The Privacy Tug of War

According to the World Economic Forum, “personal data represents an emerging asset class, potentially every bit as valuable as other assets such as traded goods, gold or oil.”  Given the inherent value of this new asset class, it’s no surprise there has been an ongoing tug of war regarding how consumers should be compensated for access to their personal data.

In a March 2003 Wired article titled, “Who’s Winning Privacy Tug of War?“, the author suggests that “[c]onsumers appear to have become weary of the advertising bombardment, no matter how targeted to their tastes those ads may be.”  And, the “tit-for-tat tactic on the Web” that requires users to provide certain personal information in exchange for product or other information may be much less than a perfect marketing model given these marketing preference databases “are polluted with lies.”

Fast forward a decade or so and companies are still trying to figure out the Privacy Tug of War rules of engagement.  In a report released on September 19, 2012, UK think tank Demos released a report it considered “the most in-depth research to date on the public’s attitudes toward the sharing of information.”   Not surprisingly, Demos found that in order to maximize the potential value of customer data, there needs to be “a certain level of trust established and a fair value exchange.”   The firm found that only 19 percent of those surveyed understand the value of their data, and the benefits of sharing it.

The surveys, workshops and other research tools referenced in the Demos report all point towards a “crisis of confidence” which may “lead to people sharing less information and data, which would have detrimental results for individuals, companies and the economy.”   Demos offers up a possible solution to this potential crisis:

The solution is to ensure individuals have more control over what, when and how they share information. Privacy is not easily defined. It is a negotiated concept that changes with technology and culture. It needs continually updating as circumstances and values change, which in turn requires democratic deliberation and a dialogue between the parties involved.

It is hard to have any meaningful deliberations when no one is charting a clear path to victory in the Privacy Tug of War — nor is there any consensus regarding whether it is preferable to even have such a path.   Some on the privacy circuit have suggested we must create better privacy metrics and offer tools to use those metrics to measure whether a company’s privacy protections are “satisfactory”.   Consumers right now can rely on sites such as Clickwrapped to score the online privacy policies of major online brands.   Certification services such as TRUSTe provide insight regarding the online privacy standards of thousands of websites.   If they don’t like what they see, consumers can always “opt out” and use services such as that of start-up Safe Shepherd to remove “your family’s personal info from websites that sell it.”

Unfortunately, no commercially available privacy safeguard, testing service or certification can ever move fast enough to address technological advances that erode consumer privacy given such advances will always launch unabated — and undetected — for a period of time.  Not unlike Moore’s Law regarding the doubling of transistor computing power every two years, it appears that consumer privacy diminishes in some direct proportion to new technological advances.  Consumer privacy expectations should obviously be guided accordingly.   Unlike with Moore’s Law, however, there is no uniform technology, product, or privacy metric that can be benchmarked as it is in the computer industry.

This does not mean we are powerless to follow technology trends and quantify an associated privacy impact.  For example, the Philip Dick/Steven Spielberg Minority Report vision of the future where public iris scanning offers up customized advertisements to people walking around a mall has already taken root in at least one issued iris-scanning patent that is jointly owned by the federal government and a start-up looking to serve ads suggested using facial recognition techniques.  In direct reaction to EU criticism of Facebook’s own facial recognition initiative, Facebook temporarily suspended its “tag-suggest” feature.  This automatic facial recognition system recognized and suggested names for those people included in photographs uploaded to Facebook – without first obtaining the consent of those so recognized and tagged.

Closely monitoring technological advances that may impact privacy rights — whether the body diagnostics of Mc10 and ingested medical sensors from Proteus, the latest in Big Data analytics, or a new EHR system that seamlessly ties such innovations together — becomes the necessary first step towards understanding how to partake in the Privacy Tug of War.

Unlike the PC industry that is tied to Moore’s Law, our government’s unbounded funding is an active participant in developing privacy-curtailing technological advances.  For example, the FBI is currently undergoing a billion-dollar upgrade creating its Next Generation Identification Program which will deploy the latest in facial recognition technologies.   As recognized by CMU Professor Alessandro Acquisti, this “combination of face recognition, social networks data and data mining can significantly undermine our current notions and expectations of privacy and anonymity.”

Not surprisingly, there has been some push back on such government initiatives.    For example, on September 25, 2012, the ACLU filed suit against several government agencies under the Freedom of Information Act seeking seeking records on their use and funding of automatic license plate readers (APLRs).  According to the Complaint, “ALPRs are cameras mounted on stationary objects (e.g., telephone poles and the underside of bridges) or on patrol cars [and] photograph the license plate of each vehicle that passes, capturing information on up to thousands of cars per minute.”   The ACLU suggests that APLRs “pose a serious threat to innocent Americans’ privacy.”

The imminent unleashing of unmanned aircraft systems – commonly known as “drones” – sets in motion another technological advance that should raise serious concerns for just about anyone.  Signed by President Obama in February 2012, The FAA Modernization and Reform Act of 2012, among other things, requires that the Federal Aviation Administration accelerate the use of drone flights:

Not later than 270 days after the date of enactment of this Act, the Secretary of Transportation, in consultation with representatives of the aviation industry, Federal agencies that employ unmanned aircraft systems technology in the national airspace system, and the unmanned aircraft systems industry, shall develop a comprehensive plan to safely accelerate the integration of civil unmanned aircraft systems into the national airspace system.

As recognized by the Government Accountability Office in a September 14, 2012 Report, even though “[m]any [privacy] stakeholders believe that there should be federal regulations” to protect the privacy of individuals from drone usage, “it is not clear what entity should be responsible for addressing privacy concerns across the federal government.”

This is not an insignificant failing given according to this same report, commercial and government drone expenditures could top $89.1 billion over the next decade ($28.5 billion for R&D and $60.6 billion for procurement).  Interestingly, the necessary comprehensive plan to accelerate integration of civil drones into our national airspace systems will be due on November 10, 2012 – right after elections.   According to an Associated Press-National Constitution Center poll, 36 percent of those polled say they “strongly oppose” or “somewhat oppose” police use of drones.   This somewhat muted response is likely driven by the fact most polled just do not understand the capabilities of these drones and just how pervasive they will become in the coming years.

The technology advance that may have the greatest impact on privacy rights does not take to the skies but is actually found in most pockets and purses.   The same survey referenced above found that 43 percent of those polled (the highest percentage) primarily use a mobile device alone rather than a landline or a combination of mobile device and landline — with 34 percent of those polled not even having a landline in their home.   Not surprisingly, companies have been aggressively tapping into the Big Data treasure trove available from mobile device usage.   Some politicians have taken notice and are already drawing lines in the digital sand.

Under the Mobile Device Privacy Act introduced by Congressman Edward J. Markey, anyone who sells a mobile service, device, or app must inform customers if their product contains monitoring software — with statutory penalties ranging from $1,000 per unintentional violation to $3,000 per intentional violation.   This new bill addresses only a single transgression of the personal-data-orgy now being enjoyed by so many different companies up and down the mobile device communication and tech food chain.   As evidenced by the current patent landscape — including an issued Google patent that involves serving ads based on a mobile device’s environmental sounds — and the now well-known GPS capabilities of mobile devices, the privacy Battle of Midway will likely be fought around mobile devices. Companies with a stake in the Privacy Tug of War — as well as those professionals who advise such companies — will only be adequately prepared if they recognize that this battle may ultimately have no clear winners or losers — only willing participants.