Commentary

Online Privacy (Part 3)

Part 1 | Part 2 | Part 3

This article is Jim Harper’s closing remarks in a larger debate on The Economist’s website.

Marc Rotenberg has been wise — in terms of debating tactics — to speak only in generalities about the “critical role” of government oversight, about government agencies taking a “more active role” and about independent privacy agencies that “speak up” when privacy is threatened. Putting forward concrete ideas for regulating the information economy would cause people to think more carefully and to recognise costs and benefits, which do not cut in favour of his position.

Privacy is about trade-offs. In exchange for the modicum of information people share online, they receive copious information and commentary, free e-mail services, search services, maps, driving directions, interaction with people who share their interests and much more. Greater government privacy regulation is not the death knell of the free internet, but it would undercut information services that are just getting by, as well as unproven ways of serving consumers.

(People should withhold information if they care to, of course. Here again is how to exercise control over cookies, the major source of demographic information for ad networks: in Internet Explorer and Firefox, go to the “Tools” pull-down menu, select “Options”, click on the “Privacy” tab and then customise cookie settings.)

Then there is the benefit side of the ledger: can we expect privacy to flourish once governments begin doing “more”? The evidence suggests not.

In October of this year, the Fair Credit Reporting Act (FCRA) will celebrate its 40th birthday. As Mr Rotenberg’s organisation notes on its website, this American legislation “establishes a framework of Fair Information Practices for personal information that include rights of data quality (right to access and correct), data security, use limitations, requirements for data destruction, notice, user participation (consent), and accountability”. The FCRA is a model that proponents of government control would apply to the internet and the information economy.

But the credit-reporting industry has not blossomed with fairness, privacy, good customer service or transparency since Congress passed this legislation. Indeed, EPIC’s 15-page, 6,000-word exegesis on the FCRA lists a dozen ways it believes the law still needs to be improved. In four decades, government legislation has not produced the information values Mr Rotenberg wants.

The Privacy Act of 1974 is another “Fair Information Practices”-based regime that was intended to improve the privacy practices of the American government. As with credit reporting, few would say that Washington, DC, has burbled up springs of privacy protection, data accuracy and transparency over the past 35 years.

The arguments for government control certainly seem to rest on good-hearted premises: if we just elect the right people, and if they just do the right thing, then we can have a cadre of public-spirited civil servants dispassionately carrying out a neutral, effective privacy-protection regime.

But this romantic vision of government seems never to come true. Crass political dealmaking inhabits every step, from the financing of elections, to logrolling in the legislative process, to implementation that favours agencies’ interests and the preferences of the politically powerful.

The government regulation rêve is a bête noire. Congress passed the FCRA in the same legislation as the Bank Secrecy Act, creating a flaccid consumer protection regime in exchange for a robust and still-growing system of private surveillance on behalf of government.

The law was also a sop to business. As EPIC itself notes, “In order to gain passage of the FCRA in 1970, consumer advocates gave [industry] a big concession-immunity from defamation lawsuits based on information in the reports.” The FCRA stopped American state governments doing what they were supposed to do — guarding individuals’ rights — in favour of a federal information regime that made consumers helpless objects of government policy.

Mr Rotenberg’s ambiguity may mean to signal otherwise, but there is no free lunch: regulation is costly, and it does not work well. Consumers’ best source of protection is their own behaviour. Learn how internet communications work, withhold personal information more often and mete it out carefully when appropriate.

It is often said that consumers vote with their dollars. Online, consumers vote with their clicks. Spending and clicking are small but, in their numbers, powerful ways of influencing the world around us. And they are much more direct and effective than voting for politicians every few years, then begging them to do the right thing.

Consumers reveal their true interests (they move from generality to reality) when they make a purchase or visit a website — none more than my worthy debate opponent, Mr Rotenberg, whose count of Facebook friends recently surpassed 4,000. We should all work to change consumer understanding of reality by making clear the privacy costs of many online activities, but in the meantime real-world voters make clear their appreciation for interactivity, even at some cost to privacy.

Jim Harper is director of information policy studies, Cato Institute.