Online privacy is more complicated than many realize part 2

Last post I looked at the first five of Paul Rubins' "Ten fallacies about web privacy." The subtitle, and part of his fifth fallacy is, "We are not used to the concept that something can be known and at the same time no person knows it." That is a true statement, but it's a statement about a snapshot in time. There are data breaches every day with thousands, tens of thousands and even tens of millions of peoples private data being stolen. Just because only a computer knows it today is not garauntee a computer won't tell an unauthorized someone tomorrow.

That said, let's take a look at fallacies six through ten.

6. Information can be used for price discrimination (differential pricing), which will harm consumers. Paul makes a good point that differential pricing isn't necessarily all bad. With good data a business might charge people who are willing to pay more the higher price they are willing to pay, making it financially and technically possible for them to charge less for people who are unable to pay the higher price.

7. If consumers knew how information about them was being used, they would be irate. I think Paul isn't looking deep enough in his response to this fallacy. In fact, I'm not sure his response refutes it:

When something (such as tainted food) actually harms consumers, they learn about the sources of the harm. But in spite of warnings by privacy advocates, consumers don't bother to learn about information use on the Web precisely because there is no harm from the way it is used.

In the case of tainted food, the harm is plain, even obvious. In the world of online privacy the source of the harm might not even be discernable by the average person. It might be months or even years before they discover any harm has been done. Not to mention that just because some knowledge about me isn't harmful doesn't mean I want it being gathered, tabulated and distributed.

8. Increasing privacy leads to greater safety and less risk. Again, I only agree with Paul to a point on this one. Information can be used to verify identity, raise flags on unusual behavior, and determine many, many things that can be used to target me specifically for all kinds of nifty products I don't want. But the amount of data needed to verify my identity is actually very small. The amount to tell if an unusual purchase is being made not much greater, and from a very specific, and in some ways, very limited source. At least when compared to all of my potentially trackable activity. I don't need to give up a ton of information to every website I visit to receive the benefits Paul mentions.

9. Restricting the use of information (such as by mandating consumer "opt-in") will benefit consumers. Paul asserts that "the use of information is generally benign and valuable," so such restrictions would be harmful. Generally benign? Maybe. Valuable? Always to the information gatherers, sometimes to the consumer. One thing I can agree with, opt-in would be harmful to the data gatherers, at least in the short term. Most people never change default settings, so to default to privacy when the norm has been gather data freely would be like damming the Colorado.

There is a difference in this case that might make people who would normally live with the defaults decide to opt-in. We are used to having sites recognize and remember us. There are a lot of little things that we've grown used to that would make people want to opt-in. So the information flow would be drastically reduced for a time, then would gradually increase to some point below where it was originally.

10. Targeted advertising leads people to buy stuff they don't want or need. Hmmm. Isn't the point of targeted advertising that it makes sure the ads served up are the ads the person would want to see? In addition, Paul makes good points that this fallacy shows a fundamental failure to understand how our economy works.

Paul Rubin has some very good points, but I think his point of view tends to focus on what's good for businesses more than what's good for people. Online privacy is a very complicated issue, and what is good for businesses may not be good for individuals. That said, it is a topic that needs more discussion from more points of view so that everyone concerned has input. Whatever privacy, online or off, looks like in ten, or even 5, years, it's going to be very different from what privacy was just 10 years ago. That doesn't have to be a bad thing, but it's not automatically going to be a good thing, despite what Paul Rubin has to say.

 

Online privacy is more complicated than many realize

Paul Rubin of the Wall Street Journal wrote a piece discussing 10 of the most dangerous myths about privacy online. I have to admit that I hadn't thought of a couple of them. Several of them are related, and if policy is decided based on any of them it could have serious effect on the way we experience life online. I'm going to look at the first five myths today, and the second five tomorrow.

Rubin's first five myths:

1. Privacy is free. It is not possible to gain more privacy without losing something. The more privacy, the less information available for websites to market to advertisers, the fewer targeted ads and the less targeted content, and the less efficiently websites can serve their customers. Information is the oil of marketing, as much on the web as in the real world. The less information, the less efficiently the engine runs.

2. If there are costs of privacy, they are borne by companies Facebook has made a business model out of proving this one wrong. The more information Facebook gathers, the more personalised the site can be for each user, the more able Facebook is to connect you to people you knwo, and the more targeted ads can be, so Facebook can offer advertisers blocks of users who match their target demographic extremely closely, which means more money to improve services for users. Total privacy isn't desirable, even if it was possible. As noted in myth 1, information is essential to the smooth running of the internet as we know it. But total sharing of information isn't desirable, either.

3. If consumers have less control over information, then firms must gain and consumers must lose. See above. Information makes it possible for businesses to tailor their online offerings to site visitors. Imagine Facebook if it didn't gather any information. The experience would be totally different, and it wouldn't have half a billion users.

4. Information use is "all or nothing" The assumption is that businesses will continue to operate and offer services even without the information they currently gather. That may be true, but services may suffer. I liked the example Paul used:

For example, search engines can better target searches if they know what searchers are looking for. (Google's "Did you mean . . ." to correct typos is a familiar example.) Keeping a past history of searches provides exactly this information. Shorter retained search histories mean less effective targeting.

We may not realize how much we rely on targeted searches, but I remember when searching for "black hair care" had porn sites for the first five results, and that was not what I was looking for.

5. If consumers have less privacy, then someone will know things about them that they may want to keep secret. I don't entirely agree with Paul on this one. He says:

Most information is used anonymously. To the extent that things are "known" about consumers, they are known by computers. This notion is counterintuitive; we are not used to the concept that something can be known and at the same time no person knows it. But this is true of much online information.

He's right, to a point. But it has been shown several times that it is impossible to truly anonymize personal information and still have it be useful, and even anonymized information can be used to find someone. All it takes is a birthdate, gender and zip to allow most people to be identified. Gender plus age plus zip code will narrow it down within a few hundred people or less. And social networks allow individuals to put any and everything about themselves online for the world to see. There does need to be some regulation. Privacy is important. So is a businesses ability to gather information about it's customers so it can better serve them. But there should be a limit to what businesses can gather.

See the next five myths tomorrow.