Wednesday, July 23, 2014

The Value of Privacy

“All human beings have three lives: public, private, and secret.”
Gabriel Garcia Marquez 

There has been much furor and attention in the news regarding the NSA’s blatant overreach and invasion of privacy but the reality is that the manner in which the private sector has been invading our personal lives is far more intrusive and concerning. What’s more, nobody really knows how much is actually being collected, which companies are doing the collecting or the methods they are using. In this regard the internet remains the Wild West. In the words of Tim Berners-Lee, the inventor of the World Wide Web, “A digital Magna Carta is required if we are to stand any chance of halting the Internet’s steady infringement of our right to privacy.” What is scarier is that the information being collected, on each of us, is also being compiled and sold to third parties without our knowledge or consent. 

For many years we were assured that the information we shared via online searches, sites we visited and ads we clicked was being collected and stored in a non-personally identifiable manner. And that it was being collected with the intention of improving our online experiences and adding a greater degree of personalisation for marketing to us. It turns out that this is far from the truth. Today, there are numerous companies compiling dossiers on us; gleaned not only from our online behaviours and habits, but then supplemented with information from the real world. Frighteningly, these dossiers are not anonymous. They identify us by name and contain comprehensive profiles that include everything from political and religious affiliations to medical and criminal histories to shopping and surfing habits. These dossiers are being openly sold to everyone from prospective employers and research companies, to marketers and financial institutions. Watch 60 Minutes report: “The Data Brokers” 

The argument used by marketing companies, internet firms and these so called data brokers, to defend this gross invasion of privacy, is to say that anything we disclose on the internet (as well as data that exists in the public domain) should be considered fair game. They argue that people are fully aware of the information they are sharing online, doing so willingly, and free to read the terms and conditions on each website about how their data is being handled. In their estimation, consumers are willingly parting with all this personal information. They further contend that the internet is a marketing medium, so people need to accept that information gleaned off it can and will be used not only to personalize experiences, but also to better advertise and market to us. Based on this flimsy argument they also staunchly believe that there is no need for government regulation to prevent anyone willing to pay money to know more about us, than a spouse or parent ever would. Then there are those who argue that if we have nothing to hide, why should we be concerned?  They ask why we care if every term we search, product we buy, page we visit, prescription we fill and gift we send is tracked by companies or sold on to third parties. To me this is a totally false argument because an individual’s right to privacy has nothing to do with having something to hide. Everyone has a reasonable expectation to privacy in a democratic society. It is a fundamental right. 

Think about a really simple analogy in the real world. Imagine you walk out of your house to run some errands on a beautiful Saturday morning. You stop at Starbucks on the corner for a latte and doughnut. Next you cross the street to go over to the pharmacy to pick up the prescriptions your doctor called in. The pharmacist asks you to verify your home address. On your way home you decide to run a few more errands. First, you stop at another drugstore to talk to their pharmacist about recommending something for a nasty rash you have on your inner thigh (Note: you choose not to ask your regular pharmacist who knows your whole family by name, because you are feeling embarrassed and not because you have something to hide). Then it’s a stop at the local grocery store, where you use some email coupons on your phone. You then make a quick stop at the wine store to pick up a nice bottle of wine for yourself and a few bottles of bubbly for the party you are attending this weekend. You spend some time browsing at your favourite local boutique, on your way to the final stop at the dry cleaner. The clerk at the dry cleaner asks for your home phone number to look up your account. Arguably, you have been in what can be described as the 'public domain' while running all your errands. Much like if you had stayed home and transacted entirely on the internet. In both cases, you were required to divulge and share various bits of personal and private information, including your home address, phone number, medical history and credit card information in order to complete your transactions. 

Now imagine that you are running through the same schedule, except that from the moment you leave your home, you have a dozen random strangers physically following you around and secretly take down all the little bits of information you are legitimately required to and willing to divulge along the way. These strangers would be doing this without your prior consent or knowledge. These shadowy figures are simply leaning in closer as you give the pharmacist your insurance information and prescription list, or peering over your shoulder to look at your grocery cart, trying to determine if you are gluten intolerant. In fact, they are keeping track of everything you say, see and do. Now imagine that these strangers follow you around every day for months or even years collecting, storing and then combining this data with every other bit of information they can find from public records. They include your past employers, home addresses, credit history, political and charitable donations, etc. and then they put it all together to create a file on you that they can legally sell to any third party willing to pay for it.  

These exact dossiers compiled by data brokers are now being used by many financial institutions to gauge your 'social' ranking and credit-worthiness, based on who your Facebook friends are. Such compilations are even being used by prospective employers to determine your character. This gross violation of trust is actually happening today, completely in the shadows and without our consent. I understand that technology has reshaped our lives in many ways and with these conveniences there is a reasonable and necessary loss of privacy. With this I don’t believe anyone has an issue. However, to say that if we are bothered by the extent to which we have lost control over our private information, and the solution is to simply stop using the internet or sharing personal information on it (which is impossible) – it is akin to saying we should not leave the house if we are worried about getting mugged. It is a totally nonsensical argument and an unrealistic expectation in a world that has become completely dependent on technology. The point is not to have zero, or even total, privacy, but that information gathering should not be done surreptitiously. It should be conducted in a way that clearly informs us, gives us the choice to participate or not, and allows us to limit the amount of information we are willing to share.

It is an absolute right to expect privacy and be aware of how our information is being used and by whom; especially when sharing information in a specific situation for a very specific purpose, e.g. at a pharmacy to get a prescription filled. It is not unreasonable to expect that the same pharmacy will never share this information or start to combine it with other habits, behaviours, etc. and then sell the information to a third party. Equally, it would be ludicrous to try to regulate the entire internet by creating even more complex and detailed privacy laws that cover every possible situation or transaction; not to mention trying to do this globally in some uniform way. 

The solution is to make the whole process completely transparent and allow people to make the choices regarding information they are willing to share. Make it simple and clear about how and for what purpose our information will be used on every site. For example, if you shop on Amazon. then the baseline should be that this site alone would have access to only the most basic information required (name, address, credit card) for someone to complete a transaction; and this information would never be shared or sold to a third party without our prior consent. Amazon should also allow us to delete personal browsing and shopping history, if I choose not to save it or be marketed to more accurately. Further, Amazon could build incentives for people who are willing to share more of their shopping history, or even more detailed information about themselves, their habits and behaviours; even around the rest of the web. The same should hold true for tracking companies; they too can create incentives for people willing to sign-up and give them permission to follow them across the web, on their mobile phones, etc. 

Finally, every company that sells and profits off individual data should also share that revenue with the individual; creating a sort of human-information exchange. However, the default on the web and every site should always be that people are opted-out and not the other way around, as it is today.

1 comment: