Tuesday, June 22, 2010

Privacy: Does Anybody Care?

To paraphrase HL Mencken, no one ever went broke underestimating the American public's commitment to privacy. "Quit Facebook Day" reportedly generated 31,000 account closings, compared with the roughly 500,000 new accounts that Facebook adds each day.

This lack of interest in privacy is a tremendous pity, because privacy violations can cause many types of real harm:

- identity theft
- physical violations including stalking and burglary when people are known to be out
- unjustified commercial treatment (e.g. denial of credit or employment) based on irrelevant or incorrect information
- unjustified government activity (e.g., placement on a No Fly list) based on irrelevant or incorrect information

Ironically, such problems seem to generate less public concern than techniques such as "behavioral targeting", even though the consequence of that is...um...receiving a relevant advertisement. I fully understand the real issue is people feel creepy to know that someone is sort-of watching them. But it's probably a good thing to remind them because the watching will continue whether behavioral targeting is regulated or not.

As the Facebook example shows, most people really don't care enough about privacy to protect it at the cost of other benefits, even minor ones like participating in Facebook. Similarly, many Americans seem downright eager to sacrifice their privacy from government surveillance in the name of national security.

The pity is that it's not an either/or choice. In many cases, technology can be designed to preserve privacy and still give the desired benefits. As a good example of what privacy-consciousness looks like when someone really cares, consider how the gun buyers are protected: gun dealers must check buyers' names against a database of felons, but the buyers' names are erased after a few days. (Of course, loopholes apply to "gun shows" but that's another discussion.) Another example -- never implemented so far as I know -- is that instead of reading drivers license information to prove patrons are old enough to drink, bars could have devices that simply scan the license and flash a green or red light depending on whether the person is old enough.

The point in both cases is that systems can be designed to access and retain the minimum amount of information necessary to fulfill their function. Many behavioral targeting systems already work this way -- capturing relevant data but not the actual identity of an individual. These principles could be applied more broadly and more systematically, but only if the people designing and regulating these systems made them a priority.

In practice it seems that other, less rational approaches are being adopted because they are more popular. To quote Mencken again, “For every problem there is a solution which is simple, clean and wrong.”

Without being excessively cynical, I think it's relevant to point out that privacy doesn't have much of a lobby, at least compared with, say, the National Rifle Association. Businesses want to collect data for marketing purposes. Consumer-friendly government officials are the natural opponents of this collection, but are constrained because many government agencies want the data for their own social and security purposes. The only organized opposition comes from a small set of privacy activists who themselves vary considerably in their priorities and capabilities. This means that, as a marketer, I don't spend much energy worrying about seriously restrictive privacy regulations -- even though I'd actually like to see some intelligent restrictions on data gathering by both business and government.

2 comments:

Matthew Quinlan said...

As Scott McNealy (CEO of Sun) once said in a keynote "You have no privacy. Get over it."

In fact, privacy is only available for those who make heroic efforts to protect themselves. Whether it's freezing credit reports, paying with cash, opting out of each company's solicitations, disabling cookies, avoiding airports, or wearing sunglasses and a hat... protecting your privacy can become a full-time job.

Matt

David Raab said...

Thanks for the comments. Joel and Matt highlight different aspects of the same issue, which is that people won't go out of their way to protect their privacy, either because extreme measures are needed (Matt) or because they don't much care (Joel).

The question from a social viewpoint is whether more privacy would be better. If so, regulation will be needed to reduce the effort required and to prohibit invasive practices.

Of course, it's really tough to build consensus about what's best for society as a whole, but that doesn't mean we shouldn't try. It's also important that any consensus take into account the costs of regulation (lost business, less personal choice, less data for government) as well as the benefits. It's pretty clear that without some form of regulation, the market left to itself will pretty much destroy any privacy that consumers now have.