Some Thoughts On Online Privacy
There are signs that Washington is gearing up to do something big in the area of online privacy. The FTC put out a report earlier this week and the White House called for a "privacy bill of rights" last month. Both have asked Congress to act on this issue.
I thought I'd lay out some basic thoughts and principles on the data we create, share, and curate on the open Internet.
1 – Our clickstreams, search history, likes, tweets, photos, and so on and so forth is our data and we should have the ability to control it, delete it, and limit how it is used. That seems like a basic right that should be available to everyone who uses the Internet.
2 – Those who do not want to be tracked should have the ability to opt-out of being tracked. The Do Not Track industry self regulation effort (in browsers, ad networks, etc) is long overdue and I hope we see real usable tools soon. The FTC expects these tools by year end. I hope they are right.
3 – Tracking and profiling provides real value to me and many users on the Internet. I like using Amazon and getting recommendations based on my purchase history. I like using Twitter and getting recommendations for who to follow. I like using Foursquare Explore and getting recommendations for places to go to based on my checkin history and my friends' checkin history. We should not do anything to limit the ability to offer these valuable personalization services on the web and mobile Internet.
4 – There are significant Internet revenue streams based on profiling and tracking. Much of the online advertising business is built on these approaches. And an increasing amount of commerce revenue is based on recommendations and personalization. We should be careful not to undercut the economic underpinning of the Internet in our attempts to regulate online privacy.
5 – Transparency can play a big role. Our portfolio company Duck Duck Go provides a very clear and crisp privacy policy for its search engine. Internet users who do not want their searches tracked and sold have come to Duck Duck Go in droves. We should encourage web and mobile services to lead with their privacy practices and let users vote with their feet. This is an opportunity for new web services who can use privacy as a basis for competition as Duck Duck Go does.
6 – There is a big difference between collecting data and using it within a web or mobile service and collecting data and selling it to third party services. I understand that the data Foursquare has on me will be used by Foursquare to make better recommendations and to target offers and specials to me. That makes sense and my decision to use Foursquare and continue to use it is an implicit license for them to do that. But I cannot use that same implicit license when the data on my activities is collected and sold to third parties.
7 – With the advent of open APIs, much of this data is not actually being sold, but it is moving freely around the web via the plumbing of the Internet. This is an area we should be particularly careful not to crimp. Open APIs are at the center of the permissionless innovation movemement and are responsible for many of the new services that are being built.
I do not have a specific set of recommendations for our elected officials on this issue. But I do agree that codifying best practices and policing the truly bad actors is a good idea. The Can Spam Act of 2003 is a good example of how industry self regulation codified in legislation was a net positive for everyone. That bill took a lot of work by the industry trade groups to get right and there were versions of Can Spam that would have be highly problematic for the industry. I suspect that will be the case with online privacy legislation too.
So everyone working in the Internet industry should make their voices heard in Washington on this issue. If you have a business that will be impacted by online privacy legislation, figure out how to engage in the debate/discussion. And the staffers in Washington who are working on this effort should reach out to the Internet industry (and not just Google and Facebook) to get a front lines view of the issues. If you don't know how to do that, you can contact me via the contact link at the bottom of this blog.
Comments (Archived):
I agree w/ all your points well laid out.Only comment …is to expand on your point # 4″significant Internet revenue streams based on profiling and tracking”Most of these services are FREE and really rely on profiling and tracking. If these were limited, one might argue that services like 4sq may need to start charging some kind of fee, which would certainly constrict usage and adoption.Don’t mean to state the obvious. It seems like this would favor deep pocket established companies like Apple, Google, Microsoft etc. over startups.
yes and that is why washington needs to hear from the entire internet industry not just the large companies
Although I am not sure large web companies want a lot of oversight or regulations either.I just worry about a unfair advantage that they would have w/ deeper pockets and different ways/ models that they might have to monetize a product Also – worry that regulation would stop or slow new product / services.
That’s a great point, John. The Profiling-to-Matching conundrum hasn’t produced great results yet from User Generated Content driven data. I have yet to receive a head-turning offer from Foursquare after all the checkins & comments I produced. If not now, when?
soon. they haven’t invested much in that part of the service yet. but they are now
It’s a gold mine waiting to be harvested.
I think the key consideration here is the nature of the data in question. The problem with UGC collected from social networks is that the key interest of the network is of course ‘social’ and the correlation between my interactions with my friends and many other groups in my life (see Paul Adams ‘Grouped’ for more detail) and purchasing behavior has turned out to be more tenuous that had been fondly imagined. The key realization is that the social graph is simply one interest graph and for recommendation purposes the critical question is the relevance of the interest graph data you attempt to mine. Pinterest for example may well have much more valuable data than FB because the interests expressed are much more directly about ‘wants’ and ‘needs.’ The affinity data is just more valuable. Inferring ‘likes’ in a network whose primary focus is social is indirect and recommendations are weaker than we had imagined.
“Inferring ‘likes’ in a network whose primary focus is social is indirect and recommendations are weaker than we had imagined.” I totally agree.
Hey Pete, Thanks for the suggestion on Grouped. I just bought the book on Kindle.
Interesting book. I don’t know if you know the author’s story. Worked for Google in Ireland. Background in social sciences. Wrote on influential talk about the dissonance between our online and offline behaviors, arguing that the then social networks were ignoring important realities of the offline world and could learn from offline group behavior. (‘The Real Life Social Network’ http://www.slideshare.net/p…” This was particularly pointed at the time because then FB supported huge numbers of friends in an undifferentiated way. Adam’s ideas are widely believed to have been influential in the ‘circles’ feature of Google+. But ironically he had by then already moved to Facebook. You will notice as you read the book that he is an unrepentant believer in the power of the social graph to condition recommendations. But – he works for FB now doesn’t he? 🙂 Worth checking out his blog: http://www.thinkoutsidein.c… some thought provoking stuff. One of the deeper thinkers on social. 🙂
It would also scupper pretty much every newspaper website out there.
Totally agree. People love free services. But some of them don’t even want to pay indirectly.
I know my data is sold, and in most cases I’m totally fine with it. I’m aware of the information I’m giving away and consciously decide to continue my usage. Unfortunately that is not necessarily true for the average user.The most important things are transparency and portability. Users should know what’s going on and be able to walk away from a service if they don’t like the policies (especially when policies change). I want access to all of my data. Not just the things I create, but also my activity and profiling. Imagine what you could do with the profile amazon has built up for you.
this is a lightweight approach to privacy and a good one
When you talk about not being implicitly okay with data on your activities being collected and sold to third parties, are you talking about even after it’s been massaged? And by massaged I mean anonymized then aggregated into a larger demographic whereby you’re no longer personally identifiable.
singly.i agree wholeheartedly john.
What does it matter, if you can walk away from bad actors, if they still have your data and can do whatever they like with it (incl. selling it to anyone who asks)?
Users should be able to make that decision up front thanks to transparent policies. When things change it should be straightforward to opt-out, retrieve, and remove data. It’s just the right thing to do.
How about Social Media content,- specifically User Generated Content like comments, tweets, replies, etc. ? Does a service app need to ask you authorization to republish them if they are already public? In other words, if subsequent usages inherit the original privacy settings, is that sufficient?
i think so
That would make sense, and I hope it stays that way.
One area which you’ve missed completely is privacy of your data from government.We can’t roll over and allow government agencies to continue to use commercial entities to collect the data they’re not allowed to collect, and then demand it be turned over and retain it in perpetuity.In the Wikileaks age, to presume that data’s safe in the government’s hands is silly, even if we were to trust them.The Bill of Rights limits government authority with respect to individuals. If a Privacy Bill of Rights doesn’t do the same, it’s feel-good marketing.
Re: “government agencies to continue to use commercial entities to collect the data they’re not allowed to collect”, what are some of these examples? Are you referring to credit related data or other?
nsa and at&t are BFF: https://www.google.com/sear…of course in reality the US government has already legislated itself the ablity to collect whatever it wants to collect via the patriot act.
Unfortunately, I have to head out now, but EPIC highlights ChoicePoint, which aggregates all sorts of data from many sources, and has government agencies as some of its largest customers.http://epic.org/privacy/cho…
You are 100% right and on a roll.
Exactly – it’s worth noting that one of the few bodies that actually does ‘sell’ data (in the UK at least), is the government, which sells off data from the electoral register, and obviously that isn’t anonymous, unlike pretty much all cookie data.
I second that!
Every Regulation cost businesses big and small $$, which gets passed to the consumer.
Those costs aren’t evenly distributed and sometimes can help the consumer.An example is anti-spam regulation. You cost spammers money but save other tech business money they would otherwise spend fighting spam. This can lower costs for consumers.
Good point. Can you think of other examples where this type of privacy leglislation can reduce the operational costs for businesses?
I think regulation can lower costs in scenarios where a small percentage of people are abusing the system and costing everyone else money.I’m not sure if that’s the case here.
