Do we have to “trade off” privacy?

Look up privacy trade-offs and you’ll get more than 150,000,000 results. The assumption in many of those is that privacy is something one can (and often should) trade away. Also that privacy trading is mostly done with marketers and advertisers, the most energetic of which take advantage of social media such as and .

I don’t think this has to be so.

One example of a trade-off story is this one on public radio’s Marketplace program, which I heard this evening. It begins with the case of Shea Sylvia, a FourSquare user who got creeped out by an unwelcome call from a follower who knew her location. Marketplace’s Sally Herships says,

There are millions of Sylvias out there, giving away their private information for social reasons. More and more, they’re also trading it in for financial benefits, like coupons and discounts. Social shopping websites like Blippy and Swipely let shoppers post about what they buy. But first they turn over the logins to their e-mail accounts or their credit card numbers, so their purchases can be tracked online.

Later, there’s this (the voice is Herships again):

Alessandro Acquisti researches the economics of privacy at Carnegie Mellon, and he says the value we put on privacy can easily shift. In other words, if giving away your credit card information or even your location in return for a discount or a deal seems normal, it must be OK.

ALESSANDRO ACQUISTI: Five years ago, if someone told you that there’d be lots of people going online to show, to share with strangers their credit card purchases, you probably would have been surprised, you probably would thought, “No, I can’t believe this. I wouldn’t have believed this.”

But Acquisti says, when new technologies are presented as the norm, people accept them that way. Like social shopping websites.

HERSHIPS: So the more we use sites like Blippy, the more we’ll use sites like Blippy?

ACQUISTI: Or Blippy 2.0.

Which Acquisti says will probably be even more invasive, because as time passes, we’re going to care less and less about privacy.

Back in Kansas City Shea Sylvia is feeling both better and worse. She thinks the phone call she got that night at the restaurant was probably a prank. But it was a wake up call.

What we’re dealing with here is an evanescent norm. A fashion. A craze. I’ve indulged in it myself with FourSquare, and at one point was the “mayor” of ten different places, including the #77 bus on Mass Ave in Cambridge. (In fact, I created that location.) Gradually I came to believe that it wasn’t worth the hassle of “checking in” all over the place, and was worth nothing to know Sally was at the airport, or Bill was teaching a class, or Mary was bored waiting in some check-out line, much as I might like all those people. The only time FourSquare came in handy was when a friend intercepted me on my way out of a stop in downtown Boston, and even then it felt strange.

The idea, I am sure, is that FourSquare comes to serve as a huge central clearing house for contacts between companies selling stuff and potential buyers (that’s you and me) wandering about the world. But is knowing that a near-infinite number of sellers can zero in on you at any time a Good Thing? And is the assumption that we’re out there buying stuff all the time not so wrong as to be insane?

Remember that we’re the product being sold to advertisers. The fact that our friends may be helping us out might be cool, but is that the ideal way to route our demand to supply? Or is it just one that’s fun at the moment but in the long term will produce a few hits but a lot of misses—some of which might be very personal, as was the case with Shea Silvia? (Of course I might be wrong about both assumptions. What I’m right about is that FourSquare’s business model will be based on what they get from sellers, not from you or me.)

The issue here isn’t how much our privacy is worth to the advertising mills of the world, or to intermediaries like FourSquare. It’s how we maintain and control our privacy, which is essentially priceless—even if millions of us give it away for trinkets or less. Privacy is deeply tied with who we are as human beings in the world. To be fully human is to be in control of one’s self, including the spaces we occupy.

An excellent summary of our current privacy challenge is this report by Joy L. Pitts (developed as part of health sciences policy development process at the Institute of Medicine, the health arm of the National Academy of Sciences). It sets context with these two quotes:

“The makers of the Constitution conferred the most comprehensive of rights and the right most valued by all civilized men—the right to be let alone.”

—Justice Louis Brandeis (1928)

“You already have zero privacy anyway. Get over it.”

—Scott McNealy, Chairman and CEO of Sun Microsystems (1999)

And, in the midst of a long, thoughtful and well-developed case, it says this (I’ve dropped the footnotes, which are many):

Privacy has deep historical roots. References to a private domain, the private or domestic sphere of family, as distinct from the public sphere, have existed since the days of ancient Greece.  Indeed, the English words “private” and “privacy” are derived from the Latin privatus, meaning “restricted to the use of a particular person; peculiar to oneself, one who holds no public office.” Systematic evaluations of the concept of privacy, however, are often said to have begun with the 1890 Samuel Warren and Louis Brandeis article, “The Right of Privacy,” in which the authors examined the law’s effectiveness in protecting privacy against the invasiveness of new technology and business practices (photography, other mechanical devices and newspaper enterprises). The authors, perhaps presciently, expressed concern that modern innovations had “invaded the sacred precincts of private and domestic life; and . . . threatened to make good the prediction that ‘what is whispered in the closet shall be proclaimed from the house-tops.’” They equated the right of privacy with “the right to be let alone” from these outside intrusions.

