Who is in charge of my privacy?

It should concern us that most computer users -- ourselves included -- see themselves as dependent variables in respect to large companies' privacy policies, rather than as independent variables.

I mean, it's understandable that big companies think of themselves as In Control. Hey: they are. They should have an obligation to care about users' privacy, and to explain their privacy policies. But why should we behave as supplicants to these companies, or even to governments, in respect to how anybody or anything treats what we regard as private information about ourselves and what we do in the world?

The short answer is that we don't have much choice. For individuals, privacy control tools are still limited. Meanwhile, what needs to be controlled remains nearly unlimited. And intrusive by nature. Cookies, for example. They're these things that live in our browsers and give others the ability to track us like animals. Never mind that these can be used for many Good Things. The fact remains that they are symptomatic of an asymmetry of control ability. What we might generously call a "relationship" with cookie-placers is our ability to forbid or get rid of them. But figuring out what they are isn't easy, or likely to happen.

This all comes up for me because I'm at a lecture by Peter Fleischer, Global Privacy Counsel for Google. (The link is to his blog, not his job.) He's doing a very good job of explaining all the stuff Google does to care about privacy and to Do The Right Thing, whatever that may be. And conditions do vary, all over the world. There's a lot to care and talk about here.

The problem is that Google's perspective is Google's alone. It's a BigCo perspective. Which is fine, as far as it goes. Where it doesn't go, and where it can't go, is toward itself, from the individual. That's the side that needs to be built out -- not just so geeks can control their privacy, can assert their own privacy and information usage policies; but so anybody can do the same thing. Easily.

Personal control over one's own online privacy is important, of course. In fact it's necessary -- but also insufficient to a much larger area of concern and opportunity: relationship.

We have many relationships online. All of them, however, are defined and controlled (sometimes from both sides) within each company's silo. What we don't have are personally controlled global approaches to relationship, including privacy variables.

For example, let's say I want to publish my interest in buying a laptop that weighs less than five pounds and has a 500Gb hard drive, when such a thing is ready. Let's also say I want to do this in the open market, outside any company's silo. I don't want to do it only inside Amazon, or Google, or eBay. I want to do it in the open, and on my own terms. Let's also say that I want to make clear the fact that I have good money ready to spend on this product, and can be trusted as a customer -- but that I not reveal my name or any other information about myself that I don't want to reveal. Let's also say that I actually have relationships with some companies, and that I am willing to reveal that fact just to those companies.

What we're talking about here is selective disclosure in the context of what we might call a personal RFP. Joe Andrieu goes into some detail about what this might involve. It is critical to his case, and mine, that we see the user as the point of integration. One reason we haven't made progress on this is that we all still see companies (rather than individuals) as points of integration. This gives us countless CRM (customer relationship management) systems -- by companies -- each with its own silo. When we want to transcend these silos, we look for one bigger silo, which only compounds the problem. A good example of this is the idea of a national identity system, or a single place where everybody's health care data can live.

The ability of individuals to manage relationships with companies (and organizations, and government entities) -- what we call -- is something that needs to live with ourselves. Nobody else can give it to us. In fact it's a mistake to look for them to give it to us, because then it's not ours. This is something we have to build for ourselves. As we've done with many other piles of code.

______________________

Doc Searls is Senior Editor of Linux Journal

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

In addition to cookies,

Araceli's picture

In addition to cookies, there are some shady practices out there. Microsoft, for example, clearly states in their EULA that installing Vista will cause your information to be released to certain "third-parties". Ummm, why?

- From the tv antenna & indoor antenna specialist

Microsoft knew. (your passion, Doc)

Anonymous's picture


It is interesting the Microsoft has taken an intrest in Doc Searls (the Senior Editor if the Linux Journal) favorite project.

Why would Microsoft wrap this present in a special domain from godaddy?

Has Microsoft ever tried to influence the media and or technical publications in the past?

I hope it isn't a bribe.

The whois for bringtheloveback.com is below:

Please note: the registrant of the domain name is specified
in the "registrant" field. In most cases, GoDaddy.com, Inc.
is not the registrant of domain names listed in this database.

