Why We Have No Online Privacy

Earlier today, as I read a very self-serving article lamenting how online growth will be killed due to impending “Do Not Track” legislation, it became very clear to me why online privacy in the US is almost entirely non-existent.

As a society in the 21st century, we have willing accepted the idea that in order to be able to obtain anything useful without paying money up front, we need to give up our data and let others regulate it as they see fit. This has become so ingrained in our collective psyche, that we have become willing to voluntarily broadcast to the world at large our current whereabouts, activities, desires, and associations – sometimes for no tangible gain.

imagePrivacy data is seen as the organization’s and not the individuals, and it is treated as such. Once they have been given access to it, all of a sudden, it becomes their data subject to their policies, and we have to jump through hoops to find out what they have and make them dispose of it.

It is not too late to reverse that trend.

Why I Disagreed

Two of the most bogus themes presented in the article – written by a CEO whose organization makes its money from selling personal tracking data – are these:

  1. Economic growth can only occur when organizations are allowed to track consumers and potential consumers.
  2. There is already a vibrant and effective self-governance model in place.

In the first place, economic growth online will not be impaired by effective privacy controls – otherwise, he’d be undermining his point about self-governance.  Many people don’t want to be tracked, and the vast majority of these people are not influenced by online ads.  The people who are influenced by them can continue to opt into the tracking for whatever benefits they perceive to gain from it.

In the second place, the government generally takes a long time to get into consumer protection, so the fact that they’re looking at this issue at all, indicates that self-regulation by the advertising and online retail industries (among others) is a farce.  The industry has had a long time to get it right, and they haven’t done so. They didn’t do it for email advertising and they aren’t doing it for browser tracking.

Even now, if the data brokers would pursue a different path, they might still be able to satisfy consumers and forestall any government intervention.

How Information Security Changed

When firewalls were a new concept, they were configured to accept everything by default (default accept), and undesirable traffic was blocked one entry at a time.  As the number of bad/undesirable connections grew, it became clear that this method was inefficient and totally unsafe.  Today, firewalls are configured to block everything by default (default deny), and the administrators of the network are encouraged to open up connections that are desirable on a case-by-case basis.

This is far more effective for protecting the network.

Having to hunt around to figure out how to opt-out of every anti-privacy (tracking) mechanism that corporations dream up is not efficient for consumers. And that needs to change.

How Privacy Needs to Change

Today, organizations decide how we manage our privacy. They collect first and ask questions later.  They only tell us what is happening when they get caught. They suggest that they are doing things in our best interest, but they are primarily concerned about the interest and convenience of their real customers – the advertisers and publishers. That’s how their bills get paid, so that is the hand that they don’t bite.

Privacy needs to go back to the original, pre-online concept: It’s not anyone’s business until we explicitly make it their business, and only to the extent that we make it so. We learned that lesson in information security, and we need to apply that same lesson to online privacy.

If providers have what they believe to be worthy/valuable content that they only want to share with us in exchange for our purchasing habits, material desires, demographics or other information, then they need to do the following:

  • Ask us for what they need
  • Let us know why they need it
  • Tell us how it will be used
  • Allow the data to expire at a certain point

This way, we can decide if we like the arrangement enough to give up something of value, or if what they are offering is not worth the exchange.

Furthermore, instead of them simply taking our data and placing it in their network where we cannot control or audit it (to establish if they are even adhering to their own obtuse, poorly worded privacy policies), or determine if they actually have the right security measures to protect our critical data, we should have the ability to operate a central clearinghouse of the data we are willing to share so that we can grant access to whom we want, for as long as we want, and under the circumstances we want.

Why Legislation is Involved

What I have proposed doesn’t destroy the economy – it only disturbs the economic advantages for the data brokers. This is why they won’t consent to it on their own, and why legislation is imminent. Of course, I have no hope that the legislators will get it right in their first 3 or 4 attempts, if only because they don’t understand technology sufficiently, they get too much money from lobbyists, and they will allow politics to get in the way of the little bit of technology understanding that they do possess.

Despite all this, however, legislation represents an ever-so-minor advantage over expecting the corporations to override their own greed and self-interest.

Managing My Own Privacy

The privacy stakes are higher today as cybercrime increases in frequency and sophistication. and Can we trust that all this data that is being collected is being adequately protected?  That it is being stored properly in an encrypted manner?  That good key management is involved?  Do we know who the clients of the collectors are and what their privacy policy is?

For instance, when I install an application from the Android market, I like the fact that I can see what permissions it wants to have, and if I don’t like what I see, I can call the whole deal off. Also, if an existing application wants to add new permissions, it has to ask for them at upgrade time. This model works for me. I need this same approach in all aspects of my online privacy experience.

In the meantime, I will be employing all of the technology that I can to manage the privacy needs of my family. The content producers can complain that this amounts to consumers wanting content for nothing, but the truth is that much of the content they produce is worth less than nothing.  Perhaps, if they were forced to better match their content to a desired level of access, we would more regularly see content of greater quality and higher worth.

Certainly, if they were forced to provide everything via subscriptions, and compete for the small pool of consumer dollars, we might see a gain in content quality.  (But, judging from Cable TV, maybe I’m too optimistic.)

Instead, because it is currently very easy to just take our data and sell it to the highest bidder, we get a high quantity of free garbage in exchange our vital info – much of it personally identifiable (even as they suggest that it isn’t).

No thanks.

The entire idea that the health of the economy rests upon online growth is flawed.  In actuality, the growth of the economy rests upon people having an income so that they can spend it online or offline. Without an adequate income supply available to consumers, there will be no real economic growth. Instead, we’ll simply see more debt for consumers and more money changing hands between businesses – mostly at the expense of said consumers.

That, however, is a discussion for another time…

We have given up our privacy for too little in return.  I would even argue that there is little on the planet worth the loss of privacy. If the industry doesn’t want to develop a real, customer-focused (and customer favorable) solution to get this data responsibly, then we will have to take matters into our own hands. And the corporations will get none of our data.

Now is the time to regain our privacy. We have the technology…

Leave a Reply

Your email address will not be published. Required fields are marked *