May 05, 2012

How "Privacy Correctness" Is Leading Us Dangerously Astray

You're probably familiar with the term "politically correct" and its ramifications. Simply stated, "political correctness" relates to the narrowing of discussions, often by focusing on specific examples of "violations" (in a range of circumstances) that in reality do not have notable intrinsic, relevant, or significant impacts.

Political correctness can be purposely used as a weapon to manipulate debates, or it can be the result of genuine confusion regarding the actual facts of a situation. Frequently, political correctness issues involve both of these facets.

As we look at the almost daily parade of supposed "privacy problems" that splash across the Web and other media, followed by calls for investigations, massive fines, and sometimes large-scale governmental interventions -- a fundamental question arises.

To what extent are we concerned about actual, important, substantive privacy concerns, and conversely, to what degree are we engaging in -- perhaps to coin a phrase in this context -- unwise, counterproductive, manipulative, and even potentially dangerous "privacy correctness."

At first glance, it might appear that the seeming sheer complexity of the technology surrounding privacy these days would make such determinations difficult.

Cookies and Flash, JavaScript and AJAX, encryption and targeted ads. And so on. How can anyone be expected to untangle all this in terms of privacy concerns?

In reality though, the complex nature of these technologies -- many of which are key to providing and helping to pay for services that users have come to expect, usually without charge -- offers a clue that we may be spending our time looking in the wrong places.

One thing we can be absolutely sure about is that new, even more complex technologies -- many of which may have privacy-related ramifications -- will be arriving almost continually. To assume that everyday users of the Web and other environments will have the time or inclination to understand the functioning and external relationships of these underlying mechanisms seems unrealistic at best.

In fact, as we've seen in recent cases involving Google and their use of Web cookies and collection of unencrypted Wi-Fi data , even hard-core techies and experts on these systems may at times become enmeshed in "privacy correctness" quandaries, with various forces insisting that particular actions represent serious privacy violations, while other observers see only insignificant transgressions or none at all.

Cookies and Wi-Fi have been around for many years. What of new technologies coming down the line? Are we going to go through these battles individually and repeatedly, expecting consumers to incorporate such ever more intricate complexities in their various combinations into their routine Internet usage decisions?

And what of the impacts that considerations of genuine privacy concerns, vis-à-vis "privacy correctness," will have on issues of great import to society at large, such as calls for vast communications surveillance regimes, expansive cybersecurity legislation, and so on?

There are some guidelines that I use in my own analysis of these issues today, that may be generally useful in these respects.

First, like it or not, what's public is public. I say this a lot, and many people don't really like the idea, but that doesn't change the underlying truth.

It is foolhardy to pretend that something already out in the public sphere, especially (but not necessarily) on the Internet, can then somehow be effectively restricted or controlled. Trying to convince people otherwise is quintessential "privacy correctness" and can dangerously lead to false assumptions about what information is or is not actually available publicly.

Efforts to restrict information that is already public, ranging from governmental data, to photographs easily taken from municipal streets, to unencrypted Wi-Fi signals, can only serve to harass legitimate and innocent usage, while "bad players" will find ways to continue essentially unencumbered. Public is public. Period.

But what about data that isn't public, that has been shared with individual entities perhaps? This is the category that sheds light on what I would call true privacy problems, in contrast to generally false "privacy correctness" issues.

Except where absolutely mandated by law, when personal information provided to or collected by one organization is sold or otherwise provided to another organization without the explicit permissions of the persons involved, a significant privacy violation may well have occurred.

Health information, financial transaction data, communications addressing and contents, Web search activities, and so on -- these are all types of data that users have a right to expect will routinely stay in the hands of the entities they've chosen to trust. Genuine violations of that trust, allowing user data to flow to third parties without user permissions or valid court orders, can be devastating to users and ultimately to the organizations involved as well.

On the other hand, cavil complaints about complex Web cookie handling, especially in the course of providing services that users have requested, and in the face of contradictory and confusing technical specifications, appears to fall squarely back into the realm of disingenuous "privacy correctness" machinations.

I mentioned trust earlier. In the final analysis, trust is a cardinal aspect of our dealings in all aspects of our lives, online and offline.

On the Internet, on the Web, if we trust the organizations that we've chosen to patronize -- whether we're paying for their services or not -- it makes little sense to endlessly engage in an attempted micromanagement of their underlying cookies, JavaScript, or other rapidly evolving technologies, or to play a fundamentally exploitative form of "gotcha" when technical lapses occur that do not have actual privacy-damaging characteristics as I noted above.

And if you don't trust a firm enough to accept this, perhaps you should consider taking your business elsewhere. If you insist on assuming that most Web businesses are fundamentally evil, and can't be trusted regardless of how well behaved they are today, then perhaps you should consider, for your own peace of mind, not using the Internet at all.

Or, we can endeavor to see beyond the specious premises of "privacy correctness," and concentrate instead on actual, genuine privacy problems that are deserving of our serious attention.

What may seem at first to be "correct" -- isn't always right.

--Lauren--

Posted by Lauren at May 5, 2012 11:31 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein