« Conference: NetSCI 2009 | Main | Oh so clever »

March 01, 2009

The future of privacy

Bruce Schneier (wikipedia page) recently wrote a nice essay on the consequences of computer technology on privacy. Here's the opening paragraph

Welcome to the future, where everything about you is saved. A future where your actions are recorded, your movements are tracked, and your conversations are no longer ephemeral. A future brought to you not by some 1984-like dystopia, but by the natural tendencies of computers to produce data.

Schneier hits the issue on the head: increasingly, our actions and statements are not lost in the sands of time, but are recorded, stored, and analyzed for profit and power. Sometimes recording information about yourself is desirable, since it can create a convenient way to remember things you might've forgotten [1]. But right now, it's rarely you who actually stores and controls the data on yourself. Instead, corporations and governments "own" data about you [2], and use it to advance their own interests.

Ideally, we would each choose how much personal data to divulge and to which party we divulge it based on how much we value the services that use our personal data. For instance, advertising is a modern annoyance that could theoretically be made less annoying if advertisers could be more targeted. That is, part of the reason advertising is annoying is that most of the ads we see are not remotely interesting to us. Enter the miracle of personal data: if only advertisers knew enough about each of our real interests, then they would know which ads weren't interesting to us, and they would show us only ads that were actually interesting! This argument is basically a lie [3], but it highlights the idea that there should be a tradeoff between our privacy and our convenience, and that we should get to choose which we value more.

My favorite example of this tradeoff is Facebook, a place where people divulge all sorts of private information. Given that Facebook holds a treasure trove of demographic, interest, social data, and ad targets, its an obvious business plan to try to monetize it through advertising. Facebook's efforts to do so, e.g., their Beacon initiative and the recent revision to their Terms of Service, have gotten a strong backlash because people really do care about how their personal data is used, and whether its being used in a way that serves their interests or another's [4].

Another Facebook example comes from employers monitoring their employees' Facebook pages, and holding them accountable for their private actions (e.g., here and here). This issue exemplifies a deeper problem with the public availability of private data. Schneier mentions in his opening paragraph that it's bad that conversations are often no longer ephemeral. But, what does that really mean? Well, consider what it might be like to try to run for public office (say, Congress) in 2030, having grown up with most of your actions and statements being recorded, by Facebook, by modern advertisers, etc. During the campaign, all those records of the stupid, racy, naive things you did or said when you were young, innocent and didn't know better will come back to haunt you. In the past, you could be assured that most of that stuff was forgotten, and you could grow into a new, better, more mature person by leaving your past behind. If everything is recorded, you can never leave your past behind. Nothing is forgotten, and nothing is truly forgiven.

So, the cost of losing our privacy is not measured simply in terms of how much other people know about our current actions and attitudes, which is a high cost anyway. It's also the cost of defending your past actions and statements (potentially even those of your childhood), and of having those judged by unfriendly or unsympathetic voices. Sometimes I wonder whether blogging now will hurt me in the future, since it would be easy for a future potential employer to trawl my blog for statements that seem controversial or attitudes that they deem undesirable. There used to be a stronger respect for the division between public and private lives, but I think that's been fading for a long time now. Blogs are public forums. Facebook is a semi-public forum [5]. Your workplace is under surveillance by your employer. Your streets are watched by the government (for your protection, naturally). In fact, the only truly private place is your home [6].

The upside of recording everthing, and a point missed by Schneier, is that it's not easy to use all this data in a coherent and coordinated fashion. Credit card companies know a tremendous amount about each of us from our purchase histories, but they struggle to use that information effectively because they don't have the computational tools to individually understand their customers. Instead, they build aggregate profiles or "segments", and throw out all the other details. Although the computational tools will certainly improve, and there will be startling revelations about how much corporations, governments and our neighbors know about us, I'm not terribly worried about the dystopian future Schneier paints. That is, for most of us, we'll be hiding in plain sight because there will be too much information out there for us to stick out. The real dangers lie in believing that you shouldn't be careful about what you let be recorded, that you can avoid being noticed regardless of what you do or say (aka security through obscurity), or that you can continue hiding once you've been noticed. Privacy is not dead, it's just a lot more complicated than it used to be.

