March 1, 2012

Where the privacy discussion needs to head

An Atlantic article suggests that the digital advertising industry is coalescing around the position “restrict data use if you must, but go easy on data collection and retention.”

There is a fascinating scrum over what “Do Not Track” tools should do and what orders websites will have to respect from users. The Digital Advertising Alliance (of which the NAI is a part), the Federal Trade Commission, W3C, the Internet Advertising Bureau (also part of the DAA), and privacy researchers at academic institutions are all involved. In November, the DAA put out a new set of principles that contain some good ideas like the prohibition of “collection, use or transfer of Internet surfing data across Websites for determination of a consumer’s eligibility for employment, credit standing, healthcare treatment and insurance.”

This week, the White House seemed to side with privacy advocates who want to limit collection, not just uses. Its Consumer Privacy Bill of Rights pushes companies to allow users to “exercise control over what personal data companies collect from them and how they use it.” The DAA heralded its own participation in the White House process, though even it noted this is the beginning of a long journey.

There has been a clear and real philosophical difference between the advertisers and regulators representing web users. On the one hand, as Stanford privacy researcher Jonathan Mayer put it, “Many stakeholders on online privacy, including U.S. and EU regulators, have repeatedly emphasized that effective consumer control necessitates restrictions on the collection of information, not just prohibitions on specific uses of information.” But advertisers want to keep collecting as much data as they can as long as they promise to not to use it to target advertising. That’s why the NAI opt-out program works like it does.

That’s a drum I’ve been beating for years, so to a first approximation I’m pleased. However:

So to sum up my views on consumer privacy:

That’s the good news. The bad news is on the side of government data collection and use. As I wrote last year

… there is a lot more electronic information than there used to be. Indeed:

  • Sufficient information exists to provided a very detailed picture of our activities.
  • Much of it is recorded for very good and beneficial reasons. We wouldn’t want that part to stop.
  • This information is inevitably available to government.

Here’s what I mean by the inevitability claim. Whether or not you think anti-terrorism concerns are overblown, as a practical matter your fellow voters* will allow a broad range of governmental information access. Besides, just the widely-available credit card and similar commercial data is enough to provide a fairly detailed picture of what you’re up to. In most countries, anti-pornography, anti-file-sharing, and/or general civilian law enforcement efforts serve to strengthen the point further.

*If you live in a country too unfree for voters to much matter, then it is surely also the case that governmental information has few practical limits.

Examples of information being tracked (more particulars were covered in the first post of this series):

  • Almost everything we buy is recorded, via credit card transactions, point-of-sale data, and/or website transaction records. This data is summarized in files covering 100s of millions of individuals, with 1000s of fields per person. Those files can be used for a broad variety of business or law enforcement purposes.
  • That data gives a great picture of what we eat, where we commute or travel, what we pay attention to, and so on.
  • All our other financial information also passes through computer systems, such as at banks.
  • Increasingly, our physical movements are tracked more directly, via cell phones (our own), police cameras, and the like.
  • Other than face-to-face conversations, almost all our communications are electronic. Even social media non-adopters rely heavily on telephones, email, and the like.
  • Increasingly, our reading and viewing entertainment choices are electronically recorded as well.

And the list of ways the government collects data keeps going up — sidewalk cameras, overhead drones, Transportation Security Administration sweeps beyond airports, forced decryption of computing devices, examination of cell phones upon arrests, forced examination of computing devices at the national border, and many more. In the United States, it’s an open secret that the government has access to substantially all email and telecom connection data. And of course there are also GPS devices on cars, and the confusing jurisprudence that has resulted.

At least in the US, it is barely possible to argue that everything will be all right because the Fourth Amendment makes it that way. But I don’t like the odds on that. Rather, I favor:

I don’t believe there’s enough technical expertise across government for it to construct a sensible privacy-protection regime on its own.

Comments

6 Responses to “Where the privacy discussion needs to head”

  1. Aaron on March 8th, 2012 11:30 am

    Quantitative and qualitative leveling up?
    I suspect where democratic societies need to head is to tiered privacy policies based on pervasiveness of data. That is, having deep or interrelated data carries profound responsibility. For example, if Facebook sold a criminal gang an inference that I was on vacation based on my history, is the company liable as conspirator? If I decided to target Baptist abortionists, there are only a few dozen companies that could provide a comprehensive list – but there are quite a few organizations whose data when integrated would be pretty comprehensive.
    My thought is that there are tiers of responsibility. Most companies, even if they maintain history, don’t achieve critical mass of personal data and likely current laws work. There are a few companies – government, sticky media, credit reporting, banking, telecommunications which have so much data that they all functionally act as government monitors and likely should be managed as such with heavy responsibilities. Aggregators of data could also hit that tipping point.

  2. Curt Monash on March 8th, 2012 1:14 pm

    Aaron,

    Interesting points you raise regarding criminal misuse of information.

  3. Aaron on March 9th, 2012 9:03 am

    It’s not just criminal misuse – right now company strategies need to choose how intrusive their data analysis can be and data analysts are in a troubling position where they need to draw privacy lines.

    For example, combining deep data from Facebook (graphs of likely sexual partners, IRL contacts, and longitudinal risk behavior scores) and MIB group (prescription and diagnosis data within chosen HIPAA interpretation) we could create a FICO-like score that predicts herpes infection to be sold to dating sites.

    The main reason this type of collaboration is not happening visibly is the risk of opprobrium to the data sourcers. This type of scoring is presumed to be happening in some government areas (NSA…)

    My take is that:
    – There will be inept privacy legislation in the near future that will be unhelpful
    – There will be major/high profile news where “data mining” is determined to profoundly hurt groups leading to multi-billion $$ payouts and stock price drops. This will lead to a second set of legislation that will be a little better

  4. Curt Monash on March 9th, 2012 3:47 pm

    Aaron,

    Directionally you’re surely right. Whether it will go to that extreme or not — well, we’ll see.

  5. The future of search : Text Technologies on November 25th, 2012 10:07 pm

    […] A whole lot of privacy concerns. […]

  6. John Held on December 11th, 2012 6:46 pm

    Curt,

    I think your thoughts on these issues have high social value as we move into uncharted waters on the use of data and analytics.

    I hope you will continue to be a voice on this topic.

Leave a Reply




Feed: DBMS (database management system), DW (data warehousing), BI (business intelligence), and analytics technology Subscribe to the Monash Research feed via RSS or email:

Login

Search our blogs and white papers

Monash Research blogs

User consulting

Building a short list? Refining your strategic plan? We can help.

Vendor advisory

We tell vendors what's happening -- and, more important, what they should do about it.

Monash Research highlights

Learn about white papers, webcasts, and blog highlights, by RSS or email.