Since then, the scholarly literature prescribing ideal definitions of privacy has been “extensive and inconclusive.” While many different models of privacy have been developed, they generally incorporate concepts of:

  • Solitude (being alone)
  • Seclusion (having limited contact with others)
  • Anonymity (being in a group or in public, but not having one’s name or identity known to others; not being the subject of others’ attention)
  • Secrecy or reserve (information being withheld or inaccessible to others)

In essence, privacy has to do with having or being in one’s own space.

Some describe privacy as a state or sphere where others do not have access to a person, their information, or their identity. Others focus on the ability of an individual to control who may have access to or intrude on that sphere. Alan Westin, for example, considered by some to be the “father” of contemporary privacy thought, defines privacy as “the claim of individuals, groups or institutions to determine for themselves when, how and to what extent information about them is communicated to others.” Privacy can also be seen as encompassing an individual’s right to control the quality of information they share with others.

In the context of personal information, concepts of privacy are closely intertwined with those of confidentiality and security. Privacy addresses “the question of what personal information should be collected or stored at all for a given function.” In contrast, confidentiality addresses the issue of how personal data that has been collected for one approved purpose may be held and used by the organization that collected it, what other secondary or further uses may be made of it, and when the permission of the individual is required for such uses.Unauthorized or inadvertent disclosures of data are breaches of confidentiality. Informational security is the administrative and technological infrastructure that limits unauthorized access to information. When someone hacks into a computer system, there is a breach of security (and also potentially, a breach of confidentiality). In common parlance, the term privacy is often used to encompass all three of these concepts.

Take any one of these meanings, or understandings, and be assured that it is ignored or violated in practice by large parts of today’s online advertising business—for one simple reason (I got from long ago): Individuals have no independent status on the Web. Instead we have dependent status. Our relationships (and we have many) are all defined by the entities with which we choose to relate via the Web. All those dependencies are silo’d in the systems of sellers, schools, churches, government agencies, social media, associations, whatever. You name it. You have to deal with all of them separately, on their terms, and in their spaces. Those spaces are not your spaces. (Even if they’re in a place called . Isn’t it weird to have somebody else using the first person possessive pronoun for you? It will be interesting to see how retro that will seem after it goes out of fashion.)

What I’m saying here is that, on the Web, we do all our privacy-trading in contexts that are not out in the open marketplace, much less in our own private spaces (by any of the above definitions). They’re all in closed private spaces owned by the other party—where none of the rules, none of the terms of engagement, are yours. In other words, these places can’t be private, in the sense that you control them. You don’t. And in nearly all cases (at least here in the U.S.), your “agreements” with these silos are contracts of adhesion that you can’t break or change, but the other party can—and often does.

These contexts have been so normative, for so long, that we can hardly imagine anything else, even though we have that “else” out here in the physical world. We live and sleep and travel and get along in the physical world with a well-developed understanding of what’s mine, what’s yours, what’s ours, and what’s none of those. That’s because we have an equally well-developed understanding of bounded spaces. These differ by culture. In her wonderful book , Polly Platt writes about how French —comfortable distances from others—are smaller than those of Americans. The French feel more comfortable getting close, and bump into each other more in streets, while Americans tend to want more personal space, and spread out far more when they sit. Whether she’s right about that or not, we actually have personal spaces on Earth. We don’t on the Web, and in Web’d spaces provided by others. (The Net includes more than the Web, but let’s not get into that here. The Web is big enough.)

So one reason that privacy trading is so normative is that dependency requires it. We have to trade it, if that’s what the sites we use want, regardless of how they use whatever we trade away.

The only way we can get past this problem (and it is a very real one) is to create personal spaces on the Web. Ones that we own and control. Ones where we set the terms of engagement. Ones where we decide what’s private and what’s not.

