Tag: privacy

Busting the Myth that Web Sites ‘Sell Your Data’

On TLF, Berin Szoka comes up just shy of ranting, but it’s a good rant against the myth that Web sites like Facebook sell or give your data to advertisers.

In targeted online advertising, the business model is generally to sell advertisers access to people based on their demographics. It is not to sell individuals’ personal and contact info. Doing the latter would undercut the advertising business model and the profitability of the web sites carrying the advertising.

I did some myth-busting of my own last year when the Wall Street Journal published erroneous information about a health-interest site called RealAge.com, which does not give or sell visitors’ data to drug companies.

Understanding how technologies and business models work is job one for crafting good public policies, but as I noted yesterday

“Privacy” v. Justice: Wiretapping Case Update

Anthony Graber, the Maryland motorcyclist being prosecuted on state felony wiretapping charges for recording his traffic stop and posting the video on YouTube, is the subject of an article in today’s Washington Post. I have said (again and again) that this is a misreading of the Maryland wiretapping statute, which is not supposed provide grounds for prosecution where there is no “reasonable expectation of privacy.”

Graber was on the side of the highway, and the police officer asserting this expansive reading of the wiretap statute while making an arrest at the Preakness was in the middle of a large crowd. There is no reasonable expectation of privacy in either of those places. The Post article provides the other side of the argument:

The attention the Graber case is receiving has surprised Harford prosecutor Joseph I. Cassilly, who said his office has prosecuted similar cases before, including one within the past year against the passenger of a car that was stopped during a drug investigation who started taping officers with a cellphone camera. Cassilly said he didn’t know the status of the case because the prosecutor handling it has been out sick.

“The question is: Is a police officer permitted to have a private conversation as part of their duty in responding to calls, or is everything a police officer does subject to being audio recorded?” Cassilly said.

Cassilly thinks officers should be able to consider their on-duty conversations to be private.

I disagree. The injustice of the Maryland wiretap law was demonstrated earlier this week when Rep. Bob Etheridge assaulted a student who asked him a question while recording the encounter. The students were lucky that they were in the District of Columbia.

If the scuffle had been in Maryland, Etheridge could have been prosecuted for misdemeanor assault (this remains true for D.C., but I am not aware of any charges that have been made). In contrast, the students would have been on the hook for a felony violation of the wiretap law for recording the event, another violation for posting the event on the internet, and an additional charge for possession of the device used to intercept the conversation. I’m not agreeing with that reading of the law, but that’s the interpretation being used to prosecute Anthony Graber.

Whatever your views on privacy are, that’s not justice.

Event Data Recorders: They’re Not Just for Safety

In my recent testimony before the House Commerce Committee on a proposal to require event data recorders in all new cars sold in the United States, I pointed out that the mandate would go far beyond what is needed to ensure safety. Indeed, the cost of EDRs raises the prices of new cars, marginally reducing the pool of used cars and keeping lower income drivers in older used cars which are less safe.

The demand for EDRs in all cars, collecting and transmitting data about all crashes, suggests that something more than statistically relevant safety data is what advocates of this mandate want. I put a finer point on these issues today in answers to questions propounded to me after the hearing.

The proposed EDR mandate includes controls on the use of EDR information, a nominal protection for privacy, but the EDR mandate “sets the stage for migration away from consumer privacy toward serving the goals of government and industry related not only to safety but also to general law enforcement, taxation, and surveillance.”

Privacy as the Default Setting

Before I can write a blog post, I must lift my hands to type.

I say so because the default setting in life is privacy. Staying in bed maintains privacy pretty well.

Clay Shirky gives privacy a contrary treatment on the New York TimesRoom for Debate blog. We are both discussants there of the question whether the government should intervene to solve privacy issues with Facebook.

Shirky, a teacher in the Interactive Telecommunications Program at N.Y.U., writes:

There are two principal effects of the Internet on privacy. The first is to shrink personal expression to a dichotomy: public or private. Prior to the rise of digital social life, much of what we said and did was in a public environment — on the street, in a park, at a party — but was not actually public, in the sense of being widely broadcast or persistently available.

