevent that without crippling our ability to exist in modern society.
Consumer goals
Consumers want convenience. Period. Do you have one of those
supermarket courtesy cards? The ones where being a
member entitles you to a small discount on some
items in the store? Did you fill out the form for
that card and give the supermarket chain your
personal information? Is a little bit of junk
mail in the form of "personally tailored coupons"
[Safeway Club Card Application] worth the discount
at the store? Based on the number of people who
have those cards - 85% of British households [Guardian] - the general public believes the answer is yes. Companies will do anything to create a more convenient experience for the consumer, and collecting more personal data is a way for them to create that experience. And we, as consumers, fall for it every time we shop at those stores because of the discounts ["The card up their sleeve"].
Dealing with privacy violations
A friend of mine made an excellent analogy about privacy: she compared
it to middle school crushes. We all had a few
secret crushes, and desperately hoped they didn't
become public. Invariably one trusted confidant
tells another, the secret was leaked, and everyone
in the grade suddenly knew exactly who you
liked. This is like online privacy. We share
personal information with one vendor and have no
idea what will happen to that information.
How did we deal with this back in middle school? Did the school make
rules, where the teachers swooped down from the
heavens and ordered no one to talk about your
secret crush and hoped to put the genie back in
the bottle? Not at all: that approach did not
work in middle school, and it will not work in the
online world either. The solution: accept a few
days of teasing, realize that the secret crush
really wasn't any big secret and that everyone has
one, and, most importantly,get over it.
Conclusion
Privacy is a difficult thing to create. Information will leak out, and cannot be recaptured. Each and every one of us will sacrifice more privacy for convenience. And we vote with our dollars: the companies that collect personal information and make our lives more convenient are the companies we do business with. We all learned how to deal with invasions of our privacy a long time ago back in middle school; we learned that there are some things (however embarrassing) that we simply cannot control, and we learned to get over it.
|
How to ensure Privacy
Privacy Failures
Privacy as it exists today suffers from a critical flaw: the disconnect between how information is used, how data collection is portrayed, and the actual value of the data being collected. Information can be used for benign or malevolent purposes; the mailing address I give for my shipping order could also be used for junk mail. Privacy policies are a start for the collection of information, but privacy policies are widely variable. Some are so dense with legal language as to be unreadable, some are full of holes, and some are simply impossible to find. And the data being collected can mean so many different things. To the consumer entering his credit card number, the data is a means to make a purchase; to the vendor, this card number is a convenience that the vendor can remember, and make any future shopping experiences easier, bringing the customer back to the site and causing the customer to spend more.
No current privacy conceptualization is able to reconcile all these disparate views. The W3C's P3P initiative makes links the collection of information and statements about how that information will be used, but does not provide any enforcement mechanisms nor does it provide any valuation of the data collected. Online certifications such as TRUSTe and BBB Online provide enforcement by certifying that data collection practices are observed, but again do not communicate about data collection clearly to the person whose data is being collected.
A Regime of CODE
Privacy is something that we as individuals, corporations, or governments will only respect if there is some incentive to doing so. The protection of privacy must grant some advantage, something more tangible than a fuzzy do the right thing feeling or even a threatening obey the law compulsion. To actually protect privacy, we need to create a system where the protection of privacy is built into the system.
Consider a hypothetical shopping system, perhaps open-source, but written by experts concerned about privacy. The system respects privacy: it refuses to use information you entered for anything except the purpose for which you entered it. But the system is server software. The business chooses to use this privacy-respecting software because it makes the shopping cart easy to create, because the software takes care of collecting consumer data for purchases and billing and all the other details of the shopping system. It has value to the business, because it reduces the work the business must perform. It has value to the consumer, because it protects the consumer's privacy by design.
This is how privacy will be protected. Not through legislative fiat (though laws might help) and not through free-market pressures (though market pressure will certainly have an influence), but through simple ease of use, through creating a system where the protection of privacy is implicitly tied to getting work done and the immutable code behind the software enforces privacy fairly and honestly.
|