Registrant:
Microsoft

Culliganlaan 1
Diegem, Belgium 1831
Belgium

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: BRINGTHELOVEBACK.COM
Created on: 19-Apr-07
Expires on: 19-Apr-09
Last Updated on:

Administrative Contact:
Desager, Geert geertd@microsoft.com
Microsoft
Culliganlaan 1
Diegem, Belgium 1831
Belgium
+32477353782

Technical Contact:
Desager, Geert geertd@microsoft.com
Microsoft
Culliganlaan 1
Diegem, Belgium 1831
Belgium
+32477353782

Domain servers in listed order:
NS1.WORDPRESS.COM
NS2.WORDPRESS.COM
NS3.WORDPRESS.COM

Huh?

Doc Searls's picture

I don't get your point.

If you're alleging that I'm being tempted in some way by The Dark Side, perhaps it would help to point out that I've been encouraging, and working with, sources of light from Microsoft over a number of years.

You can start this Linux Journal cover story, whichy features Kim Cameron, who has been doing a great job of working with folks from the open source world over many years now.

Doc Searls is Senior Editor of Linux Journal

Keep It Simple.

Anonymous's picture

" from the individual. That's the side that needs to be built out -- not just so geeks can control their privacy, can assert their own privacy and information usage policies; but so anybody can do the same thing. Easily. "

A great simple concept to bring to reality.

" For example, let's say I want to publish my interest in buying a laptop that weighs less than five pounds and has a 500Gb hard drive, when such a thing is ready. Let's also say I want to do this in the open market, outside any company's silo. I don't want to do it only inside Amazon, or Google, or eBay. I want to do it in the open, and on my own terms. Let's also say that I want to make clear the fact that I have good money ready to spend on this product, and can be trusted as a customer -- but that I not reveal my name or any other information about myself that I don't want to reveal. "

Stop right there. That is enough for now. Build it.

" When we want to transcend these silos, we look for one bigger silo, which only compounds the problem. A good example of this is the idea of a national identity system, or a single place where everybody's health care data can live. "

National idenity system?? Everybody's health care data??? Doc, you're scaring me. Think Freedom. Realize the facts of human nature that include greed, corruption, and abuse. Danger.

Finally, reading comments in this blog, "the individual consumer doesn't care factor" was brought up. It is a valid concern. How do you get them to care?

Provide a compelling incentive.

Consider SMAD.

Sorry Doc, my mistake...

Anonymous's picture

"One reason we haven't made progress on this is that we all still see companies (rather than individuals) as points of integration. This gives us countless CRM (customer relationship management) systems -- by companies -- each with its own silo. When we want to transcend these silos, we look for one bigger silo, which only compounds the problem. A good example of this is the idea of a national identity system, or a single place where everybody's health care data can live."

What you wrote is "A good example" of two bad silo concepts.

Please disregard the portion of the comment:

"National idenity system?? Everybody's health care data??? Doc, you're scaring me. Think Freedom. Realize the facts of human nature that include greed, corruption, and abuse. Danger."

Sorry.

A correction needed, if you want to fix it

Anonymous's picture

In case you want to fix it, there is a typo or similar slip-up in the ninth paragraph, third sentence. This sentence is grammatically wrong, but I can't figure out from context just what you meant it to say. Maybe the word "what" should be removed; maybe a word or two got dropped from the end; maybe something else:

"Critical to his case, and mine, is what seeing the user as the point of integration."

Corrections

Doc Searls's picture

Thanks. I made a few changes to that paragraph and the next that I hope will make things clearer.

Doc Searls is Senior Editor of Linux Journal

Still grammatically incorrect

Anonymous's picture

Well, I didn't keep a copy of the original, so I don't know what you changed, but except for making the last phrase into a link, you didn't change any of the words of the sentence I pointed out, and it is still grammatically incorrect.

Maybe you are just running so fast all the time that you have trouble seeing what you actually wrote rather than what you intended to write. You make rather few errors, given all that you write. (I honestly am amazed at all the things you manage to do, not only writing. You must be on hyperdrive most of the time.) Proofreading your own stuff is hard, I grant you. In what follows, I'm only trying to help you get the text to say what you mean. I wish I could do it in private email rather than out in public like this. If you can easily delete these comments, please do. And, of course, if the text is good enough to suit you and you don't want to make any changes, that's your choice to make. I won't pick on this particular point again unless you ask me a question about it.

Look at the sentence:

"Critical to his case, and mine, is what seeing the user as the point of integration."