I’m still question if this is a privacy issue at all
platforms can regulate themselves. government exists to serve the ruling class. this government in particular cannot regulate anything, because it is the poorest entity around. 15.5+ trillion in debt and counting: http://www.brillig.com/debt… the more spending you want to pile on — and regulation does mean spending — the more it is going to hurt and the further away we are from a real economic recovery (and so the less sustainable bubble 2.0 is). since the preferred course of action is to sit around and do nothing and pretend the problem doesn’t exist, the people in charge will use US insolvency to transfer power to world government. good luck having any influence at that point. platforms can establish their own policy. if you don’t like or trust one, use another. in the end the real opportunity is for a platform to create a highly personalized world for you, and to not share your data with anyone (as sharing of personally identifiable data would undermine their ability to be the exclusive creators of a personalized world).
Now, now, now, you seems to be saying that there are people out there, including in gumment, that look across the land and see problems. Favorite problems include sin, corruption, dangers, threats, moral turpitude, especially having to do with S-E-X, aka, “that nasty thing that some men do”.Then with such a serious problem identified, it’s gumment to the res-cue!. Never be between a senator and a TV camera!But, wait, not yet! First we have to get big gumment BFF involved, the MSM!!!!!Big gumment wants their story told, and the MSM desperately wants a story to tell (a paraphrase from the movie ‘Lawrence of Arabia’)!So, the MSM wants stories, ways to grab people, by the heart, the gut, and below the belt. “It it bleeds, it leads”. Passion, pathos, poignancy. All emotion all the time! Framework: Techniques of formula fiction with a protagonist (the MSM calls “human interest”), a problem, good white hats and bad black hats, etc. “Serious problems with our nation’s water supply. Live video at 11!”.Human greed, sin, and corruption! These transgressions will bring terrible retribution! Redemption will need sacrifice! Gumment to the res-cue!”Mo gumment, Ma!”.So, it’s a 1000 year old rerun of the morality plays.Finally for the MSM, I couldn’t take it anymore. I remembered the advice of one of my grad school profs: Position the TV so that it faces the wall, and don’t turn it around except in some extreme situation. TV was frustrating — I could click through the dozens of channels and find ads for things I wouldn’t want for free, cars with gadgets I wouldn’t want to buy, maintain or depend on.TV was noise, way too much noise. It was not relaxing or entertaining but tiring and frustrating.There just was nearly never anything there, and most of the best that was there is available in better form on the Internet. It was a “great wasteland”.So, I cut the cable — no more TV. Now it’s quieter here, easier to concentrate and work.E.g., last night I got some better understanding of Microsoft’s address spaces, processes, application hosts, applications, application domains, managed code assemblies and, from those, saw some of what would and wouldn’t work with (Visual Basic) public classes instantiated in an ASP.NET Web site file global.asax in the root directory of an application. So, I now see a simple way to improve user experience for my Web 2.0 users. Much better than TV!Gee, TV has shows on woodworking. My father and father in law were really good at woodworking. But, sorry, TV, now woodworking is mostly just a hobby. Instead, now, computing is serious, but I’ve never gotten anything important about computing from TV. For woodworking, I have plenty of tools and do little repair projects (e.g., water rotted a piece of the garage door and opened a lot of wood joints, and I fixed the problem), but I’ve never used anything on woodworking I saw on TV.I do my own cooking and have watched a lot of cooking shows, but I never cooked anything I saw on TV. However last night I did a Chinese style sweet-sour fish dish starting withKen Hom, ‘Chinese Cooking’, ISBN 1-55366-270-9, Stewart House Publishing, Etobicoke, Ontario, Canada, 2001.For one pound of cod fish, there was about 2 C of sweet-sour sauce with chicken stock, ginger, scallions, dry sherry, sugar, vinegar, ketchup, and white pepper. The fish had some breading with corn starch, egg, and sesame oil. The dish was okay, really more interesting than anything I’ve gotten from any Chinese restaurants except one really good one.But the dish was from a book, not from TV. The TV cooking shows want to be entertaining, not instructional. To me the shows are not very entertaining and are not useful for my cooking. Bummer.Big gumment, MSM: You’re selling mostly sewage, and I’m not buying it. Last year, never watched any baseball. In basketball, watched only the last game of the NBA playoffs. Did watch the Super Bowl but didn’t much like it — the ads were better, and I’d already seen them on the Internet.The biggest victories I can hope for from gumment is that it will do less: Dump ObamaCare. Keep PIPA/SOPA dead. F’get about CO2. Eviscerate the EPA. F’get about electric cars. F’get about clean, green, pristine, 100% all-natural, sustainable, renewable, wacko, flim-flam fraud, scam, kick back, payoff energy. F’get about solving climate change. F’get about the gays. F’get about helping a women in a Catholic school who wants $1000 a year for birth control. Get DC out of K-12 education. Get out of Iraq and Akrapistan: You are permitted at most one war at a time; if you have one and want another one, then you have to give one up! Weaken, repeal, or replace Sarbanes-Oxley and Dodd-Frank. Whatever Elizabeth Warren, Nancy Pelosi, and Kathleen Sebelius want, don’t do. Kill the TSA. Kill Fannie Mae and Freddie Mac, and get DC out of the real estate market. For the Internet, “a series of tubes”, don’t try to understand it and just f’get about it. Money DC doesn’t spend isn’t wasted. Things DC doesn’t do don’t create disasters. For the MSM, the corresponding progress was easier, just cut the cable.MSM — RIP. And take big gumment with you.
I totally think there is a space for a cooking show about skills. I want to see knife skills so that I can tell what I am doing – and what do eggs look like when they peak? (actually, I know that one)
I can’t think of anything very funny here, but knife skills are not so tough! Some years ago at Sam’s club I got a piece of cardboard for $15 with two knives in the French chef’s style attached. The brand was Tramontina made in Brazil. The blade itself is right at 10″ long. It’s NSF (National Food Service or some such) approved. So, the handles are textured white plastic instead of wood which makes the knife durable even in a commercial dishwasher (not that I would ever put it in a dishwasher).The shape of the blade, as a French chef’s knife, is excellent. The blade itself is relatively thin, which I like. It is a stainless steel knife but has metal quality behavior quite comparable with my old French Sabatier carbon steel knife that was supposed to have especially good metal for a knife. Net, tough to have a better knife than two for $15!Since there were two knives in the package, I still have one so far unused!So, step one in knife skills is to get such a knife (or two!).To sharpen the thing, there are several options, but one of the nicest is just to go to a hardware store and get several sheets of 3M wet/dry sandpaper. I have P400 which is a good compromise between fast metal removal and a very smooth and, thus, very sharp edge. A bigger number will give a smoother edge; a smaller number will remove metal faster. I use the sandpaper dry, which is okay for the small quantity of metal being removed.So, put the sandpaper flat on, say, your cutting board, hold the plane of the knife blade at about 10 degrees from the horizontal, make sure your free hand is well out of harm’s way, and move the knife over the sandpaper to remove some metal. Try to take an equal amount of metal off each side. To check your work, can touch the sharp edge gently to see if it feels more like the point of a pin or the dull end. Or mince some, say, ginger that can use a sharp knife. Or get a small, high powered magnifier and just look at the edge and observe that it looks like a sharp knife edge should, that is, a V. Soon you should be plenty good at sharpening the thing.Knife steel is very hard stuff, but it’s not as hard as the grit in that sandpaper!A ‘steel’ is not so much for sharpening via metal removal but for bending over any fine parts of the edge that got distorted (and for show!). So is the traditional leather in a barber shop. Since both leather and steel can work for this purpose, so can a piece of wood, etc.Then for the “knife skills”, do that like learning to bow a violin: So, position your hands about like, say, Pepin does. Then f’get about any more rules and just do what seems easy and effective. That’s how I did violin bowing: Looked at some pictures of Heifetz, held my right hand much like he did, and then just did what seemed to work. My violin sound was not good, but my bowing technique was okay! Same for knife skills!I do have one non-standard trick: I have a block of fine grained wood about 1/2 x 2 x 10″. When I am mincing garlic, ginger, scallions, shallots, etc., I start with the piece of wood between me and the food. The wood keeps pieces of food that want to run to the floor from doing so! Then as the mincing makes progress, for the food stuck to the side of the knife, I use the piece of wood to wipe the food off the knife and into the pile for more mincing. Another approach is to use the dull edge of the knife to gather the food into a pile and then wipe the side of the knife on the pile; this wiping can do well getting the food from the knife back to the pile. Another trick is to have one hand on the handle and the other flat (fingers well out of harm’s way) near the end of the blade and rapidly alternate hands pushing down on the blade. The blade is mostly in the air and hits the cutting board hard enough to knock off most of the stuck food. Pepin does both of these; to me, the second step means he will do a lot of knife sharpening. Mostly I just work a little more slowly, am not so rough on the sharp edge, and use my little block of wood.Of course, when moving food around or off the cutting board, use the dull edge of the knife. After learning about the effort for sharpening, you will naturally want to treat the sharp edge gently!Of course, in both usage and storage, you want to keep anything hard away from the sharp edge of the knife. I just slide the blade under a kitchen towel on the counter top, and then both the sharp edge and my kitty cat are safe!For a cutting board, the traditional is maple, but they tend to split. Now much more practical are the plastic boards, usually white. They are available in several sizes, so get the largest one that fits comfortably in your work space. Some people get more than one board and in different colors and save one color for veges, one for chicken, etc. Should be able to put one of the plastic boards in a dishwasher (mine is busted for now due to CaCO3 in my well water).You are now up on knife skills! As I remember from one cooking show I can’t watch now that I cut my TV cable, “How hard was that?”. So far I’m still glad I cut the TV cable. See, you didn’t need a video after all!
