Whenever people talk about why information matters, it’s easy to throw around abstract formulations about transparency and the free flow of information. I do it all the time. But this story from the Columbus Dispatch on how universities around the country are using a federal law on student privacy to withhold information has some great concrete examples of why disclosure is so important, and why not disclosing isn’t actually protecting anyone’s privacy
Basic background: FERPA or the Family Educational and Rights Privacy Act generally prohibits schools from disclosing students’ “education records” without written permission from the student (if 18 and older) or the student’s parent. But interpretations of FERPA vary widely from school to school.
The Columbus Dispatch discovered that many schools cite FERPA as a reason to withhold documents that arguably don’t fit into the definition of an “education record.” In response to the Dispatch’s requests, FERPA was cited as a reason not to disclose reports of NCAA violations, lists of people designated to receive athletes’ complimentary admission to football games, and football players’ summer employment documents. Without such records, it is “virtually impossible to decipher what is going on inside a $5 billion college-sports world that is funded by fans, donors, alumni, television networks and, at most schools, taxpayers.”
The article didn’t just ask you to be shocked and horrified on principle that the university was keeping secrets. It told you exactly who is being hurt and in what ways:
1. Other students and the public. In addition to potential misuse of taxpayer funds, “some universities are covering up criminal behavior in the name of student privacy.”
2. The athletes themselves.
When news that a quarterback at OSU had accepted $500 from a booster went public, the Columbus lawyer and Ohio State fan was “swamped with e-mails from current or former collegiate athletes across the country.”
“They all were saying thank you, that it was out of hand at their school, too,” Webster said.
Before giving money to Smith, booster Robert Q. Baker had tripped up at least two other Ohio State football players. But those problems didn’t become public until after the Smith incident.
If not for Webster’s intervention, it’s impossible to know how many other players might have been approached by Baker, now banned by Ohio State from his luxury suite at Ohio Stadium. Baker was not banned until after public disclosure of the facts.
And ultimately, the universities are hurting
3. The schools themselves and their athletic programs.
All of those schools deleted names and many details of such violations from public records.
Those violations resulted in financial losses, damaged reputations and, in some cases, forfeiture of athletic victories.
The Final Four banners were removed from Ohio State’s Value City Arena because of NCAA rule-breaking. That violation involved former men’s basketball coach Jim O’Brien’s gift of money to a potential recruit and illegal benefits and academic help given to another player. Those violations cost the school more than $1.3 million in legal fees and NCAA penalties.
Florida State currently is spending about $200,000 to appeal one sanction of its numerous NCAA penalties in the cheating scandal. It is trying to preserve football victories so that Bobby Bowden might retire as the winningest football coach in college history.
The story illustrates a difficult but really important truth about information and disclosure. In the end, we’re all better off when we have more information, even those of us who think we have something to lose. This might not be true all the time, but it’s true most of the time. People who think they’re protecting their own interests by withholding information are often taking a rather dim, short-term view of their situation. And certainly, “privacy” isn’t what gets protected in the end.
When we started this survey of privacy policies, our goal was simple: find out what these policies actually say. But our larger goal was to place the promises companies made about users’ privacy in a larger context—how do these companies view data? Do they see it as something that wholly belongs to them? Because ultimately, their attitude towards this data very much shapes their attitude towards user privacy.
In the last couple of years, we’ve seen an unprecedented amount of online data collection that’s happened largely surreptitiously. We can’t say that we, as users, haven’t gotten something in return. The “free” services on the internet have been paid for with our personal information. But the way the information has been collected has prevented us negotiating with the benefit of full information. In other words, we haven’t gotten a good deal. The data we’ve provided is so valuable, we should have struck a harder bargain.
And I think more and more people are starting to feel that way. Even though most only feel a vague discomfort at this point, it’s unlikely that companies like RealAge will be able to continue what they’ve been doing.
For us at CDP, the fear is that we’ll throw the baby out with the bathwater. We don’t want to shut down data collection altogether—we just want companies to stop thinking of our data as their data and their data alone. We want to be able to share in the incredible value that this data has, so that we as a society can all benefit from the data collection and analysis capabilities we’ve developed. Of course, that’s only possible with stronger privacy protections than are available now, which is why privacy is such an important issue for us to understand.
So what would it look like for us to “share” in the value of data? It might sound crazy that companies collecting all this data would ever share data with their users, but it’s already happening.
