Privacy is dead, right? Facebook knows everything about you, Google does too, and the world is still turning. Whether you don't mind companies or the government knowing all about your private life or still feel completely uneasy at the idea, we often gloss over exactly why your personal data is worth protecting. We chatted with the Electronic Frontier Foundation (EFF) to get to the heart of the issue, and dispel some common myths around the ways your data is used.
We sat down with Rainey Reitman, Activism Director at the EFF, to discuss why digital privacy is important; why you should keep a sceptical eye on products that promise "free" services in exchange for titbits of personal information; and why you should care about the privacy of others even if you're not concerned about your own data and how it may be used. All in all, the message is clear: It's tempting to throw up your hands and say "privacy is dead", but we shouldn't be reading the last rites just yet.
Cause for Concern: Why No One's Telling You Your Data Is Valuable
When we discussed how companies track you on the web and what you can do to stop them, I drew on my personal experience working for a company that trades in information (both personal and aggregate) to explain why your data is so valuable to the businesses that want it. Making the case that information about you, your demographics, your behaviours and habits — all information you may think has little to no value — is valuable to the people looking for it is one key step in explaining why this is all important. After all, if someone a company is able to build their business model on getting your information, it must be worth something, right? Photo by Andy Mabbett.
Individuals are often told that the information collected about them is "non-identifiable". This may very well be true foor the party requesting it, but not necessarily for anyone else with access to it later. "Consumers are often unaware of the transaction that takes place when they sign their information away," Rainey explained, noting that this lack of transparency, coupled with the fact that companies who trade in and use that information resist efforts for consumers to opt-out of behavioural marketing are causes for concern. The fact is, your data is worth real, tangible money to the companies that offer you free services (in Facebook's case, you're worth just shy of $US5 per year) and the companies they do business with, even if they're not asking you to open your wallet.
Does Anyone Actually Care Anymore? Isn't Privacy Dead?
Hardly. Rainey explained: "People do care about privacy!" She directed me to a 2009 study by KnowPrivacy, a research group headed by Jason Schultz and Chris Hoofnagle of the Samuelson Law, Technology & Public Policy Clinic at the University of California Berkeley, that shows that people are indeed concerned about what data is requested of them, how much of the requested information is required for the service they want to use, and how their data is eventually used. The survey notes that even young people are concerned about their privacy, the ones often written off as part of a generation that's willing to share everything online. Photo remixed from jayfish (Shutterstock).
"These same people are comfortable telling their friends what they ate for breakfast," Rainey remarked, "but they're not comfortable telling their medical insurer, or having their medical insurer get access to their Facebook account because they clicked a Like button, for example." People are still quite concerned with their privacy. The baseline for privacy has simply changed.
Rainey says that even those who dismiss privacy issues become concerned when confronted with the depth of information they've revealed, and when shown how that information is used once they give it up. In the end, the argument isn't a zero-sum game: people don't want their services free and their privacy intact, Rainey reiterated. "They just want control over what information they give up, what they agree to, and what information is made public versus kept private in the databases and annals of the companies and organisations that get to see it."
But these companies don't keep personally identifiable information (PII), right? You're just an aggregate number to them, so what's the worry? Well — that information sharing is generally done between companies in order to obtain that information and refine their marketing efforts. The trade in aggregate information is a very active, and companies specialize in taking aggregate information and making it very personal. Even if that's not a problem for you, the real issue is that once that information is assembled, and once it is personal, you have no rights or access to it once you've signed it away. "Most people don't ask themselves 'Do I still have the rights to this data once I click OK?'" Rainey explained. "And then, once it's gone, you don't even have the right to change it, update it, or even request your information be removed later if circumstances change."
She then pointed me to the Privacy Rights Clearinghouse's Chronology of Data Breaches, a massive collection of data publicly reported data breaches at companies that store public and private information going back to 2005 — everything from missing laptops to massive hacks. "The fact is, that once your data is collected, even if it's aggregate, and stored in one of these databases, it's being actively targeted by people who want it, and it's vulnerable to breaches. One study showed that a year after a database like one of these is broken into, your chance of being a victim of identity theft is four times greater." That's long after the courtesy credit and identity theft monitoring services most companies offer if their databases are hacked, and as we've seen from recent credit card breaches, once your information is lost it may be a big deal to you, but on an individual level, it's not horribly valuable to the company tasked with protecting it.
You should have serious reservations about whether the data is being kept securely, what rights you have after the fact to remove personally identifiable information should be it collected, and how that information is being used by other groups you didn't sign an agreement with once you give it up to the one you did.
But Targeted Ads Are Better Than Random Ones, And We Need Some Form Of Funding, Right?
When I brought up this concern to Rainey, she laughed: "It's always entertaining to hear the argument swing from 'but people like these ads' to 'and without them the Internet will be gone forever!' The problem with the first part is that if it were true that people really did prefer and actually enjoy behavioural marketing, then why not give consumers the option to opt-in to them instead of forcing them to opt-out of every kind of marketing entirely? If they like it, giving them the choice to turn it off won't stop anyone!" She explained that privacy advocates aren't fighting for an ad-free Internet, they just want to give consumers who care about their privacy a way to opt-out of behavioural and targeted marketing efforts, something industry groups are fighting them on tooth and nail. Photo by Jim Linwood.
As for the "death of the free internet," Rainey noted that while the basis of revenue-generation on the internet has always been advertising, it has only been in recent years that we've seen a massive shift towards behavioural and targeted marketing that sticks with individuals not just on a single page, or in one company's services, but across all of their activities online. She's right — Jeff Jarvis wrote at BuzzMachine that even while he thinks much of the concern over privacy and do not track is a tempest in a teapot, companies at least need to be transparant about how they do what they've always been doing, and give consumers a choice. He noted that fast-forwarding through ads on television has been around for a long time, but that hasn't led to the death of the TV advertising industry. "Ads don't have to track you to make money," Rainey said, "You [advertisers] just need to give consumers the choice — the option to see ads without tracking! Then you could have both options and make everyone happy!" It's that lack of choice that's the real problem.
So What Do I Do About It? What Does It Matter?
Even if your privacy isn't important to you, there are others for whom privacy is paramount. "Even if you're comfortable giving up your personal information," Rainey said, "there are plenty of people who aren't, and they shouldn't have to fight to keep their addresses out of publicly accessible databases or off of a website where it's easily obtained. Victims of domestic violence, members of the LGBT community, political activists, human rights activists, police officers, even public figures all need privacy to make sure their families and homes are safe."
Even if you're not convinced that your data is worth protecting, there are others who need that protection. To that point, it's worth remembering that on many social networks, we give up information about those we're connected to when we let another app or service in — even if we've consciously decided we're OK trading the information requested about ourselves. Image by freelanceartist (Shutterstock).