Re: “…used by Foursquare to make better recommendations and to target offers and specials to me.”That’s the essence of Foursquare’s business model, but what if I don’t want my checkin data to be passed on to vendors, and I don’t care about these specials? Is there an option to turn that off?
If that is so William, what is your core value from 4square for you?
To see where friends are checking in, and the Explore feature is getting more useful. I’d like to get more value and still hoping for it.
Explore holds the key to my future use. Cool possibilities.
There could be, but you would need to pay for that with something other than your data, like cold, hard, cash. Or even warm, virtual, credit. That’s what needs to be explained to people – if you don’t want to pay with data, you need to pay with something else. We as an industry need to take some blame for not making that clear.
i totally agree
Ciaran, this is an important point that is so frustrating to me. The industry as a whole (i.e. internet startups), in an effort to get traction, too often models the business to be a free service. Using the “never mind monetization, we’ll figure it out later” approach too often means that the service trains the user to expect it for free and therefore must rely on data-pimping and advertising. Users are trained to expect everything for free, in stead of being offered options providing different value or exchange propositions. IMO startups need to design services and products which provide value in exchange for money, yet still allow cheaper or free access to those who prefer to pay with their data. “Low value” or fun time-fillers have a problem with this, but at least services which do provide some real value should work to leverage that value (and improve it) so that users are more than willing to pay. I don’t expect my lunch to be free – in stead being paid for by some company seeking data on food fillers, preservatives, and whether I prefer salsa or ketchup – I buy it with cash.(edit to correct spelling of Ciaran’s name)
It’s also a side effect of every single start-up that does decide to look at monetisation alighting on advertising as the answer. Ad budgets are shrinking, not going up. Not every site will be able to do a Google. The people creating the business models need to be as creative as the people creating the start-ups.
Ciaran, I agree, although I tend to lump the two into one group (those creating the startup and biz model). Your comment about shrinking ad budgets is important for young startups to understand, as well as the way the budgets are distributed. Many advertisers are spreading budgets across wider areas seeking better ROI.I can’t help it, as a long-time business guy, but I hope to see more startups with thoughtful revenue models as part of the startup genesis, rather than an afterthought. Whether that is to be ads, data-pimping, subscription, virtual goods sales, etc. doesn’t matter, but consider it early – and think in terms of “value exchange” for the user.(edit to correct spelling of Ciaran’s name)
I once had very interesting meeting with a (now sold) UK startup who had come in to see me and the MD of the media agency I we working for to get advice on startup rev models. I would encourage lots more startups to engage with the advertising world before they go too far along
why should i have to pay? why cant i be a participant in the value exchange?if 4S derives value from passing my data to someone else, why cant i be at that table where the sheckles are exchanged?
You are at the table. The table where you get 50% off of your pasta for checking in 🙂
thats bull****. we all know that. all i get is amex crawling all over my data – my worst nightmare.
Errr. Ok. Let’s take a breath.Firstly, it was a joke. Maybe not a very good one, but anyway.Amex crawling over your data? In almost no cases do the advertisers get direct access to any data. This is the myth that needs to be fought, and one I find worrying being brought up on a blog like AVC. If Amex do have direct access to data, it would only be because of an explicit agreement between the consumer and advertiser (not sure if this is how 4S manage things).I’ve read one of your other comments about an API to manage data based on what you’ll get in return. Nice idea, but I imagine surfing the web with something like this would be like driving down a motorway only to find a roadblock every 100 yards – most publishing sites are based on this exchange of data – having to explicitly agree to it every time seems like it would soon grow very tiring.
amex’s business is built entirely on seeking out new ways to get my attention without my permission.they dont need access to data – they need access to the patch of grass that i am hanging at – and they’ll then swarm around me like annoying bees trying to get my attention.on your last comment – this is where people are innovating. alot of them. check out singly.
oh – sorry ciaran – joke taken as well!
Absolutely agree. Those of us who work in industries that rely on data in one way, shape or form (publishers, advertisers, agencies, etc…) need to make a concerted effort to be as transparent as possible about how we use such data, and also to demystify this area so that people don’t start believe that every-time they tweet, someone is selling that to the CIA/Kellogs/whoever. Google’s ad campaign in the UK is an (admittedly slightly patronising step) in this direction.Politicians and legislators, particularly unelected ones (cough-EU-cough) should make an equal commitment to making decisions based on the evidence, rather than because it’s nice and easy to whip up a storm about nasty internet companies ‘selling’ data, rather than deal with the real issues.
So happy to see you writing about this space, Fred. I would add “sell it” to your first point.At Enliken we’re working on the privacy problem with idea that the free market can address some of the issues you raise. We give consumers a voice in the data market by using the APIs you mention above to let them clone their profiles – and help them package it for sale to advertisers after redacting the stuff that isn’t interesting to advertisers (eg most sensitive / personal data).It’s only after people become participants in the marketplace that they will realize what their data is worth to them.
i like that idea very much Marc. there have been attempts for a while to create this market. seth goldstein was working on this issue back in the middle part of the last decade. he was too early. it may still be too early. but i do think this is directionally correct.
Yeah, I think the Rootmarkets guys were doing some interesting stuff. It’s fun to read their old articles and see them thinking about the same ideas – http://radar.oreilly.com/20… (love the bezos quote).The big change between then and now has been the rise of addressable media – a huge component of the value of a piece of data is how many impressions it can be used against.We have a couple novel approaches to help us drive adoption and provide value before audience scale is reached – I’d love to hear your thoughts, will send you an email.
You have all probably read this but just in case you missed it, here’s a fantastic Seth Godin post on the issue. I agree 100%–The illusion of privacy (and what we actually care about)You probably have very little privacy at all, giving it up a long time ago.If you’ve got a charge card, the card company already knows what you do, where you go, how you spend your money, what your debt is like. If you use a cell phone or a computer, someone upstream already has access to where you go, what you buy, what you type, and on and on.No, you don’t really have a privacy.What you care about, I’m guessing, is being surprised. You don’t want to be surprised to discover that the card company is sending you gift certificates for VD testing because you’ve been staying at hourly motels. You don’t want to be surprised that a site you’ve never visited seems to know an awful lot about your buying habits.As computers get ever better at triangulating our interests and our actions, prepare to be surprised more often. It’s not clear to me whether the never-ending series of little snooping surprises will eventually wear us out and we’ll give up caring, or whether one day we’ll sit up and demand that the surprises stop.But privacy? Too late to worry about that.http://sethgodin.typepad.co…
The issue isn’t just being surprised, but feeling that data is being exchanged a, with someone or something that you trust, and b, for things that we want or value. We need to make more explicit the fact that, for example, cookies are the price people pay for free content.Here’s my own take on this (apologies for the plug): http://ciarannorris.co.uk/2…
Agree. With you and your post.I think it’s essentially the same point though – we are surprised when our data is exchanged. 🙂
I think the issue Seth is missing here is the *expectation* of privacy. With some informational transactions (publishing blogs for example) there is an obvious one to many relationship. You’re publishing content to be consumed in the public domain. You should not, therefore, be surprised if that data is stored/used/inspected by any individual or organisation. In a one to one relationship with a vendor, surely there is the expectation that the details of the relationship would be confined to the parties involved. The fact that the middle-man credit card company has access to your buying history is one thing. Selling that information on to other parties is quite another. I wouldn’t want onlookers selling details of my private life (no matter how salacious). If the bellboy at the hourly hotel sold details of my stay to the newspapers, I’d expect to be able to take action against him via his employer, or against the employer direct. NB – I do not frequent hourly hotels. 😉 The fact that an organisation has access to data about you should not give them the right to use that data as a product (contractual and licensing agreements notwithstanding). Pitching it as something to help you “find the best deals” presupposes 1) I want deals 2) I want them or their partners to find me deals.That being said, I have less reservations about non-identifying data being used.
You know John, I actually don’t mind my data used as long as it’s used by a service I trust.If it’s going to be mean better service, sure – go ahead.. take my data!That’s the way I see it!
I think Seth is way ahead of Joe Public here, and that the percentage of people who truly understand that Google, Facebook et al. follow their breadcrumbs to better sell them toasters is very small indeed.
Brilliant insightful comment. Well played.
Its more like will that person buy a toaster.Brand advertising hasn’t picked up on analytics as a way of creating a lifestyle idea quite yet
This speaks truth to the hollow power of reality. We have lost all privacy a long time ago.It is like the loss of one’s virginity — it is not likely to be reversed.And yet, with all the curiosity out there nobody has seen Pres Obama’s college transcripts.Not goofing on the Pres, just observing.
His transcripts are down in my basement, stored some where!!
