Privacy is dead, right? Facebook knows everything about
you, and the world is still turning. Whether you don't mind companies or
the government knowing all about your private life or still feel
completely uneasy at the idea, we often gloss over exactly why your personal data is worth protecting. We teamed up with the Electronic Frontier Foundation to get to the heart of the issue, and dispel some common myths around the ways your data is used.
We sat down with Rainey Reitman, Activism Director at the EFF, to discuss why digital privacy is important, why you should keep a skeptical eye to services that make promises of "free" services in exchange for tidbits of personal information, and why you should care about the privacy of others even if you're not concerned about your own data and how it may be used. All in all, the message is clear: It's tempting to throw up your hands and say "privacy is dead," but nothing could be further from the truth.
When we discussed how companies track you on the web and what you can do to stop them,
I drew on my personal experience working for a company that trades in
information—both personal and aggregate—to explain why your data is so
valuable to the businesses that want it. Making the case that
information about you, your demographics, your behaviors and habits—all
information you may think has little to no value—is valuable to the
people looking for it is one important step in explaining why this is
all important. After all, if someone a company is able to build their
business model on getting your information, it must be worth something,
right?
Photo by Andy Mabbett.
That's part of the problem—individuals are all too often told that the information collected about them is "non-identifiable," which may very well be true to the party requesting it, but not so for anyone else with access to it later.
"Consumers are often unaware of the transaction that takes place when they sign their information away," Rainey explained, noting that this lack of transparency, coupled with the fact that companies who trade in and use that information resist efforts for consumers to opt-out of behavioral marketing are causes for concern. The fact is, your data is worth real, tangible money to the companies that offer you free services (in Facebook's case, you're worth just shy of $5 per year) and the companies they do business with, even if they're not asking you to open your wallet.
Hardly. Rainey explained "People do care about privacy!" She directed me to a 2009 study by KnowPrivacy, a research group headed by Jason Schultz and Chris Hoofnagle of the Samuelson Law, Technology & Public Policy Clinic at the University of California Berkeley, that shows that people are indeed concerned about what data is requested of them, how much of the requested information is required for the service they want to use, and how their data is eventually used. The survey notes that even young people are concerned about their privacy, the ones often written off as part of a generation that's willing to share everything online.
Photo remixed from jayfish (Shutterstock).
"These same people are comfortable telling their friends what they ate for breakfast," Rainey remarked, "but they're not comfortable telling their medical insurer, or having their medical insurer get access to their Facebook account because they clicked a Like button, for example." These results were reiterated in a 2010 USA Today/Gallup poll that uncovered similar results—people are still quite concerned with their privacy. The baseline for privacy has simply changed.
Rainey says that even those who dismiss privacy concerns become concerned
when confronted with the depth of information they've revealed, and
when shown how that information is used once they give it up. In the
end, the argument isn't a zero-sum game: people don't want their
services free and their privacy intact, Rainey reiterated. "They just
want control over what information they give up, what they
agree to, and what information is made public versus kept private in the
databases and annals of the companies and organizations that get to see
it."
The short answer is that there's no real difference between the two. Here's why:
So while the government and businesses are both scrambling to collect as much information as they can, you should have serious reservations about whether the data is being kept securely, what rights you have after the fact to remove personally identifiable information should be it collected, and how that information is being used by other groups you didn't sign an agreement with once you give it up to the one you did. The issue is so pervasive that the White House recently called for a Consumer Privacy Bill of Rights to ensure both the government and private agencies only collect the information required to provide specific services, and no more—a measure that many called a good first step, but just that: a first step.
When I brought up this concern to Rainey, she laughed: "It's always entertaining to hear the argument swing from ‘but people like these ads' to ‘and without them the Internet will be gone forever!' The problem with the first part is that if it were true that people really did prefer and actually enjoy behavioral marketing, then why not give consumers the option to opt-in to them instead of forcing them to opt-out of every kind of marketing entirely? If they like it, giving them the choice to turn it off won't stop anyone!" She explained that privacy advocates aren't fighting for an ad-free Internet, they just want to give consumers who care about their privacy a way to opt-out of behavioral and targeted marketing efforts, something industry groups are fighting them on tooth and nail.
Photo by Jim Linwood.
As for the "death of the free internet," Rainey noted that while the basis of revenue-generation on the internet has always been advertising, it's only been recent years that we've seen a massive shift towards behavioral and targeted marketing that sticks with individuals not just on a single page, or in one company's services, but across all of their activities online. She's right—Jeff Jarvis wrote at BuzzMachine that even while he thinks much of the concern over privacy and do not track is a tempest in a teapot, companies at least need to be transparant about how they do what they've always been doing, and give consumers a choice. He noted that fast-forwarding through ads on television has been around for a long time, but that hasn't led to the death of the TV advertising industry. "Ads don't have to track you to make money," Rainey said, "You [advertisers] just need to give consumers the choice—the option to see ads without tracking! Then you could have both options and make everyone happy!" It's that lack of choice—she explained—that's the real problem.