Google, as a company that believes it’s in the business of information rather than advertising, does make some sincere efforts to provide data to the public. Google Trends may be intended for advertisers, but it also provides the whole world with information on what people are searching for. Google Flu Trends is a natural outgrowth of that, and some researchers believe this data can be helpful in determining where flu outbreaks are going to occur faster than reporting by clinics.
Some companies, like eBay and Amazon, have built their data collection into the service they provide to their customers. Some of the information they collect on transactions and ratings can be viewed by all users. Anyone looking to bid on an item on eBay can see how other buyers have rated that seller. A user of Amazon looking to buy a new digital camera can view what other buyers considered.
Although Wikipedia is a bit different as a nonprofit, the service it provides also actively incorporates public disclosure of the data collected. The contributions of any one editor can be seen in aggregate and aggregate stats on website activity are also available to the general public. This information is important in the self-policing that is essential for Wikipedia to maintain any credibility.
Although the amount of data these companies are sharing with their users and the public is miniscule compared to the amount of data they’ve actually collected from us, it raises the possibility that data collection could happen in a completely different way than it does now. Companies could make more obvious that data collection is happening, and instead of scaring users away, give users some reason to participate in the collection of data. The whole process could be one in which users are openly engaged, rather than one in which users feel hoodwinked.
So this is our goal at CDP: what do we need to do in terms of privacy protection, both in terms of technologies and social norms, to make this model of data collection possible?
It’s bad enough that most of the “choices” we have in privacy today are either, “Accept our terms or don’t use the service.” But then the terms can change at any time?
Nearly every privacy policy I looked at had some variation on these words: “Please note that this Privacy Policy may change from time to time.” If the changes are “material,” which is a legal phrase meaning “actually affects your rights,” then all data that’s collected under the prior terms will remain subject to those terms. Data that’s collected after the change, though, will be subject to the new terms, and the onus is put on the user to check back and see if the terms have changed.
Most companies, like Google, Yahoo, and Microsoft, promise to make an effort to let you know that material changes have been made, by contacting you or posting the changes prominently. Some, like New York Times Digital and Facebook, promise that material changes won’t go into effect for six months, giving their users some time to find out.
Recently, Facebook decided to test out the right they had reserved to change the terms of use. Facebook wanted to amend the terms of its license to the content provided by Facebook members. Although it wasn’t actually a term in the privacy policy, it implicated users’ privacy rights as it involved personal content they had uploaded to Facebook. Facebook claimed that its new terms of use didn’t materially change users’ rights but merely clarified what was already happening with data. For example, if user A decides to send a message to user B, and then A deletes her account, the message A sent to B will not be deleted from B’s account. The information is no longer belongs only to user A.
However, Facebook’s unilateral attempt to change the terms of use provoked such uproar that the changes were withdrawn. Instead, two new documents were created, Facebook Principles and Statement of Rights and Responsibilties, and users were given the option to discuss and vote on these documents before they go into effect. Ultimately, the new versions were approved by vote of Facebook members.
Facebook is certainly not a model of privacy protection, but this incident is illuminating. Legally, Facebook could change its terms without its members’ approval. But practically, it couldn’t. There’s been some debate over whether angry users understood the changes and what they meant, but that’s almost irrelevant. Facebook couldn’t simply dictate the terms of its relationship with its users any more, given that its greatest asset is the content created by its users.
It may seem counterintuitive, but it’s not surprising that some of the most visible and effective consumer efforts to change how a company uses personal information have stemmed from an online service based on voluntary sharing. The more people are given opportunities to participate in how information is shared, the better people can understand what it means for a company to share their information and the more likely they are to feel empowered to shape what happens to their information. Facebook can’t offer the service that it does without the content generated by its users. But as it’s begun to realize, its users then have to be a part of decisions about the way that content is used.
We all know privacy policies are frustrating, inadequate, and difficult to understand. So it’s good to remember that all our privacy battles don’t have to be fought on their terms.
Creative Commons recently launched a Creative Commons license application for Facebook. You can now download a Creative Commons license and declare your willingness to share your photos, videos, and even status updates.
For those who aren’t intellectual property geeks, Creative Commons is nonprofit organization that’s worked hard to change the norm around intellectual property law. In a world where music companies crack down on kids on YouTube videos singing copyrighted songs, Creative Commons has made sharing of intellectual property something the cool kids want to do. It’s created different licenses by which you can indicate how you’re willing for your work to be used, as long as it’s attributed to you. Do a search for “Creative Commons” on Flickr, and you’ll see there are lots of people who want to increase what’s in the public domain.
