Untangling The Incredibly Complicated, Puzzling World Of Online Privacy


Senators Al Franken and Richard Blumenthal introduced a bill yesterday that takes direct aim at online privacy. After it was reported recently that tech giants like Apple and Google might be collecting location data from unwitting customers, public officials raced to put together legislation that would give the public more control over personal information. If passed, the bill would require developers to obtain consent before collecting and sharing geo-location data.

But that's only one small piece of the incredibly massive and complicated online-privacy puzzle, one that public officials, privacy advocates, and tech companies are trying to solve. Think of all the ways our personal data is collected: through tablets and smartphones and apps and email clients and browsers and myriad web services. The problem has become so fraught that few pretend to have an answer for all of the issue's complexities. A recent interview with Mitchell Baker, chairwoman of the nonprofit Mozilla Foundation, underscored this idea. Baker has been a crusader for user privacy, having been involved with the issue for years. "I'm smack in the middle of all of this," she says. But she will be the first to admit that not even the tech-savvy folks at Firefox have all the answers.

Firefox, notably, has fought hard to build a Do Not Track feature, a first step in letting users opt out of sharing their data with advertisers. Baker says the tool is in its earliest stages. When asked what it could look like in the future—will it let users opt out of data-sharing altogether or on case-by-case basis?—Baker reminded me again how young Do Not Track is. "We don't know yet [what it will look like]," she says. "There's a lot of testing and experimentation."

Whether Mozilla or another organization could even create a tool powerful enough to protect users from sharing data is another problem. There's mountains and mountains of data being shared. Just two practically daily examples for many of us: Data is shared every time you open up Foursquare and share your location, or look on Netflix for a recommendation. Creating one tool for the browser, then, is a bit like setting up a red light in front of a tidal wave.

"No question, there's a tsunami of data," says Baker. "We don't yet know what our products are going to look like, or even what our society is going to look like."

Facebook has been a key factor in redefining privacy norms. For a child growing up sharing photos and status updates on social networks, he or she might even be less concerned over sharing personal information.

"Are we going to live in a web that's really awesome and powerful and it makes my life better? Or are we going to live in a web that's darker than that vision? Big Brother was written before we have the surveillance capabilities we have today," Baker says. "I think questions of social interaction evolve and change constantly. Yes, we have a whole set of people who for vast portions of their lives it's really exciting to live in a really public space. Will that be true in the future? I don't know. Will that generation of people always feel that way? I don't know. It could go either direction."

Baker adds that social activity may cycle with age and new technological advances.

"When I grew up, there was this constant refrain with parents about their teenage kids on the telephone — three, four, six hours a day, and it wasn't an exaggeration. That was the social tool of the time," she says. "People would gossip, and they'd get off the phone and call their next friend, and they'd describe what they said to their next friend, and it wasn't as effective as Facebook, but it was a social mechanism that the older generation was like, 'Oh my gosh, how can you do that? What a waste of time, all you do is gibbering.' So things do change. But I just don't think we know [what the future holds]."

So not only do we not know what a privacy tool might look like in the future, or whether one could even be created to control the swamp of personal data online, but by the time one could come to fruition, it's also unclear whether our greater society would even need or want it given our forever-changing views on privacy.

As for potential government regulation of online privacy, which Baker has previously discussed with Fast Company at length, it represents yet another mystery.

"We're trying as hard as we can," she says. "We do believe very strongly that each of us will need tools [to protect our personal data]. Is there some piece of legislation that would be a good tool? The answer is, well, there might be, but we don't know what it is just quite yet."

[Image: Flickr user Clazzi]

Add New Comment


  • Bob Jacobson

    Way overblown.  The privacy issue isn't nearly that complicated, though alleged complication is a good way for perps to muddy the waters.  In both North America and Europe, protections exist for personal data and for the most part, they are adhered to.  What transpires over the net tends not to be either that personal or critical, although no one wants to see their purchasing codes pilfered.

    What makes the biggest impression on potential information pickpockets or outright thieves is the successful prosecution of a keystone case.  It only takes one to eliminate 80 percent of the offenses.  Then one can focus law enforcement resources on educating the other 20 percent on why crime is a bad idea and forcibly dealing with the 5-10 percent who are absolute recalcitrants or sociopaths.

    Realistically, monopoly organizations often destroy social comity by drawing up contracts or deals that exceed the bounds and destroy trust.  Waivers that require customers to seek arbitration rather than legal remedies for complaints are a case in point.  But again, protecting against such abuses in any realm is a social matter, not a technology application.

    All in all, setting limits, negotiating processes, and ensuring that
    most people play according to the rules are social innovations, and
    really no more innovative than contracts for services.  It's very
    important to make sure that the potential victims understand their
    privacy rights and also how they may inadvertently (or intentionally)
    waive those rights.

    The sooner we stop relying so heavily on technological solutions and start passing and enforcing thoughtful laws and regulations, the quicker we can evaluate their efficacy and make adjustments.  A regime in which 95 percent of the people live more safely is better than one in which 5 percent -- those with lawyers and professional buffers -- do.  

    BTW, I've been in the field for 30 years.  As the CA Legislature's expert on info and telecom issues in the 1980 -- during the rise of the Internet, before the web.  I invented the term electronic commerce in 1983 for a hearing in Sacramento featuring CompuServe, MCI Mail, and Prodigy plus smart people from the consumer side.  We wanted back then to deal with emerging privacy issues, but were pooh-pooh'ed before our peers by the Direct Marketing Association, the credit bureaus, and law enforcement -- policy buffoons who are responsible, I contend, for today's online abuses such as identity theft, digital stalking, and worse. 

    Never ever believe privacy can't get done.  It can.  It's not that complicated.  But it requires public and personal willpower.