“Privacy is dead” is a favorite refrain of some overzealous pundits these days. The implication is that if we want to live, work and play in a digital world we have to get used to less privacy. Surveys regularly report that many young netizens don’t give a woot about privacy. Putting oneself on public display, careless disclosure of personal data and raw moments of self revelation that might once have scarred reputations for life are the new normal.
In contrast, other surveys show that older netizens are moderately to very concerned about who has access to their personal data and what others know about them. But at the same time they don’t want to give up shopping, socializing and doing business online. [Literacy 2.0 4/4/12]
Striking the right balance between information that is personal and private and information that needs to be shared and available is a classic conundrum of a free society. The pendulum is always swinging between too much and too little. Because there is no perfect balance, privacy issues often become points of legal and moral contention. Rarely, if ever, do we find a Goldilocks solution where the degree of privacy feels “just right.”
The privacy tug-of-war now underway between e-commerce companies on one side and governmental regulators on the other is a classic struggle to find that elusive balance. To make things even more interesting, consumers and consumer groups are holding the middle of the rope, sometimes pulling one way, sometimes the other.
It’s too early to know what the right balance is between too much and too little privacy, or even if there is a right balance. There is little precedent to guide behaviors in cyberspace. Witness the parade of definitions for “digital citizen” and “digital literacy.”
The consequences of so much information exposure combined with so much information capture have yet to be understood. Young and old alike who are going full frontal with their data are almost certain to wake up one day with a privacy hangover, wishing they could somehow hit reverse and erase their behaviors. But they will find that getting their personal information and recorded activities back under wraps is about as easy as putting a champagne cork back in the bottle.
Cyber commerce companies are similarly vulnerable. New systems and services continuously open avenues for more data collection, use and manipulation. With nothing but a patchwork of state and federal laws to go by, it’s easy for these companies to go too far, intentionally or unintentionally. They can quickly find themselves in a boiling cauldron of consumer outrage and legal prosecution.
In California, for example, accusations of privacy impropriety or illegality are currently hounding the biggest and best-known data gobblers. Google is being investigated by the Federal Communications Commission (FCC) for its practices in handling personal emails and its unauthorized collection of personal data by its Street View mapping vehicles. Facebook is in Dutch with the Irish Office of the Data Protection Commissioner (DPC) for failing to meet a self-imposed deadline to give European users more data privacy control. Sen. Charles Schumer (D-N.Y.) has asked the Federal Trade Commission (FTC) to investigate Apple and Google, charging that both capture users’ private contacts and photos without consent. Under pressure from consumer privacy advocates, Twitter recently said it will change its apps to clarify the processes it uses to store user contact lists on its servers. The relatively new social network Path was found to be storing contact lists on its servers prompting the company CEO to apologize and announce the deletion of all stored contact data.
At the same time that companies are struggling to keep their toes inside the lines while playing legal hopscotch in the zero gravity of cyberspace, lawmakers are having their own disequilibrium problems as they seek to craft and enforce laws to support privacy. At the federal level a flurry of competing and overlapping bills that will impact consumer privacy are at various stages of being passed or squashed. Government can’t seem to decide what constitutes too much or too little regulation. E-commerce vendors are anxious to avoid anything that interferes with their current business models or the new ones they will develop next week. Even the public is none too happy about being protected if it means a potential loss of useful free services or infringements on personal choice and freedom.
So what’s to be done? How do we deal with the conflicting privacy requirements of commerce, law and consumption?
The first thing we have to do is acknowledge that the constantly changing services, systems and consumer behaviors in cyberspace make personal data management an anachronism. The data cats will not go back in the bag. Data vault is an oxymoron. It is impossible to create a system of processes, policies and laws that will suit every situation and provide 100 percent of both security and freedom.
We also have to stop thinking of cyberspace as the Wild West as many like to call it. The Wild West was eventually subdued and civilized. That won’t happen in the online world. In the digital world it’s not necessary to break laws. It’s simply a matter of changing one’s behaviors to make the laws obsolete. Every cyber sheriff who comes to town will end up exhausted from forming posses and chasing outlaws who disappear in the canyons of cyberspace. And how do you protect the public when the townsfolk are running around in their underwear with cameras handing their IDs, credit cards, most embarrassing experiences and personal preferences to every stranger with a URL?