Tom, I have an idea for a very profitable business venture. Can I come visit your basement, ooops, I mean YOU, Tom.Can you imagine what a fellow could get for a copy of those transcripts and how can they possibly be held so secret?Occidental, Columbia, Harvard — and not a peep.I bet you could get an entire week all expenses paid at Disney World?
college transcripts is just the start of it, there’s no information on mr soetoro anywhere…..he went to public school in indonesia, difficult to enroll there unless you are a citizen, and they do not recognize dual citizenship…..he admits he went to pakistan in 1981, when the country was under military rule and it was difficult for US citizens to go hang out there without some special approval…..much easier for indonesian citizens though……but of course if you just ask for solid documentation on the guy who writes all the laws you’re a crazy person, meanwhile if you apply for some lowly job with the government be prepared for the mother of all background checks……
Not to go all kook on you, obviously those transcripts address his status as a foreign student — tuition and all being a detail which must be dealt with — and pose awkward questions which many feel are left best unasked and, certainly, unanswered.The dual citizenship and passport issues are very interesting because an American cannot obtain dual citizenship without permission.If you carry a foreign passport without having this permission then your American citizenship is automatically revoked.It is not hard to regain your American citizenship but it can only be done by formal request.I suspect that Obama’s mother obtained an Indonesian passport for her and her son thereby revoking their American citizenship.I suspect that Obama never applied for the reinstatement of his American citizenship and that he was subsequently issued an American passport simply because the State Department did not know or he failed to reveal his having held an Indonesian passport.Whether this disqualifies him for the Presidency, I could not care less.I am curious about the truth of things and I do have a bit of curiosity as to his academic record given that John Kerry was so damn smart but Bush had better grades at Yale. Just curious.
JLM – I think you have indeed gone kook. I don’t know of any law that says an American citizen cannot obtain foreign nationality without permission. And I don’t believe your citizenship can be so revoked. Not only that, foreign nationals who apply for and receive US citizenship, like myself, are not asked to revoke their first nationality. Interestingly some other countries don’t permit dual nationality (eg China) but the US does and in fact US citizenship is hard to revoke – you have to specifically request that it be revoked. Needless to say if I am correct about this then the whole Obama argument collapses. It feels to me like another desperate attempt by his enemies to tar him with the alien foreigner brush.I am pretty confident about this, but I am often confident about things that I turn out to be completely mistaken about so if you know of any reputable source to the contrary I’d like to see it. 🙂
obama needed to obtain indonesian citizenship to attend public school there, and since indonesia does not acknowledge dual citizenship, he would have needed to renounce his US citizenship, assuming he had it in the first place. US policy here is secondary, it is that indonesia would have required renunciation.
First off, as Obama was born in the USA the issue of whether he “renounced” his citizenship or not is moot because as a minor he was not of legal age to “renounce” anything. I know lots of military brats who found themselves with German citizenship due to the fact that their mothers were German and divorced their fathers and they all had the opportunity at 18 to reinstate their US citizenship by right of having been born in the US.Second, I traveled extensively and regularly through Pakistan, India, Indonesia, and Bangladesh in the early 80’s and a few good connections and a little “Baksesh” and you could get a passport from any one of these countries.Third, as far as the State Department and travel restrictions go: What a joke! Back in the 80’s you pretty much went where you wanted to and I went to a couple places, Cambodia and Laos, at a time when we did not have diplomatic relations with those countries.JLM will believes that only Republicans can be president and all democrats are usurpers, especially those who are younger than he is and of a different background.Kid Mercury will see a conspiracy in everything….
“obama needed to obtain indonesian citizenship to attend public school there,”I have seen no evidence of the truth of this. Do you have any?
Pete, you may want to review the following link:http://travel.state.gov/tra…This is not a complex issue. The above US State Dept site deals with it very clearly.”However, a person who acquires a foreign citizenship by applying for it may lose U.S. citizenship. In order to lose U.S. citizenship, the law requires that the person must apply for the foreign citizenship voluntarily, by free choice, and with the intention to give up U.S. citizenship.”Don’t be mislead by the phrase about the “…intention to give up U.S. citizenship.” That simply means you have a reason to want to be a foreign citizen — travel to a foreign country banned by a US passport holder, like Pakistan.You are simply wrong.This instance is completely different than yours because your first nationality was not US. The rules are entirely different.I happen to have a similar experience w/ this from years ago and had an opportunity to learn the law in some considerable detail. I came to wish it were otherwise but it is not.Like many defenders of this President, you immediately inflame and personalize the matter. It is a simple matter of facts.My curiosity in examining those facts is not necessarily that he is or is not foreign born but rather whether he told the truth on his college applications — did he register as a foreign student.It is pretty clear that the Indonesian government had a program sending students to Occidental, funded by Indonesia. Occidental had a link w/ Columbia sending foreign students to an Ivy League school.The question that I am curious about is whether he was in that program. I suspect he is identified as a foreign student at the top of those transcripts and that his tuition was paid for by Indonesia.And that is the reason he does not want those transcripts to see the light of day.Interestingly enough other Occidental transcripts in the public domain from other Indonesian students of the same time frame clearly identify the students as “foreign” students and their nation of origin.Whatever implications flow from that is for others to examine.
Like you – I am only interested in the facts. And I think it is plain you have misread the US law.Here is the relevant section from the US State Department website.”A U.S. citizen may acquire foreign citizenship by marriage, or a person naturalized as a U.S. citizen may not lose the citizenship of the country of birth.U.S. law does not mention dual nationality or require a person to choose one citizenship or another. Also, a person who is automatically granted another citizenship does not risk losing U.S. citizenship. However, a person who acquires a foreign citizenship by applying for it may lose U.S. citizenship. In order to lose U.S. citizenship, the law requires that the person must apply for the foreign citizenship voluntarily, by free choice, and with the intention to give up U.S. citizenship”Note that “…U.S. law does not mention dual nationality or require a person to choose one citizenship or another.”And crucially that “…a person who is automatically granted another citizenship does not risk losing U.S. citizenship.”I think where you have been misled is the language that concerns when a US national WANTS to revoke his US nationality. And as the language in the section above makes plain – that is something that you have to apply for.”In order to lose U.S. citizenship, the law requires that the person must apply for the foreign citizenship voluntarily, by free choice, and with the intention to give up U.S. citizenship”US nationality is a RIGHT. A birthright of all US nationals. It is a very strong right and is not easily revoked.PS you might also want to check out Afroyim v. Rusk, 387 U.S. 253 (1967), a Supreme Court decision that set an important legal precedent that a person born or naturalized in the United States cannot be deprived of his or her citizenship involuntarily
The key word is “may”. In practice the state department isn’t overly concerned with citizens acquiring dual nationality, but doesn’t encourage it on the basis that when you’re busted in Changi with a kilo of dope the supply of a priest becomes a diplomatic bunfight.That said, they’re actually very helpful, and the embassy is happy to provide guidance on frictionless entry into the US, taxation etc.I think in the time period you’re describing things were quite a bit more hostile, and I’m not sure anyone going down that road would be well advised to run for President.(I should add that SWMBO is a sample size of 1, ymmv).
@tao69:disqus Where did this nonsense come from:”JLM will (sic) believes that only Republicans can be president and all democrats are usurpers, especially those who are younger than he is and of a different background”Seems kind of silly and beneath you, friend.
You know JLM, the issue of whether Obama was born in Hawaii or had foreign citizenship is a moot issue because he is President and most likely, the way things are shaping up, will continue to be President until 2016.It is no different than the liberals who keep complaining about how Bush “stole” the election in 2000.Once they take the oath of office its a moot point so move on.Personally, as easy as it would be to defeat Obama in 2012 I find it preposterous that the Republicans are doing everything they can possibly do to lose the election and I believe the “establishment” has every intention of losing in 2012.To me your focus needs to shift about how politics has gone from being about leadership and direction and more about dividing the spoils…..What we need to be talking about is about creating opportunities domestically, sharing the burden of our massive debt, which would include closing loopholes, increasing taxes and cutting spending. We need to take the money we waste on our foreign adventures and invest it in our infrastructure, of which people are part of the infrastructure of our economy and we need to demand accountability…I don’t care for conspiracies or idle gossip, and once Obama was sworn in, he became the duly elected President of the United States just as Bush did in 2000.Its time to quit wasting keystrokes, I know how to create jobs (at the lower end of the economic ladder) and you know how to create wealth so lets start a third party and put an end to the embarrassment that has become our two party system.
@myscrawl:disqus Did you notice that you quoted back to me the exact language that I had originally cited:”However, a person who acquires a foreign citizenship by applying for it may lose U.S. citizenship. In order to lose U.S. citizenship, the law requires that the person must apply for the foreign citizenship voluntarily, by free choice, and with the intention to give up U.S. citizenship”It does not support you position, it certainly seems to support my assertion.