This enormous swath of personal life, as we used to call it, existed on a spectrum between public and private, and the sheer inconvenience of collecting and collating theoretically observable but practically unobserved actions was enough to keep those actions out of the public sphere.

That spectrum has now collapsed — data is either public or private, and the idea of personal utterances being observable but unobserved is becoming as quaint as an ice cream social.

“[I]t is keeping things private that requires effort,” he writes.

I think Shirky has inadvertently overstated the effects of the Internet on privacy. The dynamics he describes are definitely in play, but they exist almost exclusively in digital social life. For the rest of life, it’s still the other way around. Privacy is easy. You can just stay in bed. Pursuing publicity takes effort.

When you go out into the world, making effort to give publicity to yourself in pursuit of your wants and needs, you must trade some personal information for interaction, yes. That’s physics: photons and sound waves doing what they do. Nobody considers this a privacy problem because of our long experience with it and acculturation to it.

The online environment has similar information demands—when you go online, giving publicity to yourself in pursuit of your wants and needs, you must trade some personal information for interaction—but it has different properties: information is easier to record. Again, though, the rise of the Internet didn’t change privacy on the street, in parks, and at parties, except in the still rare instance when someone is recording and uploading information.

If we were to conduct all of life online, maybe it would be fair to say that protecting privacy takes effort. But even as a digital denizen, the majority of my experience—certainly the most important and valuable of it—is offline, face-to-face interactions with friends and loved ones or time alone.

Here, privacy is the default. Nobody knows my thoughts unless I tell them. Almost never is anyone capturing the conversation in a digital format. Rarely is anyone uploading images. Facebook isn’t hoovering up the information. Doing these things would take effort that nobody is expending.

The Internet didn’t foreclose the use of real space for the conduct of life as Shirky implies by talking about offline living in the past tense. It expanded our freedom by giving us another space—a new option to use as we see fit. Declining to use that space is as normal, natural, and necessary as eating breakfast (which is impossible to do online, by the way). Maybe some of the digerati conduct their love-lives online, but this should be a disqualification for discussing the social impact of the medium for failure to understand how it fits into most people’s lives.

Privacy debates premised on the omnipresence of digital media are interesting and fun, but I don’t think they’re grounded in people’s actual experience of the world (exception!), and they tend to overstate the significance of online privacy problems.

The Most Powerful Privacy Setting

Amid the hullaballoo about Facebook and privacy, it’s easy to forget the most powerful privacy setting.

In my 2004 Policy Analysis, “Understanding Privacy—and the Real Threats to It,” I wrote about the “privacy-protecting decisions that millions of consumers make in billions of daily actions, inactions, transactions, and refusals.”

Inactions and refusals. Declining to engage in activities that emit personal information protects privacy. Not broadcasting oneself on Facebook protects privacy. Not going online protects privacy.

The horror, some may think, of not having access to the wonders of the online world. Actually, many people live full and complete lives without it, enjoying the perfect online privacy default. The irony is a little too rich when avid users of Facebook—which is little more than a publicity tool—complain about its privacy problems.

Facebook does have some work to do on rationalizing and communicating the privacy protections its offers its publicity-seeking users. But people will always have the privacy protecting option of not using Facebook.

Not so for government-sponsored incursions on privacy, like the national ID system proposed by Senator Chuck Schumer (D-NY). Inaction and refusal of his national ID system would not be a practical option if Senator Schumer has his way. The irony isn’t just rich, it’s curdled and reeking when Senator Schumer leads the attack on Facebook for its privacy practices.

Not Enough Power … Additional Measures Needed

The Wall Street Journal reports that the federal government has insufficient power:

The attempted Times Square bombing has underscored the challenge of managing security threats from citizens with clean records, but U.S. authorities are limited in the tools they can employ to legally monitor travel and other behavior of Americans who haven’t otherwise aroused suspicion.

That’s rich.