Even if your privacy isn't important to you, there are others for
whom privacy is paramount. "Even if you're comfortable giving up your
personal information," Rainey said, "there are plenty of people who
aren't, and they shouldn't have to fight to keep their addresses out of
publicly accessible databases or off of a website where it's easily
obtained. Victims of domestic violence, members of the LGBT community,
political activists, human rights activists, police officers, even
public figures all need privacy to make sure their families and homes
are safe." Even if you're not convinced that your data is worth
protecting, there are others who need that protection. To that point,
it's worth remembering that on many social networks, we give up
information about those we're connected to when we let another app or
service in—even if we've consciously decided we're okay trading the
information requested about ourselves.
Image by freelanceartist (Shutterstock).
So what do you do now? We've shown you how to protect yourself and even how to watch companies track you in real time. In the end, the important thing to remember before you click through another privacy policy is to be actively aware of the transaction you're making. Just because something claims it's free doesn't mean it is, and it's up to you to decide whether the service is worth the price of admission.
We sat down with Rainey Reitman, Activism Director at the EFF, to discuss why digital privacy is important, why you should keep a skeptical eye to services that make promises of "free" services in exchange for tidbits of personal information, and why you should care about the privacy of others even if you're not concerned about your own data and how it may be used. All in all, the message is clear: It's tempting to throw up your hands and say "privacy is dead," but nothing could be further from the truth.
Cause for Concern: Why No One's Telling You Your Data Is Valuable
When we discussed how companies track you on the web and what you can do to stop them,
I drew on my personal experience working for a company that trades in
information—both personal and aggregate—to explain why your data is so
valuable to the businesses that want it. Making the case that
information about you, your demographics, your behaviors and habits—all
information you may think has little to no value—is valuable to the
people looking for it is one important step in explaining why this is
all important. After all, if someone a company is able to build their
business model on getting your information, it must be worth something,
right? Photo by Andy Mabbett.
That's part of the problem—individuals are all too often told that the information collected about them is "non-identifiable," which may very well be true to the party requesting it, but not so for anyone else with access to it later.
"Consumers are often unaware of the transaction that takes place when they sign their information away," Rainey explained, noting that this lack of transparency, coupled with the fact that companies who trade in and use that information resist efforts for consumers to opt-out of behavioral marketing are causes for concern. The fact is, your data is worth real, tangible money to the companies that offer you free services (in Facebook's case, you're worth just shy of $5 per year) and the companies they do business with, even if they're not asking you to open your wallet.
Does Anyone Actually Care Anymore? Isn't Privacy Dead?
Hardly. Rainey explained "People do care about privacy!" She directed me to a 2009 study by KnowPrivacy, a research group headed by Jason Schultz and Chris Hoofnagle of the Samuelson Law, Technology & Public Policy Clinic at the University of California Berkeley, that shows that people are indeed concerned about what data is requested of them, how much of the requested information is required for the service they want to use, and how their data is eventually used. The survey notes that even young people are concerned about their privacy, the ones often written off as part of a generation that's willing to share everything online.
Photo remixed from jayfish (Shutterstock).
"These same people are comfortable telling their friends what they ate for breakfast," Rainey remarked, "but they're not comfortable telling their medical insurer, or having their medical insurer get access to their Facebook account because they clicked a Like button, for example." These results were reiterated in a 2010 USA Today/Gallup poll that uncovered similar results—people are still quite concerned with their privacy. The baseline for privacy has simply changed.
Rainey says that even those who dismiss privacy concerns become concerned
when confronted with the depth of information they've revealed, and
when shown how that information is used once they give it up. In the
end, the argument isn't a zero-sum game: people don't want their
services free and their privacy intact, Rainey reiterated. "They just
want control over what information they give up, what they
agree to, and what information is made public versus kept private in the
databases and annals of the companies and organizations that get to see
it."Who's More Dangerous? The Government or Businesses?
The short answer is that there's no real difference between the two. Here's why:
- The Government: When you sign up for a new web
service, you might assume that your data goes only as far as the company
you've signed an agreement with. Unfortunately, that's not the case.
Rainey points out that filing a simple FOIA request revealed
that government agencies like the DEA and even the IRS regularly
collect, store, and request information from companies like Facebook and
Twitter.
So the government uses the information they collect on social media to hunt and catch criminals—that's not so bad, right? It's not that simple. "Those organizations all map social graphs to see how people of interest relate to each other, and subsequently investigate their friends, followers, and others in their networks," Rainey explained. To boot, the government often doesn't bother to get a court order or justify the reason they want this information to the network in question—they make a few phone calls or send over a letter asking for someone's information, and the service responds with the requested data.