I took care to quote the language back – in its full context. The language in question, and the court case I cited, make it plain that you cannot renounce citizenship by implication. It has to be by a deliberate act. You have to inform the US government that it is your deliberate intent and desire to renounce your citizenship. There is no automatic procedure for revoking it as you imply. I respect the fact that you read it this way but you are absolutely wrong. Should you still feel that I am mistaken I have a simple remedy. We can submit the question to a higher authority – say an immigration and naturalization attorney?A further indicator that I may just be right on this question stems from the way in which US citizens are treated by the tax authorities. You have to make an extremely strong case that you are no longer a US citizen to escape the US tax net. More specifically, you can’t even just state that you renounce it, or take up another citizenship. You have to apply to renounce it and then act in accordance with that declared intent. etc etc. It is not a small thing to give up US citizenship,
I hate to beat a dead horse but:”The United States requires that an individual must go in person to a U.S. embassy or consulate outside the U.S. and sign before a consular officer an oath or affirmation that he intends to renounce his citizenship, although exceptions are legally permitted in times of war and under special circumstances.[13] During the expatriation procedure, the individual must complete several documents and demonstrate in an interview with a consular officer that the renunciation is voluntary and intentional. Depending on the embassy or consulate, the individual is often required to appear in person two times and conduct two separate interviews with consular officers over the course of several months.”This is not a trivial process.For more detailed information see:http://www.renunciationguid…
JLMI know we tackled this thorny topic some time ago but I was interested to get to the bottom of it. I did post on Quora and got some interesting feedback.http://www.quora.com/Citize…I posted anonymously and I hope you will agree that I made a fair presentation of the point of our disagreement.The two key takeaways which the US Foreign Service Office who was kind enough to reply on several points make are:a) you cannot every just automatically revoke or renounce citizenship. It is something that you have to explicitly argue for in an interview with a consulate officer. You have to persuade them that you know what you are doing and really want it.b) you cannot under any circumstances take as an adult actions to revoke the citizenship of your child or children. Any such child cannot under any circumstances lose citizenship until he/she reaches the age of 18 and follows the same steps detailed above.It is a tricky topic. It is widely misunderstood and I hope this gets to the bottom of it for both of us. If you do have any further questions on it please don’t hesitate to plumb it further with me. It is interesting.:)
kidmercury: do you know it to be true that it is (or was then) difficult to so enroll unless ‘you are a citizen?’ Or is that just speculation? US citizens have been working and living abroad for many years in countries all over the globe and to my certain knowledge many children of such families have attended public schools abroad. Do you know Indonesia to have been different in this regard?As for Pakistan, the fact that a country ‘was under military rule’ does not mean that ‘it was difficult for US citizens to go hang out there without some special approval.’ In fact during that period there were many countries across the globe that had military dictatorships and yet US citizens were perfectly welcome. You don’t have to go as far afield as Pakistan to recognize that – just look at the post WWII history of S America. Ironically, it was very likely harder to an Indonesian citizen to go to Pakistan at that time because of the greater difficulty of Indonesians to get travel documents. Again, if you have evidence to the contrary I would genuinely like to see it. Failing such evidence this just feels like speculative rumor mongering. It is fine if you are preaching to an anti-Obama choir I guess. But I’m not a member of that choir and I just find these kind of statements fantastic.
Hey – he bought those transcripts fair and square and if you believe Sheriff Joe Arpiao from wacky AZ, he got a birth cert & enlistment records to go along with them!
No enlistment records but a Draft Card.Funny thing about Sheriff Arpiao’s investigation is that the forgery indicators all have a structural element to them — format error.This is always the problem w/ complex forgeries — can’t get everything right.On one doc, they have only the last two digits of the year as the date when clear that document always used all four digits — as an example “12” v “2012”.Why? It was a rubber stamp. NO discretion or decision making at work here.Worse, the date — two v four digits — is located exactly where it would have been if it had been four digits.That is always the kind of thing that trips up a physical forgery v a digital forgery. Simple formatting.Not going all kook on you, but I am curious.
It’s best not to frame the debate without the word “private.” You provide companies and institutions and friends with “data.” The issue is about who controls it, and who makes the rules as to how it is controlled.
Scott McNeely / SUN in 1999 was credited with said “privacy on the Internet is dead; get over it”. Seth is just now getting the message it seems – as are just so many late comers to the party. Doc Searles and his VRM group have a pretty solid grip on this and suggest that Doc is the one to ask about what could and maybe should be done – he’s spent a lot more cycles on this than most. The fact that the apps on the web (FB, Twitter, etc – most / all of the social apps) all snip a piece of the consumers profile, but don’t connect the whole (yet) has been coming at us a long time. With the drive of entrepreneurs in creating a viable biz, if advertisers want the data and are willing to pay for it, I’m not sure we’re going to cure this issue from the biz side (unfortunately).
That may well be true but I think posts like that are really dangerous. It assumes that there is nothing we can do and that we have no rights as a collective to improve on that situation.It’s never too late to worry about privacy.
The consumer privacy issue has been kicking around for awhile.Scott McNealy was telling everyone 10 years ago to”get over it. You have zero privacy now anyways.”Legislation can’t fix what companies want to grab and will figure a way around any obstacles.There is a certain degree of personal responsibility in what and where you say things.
absolutely.
agree – legislation wont do a single thing. Innovation and the markets will. ulitmately – the user will decide how they want to behave and what they want to share and innovation will give them the tools. we’ll see a permission and intention layer on the internet emerge. permissionless innovation arbitrages user awareness deficiency. As innovation makes users more aware, this notion of permissionless will begin to be challenged.
I am with you Mark. The market will disrupt the current paradigm because there are real services that can be offered if users have control of their data. The first wave will likely be the competitive advantage conferred by companies offering better privacy. But that is just an opening volley. Imagine the real value that is unlocked if I have all my data, at my fingertips in one place — my own data warehouse, with analytics and services and more. This is a wave I am ready to ride.
now you are talking…. this is a huge greenfield innovation patch. its tipping the scales of control. i’m sure i’d be more than happy to shar huge swaths of my data with awesome services – but i want that choice – not wanton exploitation of my data which is what the current internet is built on.
My privacy concerns are below — and I don’t think there’s a good legislative solution for them. They are almost all about Facebook, too. 1) Things published with the emphasis on “now” and then seem to disappear shouldn’t reappear without an opt-in to republish. Facebook is really bad about this — things appear in the sidebar (here’s what your friend did a year ago) and now on your Timeline. 2) Once you decide to limit the realm of people who can see things, that setting needs to stick. My status updates on Facebook are limited to “friends only” and somehow, it switched to “public” on its own at times. I have no idea how, and I’m generally rather literate about their platform.3) If others can share your content, the platform needs to be able to prevent that from happening as much as possible. Facebook breaks this with its subscribe feature, where you can subscribe to the likes and comments I leave for others, but I can’t (easily? at all?) prevent you from doing so at that granular level. Twitter should let the users decide whether their tweets should be retweetable and/or embeddable. (I realize that there’s nothing anyone can do about screen shots and copy/pasted text, other than perhaps a notice asking to respect the user’s choice.) YouTube, note does this nicely, allowing uploaders to keep things unlisted and not embeddable.4) What appears publicly really need to be explicit and obvious. There are SO MANY PEOPLE who inadvertently make things public, especially on Facebook.
“I do not have a specific set of recommendations for our elected officials on this issue.”Well, I do: Stay out of our way and STFU.
i actually don’t think that’s the right idea here Andy. we need some basic ground rules. as i said, Can Spam was helpful and the right legislation here could be too
I see this as an agreement between provider and client, and a matter of individual responsibility. Don’t like Facebook’s terms? Don’t be a client. Facebook violates your agreement with them? Sue them.The government is sticking its nose into the internet little bit by little bit. Much like they did with housing and healthcare. It doesn’t end well.I understand what you want, and I want it too….I just don’t trust the people that pass 2700 page unconstitutional health-care bills on Christmas Eve to deliver.
If they could pass legislation that can fit on 1 page and which we can all understand, that would be a breakthrough.
I would actually be much more favorable towards government interlopers if they restricted themselves in such a manner!
What about services where I can’t opt out of being a “client”? As an example, almost every site (including this one) has one of Google Analytics, Maps, +1 buttons, Adsense, etc. As a result, even if I never explicitly go to a Google site they can track my every move across the internet.
Browser settings
Google is currently circumventing those in safari
I don’t like being forced to agree to unacceptable terms to use a site there is no alternative for. Facebook is optional but many things in life are not optional. If there is only one place you can do a certain thing that you have to do your stuck and your data is collected and shared. In most cases you really don’t have an alternative. You are forced to agree to terms that that are unacceptable with no provision to opt out. Or you can agree to terms and opt out but your opt out doesn’t take effect for some number of days during which they share all your information. You clearly don’t care about your privacy but your in minority.
There are three alternatives: 1) Don’t use the site, 2) negotiate terms with the provider or 3) create or support a competitor that has more favorable terms for the client.
I read legal documents all the time for my business. The entire system which terms of use agreements are based on is obfuscates and create “gray” areas and language so hard to deconstruct the libertarian view that we can all figure it out is unrealistic.
If you are truly concerned, and you can’t figure it out, don’t agree. Pretty simple AND realistic.
If it were that simple the terms wouldn’t be written by teams of lawyers, wouldn’t be 5 pages long, would be in plain english and there wouldn’t be court systems to argue it all out when they do things against their own terms.