A Million Eyes Watching
The definition of privacy needs an upgrade to make it compatible with the world as it is and is becoming. We need a Privacy 2.0 point of view.
The claims and positions on all sides must be brought into context with the realities of the Digital Age and with some sense of where we are headed—everything in bits, more data than can be imagined, connections between everything and everyone, malleable personal identities, commerce at the DNA level. Privacy in this new context is no longer about keeping others from knowing, it’s about knowing what they know.
It’s time for e-commerce companies and others that favor the collection and use of personal shopping and socializing information to stop pretending that direct marketing and targeted advertising are the same in cyberspace as they are in the analog world of print, mail, radio and broadcast television. The volume and granularity of the information collected, as well as the computational power, algorithms and databasing capacities, are unprecedented. The systems and processes are new and their potential for harm is far greater than, for example, ads that support free broadcast television. The companies need to understand that secrecy is a threat to their own security, not the other way around. If they don’t they could end up being the agents of their own demise.
On the flip side, government regulators and enforcers must come to grips with the fact that the tools of lawmaking and enforcement are not up to the task of protecting digital privacy. The laws and the lawmakers themselves have yet to adapt to the newly emergent fundamentals of e-commerce, e-marketing and e-advertising. They will not be able to do so until they undergo the same transformation that the world of commerce is experiencing as a result of the Internet, which means not only making new laws but inventing new methods of lawmaking.
A batch of Privacy 2.0 literacies are required on all fronts and at every level of activity that concerns personal information and identity. And there is a lot to learn. Much of the learning will be on-the-fly. Some of the lessons will be remedial, some will be rocket science. New systems and processes are required, as are new attitudes and expectations. In short, e-consumers, e-governments and e-companies must face up to the e-realities.
Letting it all hang out
The only reasonable approach is to establish open lines of communication, full disclosure and transparency of motivation. We need to remake the data environment into a kind of digital nudist colony in which everything is out in the open and no one has anything to hide or anyplace to hide it. Not personal identity and financial information, of course, but just about everything else. A consumer should be able to track their own data analytics the way a webmaster tracks visitors, links, bounce backs and other site activity. We should all be able to look at a set of charts, graphs and user logs to see exactly who is watching and how our information is being used. That may sound idealistic on the face of it, but if the marketers can see it, consumers should be able to as well.
In a sense, transparency is already what is starting to occur, though not in the civilized spirit of cooperation and sincerity that would be preferable. The new forms of data collection are more powerful, but so are methods of consumer awareness and response. Word of mouth has risen in volume. Companies that betray our trust are being found out and challenged. Corporate feet are being held to the fire with threats of charred brands and singed reputations. Corporate images are becoming more dependent on positive online feedback.
Authentication is becoming a group process. The connected masses in cyberspace form a kind of Geiger counter for detecting veracity, truthfulness and just plain decency. Dissembling is becoming more difficult as millions of eyes scan the commercial and social environment for patterns of behavior and share what they see. A great user experience with an online service, for example, can be undercut by a bad experience with how the service uses the user’s data.
One of the great things about the fluidity and openness of cyberspace is that it allows systems to be self-correcting with remarkable speed and far-reaching impact. Consumers, companies and governments need to embrace constant trial and error. We need to keep a close eye on and learn from the trials and errors of others. We need to let go of our outdated conceptions of privacy and share our Privacy 2.0 experiences the way we share Lolcats. Clear in the knowledge that there is no possibility that cyberspace will ever be completely civilized or regulated, we townsfolk, including the sheriff and all the merchants, have to band together to create a town that tells the truth and lets everybody know what’s going on in the streets and behind closed doors.
We have to be constantly self-adjusting and self-correcting. That’s the hidden secret to Privacy 2.0.
Photo courtesy Marc Kjerland