-----

[1] My favorite feature of Safari is the "Reopen All Windows From Last Session" one, which lets me remember what I was looking at before I rebooted my computer, or before Safari crashed.

[2] Who owns this data is a critical question that will ultimately require an act of Congress to sort out, I think. (I wonder if copyright law will eventually be applied here, in the sense that I "author" the data about myself and should thus be able to control who is able to profit from it.)

Generally, I come down on the side of personal control over data about yourself, at least for private parties. That is, I should be able to authorize a company to use data about myself, and I should be able to revoke that authority and know that the company will not store or sell information about me to other party. With governments, I think the issue is a little trickier, since I think they have legitimate reasons to know some things about their citizens.

[3] The marginal cost is so low for showing an ad to someone who's not interested in it that you'd be crazy to expect economics to drive advertisers to show you less of them. Besides, it's hard to say before seeing an ad whether we're actually not interested in it.

[4] This point makes it clear that businesses have a legitimate path to getting a hold of their customer's personal information, which is to give people something in return for it. Ideally, this would be a customized service that utilizes the personal data to make better recommendations, etc., but sadly it's often a one-time payment like a discount and the data is then sold to advertisers.

[5] To their credit, Facebook gives its users better control over who can see what aspects of their profile than many past social networking websites.

[6] And if you live in a city, attached to city services, even your home is not as private as you might think. One of my favorite examples of this comes from testing the raw sewage of a neighborhood for traces of illegal drugs.

posted March 1, 2009 01:48 PM in Things to Read | permalink

Comments

Thanks for the thought leadership on this topic... a rather sensitive one.

What strikes me most about the issue of privacy is that there's a real either/or reaction from the public. Either you have the people who utlise the settings on facebook, and opt out of everything they can, or you have those who just don't care one bit. And I'm afraid that its this bunch which is responsible for the recent slip in standards, and apathy from government. There isn't enough 'total' outrage to get people to listen. A well managed campaign is needed, preferably on TV to really bring this to the public eye.

Posted by: Leadership at March 2, 2009 12:08 PM

At SunBelt, a bunch of people are arranging a discussion on privacy of Facebook data with respect to how (and what) is acquired for research purposes. I'll let you know if (as expected) there are some interesting insights from that discussion.

To ignore the seriousness of the issue for as bit, this will allow more people to publicly use the phrase "I was young and stupid" though hopefully unlike A-Roid we will be referring to something that's more than just a handful of years in the past. :)

Posted by: Mason at March 3, 2009 07:53 AM

There are many issues at stake here but contextual advertising is something of a benefit in my opinion. As you mentioned, your favourite example is Facebook where as I would say mine is Gmail. Although I feel it is a little naughty that they scan my emails for content and throw me adverts based on that content, I do realise that it is "bots" doing the scanning and on many occasions I have found the adverts useful, giving me a etter user experience. It is a far better way of doing it than random mailshots and advertisers are jumping hoops with conversion rates because of it.

Then of course comes the widespread use of social networking sites, Bebo, MySpace and Facebook being prime examples. A recent case in the media over here on the UK highlighted a young girl who posted on her facebook page "i'm bored with work" and was dragged into the bosses office a week later and fired. Peoples personal thoughts and diaries are at the risk of being used against them, thoughts which used to be privately written down or talked about after work with a drink.

These are just the issues we have to deal with in a rapidly evolving society where technology is the open medium for communication, communication which can be viewed freely. I had a dream a few years ago about "The Google Man" . In it no longer was our written and spoken communication monitored but our thoughts too. Where we are, what we think, where we are going and what we are going to do. Are we slowly getting a closer to this perhaps?

Matthew Anderson
Business Franchise

Posted by: Matthew at March 4, 2009 02:58 AM