Vote with your feet. I don’t sign anything I don’t understand, unless I don’t care (which is the case for me personally with most online services) They’ll stop doing it if people stop accepting it. We don’t need Harry Ried or George Bush telling us what we can and can’t agree to online.
“Don’t like Facebook’s terms? Don’t be a client.”Which raises an interesting point. Lack of competition and need for the “product” (because everyone else is on it) is what allows them to do what they do. The ubiquity adds to the power they have.(I do practically nothing on FB ..)
CAN-SPAM is useful but I think the challenge here is more similar to AIDS and unprotected sex. The governments should help by educating the everyday Joe on what’s risky and what steps they can take. Maybe they could help by standardizing a grand parent-friendly privacy measuring stick. Like standardizing nutrition labels. It’s not perfect but many people can understand it – they can’t understand a 10 page Terms & Conditions or Privacy statement.Teach people that if they can’t understand what will happen to their data, then they are taking unknown risks and should consider proceeding carefully.
Here’s a related article on Helen Nissenbaum, apparently the inspiration for the FCC piece.http://www.theatlantic.com/…In laymans terms it sounds close to what you suggest:”Well, she wants to import the norms from the offline world into the online world. When you go to a bank, she says, you have expectations of what might happen to your communications with that bank. That should be true whether you’re online, on the phone, or at the teller. Companies can use your data to do bank stuff, but they can’t sell your data to car dealers looking for people with a lot of cash on hand. “Obvious issues are:Interstate / national aspectsthird parties standing next to you as you drive commerce in bank or retail (counters, crawlers what not)Difference in norms and expectancies in a range of consumers as wide as basically world population.
i saw that post. i had never heard of Helen before
but andy, who will protect us from the legions of evil entrepreneurs out to rob us and hurt the children? don’t you realize that all people are evil unless they are wearing a government badge, at which point they are magically transformed into cost-efficient angels that can protect us from all harm everywhere?
LOL I’m looking forward to walking through a TSA checkpoint before being allowed to access my client’s shared information.
Great South Park episode on the TSA recently: http://www.southparkstudios…
Wait, though, isn’t there a middle ground? Is this issue so black and white that the choice is complete government oversite or the wild west? (Maybe I’m asking the wrong guy ;-)For instance I proposed elsewhere here that just having a basic, standardized checklist that all sites incorporate into their privacy policies and that is written in English (not legalese) would at least give me the information I need as a consumer to make a smart decision. Government mandates the checklist, industry decides the standard, everyone adds it to their statement. Consumers can now make decisions given transparent information. Middle ground.
The internet did OK without it for the past 20 years….
Got any familial diseases running through your family? Do you think insurance should advertise a higher price policy to you even if you don’t currently have that disease? How about should hopsitals start comparing your browsing habits to your medical history?Markets need some limits to function correctly. Operative word there is some.
Got any familial diseases running through your family? Do you think insurance should advertise a higher price policy to you even if you don’t currently have that disease?They already do that with insurance. You pay according to what they assess as the risk. Age with car insurance (even if no accidents). Family health history with disability insurance (not you, could be a parent). Property and casualty depending on the neighborhood. Many more examples. You are rated based upon the group you fall into. You supply this info when you apply for insurance. Nothing new.
“Markets need some limits to function correctly.”Citation please
We have quite a strong privacy act which applies to corporations with a turnover in excess of $3m/yr. In short it allows you to:* know why your personal information is being collected and how it will be used* ask for access to your records (including your health information)* stop receiving unwanted direct marketing material* correct inaccurate information about you* ensure your information is only used for purposes you have been told aboutUnfortunately the government and its agencies are exempt.
The sad thing is, Cam, that these basics should not need to be a part of any *government act*, but be part of the fundamentals of any business. I know, I know… naive I am. Respecting users/clients just isn’t en vogue. 😉
If all citizens had such a highly evolved ethical code there would be no need for any laws whatsoever 😉
😉
Instead of legalizing it would be wiser to inform and raise public awareness to all the privacy concerns we can face on the Internet. I don’t think a tenth of Internet users know all the data services and companies collect on them. Why don’t we hear more about initiatives like the Locker Project ? What do you think that can be done to promote privacy preoccupation?
Lets first find out how much data the govt is collecting directly and or indirectly and how they are using it before it begins to regulate the private sector via the commerce clause.
I love the list that pops up when you log in via Twitter to a third-party service like Disqus.It tells you exactly what you’re giving permission to the third party app to do, and what you’re not.A codified chart like this but for privacy would help people understand what they’re agreeing to. If you use this app we will: collect information on the sites you visit, use this information to show you ads. We will NOT: sell your information to a third-party. ETC.But I think it should come from the community and not a government mandate.
Voluntary industry codes of conduct are great as they’re generally written in a consultative fashion, are somewhat adaptive (unlike statute), and keep the government at arms length. They seem most effective with some kind of regulatory oversight, providing it isn’t the toothless tiger variety e.g. some body able to take direct punitive measures when you breach the code.
There is also the possibility of a technical solution that provides enough of an incentive to opt-in that there isn’t a need for punitive measures.
boy – this is a subject near and dear to me. This phrase from disconnect.me captures my thoughts. Its absolutely plain as day in my view. The notion that if the “service” is free, you are the “product” is flawed and will be disrupted.”Imagine someone offered you a deal where you knew exactly what you were getting but didn’t know what you had to give up. That deal doesn’t sound very good, huh? Yet most of us are signed up for lots of free services — with our real names and info — without knowing much about the services’ data-collection practices” i despise businesses built on competing for my attention. I’ll talk to you if its my intention. I want a personal data store that keeps all the info, notifies me when its being requested, and provides me with the appropriate information to make the decision to share. This PDS should be an open API (singly). I want a set of tools where i can gesture my interest – and allow businesses to respond. simple. “i’m in the market – market to me” when i am done – unless i give you permission, go away.I’ll make my own serendipity through my social networks and connections thanks. permission-less innovation is another fancy term for an the quote above imo.we are finally entering the ME internet – or the hyper net as some people call it. Control is going to shift back to the user – people innovating around this thesis will catch the next wave. collab consumption is early validation that direct connections without aggregation are what people want. People using big data to dig a deeper mine (see bain capital) – please stay a long way away from me thanks.
“we are finally entering the ME internet – or the hyper net as some people call it. Control is going to shift back to the user – people innovating around this thesis will catch the next wave. collab consumption is early validation that direct connections without aggregation are what people want.”This is a rallying cry.Is there a web of products, bloggers and communities that are ascribing to this?Should be.
read this list of companies – its early but the list grows every day.http://cyber.law.harvard.ed…
Fascinating stuff.
Data and tracking already helps build the “me” internet – look at sites like news.me. What we’re losing with big data is the ability to change “me” if we are not careful.
undercutting the economic underpinning of the internet?hmmm. Lest we forget what the internet undercut fred? the current economic underpinning of the internet (data aggregation) is fair game for disruption just like our friends on the printing press, and at the record labels were. The current internet model is going to be challenged and disrupted. that i am sure. and its a good thing in my view.
Without wanting to trot out a succession of tired cliches, don’t you think there is a not at all subtle distinction between creative destruction and wanton destruction?If the current model is to be undercut let it be through innovation and not another 3ft ream of legislation destined for the archives.That said, I don’t think a privacy bill is necessarily bad.
1000% agree cam – i am anti legislation all the way – let the markets innovate out of the attention economy i say.
willing to pay for a privacy data report ? Still can figure out why someone can’t make a market out of this? I’d certainly pay for the searchface of individuals.
As a privacy advocate, I see most of your points being quitecreasonable, but of course the devil is always in the details. However, please be very careful not to conflate the intent of Do Not Track with any historical industry self-regulation that sought only to untarget ads and did nothing about data collection and tracking. “The Do Not Track industry self regulation effort (in browsers, ad networks, etc) is long overdue and I hope we see real usable tools soon.” statement seems to conflate or at least confuse very different efforts.Also, to the naysayers who think the market solves the privacy problem, keep in mind how long and obtuse most privacy policies are, and how little protection they actually provide. Without baseline guaranteed rights by law, consumers and citizens will likely continue to treat all web services as being only as privacy-protecting as the worst of them.
I don’t have a problem with Facebook, Twitter, Disqus etc using my “data” because I know what I am posting, liking etc. What I do object to is apps accessing my private data, specifically my email, sms and address book without explicitly and obviously telling me for why exactly they need that data.I thought Dave Morin’s excuse that there was “no industry standard” when Path took address book data pretty lame. There didn’t need to be an industry standard it’s pretty obvious to most people what is acceptable and what is not acceptable in terms of taking people’s personal data unnecessarily.
Is there a site or database to see a list of social services and who exactly is in the business of selling your data to 3rd parties and who does not?
Ghostery is a great tool to see what tracking tools are being used when you visit s site.
governments and corporations are enemies of people.route around, whenever possible.
