Online Privacy (Part 1)

August 25, 2010 • Commentary
This article appeared on The Economist (Online) on August 25, 2010.

Part 1 | Part 2 | Part 3

This article is Jim Harper’s opening remarks in a larger debate on The Economist’s website.

The internet is not for couch potatoes. It is an interactive medium. While internet users enjoy its offerings, they should be obligated to participate in watching out for themselves. Government efforts to provide online privacy will almost certainly make a hash of things.

Internet‐​connected devices and computers both retrieve information and send out information. This interactivity is why the internet’s usefulness and entertainment stand head and shoulders — and chest and waist — above static media like TV, movies and (many) books.

The blessings of interactivity come at a cost. There is someone (well, something — a server) on the other end of every mouse‐​click, and sometimes every keystroke. The cost of interactivity is privacy. But many internet users do not know the full price they are paying. Unaware of how internet connections, browsers, websites, plug‐​ins and various other technical tools work, lots of people do not know what information they share when they go online, how much of it, or how revealing it is. Obviously, this deprives them of the opportunity to do anything about it.

There are concerns and complaints beyond control, of course. Potential unfair uses of information posted or released online are a “privacy” concern. People worry about the security of their financial accounts and reputations against identity fraud, or even about risks of theft or violence produced by information put online. Other “privacy” concerns include intrusive protocols and practices‐​spam, pop‐​ups and the like — that interfere with peaceful enjoyment of the net.

It is understandable for people, feeling bowled over, to wish government would take these challenges from their hands. The promises of regulation are lavish, though the results are not so great. Witness the American government’s Minerals Management Service, which did not prevent a recent massive oil spill in the Gulf of Mexico. The American Securities and Exchange Commission did not discover Bernie Madoff’s multibillion‐​dollar scam despite being told of it repeatedly. Should consumers abdicate responsibility for privacy to such institutions?

For some privacy problems, law and government are already appropriately on the case. Law is rightly recognising privacy policies as enforceable contractual promises. Fraud is already a crime, irrespective of medium or subject matter. The problem with online law enforcement is not the need for new law or for government to “do more”. Government should get better at carrying out its existing responsibilities.

In the meantime, controlling identity fraud requires people to watch out for themselves by monitoring their financial statements and credit reports. The financial‐​services and credit‐​reporting industries must similarly keep watch on their end. Waiting for government help will not do.

Government help will not do for protecting privacy in its stronger “control” sense either. Privacy is a value that varies from person to person and from context to context. Perfectly nice, normal people can be highly protective of information about themselves or indifferent to what happens with data about their web surfing. Any government regulation would cut through this diversity.

Government “experts” should not dictate social rules. Rather, interactions among members of the internet community should determine the internet’s social and business norms.

There is a response to this argument: industry defaults, set against privacy, are as uniform as government rules would be. But they are not. Apple’s Safari browser blocks third‐​party cookies, denying ad networks their most common source of consumer demographic information. If stronger cookie controls are warranted, coders can write plug‐​ins — as they have for Mozilla’s Firefox.

The limiting factor on the success of such efforts so far has been consumer awareness and interest. All major browsers allow users to control online tracking, for example. (In Internet Explorer and Firefox, go to the “Tools” pull‐​down menu, select “Options”, click on the “Privacy” tab and then customise cookie settings.) Yet few web surfers take these rudimentary steps.

The social engineer takes consumer indifference as a signal that people should be forced to prioritise privacy, but this would undercut consumer welfare as indicated by the best evidence available: consumer behaviour. People appear generally to prefer the interactivity and convenience of today’s web, and the free content made more abundant by ad network tracking.

Appeals like this — to revealed consumer interest — typically fall on deaf ears because people involved in privacy debates care more about privacy than the average person. Each of us believes ourselves to be typical, and we take our own opinions as the best evidence of consumer interest. Indeed, if you have read this far, you care more about privacy than most, and you probably favour government regulation to serve your slightly peculiar interests. Rare will be the reader willing to suspend personal opinion on privacy in favour of evidence.

The privacy challenges of the online environment are real and difficult. But asking the government to fix them is the couch potato’s solution. And it is an unsatisfactory one. Government regulation will make consumers worse off than they could be. The better alternative is to get people educated and involved in their own privacy protection.

About the Author