Monday, September 13, 2010

Online privacy is more complicated than many realize part 2

Last post I looked at the first five of Paul Rubins' "Ten fallacies about web privacy." The subtitle, and part of his fifth fallacy is, "We are not used to the concept that something can be known and at the same time no person knows it." That is a true statement, but it's a statement about a snapshot in time. There are data breaches every day with thousands, tens of thousands and even tens of millions of peoples private data being stolen. Just because only a computer knows it today is not garauntee a computer won't tell an unauthorized someone tomorrow.

That said, let's take a look at fallacies six through ten.

6. Information can be used for price discrimination (differential pricing), which will harm consumers. Paul makes a good point that differential pricing isn't necessarily all bad. With good data a business might charge people who are willing to pay more the higher price they are willing to pay, making it financially and technically possible for them to charge less for people who are unable to pay the higher price.

7. If consumers knew how information about them was being used, they would be irate. I think Paul isn't looking deep enough in his response to this fallacy. In fact, I'm not sure his response refutes it:

When something (such as tainted food) actually harms consumers, they learn about the sources of the harm. But in spite of warnings by privacy advocates, consumers don't bother to learn about information use on the Web precisely because there is no harm from the way it is used.

In the case of tainted food, the harm is plain, even obvious. In the world of online privacy the source of the harm might not even be discernable by the average person. It might be months or even years before they discover any harm has been done. Not to mention that just because some knowledge about me isn't harmful doesn't mean I want it being gathered, tabulated and distributed.

8. Increasing privacy leads to greater safety and less risk. Again, I only agree with Paul to a point on this one. Information can be used to verify identity, raise flags on unusual behavior, and determine many, many things that can be used to target me specifically for all kinds of nifty products I don't want. But the amount of data needed to verify my identity is actually very small. The amount to tell if an unusual purchase is being made not much greater, and from a very specific, and in some ways, very limited source. At least when compared to all of my potentially trackable activity. I don't need to give up a ton of information to every website I visit to receive the benefits Paul mentions.

9. Restricting the use of information (such as by mandating consumer "opt-in") will benefit consumers. Paul asserts that "the use of information is generally benign and valuable," so such restrictions would be harmful. Generally benign? Maybe. Valuable? Always to the information gatherers, sometimes to the consumer. One thing I can agree with, opt-in would be harmful to the data gatherers, at least in the short term. Most people never change default settings, so to default to privacy when the norm has been gather data freely would be like damming the Colorado.

There is a difference in this case that might make people who would normally live with the defaults decide to opt-in. We are used to having sites recognize and remember us. There are a lot of little things that we've grown used to that would make people want to opt-in. So the information flow would be drastically reduced for a time, then would gradually increase to some point below where it was originally.

10. Targeted advertising leads people to buy stuff they don't want or need. Hmmm. Isn't the point of targeted advertising that it makes sure the ads served up are the ads the person would want to see? In addition, Paul makes good points that this fallacy shows a fundamental failure to understand how our economy works.

Paul Rubin has some very good points, but I think his point of view tends to focus on what's good for businesses more than what's good for people. Online privacy is a very complicated issue, and what is good for businesses may not be good for individuals. That said, it is a topic that needs more discussion from more points of view so that everyone concerned has input. Whatever privacy, online or off, looks like in ten, or even 5, years, it's going to be very different from what privacy was just 10 years ago. That doesn't have to be a bad thing, but it's not automatically going to be a good thing, despite what Paul Rubin has to say.