EOF - Privacy Is Relative

Years ago, I worked with PGP (Pretty Good Privacy) when it was a startup company and not what Phil Zimmerman created in the first place: a pretty good way to keep communications private. In the course of that work, I developed a belief that privacy was one of those topics that was too important to ignore, yet too complex for most people to understand, especially if it involved technology more complex than a key and a hole. So I've mostly avoided the topic, leaving the worrying up to people who are required to wrestle with it—meaning, developers.

But now, I'm running a development project, and not a day goes by that privacy doesn't come up—or worse, require consequential thinking about nitty-gritties: code, protocols, policies and (worst of all) legal stuff. So I've been trying to think in new ways about privacy—what it means and how to put that meaning to work.

Let's start with celebrities. These creatures can play a helpful role in studies of privacy, because they have less of it than the rest of us. Celebrity is a kind of albinism. It robs its victims of the pigment we call anonymity, even as they are dressed in fame. So they stand out. Worse, they attract the attention of paparazzi, whose purpose in life is to maximize celebrity exposure.

Mass media (the natural environment of celebrity) reduce and confine the degree to which celebrities can enjoy simple one-to-one, or one-to-any, relationships. So celebrities hide. Or give up. Or both.

Scott McNealy famously said, “You have no privacy. Get over it.” Asked by a gaggle of San Francisco Chronicle reporters to expand on that, he replied, “The point I was making was someone already has your medical records. Someone has my dental records. Someone has my financial records. Someone knows just about everything about me. Gang, do you want to refute my statement? Visa knows what you bought. You have no privacy. Get over it. That's what I said.”

For years I thought, “Well, that's true for him.” Because he's a celebrity. But lately, I've thought more about the rest of what he said, which was about data. The fact is, your medical, financial and dental records are not yours. They might be about you, but they don't belong to you. They belong to your credit-card company, your broker, your dentist.

We go to those professionals because we can't or won't perform their work by ourselves. So, because they're the ones producing data about us, it only makes sense for the data to be “theirs”—at least in the locational sense. After that, the distinction between control and possession comes up only when somebody else needs the data. If that's you, all you need to do in most cases is authenticate yourself. Then you can have it.

In the physical world, that's fairly easy. We just show up looking like ourselves. If we have a familiar working relationship with our dentists, bankers or brokers, they won't bother asking for our drivers' licenses. They'll just shake our hands, tell us to have a seat and ask us how we're doing.

This illustrates how there are essentially two forms of privacy. One is the kind where you hide out. You minimize exposure by confining it to yourself. The other is where you trust somebody with your information.

In order to trust somebody, you need a relationship with them. You're their spouse, friend, client or patient.

This isn't so easy if you're just a customer, or worse, a “consumer”. There the obligation is minimized, usually through call centers and other customer-avoidance mechanisms that get only worse as technology improves. Today, the call center wants to scrape you off onto a Web site or a chat system.

Minimizing human contact isolates your private information inside machines that have little interest in relating to you as a human being or in putting you in contact with a human being inside the company. Hence, your data is indeed safe—from you. It's also safe from the assumption that this data might in any way also belong to you—meaning, under your control. It's still private, but only on the company's terms. Not on yours.

This mess can't be fixed just by humanizing call centers. It can be fixed only by humanizing companies. This has to be done from both inside and out.

Recent changes in the sounds coming from the CRM community are highly encouraging. So is the growth of free and open-source CRM systems and the interest of CRM giants such as Oracle in VRM (vendor relationship management), which is the development movement I'm involved in.

Paul Trevithick, the main developer behind Higgins (www.eclipse.org/higgins), makes an interesting point: both the Net and the Web were born without the concept of an individual. There are endpoints on the Net and files on the Web—and the presumption that somebody will do browsing or viewing. But here is no instantiation of the individual himself or herself, except inside company silos.

Keith Hopper says, “The customer should be his own silo.” Building those won't be easy, but it will be necessary if we want privacy that's more than pretty good. Those silos will have two effects. One is to contain our data and put it under our control. The other is to position us as an equal: a free and independent entity rather than a captive and dependent one.