In the VRM development community we have a number of different projects and companies working on exactly this challenge.  is pure open source and has a self-explanatory name. Others (, and others) are open in many ways as well, and are working together to create (or put to use) common code, standards, protocols, terminologies and other conventions on which all of us can build privacy-supporting solutions. You’ll find links to some of the people involved in those efforts (among others) in Personal Data Stores, Exchanges, and Applications, a new post by  (of Switchbook). There’s also the One example is the and at . (For more context on that, check out Iain Henderson’s unpacking of the .) There’s also our own work at ProjectVRM and , which has lately centered on developing -like legal tools for both individuals and companies.  What matters most here is that a bunch of good developers are working on creating spaces online that are as natural, human, personal—and under personal control—as the ones we enjoy offline.

Once we have those, the need for privacy trade-offs won’t end. But they will begin to make the same kind of down-to-Earth sense they do in the physical world. And that will be a huge leap forward.

14 Comments

  1. direwolff says:

    Seems that while many Tweeps have said the answer to the question of your blog post’s title is “no”, today the answer to the question “Do we have to “trade off” privacy?” is yes since these tools for us to create and maintain our own spaces are not widely available.

    I also think that it’s relevant to look at Daniel Solove’s Taxonomy of Privacy, as I don’t believe all of the privacy issues he raises are covered here, some of which are clearly beyond the scope of what’s protectable here. Never mind the information that I choose to share about myself, what about the info that others choose to share about me. As well, consider info that is collected about us that we are not even aware is collectable, much less actually being collected. Is information relating to us that we don’t know about or understand still ours?

    Finally, and in my opinion, most importantly, what does it mean to own my information? What property law does this fall under and under what boundaries? Is it a grouping of information or particular elements? How are conflicts of ownership addressed? My contention is that we’ve extended a metaphor here that is no longer suitable to the issues we are running into. The digitization of content has resulted in creating significant conflicts for intellectual property, security, and privacy.

    Let’s just say that we live in interesting times and have a lot of work before us to redefine our relationship to these ephemeral concepts.

  2. (in my opinion)

    Privacy is a natural right.

    Privacy cannot be given away.

    Privacy is the individual’s natural ability to exclude others from the spaces they inhabit and can secure – including the material and intellectual possessions within.

    What people give away is information about themselves, in their statements to others – other individuals who also have the freedom of speech and a natural right to liberty to communicate that which they have been made privy to.

    No individual can alienate a natural right from themselves. Thus a right to privacy is a right to exclude others from what you have NOT told them, but not to gag them from speaking what you have told them – even if they wanted to surrender their right.

    That’s privacy as a human right.

    NB Non-disclosure agreements may make continued employment contingent on non-disclosure, but they cannot actually suspend an individual’s liberty to disclose the knowledge they have been made privy to (a corporation, having no such right, can of course be so bound).

    Everything else is a matter of confidence and discretion – as it has been since time immemorial. How well confidants can be relied upon to be discreet depends upon how well you know them and how well others do (their reputation). How well they maintain your confidence has repercussions for your trust and their reputation.

    It is impossible to do business with someone and have a relationship with them without revealing any information. That said, it is possible for an individual to conceal their human identity, to do business via an artifical identity (with its own trading reputation), thus maintaining a business relationship without necessarily disclosing personal information.

    Privacy is about preventing people from knowing what you’ve not disclosed, not about preventing them from disclosing what you’ve let them know.

  3. Doc Searls says:

    Thanks, Crosbie. Good points.

    direwolff, thanks for pointing me to Daniel Solove’s Taxonomy of Privacy.

    I also think you’re right in your first paragraph, and that this was also my point in this post: we trade information away because we lack tools to control it. (Also because the parties we deal with, passively or actively, have the tools to take that information.)

    For what it’s worth, in my original tweet I wrote, “Do we have to ‘trade off’ #privacy? The short answer is No. The long answer is (this URL).” So that’s why most tweeps said the answer was no. They were repeating what I wrote in my tweet.

    Interesting to note that there are (aside from this one) two comments so far to this post and thirteen RTs on Twitter. That’s about the usual ratio these days.

  4. I should add in case it’s not obvious to some readers, that corporations are not human beings and so have no natural rights (no freedom of speech – despite what the courts say). That means that they can be regulated to maintain confidentiality of information of a personal nature (relating to human beings) – if this is deemed possible.

    It is important that any law regulating disclosure of personal information not be inadvertently applied to individuals. People should be trusted. Corporations must be regulated, precisely because they cannot be trusted (being fiducially obliged to place share price above honour and integrity – if such conscientiousness could exist in legally created entities).

  5. As for twitter, maybe this helps reserve comments-on-blog for those who would add something substantive, whereas retweets are good for “Very good point!” “I agree.” “Most insightful article.” “Check this out guys”, etc.

