The startup world is about insurgents. A person or a few people with an idea. And they drop everything and go for it. They are going up against the incumbents and that doesn't just mean the big companies that occupy the market position they want. That means all the people, institutions, and organizations that are in cahoots with the big companies.
This is the framework through which we see the world. And this is the framework through which we would like others to see the world.
It is not the least bit surprising to me that Facebook supports CISPA. Facebook was once an insurgent. But now they are an incumbent. And we can expect them to be supportive of the ultimate incumbent, our government, particularly when it comes to sharing data on all of us with them.
Waiting to see if all the VC’s will call for a boycott of Facebook over CISPA like they did content creators on SOPA/PIPA. Or just act like it’s different suddenly.
If there were a boycott of Facebook over this CISPA thing, I'd gladly participate in it. I just don't know if people care enough about this issue to get appropriately annoyed about it. The impact of PIPA/SOPA on the Internet user was easier to understand. Cybersecurity and privacy and data ownership and sharing is much more complicated to understand.
Make no mistake, the incumbents have each others' back. But the Internet users have the insurgents' back. So when the Internet users care enough, the insurgents will win. That's what happened with PIPA/SOPA. It will be interesting to see if it will happen again with CISPA.
I thought I'd lay out some basic thoughts and principles on the data we create, share, and curate on the open Internet.
1 – Our clickstreams, search history, likes, tweets, photos, and so on and so forth is our data and we should have the ability to control it, delete it, and limit how it is used. That seems like a basic right that should be available to everyone who uses the Internet.
2 – Those who do not want to be tracked should have the ability to opt-out of being tracked. The Do Not Track industry self regulation effort (in browsers, ad networks, etc) is long overdue and I hope we see real usable tools soon. The FTC expects these tools by year end. I hope they are right.
3 – Tracking and profiling provides real value to me and many users on the Internet. I like using Amazon and getting recommendations based on my purchase history. I like using Twitter and getting recommendations for who to follow. I like using Foursquare Explore and getting recommendations for places to go to based on my checkin history and my friends' checkin history. We should not do anything to limit the ability to offer these valuable personalization services on the web and mobile Internet.
4 – There are significant Internet revenue streams based on profiling and tracking. Much of the online advertising business is built on these approaches. And an increasing amount of commerce revenue is based on recommendations and personalization. We should be careful not to undercut the economic underpinning of the Internet in our attempts to regulate online privacy.
6 – There is a big difference between collecting data and using it within a web or mobile service and collecting data and selling it to third party services. I understand that the data Foursquare has on me will be used by Foursquare to make better recommendations and to target offers and specials to me. That makes sense and my decision to use Foursquare and continue to use it is an implicit license for them to do that. But I cannot use that same implicit license when the data on my activities is collected and sold to third parties.
7 – With the advent of open APIs, much of this data is not actually being sold, but it is moving freely around the web via the plumbing of the Internet. This is an area we should be particularly careful not to crimp. Open APIs are at the center of the permissionless innovation movemement and are responsible for many of the new services that are being built.
I do not have a specific set of recommendations for our elected officials on this issue. But I do agree that codifying best practices and policing the truly bad actors is a good idea. The Can Spam Act of 2003 is a good example of how industry self regulation codified in legislation was a net positive for everyone. That bill took a lot of work by the industry trade groups to get right and there were versions of Can Spam that would have be highly problematic for the industry. I suspect that will be the case with online privacy legislation too.
So everyone working in the Internet industry should make their voices heard in Washington on this issue. If you have a business that will be impacted by online privacy legislation, figure out how to engage in the debate/discussion. And the staffers in Washington who are working on this effort should reach out to the Internet industry (and not just Google and Facebook) to get a front lines view of the issues. If you don't know how to do that, you can contact me via the contact link at the bottom of this blog.
A journalist at the NY Times emailed with me the other night about tracking technologies on the web. I knew she was working on a Room For Debate series. I didn't actually realize my email was going to be printed verbatim. I might have edited it a bit. But I totally stand by what I said.
Here's the thing. I've always felt that the majority of web users understand that tracking technologies provide value and that they put up with them even though they are slightly creeped out by them. I also feel that there is a small but vocal minority out there pushing the privacy agenda. I stated that view in the comments the NYT printed.
And if you look at the comments, you can see that the vocal minority is out in force. But you barely hear from the silent majority.
I think the silent majority ought to speak up or we are going to risk losing one of the most important and powerful technologies on the web.