This news is fascinating to me for a couple of reasons. First, as ReadWriteWeb points out, how will the Creative Commons licenses interact with Facebook’s terms of use, by which Facebook has “a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook”? Right now, you can control who you share with within Facebook. Facebook, however, controls how your information is shared outside of Facebook, whether with marketers and advertisers or with researchers. Putting a Creative Commons license on your profile is kind of an awesome way to reassert control, even if it’s not yet clear what that will mean.
Second, it’s a good reminder that even if Facebook is all about sharing, there’s a difference between posting something on Facebook and putting something into the public domain. It might seem counterintuitive that anyone would put a “sharing” license on what they post on Facebook. But even if you have your profile public for all the world to see, you haven’t actually given permission for anything on your profile to be used anywhere else.
Which leads me to my last point: this new license for Facebook could have some fascinating implications for our debates about online privacy.
We at the Common Data Project are also interested in how a license could help signal sharing preferences, but for personal information rather than intellectual property. In the spirit of Creative Commons, we want to create ways for people to clearly indicate their willingness for certain personal data to be put into a “common” pool, where it is anonymized and aggregated to individual specifications before being made available to the public for research, analysis, and other public uses. People generally don’t “own” their personal information the way they own their car or the photos they take, but we wanted to both 1) make sharing information for public good a cool thing, and 2) create a new way to signal privacy preferences.
And as this new Creative Commons license for Facebook makes clear, the line between intellectual property and personal information is becoming increasingly blurred. The kind of licensing system we’re imagining will have different specifications than the Creative Commons licenses, but it’s great to see movement in similar directions and I’m curious to see how our work will continue to intersect.
Everyone agrees that “choice” is crucial for protecting privacy. But what should the choices be?
a) Do not call me, email me, or contact me in any way.
b) Do not let any of your partners/affiliates/anyone else call me, email me, or contact me in any way.
c) Let me access, edit, and delete my account information.
d) Let me access, edit, and delete all information you’ve collected from me, including log data.
e) Track me not.
f) All of the above.
g) None of the above.
Until recently, most tools offered by internet companies over user information have focused on helping people avoid being contacted, i.e., “marketing preferences.” That’s presumably what we cared about when privacy was all about the telemarketer not calling you at home. Companies have also given users access to their account information, which is in the companies’ own interest, since they would prefer to have updated information on you as well.
But few companies acknowledge that other kinds of information they’ve collected from you, like log data, search history, and what you’ve clicked on, might affect your sense of privacy as well. Since they conveniently choose not to call this kind of information “personal,” they have no privacy-based obligation to give you access to this information or allow you to opt out of it.
Still, in the last year or two, there have been some interesting changes in the way some companies view privacy choices. They’re starting to understand that people not only care about whether the telemarketer calls them during dinner, but also whether that telemarketer already knows what they’re eating for dinner.
Most privacy policies will at least state that the user can choose to turn off cookies, though with the caveat that the action might affect the functionality of the site. AskNetwork developed AskEraser to be a more visible way for users to use Ask.com without being tracked, but as privacy advocates noted, AskEraser requires that a cookie be downloaded, when many people who care about privacy periodically clear their cookies. AskEraser also doesn’t affect data collection by third parties.
More interestingly, Google recently announced some new tools for their targeted advertising program for people concerned about being tracked. These tools include a plug-in for people who don’t want to be tracked that will persist even when cookies are cleared and a way for users to know what interests have been associated with them. Google’s new Ad Preferences page also allows people to control what interests are associated with them and not just turn off tracking altogether.
Neither tool is perfect but they’re still fascinating. The more users are able to see what companies know about them, the better they can understand what kind of information is being collected as they use the internet. And Google seems to recognize that people’s concerns about privacy can’t just be assuaged just through an on-off switch, that we want more fine-tuned controls instead.
The big concern for me, though, is whether Google or any other company that wants to be innovative about privacy is actually interested in fundamentally changing the way data is collected. Google’s targeted advertising program can afford to lose the data they would have tracked from privacy geeks, and still rely on getting as much information as possible from others, most of whom have no idea what is happening.
Real Privacy. More Data.
"Real Privacy" means