  6. Just because people do share a credit card number for a specific one time purchase does not mean they are happy about it. Or better put, does not mean they wish there were an alternative.

    Paypal may be an alternative but it is not well executed. At the end of the year I haven’t a clue what that transaction was. So if Paypal is adding insult to injury and selling this data to someone with the promise that they can make
    some sense of it, well that’s just not going to
    happen.

    Paypal could be the alternative we all want If they looked at how a Personal Data Store could create new value for the customer.

    The point is just because loads of customers do stuff doesn’t mean they like it or want to. Think beyond the numbers.

    Katherine Warman Kern
    @comradity

  7. Katherine, the use of an identifying credit card number is entirely down to the credit card company. That they need this number disclosed to the merchant does not constitute a need for the customer to prevent merchants disclosing it.

    What would obviate the disclosure of identifying information would be facilities that enabled individuals to create virtual identities with respective reputations able to build up the equivalent of a credit rating. That virtual identity could thus do business without any trader needing to become aware of the individual operating it.

    PayPal is some way there, but as you recognise, not well executed.

    And yes, fundamental needs should not be inferred from the needless shortcomings of current practice.

  8. Doc Searls says:

    Katherine, there are PayPal folks in the VRM community. It might be interesting to bring some of this stuff up with them.

    Crosbie, about comments on blogs vs. tweets, Very good point! :-)

  9. direwolff says:

    Tricky thing this privacy thing. We believe we actually have more control over information about us than we actually do. The digital world has helped accelerate and facilitate the exposure and rapid dissemination of that information which we might deem private. In the physical world, we actually don’t have as much privacy as we believe. There is the concept of “practical obscurity”, which has worked in our favor, but that’s simply identifying the fact that info was difficult or costly to share (or be found out by others).

    If I do something in my own home and am the only there, then no one will know. That’s private. If I tell one person about anything that I’ve done, then I can only be hopeful that they will not share that info w/o my permission. That’s a trust issue. Already the Supreme Court has had something to say about our phone logs not being private because we are in effect these are being recorded w/our phone company.

    Service providers, as Doc’s article correctly asserts, have inserted themselves into what were once private transactions. Hence, the mere fact that they are involved and that we know they are involved removes the expectation of privacy.

    Now, in response to @Crosbie, privacy is not a natural right or a constitutional one. This falls under the Fourth Amendment, and it’s worth spending some time reading several folks who are spending some thoughtful effort to frame this issue given the rapid changes we are experiencing w/technology (here’s one example, but Daniel Solove has also written a white paper on this issue: http://legalworkshop.org/2010/08/12/applying-the-fourth-amendment-to-the-internet-a-general-approach?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+legalworkshop+%28The+Legal+Workshop%29&utm_content=Netvibes).

    Here’s a URL that was made available to policy makers, whom are currently in the process of creating a privacy bill:

    http://www.futureofprivacy.org/the-privacy-papers/

    Most of the folks listed here are writing extensively about privacy from various perspectives.

    Finally, as it relates to being able to maintain an anonymous persona, I hear that, but have been disillusioned by the advancements in de-anonymization techniques which continue to advance. A well grounded and considered a seminal paper on this topic was written by Paul Ohm and can be found at: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1450006.

    It’s nice to see the growing number of people getting into this topic because it’s complex and requires to first think carefully about what has actually been happening around privacy to date (the fact in reality we’ve had little of it) and where it needs to go in order to make our digital spaces move habitable (btw, I’m using poor metaphors here since you can’t “live” online, nor are virtual spaces truly analogous to physical ones ;) .

  10. Doc, unsurprisingly the blogger has the prerogative of posting pithy comments at all times. ;-)

  11. Don Marti says:

    If you have your own web site, you can put your own ToS on it. Here’s mine: http://zgp.org/~dmarti/meta/tos/

    Having your own site is not that expensive. I made a test site on nearlyfreespeech.com in June, and funded it with $15. I still have a $12 balance.

    Are people really giving up privacy to save $3?

  12. Phil Windley says:

    One of the places that all of us regularly trade privacy (in that large sense) is in establishing reputation. In fact, if you think about it a completely private person will have no reputation. We are usually selective about what areas of our lives we open up for the sake of reputation.

  13. jon says:

    Good discussion!

    direwolff, Article 12 of the Universal Declaration of Human Rights is “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.” It’s also explicitly protected in several state constitutions in the US.

    jon

  14. Eric says:

    But in my opinion, by trading privacy one gain almost everytime something better. For one it can be fame, for other money. Each individuals have his own “price” of their privacy.

1 Trackbacks

Comments are closed.