In Here Is New York, E.B. White opens with this sentence: “On any person who desires such queer prizes, New York will bestow the gift of loneliness and the gift of privacy.” Sixty-four years have passed since White wrote that, and it still makes perfect sense to me, hunched behind a desk in a back room of a Manhattan apartment.
That’s because privacy is mostly a settled issue in the physical world, and a grace of civilized life. Clothing, for example, is a privacy technology. So are walls, doors, windows and shades.
Private spaces in public settings are well understood in every healthy and mature culture. This is why no store on Main Street would plant a tracking beacon in the pants of a visiting customer, to report back on that customer’s activities — just so the store or some third party can “deliver” a better “experience” through advertising. Yet this kind of thing is beyond normative on the Web: it is a huge business.
Worse, the institution we look toward for protection from this kind of unwelcome surveillance — our government — spies on us too, and relies on private companies for help with activities that would be a crime if the Fourth Amendment still meant what it says. (Here’s what The Onion prophetically reported about this irony more than two years ago.)
I see two reasons why privacy is now under extreme threat in the digital world — and the physical one too, as surveillance cameras bloom like flowers in public spaces, and as marketers and spooks together look toward the “Internet of Things” for ways to harvest an infinitude of personal data.
The end-to-end principle was back-burnered when client-server (aka calf-cow) got baked into e-commerce in the late ’90s. In a single slide Phil Windley summarizes what happened after that. It looks like this:
The History of E-commerce
1995: Invention of the cookie.
For a measure of how far we have drifted away from the early promise of networked life, re-read John Perry Barlow‘s “Death From Above,” published in January 1995, and his “Declaration of the Independence of Cyberspace,” published one year later. The first argued against asymmetrical provisioning of the Net and the second expressed faith in the triumph of nerds over wannabe overlords.
Three years later The Cluetrain Manifesto was no less utopian. While it is best known for its 95 Theses (which include “Markets are conversations” and “Hyperlinks subvert hierarchy“) its most encompassing clue came before of all those. Chris Locke wrote it, and here’s what it says, boldface, color and all:
if you only have time for one clue this year, this is the one to get…
we are not seats or eyeballs or end users or consumers. we are human beings and our reach exceeds your grasp. deal with it.
Note the first and second person voices, and the possessive case. Our reach was everybody’s. Your grasp was companies’.
Fourteen years later, companies have won. Our reach has not exceeded their grasp. In fact, their grasp is stronger than ever.
Another irony: the overlords are nerds too. And they lord over what Bruce Schneier calls a feudal system:
Some of us have pledged our allegiance to Google: We have Gmail accounts, we use Google Calendar and Google Docs, and we have Android phones. Others have pledged allegiance to Apple: We have Macintosh laptops, iPhones, and iPads; and we let iCloud automatically synchronize and back up everything. Still others of us let Microsoft do it all. Or we buy our music and e-books from Amazon, which keeps records of what we own and allows downloading to a Kindle, computer, or phone. Some of us have pretty much abandoned e-mail altogether … for Facebook.
These vendors are becoming our feudal lords, and we are becoming their vassals. We might refuse to pledge allegiance to all of them – or to a particular one we don’t like. Or we can spread our allegiance around. But either way, it’s becoming increasingly difficult to not pledge allegiance to at least one of them.
We have loosed three things into the digital world that we (by which I mean everybody) do not yet fully comprehend, much less deal with (through policy, tech or whatever). Those are:
- Ubiquitous computing power. In the old days only the big guys had it. Now we all do.
- Ubiquitous Internet access. This puts us all at zero virtual distance from each other, at costs that also veer toward zero as well.
- Unlimited ability to observe, copy and store data, which is the blood and flesh of the entire networked world.
In tech, what can be done will be done, sooner or later, especially if it’s possible to do it in secret — and if it helps make money, fight a war or both. This is why we have bad acting on a massive scale: from click farms gaming the digital advertising business, to the NSA doing what we now know it does.
Last month I gave a keynote at an Internet Advertising Bureau event in New York. One of my topics was personal privacy, and how it might actually be good for the advertising business to respect it. Another speaker was Michael Tiffany, a “gentleman hacker” and CEO of WhiteOps, “an internet security company focused on the eradication of ad fraud.” He told of countless computers and browsers infected with bots committing click-fraud on a massive scale, mostly for Russian hackers shunting $billions from the flow of money down the online advertising river. The audience responded with polite applause. Privacy? Fraud? Why care? The money’s rolling in. Make hay while the power asymmetry shines.
Just today an executive with a giant company whose name we all know told me about visiting “click farms” in India, which he calls “just one example of fraud on a massive scale that nobody in the industry wants to talk about.” (Credit where due: the IAB wouldn’t have had us speaking there if its leaders didn’t care about the issues. But a .org by itself does not an industry make.)
Yet I’m not discouraged. In fact, I’m optimistic.
These last few months I’ve been visiting dozens of developers and policy folk from Europe to Australia, all grappling productively with privacy issues, working on the side of individuals, and doing their best to develop enlightened policy, products and services.
I can report that respect for privacy — the right to be left alone and to conceal what one wishes about one’s self and one’s data — is far more evolved elsewhere than it is in the U.S. So is recognition that individuals can do far more with their own data than can any big company (or organization) that has snarfed that data up. In some cases this respect takes the form of policy (e.g. the EU Data Protection Directive). In other cases it takes the form of advocacy, or of new businesses. In others it’s a combination of all of those and more.
Privacy by Design is a policy and code development movement led by Ann Cavoukian, the Information & Privacy Commissioner of Ontario. Many developers, enterprises and governments are now following her guidelines. (Which in turn leverage the work of Helen Nissenbaum.)
Fing, the Fondation Internet Nouvelle Génération, is a think tank of leading French developers, scientists, academics and business folk, convened to guide digital transformation across many disciplines, anchored in respect for the individual and his or her full empowerment (including protection of privacy), and for collective action based on that respect.
MesInfos is a Fing project in which six large French companies — Orange, La Poste, Cap-Digital, Monoprix, Alcatel-Lucent and Societe Generale — are releasing to 300 customers personal data gathered about those customers, and inviting developers to help those customers do cool things on their own with that data.
The Midata Innovation Lab in the UK is doing a similar thing, with twenty UK companies and thousands of customers.
Both Midata and Etalab in France are also working the government side, sharing with citizens data collected about them by government agencies. For more on the latter read Interview with Henri Verdier: Director of Etalab, Services of the French Prime Minister. Also see Open Data Institute and PublicData.eu.
In Australia, Flamingo.io Working3 and Edentiti are working on re-building markets from the customer side, starting with personal control and required respect for one’s privacy as a base principle.
In the U.S. and Europe, companies and open source development groups have been working on personal data “stores,” “lockers,” “vaults” and “clouds,” where individuals can harbor and use their own data in their own private ways. There is already an open source code base and a language for “personal clouds” and “pclouds” for everything you can name in the Internet of Things. I posted something recently at HBR about one implication for this. (Alas, it’s behind an annoying registration wall.)
On the legal front, Customer Commons is working with the Cyberlaw Clinic at the Berkman Center on terms and privacy requirements that individuals can assert in dealing with other entities in the world. This work dovetails with work by Mozilla, Personal.com, Terms of Service — Didn’t Read, The Standard Label, the W3C Tracking Protection Working Group and others.
I am also encouraged to see that the most popular browser add-ons and extensions are ones that block tracking, ads or both. Abine, AdblockPlus, Firefox’s Collusion, Disconnect.me, Ghostery, Privowny and PrivacyScore are all in this game, and they are having real effects. In May 2012, ClarityRay reported a 9.26% ad blocking rate in North America and Europe. Above that were Austria (22.5%), Hungary, Germany, Finland, Poland, Gibraltar, Estonia and France. The U.S. was just below that at 8.72%. The top blocking browser was Firefox (17.81%) and the bottom one was Explorer (3.86%). So it was no surprise to see Microsoft jump on the Do Not Track bandwagon with its latest browser version. In sum what we see here is the marketplace talking back to marketing, through developers whose first loyalties are to people.
(The above and many other companies are listed among VRM developers here.)
More context: it’s still early. The Internet most of us know today is just eighteen years old. The PC is thirty-something. Pendulums swing. Tides come and go. Bubbles burst.
I can’t prove it, but I do believe we have passed Peak Surveillance. When Edward Snowden’s NSA revelations hit the fan in May, lots of people said the controversy would blow over. It hasn’t, and it won’t. Our frogs are not fully boiled, and we’re jumping out of the pot. New personal powers will be decentralized. And in cases where those powers are centralized, it will be in ways that are better aligned with individual and social power than the feudal systems of today. End-to-end principles are still there, and still apply.
Another reason for my optimism is metaphor, the main subject in the thread below. In Philosophy in the Flesh, George Lakoff and Mark Johnson open with this assertion: The mind is inherently embodied. We think metaphorically, and our metaphorical frames arise from our bodily experience. Ideas, for example, may not be things in the physical sense, but we still talk of “forming,” “getting,” “catching” and “throwing out” ideas. Metaphorically, privacy is a possession. We speak of it in possessive terms, and as something valuable and important to protect — because this has been our experience with it for as long as we’ve had civilization.
Possession is “nine-tenths of the law” because it is nine-tenths of the three-year-old. She says “It’s mine!” because she has hands with thumbs that give her the power to grab. Possession begins with what we can hold.
There is also in our embodied nature a uniquely human capacity called indwelling. Through indwelling our senses extend outward through our clothes, our tools, our vehicles, enlarging the boundaries of what we do and experience in the physical world. When drivers speak of “my wheels” and pilots of “my wings,” it is because their senses dwell in those things as extensions of their bodies.
This relates to privacy through exclusion: my privacy is what only I have.
The clothes we wear are exclusively ours. We may wear them to express ourselves, but their first purpose is to protect and conceal what is only ours. This sense of exclusivity also expands outward, even though our data.
Kevin Kelly says “the Internet is a copy machine.” And it is. We send an email in a less literal sense than we copy it. Yet the most essential human experience is ambulation: movement. This is why we conceive life, and talk about it, in terms of travel, rather than in terms of biology. Birth is arrival, we say. Death is departure. Careers are paths. This is why, when we move data around, we expect its ownership to remain a private matter even if we’re not really moving any of it in the postal sense of a sending a letter.
The problem here is not that our bodily senses fail to respect the easily-copied nature of data on networks, but that we haven’t yet created social, technical and policy protocols for the digital world to match the ones we’ve long understood in the physical world. We still need to do that. As embodied beings, the physical world is not just our first home. It is the set of reference frames we will never shake off, because we can’t. And because we’ve had them for ten thousand years or more.
The evolutionary adaptation that needs to happen is within the digital world and how we govern it, not the physical one.
Our experience as healthy and mature human beings in the physical world is one of full agency over personal privacy. In building out our digital world — something we are still just beginning to do — we need to respect that agency. The biggest entities in the digital world don’t yet do that. But that doesn’t mean they can’t. Especially after we start leaving their castles in droves.