Is anyone surprised that there are more Google searches for “orgy” than “apple pie”? Does this mean “smut peddlars” should be re-characterized as mainstays of mainstream culture? That’s the defense strategy in a trial of a “pornographic Web site operator.”
Now, the parallels the defense is trying to draw are ridiculous. There are 1001 reasons to explain the fact that “orgy” is more popular than “apple pie” and “watermelon” on the internet. For one, “apple pie” is way more specific than “orgy”. “Restaurants” versus “orgy” might be a more interesting comparison.
Still, that would be hard to do right because there are endless variations when it comes to searching for a place to eat. Realistically, how many ways are there to search for “orgy”?
Nevertheless, it is always interesting when raw data about what we do undermines what we think we should do. Does increasing access to such “behavioral” data mean an end to hypocrisy? or the erosion of a basic human device that helps us all get out of bed and face the world each day?
My friend sent this to me recently. Created by the ACLU for its campaign against the National ID program, it’s a mash-up of all our worst surveillance fears. It starts with a guy calling his local pizzeria for a couple of double meat pizzas, while you see the computer screen the girl at the pizza place is looking at as she rings up his order. She surprises him first by knowing his name, his home address, and his place of work from the moment his call comes in, but it gets rapidly worse, from a $20 health surcharge for meat pizza because of his high cholesterol and blood pressure to her snide comments about his waist size and his ability to pay for the pizzas, based on what she knows of his purchase history, including airplane tickets to Hawaii.
It’s entertaining, but also frustrating for a couple of reasons. First, there are very good reasons for me to be concerned about private companies’ data collection and their potential for collusion in U.S. government surveillance, but this video doesn’t explain how the National ID program would lead to the pizzeria having my health records. By focusing only on the sensational horror of the pizza girl knowing the customer bought a bunch of condoms, it forgets to tell us the pizzeria might literally be giving their customers’ names, phone numbers, and addresses to government officials. (The ACLU does have this report providing a more detailed argument about the dangers of private-public surveillance, but there was no direct link to it from the pizza video.)
Second, in terms of data collection and its dangers in general, the video ends up feeling sort of hysterical. It obscures, rather than clarifies, what’s really at stake.
We do live in a world where data collection is happening on an unprecedented level. But for me, what’s scary is not the mere possibility that all this data could get linked together. It’s about control. Do I get to decide who has my information? Do I get to control how it’s disseminated and analyzed?
Right now, we definitely don’t and that’s a problem. But the solution may not be to stop data collection altogether and segregate all the information out there so no linkage can happen ever.
I might not want the pizza girl at my local pizzeria to know about my health problems, but I might not mind if, as I ordered food online, the program allowed me to review my choices and build a more a nutritious meal specific to my needs, without disclosing my specific preferences to each restaurant. I might not want the government to be able to access my purchase history, but I might want to be able to securely track and access my purchases and my financial accounts at the same time so I can better determine how well I’m meeting my budget. I might even want to share certain information, securely and anonymously, if I thought it would lead to beneficial research by scientists, economists, and policymakers.
Of course, I wouldn’t sign up for anything if I thought my personal information could get leaked to the government or anyone else without my consent. It would make for a somewhat less dramatic video, but this is what the Common Datatrust Foundation is interested in addressing—how can we turn our capacity for data collection and sharing into something that is a public good, rather than a scary fear?
One of the most interesting issues in privacy to me is the gap between those who live and breathe privacy and security day to day and those who don’t. Having gone from the latter group to the former only recently, I know how wide that gap is. Those who care about privacy discuss and analyze various solutions with passion and intensity, while people like my sister dispose of broken laptops by placing them in NYC trashcans. (True story—the laptop was mine, and she was sincerely puzzled when I threw a fit.) All the news coverage of data leaks has led many people to have a vague sense of dread about their privacy rights, but understand nothing more. So even if interesting solutions are proposed for protecting personal information, the question of who will care enough to adopt them is as important as whether the proposals actually work.
It seems this issue played out in the development of the U Prove technology, which had been proposed before. It just wasn’t very marketable when it was pitched to individual consumers. One thing Stefan Brands and Credentica did differently was marketing it to software developers. That strategy seems to have proven successful, given that Microsoft has now bought the company.
But will Microsoft’s investment in Credentica pay off with users who have only vague concerns about their privacy? (I love the way the Wired article says, “Brands and Thompson tend to refer to the math behind U-Prove as ‘magic’ rather than going too deep into the details.”) Will Microsoft be able to overcome its image as a big bad company and persuade consumers they are really invested in protecting privacy? It’s a difficult problem. Privacy concerns need to be addressed now, before the public cares enough to demand it, but solutions proposed by major companies may not satisfy uneasy consumers.
I’m biased, of course, because we at the Common Datatrust Foundation are working on a different model, that privacy and security should be entrusted to a trusted third-party that would administer and monitor exchanges of information between individuals, institutions, agencies, and businesses. But I’d be happy to see progress by Microsoft or any other company or organization in proposing privacy and security systems that truly returns control over personal information back to individuals without requiring everyone to understand all this privacy stuff.
I’m curious to know what others think. If we believe the privacy of even those who don’t care should be protected, where should the push for change come from?
