The Pointless Privacy Debate
Modernizing Authentication — What It Takes to Transform Secure Access
In response to criticism from a british privacy group and European Union data overseers, Google recently announced it would anonymize data it retains on user searches after 18 months. The British group, Privacy International, had ranked Google the worst in its survey of Internet services, citing an "entrenched hostility to privacy."
The EU applauded the move as it had lauded Google's agreement to comply with its 2005 directive requiring service providers to retain all identifiable records up to two years. Huh?
When it comes to consumer privacy, lawmakers can't seem to contain their frustration and even outrage with businesses that retain detailed, personally identifiable data. Yet when it comes to investigating crimeterrorism and child pornography being the favoritesthey just as passionately take the opposite position. Consumers are equally ambivalent: We're creeped out to find photos of ourselves showing up in Google maps, but infuriated when the movements of alleged terrorists and other criminals through public spaces aren't captured or stored.
This is just one of the paradoxes conveniently ignored in discussions about privacy in the electronic age. Another: What constitutes private data? E-mails, IM sessions and phone conversations, sure, but what about call records, search histories, crowd scene photos taken with cell phones? Google searches, for that matter, are often only identifiable through the user's IP address, which may not identify the user at all.
The privacy problem is real. In the past decade, an explosion of cheap electronic devices capable of generating and capturing data, improvements in database technology and standardization and the overall shift of business transactions to electronic forms have created a gold mine of new data sources whose uses we've only begun to explore. This data has the potential to improve business performance and customer service, but only if we can set some commonsense ground rules about how to collect it, store it and use it.
U.S. lawmakers, easily inflamed by an American tradition of individualism and eccentricitywhat Justice Louis Brandeis famously called "the right to be left alone"can't be expected to pass legislation any less confusing than the European Union.
Even if Congress passes privacy laws, data retention laws or both, U.S. courts would apply such legislation against the backdrop of the First Amendment, which forbids legislation infringing free speech, and the Fourth Amendment, which protects citizens from unreasonable search and seizure, including search and seizure of information.
By the way, the First and Fourth Amendment are protections only from government intrusionsAmerican businesses, with a few exceptions including credit reporting and health records, are subject to almost no restrictions regarding privacy.
So what's the privacy debate really about? You give away far more "private" information in exchange for small discounts at the grocery store or pet store every time you use your loyalty card. And that's not necessarily bad. The data is valuable to retailers and manufacturers, and you're willing to sell it.
Perhaps this isn't a debate about privacy so much as proprietythat is, who gets to make money off the user's information. Maybe it isn't a debate at all, but a negotiation.
Larry Downes is a Fellow with the Stanford Law School Center for Internet and Society. Please send questions and comments about this article to firstname.lastname@example.org.