If what you are trying to say is that "seeing the user as the point of integration" is critical to the case, then having the "what" in the sentence is just, plain grammatically wrong, and it should be dropped, making the sentence read:

"Critical to his case, and mine, is seeing the user as the point of integration."

Or maybe you meant to lead off with "what", as in:

"What is critical to his case, and mine, is seeing the user as the point of integration."

Or maybe what is critical are the implicatons of seeing the user as the point of integration -- something more like this:

"Critical to his case, and mine, is what seeing the user as the point of integration actually means."

(or "... implies.", or "... leads to." or "... enables." And maybe the "actually" isn't needed.)

Or maybe it isn't the implications but some other attribute of "seeing the user ..." that is critical. I'm not sure what other attribute it might be.

As I said in my earlier post, I'm not sure what you are trying to say, so I can't say for sure what the correction should be. I just know that the grammar is wrong as it stands, and I figured you would want to correct that.

Corrected, I hope.

Doc Searls's picture

Well, writers can be their own worst copy editors, and I'm no exception. I wrote this item while attending a lecture, and trying to pay attention to the lecture while writing at the same time. Not the best combination.

Anyway, the word "what" in that sentence was extraneous. I just missed it when I looked at it again.

Thanks for sticking with this. See if my correction works.

By the way, you can write to me at doc AT linuxjournal.com or doc AT searls.com.

Thanks again,

Doc

Doc Searls is Senior Editor of Linux Journal

Ah - a simple correction that didn't occur to me

Anonymous's picture

You're welcome, Doc. Yes, changing "what" to "that" corrects the grammar. I wonder why I didn't think of that possibility -- a one-letter typo. Anyway, it's good now.

A personally controlled global approach to relationships

Trey Tomeny's picture

Doc:

I've updated my idea that you liked that was previously located at replacegoogle.com to make it even more user controlled and more in line with the VRM concept. From my non-expert perspective, it includes every necessary element to provide personal global control of e-relationships.

The new site is http://thetrustednet.org and I would love your feedback and the feedback of others in the Linux Journal community.

Anonymous

Anonymous: White Paint > Grey Paint's picture

Shared Multiple Anonymous Database SMAD

User control, sadly, is a misdirection

Brad Templeton's picture

On the surface, it sounds like user control over privacy is an answer. It is the one we are often given by designers of data gathering and transmitting systems who try to give some answer.

But does it work, Doc? Look at Facebook. Sure, you can not check the box that says, "let this application see my information." Facebook will then not let you "install" the "application." (These are not applications, they are sub-sites really, best thought of as "other companies.")

What if you could finely control what information it got? What if you had 100 boxes to let you control if you want to give the new company any particular detail of your profile, or which friends they can see? Would real users make use of those 100 boxes? Would they instead demand, as studies show they will, "just one box" to make it easy?

And worse, what if we had these 100 boxes, but you still got the "You can't use this 'app' if you don't check this box that it needs." warning? Would users give in? Of course they would -- they are giving in by the 100s of millions on a box that hands over *everything*.

No, what users need is not control, nice as that might be. They need _negotiation ability_. They need the means to say, "Why do you need my address book just so I can read what somebody wrote on my pixie wall? That's too much. Let's talk about how much you really need."

But while you can give control to individuals, they won't have negotiation power. No company has the time to negotiate with individuals. Few individuals have the time to negotiate with companies. It will always come down to "take it or leave it" and the companies will always ask for as much as the system makes it easy to get away with. The easier you make it to hand over your data, the more the companies will demand, because ease of use means there is more they can get.

Look at what's happening in the real world. If this is supposed to be a conversation, there's no conversation happening between me and a Facebook app company over how they will use my data.

The paradox is, while we think user control is good, in fact user control is just an illusion to make it easier for the user to cave into non-negotiable demands. I wish this weren't true, but it obviously is.

Let's have the tools first, then make the judgement

Doc Searls's picture

Brad,

First, I'm not suggesting a hundred boxes. I'm suggesting a toolbox that gives the user control over whatever he or she wants to control. That can be as many or as few variables as he or she likes. We don't have that box of tools right now. Hard to tell, based on the take-it-or-leave-it nature of choices today, whether customers would use those tools or not. I believe if we make them well, they would. But without tools to test, we don't know.