This is a serious and important issue, and a complex one. I am an advocate for data privacy and data portability. It will be critical that we find the right policy and activate it in the right way. CAN SPAM and Do Not Call lists help, a similar approach can be taken here.Fred, your items 2 and 4 though are in potential conflict. Without quoting numbers, a good portion of web revenue has and continues to be advertising. Those advertising dollars have an underpinning of “tracking” the user, in site, across site, across networks, etc. That implicit data collection leads to behavioral or contextual targeting. Heavy targeting capability is tied directly the revenue charged. It will be interesting to see how much of existing revenue is exposed when tougher policy is in place, even if that policy is solid.
not entirely in conflict. some people will opt out. but i don’t think the majority will. i won’t.
all – go order doc searls book. the intention economy – its out in the next few weeks. here is a quick description:While marketers look for more ways to get personal with customers, including new tricks with “big data,” customers are about to get personal in their own ways, with their own tools. Soon consumers will be able to:• Control the flow and use of personal data• Build their own loyalty programs• Dictate their own terms of service• Tell whole markets what they want, how they want it, where and when they should be able to get it, and how much it should cost
for me its a simple future.My attention is NOT for sale.My intention is. end of.
If I was to vote on any one proposal it would be to force more transparency. I can make smart decisions about what I use and what I don’t, but when confronted with 30 page privacy documents written in legalese, it makes it really hard to know what I am signing up for. I’d love to see, as an idea, something like a food label at the top of every privacy statement that says, in a standard and human readable way, what will happen with your participation in the service. With that all of us can make the decision whether to participate or not.
that would be a great first step
I’m not sure about the comparison to CAN-SPAM.Email spam is a very small percentage of marketers behaving badly and adding a real cost to everyone else trying to do business on the web.Consumers know when they’re being spammed and they hate spam. Spam adds no value. They flag spam messages and report them. They are vocal and complain when they see spam.With privacy, we’re not talking about a small number of marketers but the biggest companies on the web. Consumers don’t have a very good understanding of privacy or how tracking works.Data is shared or sold behind the scenes so there isn’t any way to flag or report it as it happens. Tracking is more complex than spam, as many companies use the data for positive reasons (i.e. better search results or recommendations).People don’t want spam in their inbox. That’s easy to address.But privacy is really more of a “feeling” than a concrete set of actions. What does it mean to have privacy on the web? That’s really complex and I don’t know if you can write good legislation to address this issue.
I second the point about the economic implications.It is all very well people wanting to opt out of tracking and all very well them not wanting to be subjected to advertising (and perhaps installing ad blocking software). But those same people are very happy to take advantage of the free services that such data and advertising affords them. How many people who currently pay nothing for a bewildering array of services would pay anything for these same services if given the option? How many realize that without tracking data the ads they are ‘subjected’ to would be less relevant to their needs? IMHO it is like a good deal of the debate about healthcare. People are very happy to be free riders even as they bitch about the model that provides them the free services they enjoy.
“But those same people are very happy to take advantage of the free services that such data and advertising affords them.”Same people who complain about junk mail and TV advertising.
Imho your attitude is tantamount to a free rider’s charter:I don’t want any data on me – excuse me whilst I continue to consume free services paid for by those who do provide such data.I don’t want any unconstitutional healthcare i have to pay for – excuse me whilst I make others pay my medical bills when I get sick and have no coverage.
Are not effective. Read up on the subject. Web beacons embedded in pages, flash cookies and many other features necessary for web pages to function are enough to track you. If you disable cookies most web sited don’t work or don’t work right. As a practical matter you can’t constantly turn cookies on and off and deleting them isn’t very effective either. They can install persistent cookies that recreate themselves.
Until it becomes in the interest of free-service providers to treat users as customers rather than commodities, there will be little or no motivation to provide user privacy. Instead, the attitude of providers must remain like that of Google: “Another service is just a click away.” (In other words, “Like it or lump it.”)
Knowing what CAN deleted and what WILL be deleted are a problem as well. If I shut down my facebook page, delete all of my messages with fellow friends and ask facebook to remove all of that data, how am I to know it is gone? What’s to say that if I got famous or rich that something in that ‘deleted’ data wouldn’t come back to haunt me when it just appears out of nowhere? It could happen for a lot of things–trying to get a commercial deal done, running for public office, etc.
Privacy cuts both ways. Discussions about companies/brands are often public. What customers say about businesses impacts the bottom line – for every business. Customers actually have always have owned brands, it is just that all individuals have more power to publicly communicate now via social media, and businesses are noticing. Dealing with this new world is the biggest trend in enterprise software right now – the “social enterprise”. I believe a much more innovative approach than sucking up and selling peoples browsing history (not to mention less evil) – is giving individuals better tools to publish more – not less. With better tools people can create public records of their dealings with companies, including what they want to buy, and what they have problems, which companies they endorse. People who publish have more power as consumers. Using such a system I’d expect privacy of my identity, but total transparency of my intentions, not random resold guesses on what I want or buckets of spam. Lot of people are working on this – I call it Reverse CRM, but it is similar to VRM – look up @dsearls.
Principle #1 (control) conflicts with Principle #7 (availability). This clash of values is something I’ve written quite a bit about at http://jimadler.me. Innovative products can make the right trade-off if the power disparity of the players, privacy of the online space, and potential perils of data abuse are considered early in the design process. More on this here: http://jimadler.me/post/141…
One thing that’s clear is that increasing amounts and types of data are going to be made available, and there’s an interesting impact to privacy there. I had the opportunity to meet with Todd Park, Obama’s new CTO (https://twitter.com/#!/todd…, and the guy who created the “blue button” while CTO for Health and Human Services. He’s also helping with the green button initiative to enable people to get energy consumption data, and — rightly, I’m sure we’d all agree — believes that this kind of data will drive lots of entrepreneurial activity and value creation. I imagine all sorts of data sources will open up in the next few years, some of which will tie back to identifiable individuals (hospitals, doctors, teachers, police, etc.).It also creates risks for end users. Releasing public-record data about users that can be crunched and analyzed — and appended with data from other commercial data aggregators — to produce uncomfortably private results, for example. Or enabling users to share data from one source to another service that can deduce, say, health conditions from product purchase behaviors. There are some very scary consequences if there aren’t basic protections and ways users can pull their data back.I wholeheartedly agree with your point #1 and also think we need to make sure it includes adequate controls for post-auth data and byproduct data like this, as well as on data aggregators.One additional point to think about — there’s no DMCA equivalent for data-sharing between services. Meaning, a service that is auto-publishing tweets or comment posts isn’t necessarily protected from liability if there’s defamatory stuff in those tweets or posts. (I’m not a lawyer — but “common carrier”-type rules don’t always apply.) Most startups don’t worry about these kinds of things, but big companies do — I’ve personally negotiated enough of them to know how much it can slow down and/or kill deals and distribution. Food for thought.
“One additional point to think about — there’s no DMCA equivalent for data-sharing between services. Meaning, a service that is auto-publishing tweets or comment posts isn’t necessarily protected from liability if there’s defamatory stuff in those tweets or posts.”That is a really interesting point. Going to need to think about that one. Thanks.
I think this comment has been pointing to an idea that has been floating around in my head:its not about privacy – its about how the data is being used. That process isn’t transparent. if the process of what data is and ins’t used for was made transparent, I think we would be having a very different conversation (should data be used for x if we think potentially x can cause harmful social effects?)
Gregbeen thinking about this point of yours about companies not being dmca protected. If you are right, it has profound implications for the whole ‘big data’ movement. We need to get to the bottom of this.
A couple of thoughts…Checkout the Do Not Track mail lists so see what’s going on under the covers. It should be called Do Not Share. The real issue centers around the third party and how they obtain your data. What’s missing is an easy “Choice” mechanism to control what i share and with who. Privacy is NOT binary. To have any hope there must be transparency and compliance. I doubt FS or anyone else is every going to let me see their logs so that I can “verify” that they’re honoring my request.What you’re seeing is the Internet evolve into a “contextual data communications platform” where the response coming from a web site/service is based on me adjusting my context (i.e. adding DNT header).Of course the other piece missing from DNT is location – there’s no support for regional privacy without knowing where you are. Remember this is supposed to be a global standard. For example DNT = Null means something completely different in Europe than it does in the States.
“4 – There are significant Internet revenue streams based on profiling and tracking. Much of the online advertising business is built on these approaches. And an increasing amount of commerce revenue is based on recommendations and personalization. We should be careful not to undercut the economic underpinning of the Internet in our attempts to regulate online privacy.”The final sentence and the use of the definite article “…the economic…”. The present economic model is the one driving the use of our private data by corporations, and in doing so creating the concerns expressed by the FTC and others. There are other economic models. People pay for the things they value.
People don’t necessarily pay for things they value. A great deal of what enabled the explosive growth of internet services has been ‘free’ services paid for by indirect monetization and it is by no means clear that users would pay for such services if asked. If enough of them chose not to then the audiences would shrink and a lot of such services would crumble.
it is by no means clear that users would pay for such services if asked. If enough of them chose not to then the audiences would shrink and a lot of such services would crumble.Exactly.
I think the big issue revolves around third party uses of data (#6). Government agencies, in particular, are increasingly purchasing third party data through markets because those “sets” are not “held” to the same privacy protections provided by the 4th ammendment. In other words, no privacy expectation for the government sector but at least some expectation of privacy (based on policies) from the commercial sector in the U.S. The big questions for me are: – How do you regulate and enforce privacy policies when your data is passed on to 3rd parties? – More fundamentally, is it possible to track your personal data as it passes through to those 3rd parties?
Fred (or any one else)You said:There are significant Internet revenue streams based on profiling and tracking. Much of the online advertising business is built on these approaches.Do you have up to date pricing data on this? How is it priced and packaged?
You don’t need to look that closely to realize how right Fred was. Most free internet services are paid for by indirect monetization, the most obvious example of which is advertising.
Information and control, this is what online privacy is about.Information means understanding how your data are collected and handled, their use and if they’re shared with third parties.Information also means not to have privacy policies which are impossible to read, since they’re too long and written by boring lawyers.Creative Commons is the main example of thinking out of the box in how you can communicate legal stuffs. The startup I founded, iubenda, does the same with privacy policies.Control means being both able to check what to share, including the parties involved, and to block previous sharing actions.The Facebook Authorization popup and the iOS-like accept dialogs are the most significant improvement I’ve seen so far.If you think about it, these two principles summarize nearly everything, and this is what a privacy law should be based on.Moreover, when talking about this matter, we should always remember where privacy laws have their roots. Privacy laws were born as a reaction to European Totalitarisms (aka Hitler, Mussolini, Stalin, Franco), from the control that these regimes had on people’s life.This is why I suggest that everyone working in the internet industry should read 1984 by George Orwell, in order to truly perceive how a world without privacy really looks like.
Well said. In addition to Duck Duck Go, Dick Costello has a great vision for privacy with Twitter.
I think we may be framing the discussion incorrectly – factually speaking there isn’t a good way for me to handle all the data about me – its a way too big abstraction of myself. This is especially true in light of the increasingly large data trail that my involvement in social media produces along with my needs being increasingly linked tp the data of others.I don’t think the government creating policy is the right answer at all – nor do I think the VRM approach works either (too much work). Nor do I think the whole “Do not track” thing makes much sense either (in the end, its not the tracking that’s bothering people, its what happens with the data) What we need is a radical rethinking of the value of data in order to revaluate what “privacy” (its not about privacy, its about assumptions about my personage) is.
Not much to do with tracking but I would like to see what you think of my latest article about work & Loving the Game: http://legendarymoves.com/?…
An excellent list of points Fred! Some I would add some in regards to privacy controls and education. Many people are not in tune with the issues, how the information flows, how it is used, or what is good/bad data to give up under what circumstances. Most privacy policies do not provide information in a clear and understandable way and many website’s privacy settings/controls are hard to find. I would like to see these practices:1) A voluntary privacy education campaign. How, where, and what medium to do that and who would pay for it would need to be decided. I hope a grouping of the large internet and technology companies could come together on this.2) A voluntary readable privacy policy. In addition to the legal privacy policy it would be preferred to have an additional initially viewed policy that provides the highlights and key points in simple terms that is much shorter. This “privacy policy brief” would have a sentence that describes what the brief is attempting to accomplish in good faith and that links to the full version, if they have one.3) Voluntary one click privacy override. Many websites have extensive privacy controls that are very granular and spread across more than one webpage. I would like to see a single button that you can click to make everything private. If a person is confused or in doubt they can simply click this single button and know that every single privacy control has been changed to private. To be fair there should also be a button that makes everything public. This will enable someone to make, and know they made, everything private. They could then go through each granular control and adjust them as they wish. The signup default can still be to make everything public, but they must have this one button override control. (This has to do with the information, photos, status updates, and the like that are shared on a social network, not the information that a company collects about the person for their internal use.)4) Voluntarily better explain that comments and actions made on public posts are inherently public. Many people do not realize that even though they have made everything private that when they comment on a public post/photo that their comment can be seen everyone, not just their friends. A simple “this comment will be public”, or “comment publicly” would suffice for Facebook, Google+, and any others. I strongly believe that government should not control these things. They, or the local governments, should only step in if there is gross negligence or purposeful deception.
“There are significant Internet revenue streams based on profiling and tracking. Much of the online advertising business is built on these approaches.”Fred – this is what most in the ad tech industry would like people to believe but it’s simply untrue. 70% of Display ad dollars are still site direct buys (JEGI estimates) that do not use profiling or tracking. And Display is less than half of overall digital spend – the majority being Search Ads that do not use profiling or tracking either (until Google’s recent privacy policy consolidation). If you add all the marketing channels of the web I’d guess the cookie matching economy you’re referring to is ~ 10% of it. No doubt it’s growing though – at the expense of publishers revenues – but that’s another comment for another post.
Privacy statements are worthless because, most of the time, only the company knows if it has violated its agreement with the user. And if it has violated those terms, the user is not likely to know. For obvious reasons.There should be a certain level of scale at which user data should be available to the user via secure access. Let’s say 1 million register users…1. The user can access a secure interface, review the data collected in a well organized format, correct inaccuracies, and delete sensitive data points at the user’s discretion.2. The user can review how their data was used or sold, opt out of future uses/sales of their data, and be provided with an option to pay for continued service.3. The user can review internal or third party sources using direct marketing to reach them and opt out of individual campaigns.
This horse left the barn long ago.Data brokers like Acxiom has so much data on you, it is absolutely useless to even think about rolling this back unless you also suggest we dismantle Acxiom and make sure the data they hold is destroyed, and not held on tapes the executive team or an IT guy takes home before the company shuts down. And they’re selling it to anyone who pays.
Relevant article from yesterday in The Atlantic on NYU professor Helen Nissenbaum and her influence on privacy debate in DC. The importance of context as it relates to use of data.http://www.theatlantic.com/…
Nice mention of NYC-based Evidon and usage of our Ghostery data to show the number of trackers used on HuffPo, Drudge Report, NYT, WSJ and The Atlantic web sites.
As empty vessels make the loudest sound, so they that have least with are the greatest babblers.
As long as advertisers are the real customers of the internet the fundamental user rights (1 and 2 in your list) will always be threatened. The threat is not malicious (advertisers are people too) but a force of economic nature. We need simple ways to directly pay for the services we value. If ‘the major economic underpinning of the internet’ was real users and not proxies then user rights would follow.
when you introduce for pay models you lose the network effectsthat’s why it won’t happen
The ‘network effects’ threshold for advertising interests does start at 10s-of-millions of free users, you are right. But the network effects threshold for practical human sharing (number 3 in your list) is much smaller and attainable in for pay models. Further, if these smaller, payer-supported, networks remained open and linkable into a larger network-of-networks then not only would rights be less threatened but network effects could scale up and down on demand and the open web wouldn’t be highjacked by more and more control moving to a few massive operators who work for proxies.
how do you execute a paid model without a pay wall?
In a network-of-networks (Nn) model the wall would be around the address rather than the content. You and I already belong to a massive and profitable worldwide Nn that is decades old. You pay a monthly fee to a local business entity for an addressable node on the Nn; I pay a monthly fee to a completely independent local business entity thousands of miles away for an addressable node on the same Nn. In fact, we each belong to at least two of these paid Nn without a wall: I can call you from my home phone or from my cell. If, in this hypothetical user-pay future, Google+ fits your personal definition of a good address then you’ll buy into their pay model and give them 99 cents per month. On the other hand I might prefer another service (we both have thousands to chose from, like ISPs) that is more exclusive and ’boutiquey’. They want 30 bucks a month from me but I see added value in the exclusivity. It doesn’t matter because in a free market I can buy what I want from many competing suppliers. Since both Google+ and Boutique+ are part of the same Nn (http/html/xml/json/rss/etc.) I find your post on privacy (at G+) and talk about it (at B+) and our conversation and meta-conversation (likes, pokes, metrics, etc.) can be a public thread on the Nn.
The issue with that model is it gets commoditized quickly. Its a race to the bottom
Couldn’t agree more. Our mobile company strives to be whiter than white. This is one take on our view: http://www.lumimobile.com/b…I believe that if well informed and clear on the benefits of the service they are signed up for then consumers will opt in. If they don’t opt in, then a company hasn’t make the value proposition strong enough. But if we don’t all take the high road, do we not all undermine consumer trust?
Tim Berners Lee’s view on data and privacy…..http://www.guardian.co.uk/t…
These are good questions, but Security and Privacy are two different things, although they are interrelated.
be careful what you wish for. if you make it too hard to build a MVP, you will kill the golden goose. i’m not saying security isn’t important. but we just need to be careful about too much regulation of startups
its funny. i was just making this point in a reply to your other comment. i totally agree.
no regulation. innovate. i am all in on the latter.
I agree with Paul.I’ll tell you what though. Just like you don’t want to know all the shit that goes on in hospitals (I do) and all the shit that goes on in restaurant kitchens (I can only imagine) you don’t want to know all that is done wrong with web security. “kill the golden goose. i’m not saying security isn’t important. but we just need to be careful about too much regulation of startups”Might be an idea for the industry to take the lead here, if only for the politicians to be able to view the security theater from the sidelines.