- Businesses: At least the government has to provide some measure of transparency. Private entities are largely exempt from the Privacy Act of 1974,
and once they collect your information, there's no way to tell what
happens to it after that. Some companies reserve the right to sell the
information, and while most explicitly promise not to in their privacy
policies, they give themselves the out of being able to "share"
information with their "strategic partners," which is the same thing,
just without a cash transaction taking place.
Photo by Ludovic Hirlimann.
But these companies don't keep personally identifiable information (PII), right? You're just an aggregate number to them, so what's the worry? Well—that information sharing is generally done between companies in order to obtain that information and refine their marketing efforts. While it may mean nothing more than a few coupons at your doorstep, the fact of the matter is the trade in aggregate information is a hot one, and companies specialize in taking aggregate information and making it very personal. Even if that's not a problem for you, the real issue is that once that information is assembled, and once it is personal, you have no rights or access to it once you've signed it away. "Most people don't ask themselves, ‘Do I still have the rights to this data once I click OK?'" Rainey explained. "And then, once it's gone, you don't even have the right to change it, update it, or even request your information be removed later if circumstances change."
She then pointed me to the Privacy Rights Clearinghouse's Chronology of Data Breaches, a massive collection of data publicly reported data breaches at companies that store public and private information going back to 2005—everything from missing laptops to massive hacks. "The fact is, that once your data is collected, even if it's aggregate, and stored in one of these databases, it's being actively targeted by people who want it, and it's vulnerable to breaches. One study showed that a year after a database like one of these is broken into, your chance of being a victim of identity theft is four times greater." That's long after the courtesy credit and identity theft monitoring services most companies offer if their databases are hacked, and as we've seen from recent credit card breaches, once your information is lost it may be a big deal to you, but on an individual level, it's not horribly valuable to the company tasked with protecting it.
So while the government and businesses are both scrambling to collect as much information as they can, you should have serious reservations about whether the data is being kept securely, what rights you have after the fact to remove personally identifiable information should be it collected, and how that information is being used by other groups you didn't sign an agreement with once you give it up to the one you did. The issue is so pervasive that the White House recently called for a Consumer Privacy Bill of Rights to ensure both the government and private agencies only collect the information required to provide specific services, and no more—a measure that many called a good first step, but just that: a first step.
But Targeted Ads are Better than Random Ones, Right? And If We All
Keep Our Data Private, Nothing Will Be Free Anymore and the Internet
Will Cease to Exist!
When I brought up this concern to Rainey, she laughed: "It's always entertaining to hear the argument swing from ‘but people like these ads' to ‘and without them the Internet will be gone forever!' The problem with the first part is that if it were true that people really did prefer and actually enjoy behavioral marketing, then why not give consumers the option to opt-in to them instead of forcing them to opt-out of every kind of marketing entirely? If they like it, giving them the choice to turn it off won't stop anyone!" She explained that privacy advocates aren't fighting for an ad-free Internet, they just want to give consumers who care about their privacy a way to opt-out of behavioral and targeted marketing efforts, something industry groups are fighting them on tooth and nail.
Photo by Jim Linwood.
As for the "death of the free internet," Rainey noted that while the basis of revenue-generation on the internet has always been advertising, it's only been recent years that we've seen a massive shift towards behavioral and targeted marketing that sticks with individuals not just on a single page, or in one company's services, but across all of their activities online. She's right—Jeff Jarvis wrote at BuzzMachine that even while he thinks much of the concern over privacy and do not track is a tempest in a teapot, companies at least need to be transparant about how they do what they've always been doing, and give consumers a choice. He noted that fast-forwarding through ads on television has been around for a long time, but that hasn't led to the death of the TV advertising industry. "Ads don't have to track you to make money," Rainey said, "You [advertisers] just need to give consumers the choice—the option to see ads without tracking! Then you could have both options and make everyone happy!" It's that lack of choice—she explained—that's the real problem.
So What Do I Do About It? What Does It Matter?
Even if your privacy isn't important to you, there are others for
whom privacy is paramount. "Even if you're comfortable giving up your
personal information," Rainey said, "there are plenty of people who
aren't, and they shouldn't have to fight to keep their addresses out of
publicly accessible databases or off of a website where it's easily
obtained. Victims of domestic violence, members of the LGBT community,
political activists, human rights activists, police officers, even
public figures all need privacy to make sure their families and homes
are safe." Even if you're not convinced that your data is worth
protecting, there are others who need that protection. To that point,
it's worth remembering that on many social networks, we give up
information about those we're connected to when we let another app or
service in—even if we've consciously decided we're okay trading the
information requested about ourselves. Image by freelanceartist (Shutterstock).
So what do you do now? We've shown you how to protect yourself and even how to watch companies track you in real time. In the end, the important thing to remember before you click through another privacy policy is to be actively aware of the transaction you're making. Just because something claims it's free doesn't mean it is, and it's up to you to decide whether the service is worth the price of admission.
Rainey Reitman is Activism Director at The Electronic Frontier Foundation. She graciously offered her time and expertise for this post, and we thank her.