Second, I would expect that the right tools would give users the power to negotiate. Remember that the users are the ones with the money. There is plenty of demand for stuff that doesn't fit inside the narrow set of choices offered by CRM systems. If customers had tools -- belonging to them -- for telling companies what they actually want, rather than having to go between companies' websites, like bees from flower to flower, looking for what might fit their needs, we would have a way to build what John Deighton (of Harvard Business School, a very smart dude I finally got to meet last night) calls a "demand chain". This is one that would pull supply. Right now we've got a system rigged only for the push side.

For example, I would like to be able to publish to the car rental business a demand for a van that seats six, has four-wheel drive and a roof rack. None of the agencies would have to listen to that demand. But they could note it. And one of them might make the effort to get my business. Because I have the money. Any combination of money and demand should be naturally interesting to any business in a position to meet that demand.

A key, to get back to the privacy theme of this thread, is to be able selectively to expose only the minimum information required. Which would include nothing about myself, other than the fact that my money is good. (In some cases, say when I belong to certain sellers' loyalty clubs, I could disclose who I am -- but just to them.) The tools that equip this would also put us in a negotiating position, by the way.

The likes of Expedia or Orbitz can't do that today. They're silo aggregators, and are themselves silos. The only way for demand to actually drive supply, for individual customers, and not just for aggregates of customers, is for customers to have the required tools. That's all I'm proposing here.

If we continue to frame markets entirely in terms of what we already have, we won't get there. That's like saying personal computers won't work because mainframes have all the power and mainframe sellers wouldn't want individuals to have mainframes. All proofs of what won't work must meanwhile be made in terms of what we already have. So, let's make the tools and see what happens.

Just because the glass is still empty doesn't mean we can't fill it.

Doc Searls is Senior Editor of Linux Journal

Old solutions, new applications

mike taht's picture

I still haven't been able to figure out why the privacy, identity and vrm debate wanders around such abstract terms and doesn't talk about two technologies of the 90s that I thought were promising if more widely deployed.

The first technology - ecash of various sorts - I am not going to go into today (as the answer is too large to fit into the margin of this blog)

The second technology - pgp - has thus far been uncracked (well, there was an issue once, long ago), is widely used (there is no good substitute for it), fully standardized and interoperable, and works on personal data, email and various chat systems, on every platform known to man.

The infrastructure has existed for over a decade - gpg itself, key servers, and the graphical tools such as engimail for thunderbird, and seahorse are now straightforward to use, at least under Linux.

As to why browsers don't support pgp based authentication (based on your signature)... don't know. Would love to be enlightened.

(Browsers have extensive support for certificates, but the primary certificate authorities are charging 2600 dollars a pop for that string of numbers. Sounds like a great business to be in, but I think true security needs to come from the bottom up rather than the top down in many cases, which is what pgp derived system do.)

"identity" and "verification of identity" have been solved from the bottom up, already, using pgp. It's astonishing to me how many times the concept of a "web of trust" has been reimplemented in (linkedin, myspace, facebook, amazon, etc) - without actually implementing any real, cryptographically secure trust between the participants. Each person is placed in a silo from which the trust does not escape, and the middleman holds the keys.

pgp might be able to solve that.

As to solving the "I'm a real guy, with real money to spend" problem, presenting a signed key (signed by for example, your "buyers club" of individuals, which has a track record) on an anonymous email address, with your "personal rfp", would reveal the depth of your interest without revealing your actual identity.

Perhaps not verified, but it sure sounds like Brad Templeton

Adam Fields's picture

I made a very similar point a few years ago in talking about DRM and content terms of service contracts, which are also all-or-nothing.

In fact, it's not a conversation between you and a Facebook app company over how they will use your data. After all, you have the option of opting out and not using their service. It's a conversation between that Facebook app company and everyone else who doesn't know better and accepts their terms without understanding what they mean or what the implications are. This has the cumulative effect of lowering standards across the board.

The fact is, opting out is not an option, and education is not an option unless you get in quickly enough to establish a societal norm before anyone finds out about whatever practice you're railing against. For every one person that cares, there are a few hundred million who don't, so there's really very little financial incentive for the companies engaging in these practices to stop.

Theoretically, it might be a better experience on both sides for companies to stop exploiting that relationship, but in the presence of plenty of people who will not care and still patronize them, how do you demonstrate that?

Staunch activism helps a little, but it unfortunately seems to be all we've got, and I fear we need much more.

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix