Law

You are currently browsing the archive for the Law category.

We know more than we can tell.

That one-liner from Michael Polanyi has been waiting half a century for a proper controversy, which it now has with facial recognition. Here’s how he explains it in The Tacit Dimension:

This fact seems obvious enough; but it is not easy to say exactly what it means. Take an example. We know a person’s face, and can recognize it among a thousand others, indeed among a million. Yet we usually cannot tell how we recognize a face we know. So most of this knowledge cannot be put into words.

Polanyi calls that kind of knowledge tacit. The words we put knowledge into he calls explicit.

For an example of both at work, consider how, generally, we  don’t know how we will end the sentences we begin, or how we began the sentences we are ending—and how the same is true of what we hear or read from other people whose sentences we find meaningful. The explicit survives only as fragments, but the meaning of what was said persists in tacit form.

Likewise, if we are asked to recall and repeat, verbatim, a paragraph of words we have just said or heard, we will find it difficult or impossible to do so, even if we have no trouble saying exactly what was meant. This is because tacit knowing, whether kept to one’s self or told to others, survives the natural human tendency to forget particulars after a few seconds, even when we very clearly understand what we have just said or heard.

Tacit knowledge and short term memory are both features of human knowing and communication, not bugs. Even for people with extreme gifts of memorization (e.g. actors who can learn a whole script in one pass, or mathematicians who can learn pi to 4000 decimals), what matters more than the words or the numbers are their meaning. And that meaning is both more and other than what can be said. It is deeply tacit.

On the other hand—the digital hand—computer knowledge is only explicit, meaning a computer can know only what it can tell. At both knowing and telling, a computer can be far more complete and detailed than a human could ever be. And the more a computer knows, the better it can tell. (To be clear, a computer doesn’t know a damn thing. But it does remember—meaning it retrieves—what’s in its databases, and it does process what it retrieves. At all those activities it is inhumanly capable.)

So, the more a computer learns of explicit facial details, the better it can infer conclusions about that face, including ethnicity, age, emotion, wellness (or lack of it) and much else. Given a base of data about individual faces, and of names associated with those faces, a computer programmed to be adept at facial recognition can also connect faces to names, and say “This is (whomever).”

For all those reasons, computers doing facial recognition are proving useful for countless purposes: unlocking phones, finding missing persons and criminals, aiding investigations, shortening queues at passport portals, reducing fraud (for example at casinos), confirming age (saying somebody is too old or not old enough), finding lost pets (which also have faces). The list is long and getting longer.

Yet many (or perhaps all) of those purposes are at odds with the sense of personal privacy that derives from the tacit ways we know faces, our reliance on short term memory, and our natural anonymity (literally, namelessness) among strangers. All of those are graces of civilized life in the physical world, and they are threatened by the increasingly widespread use—and uses—of facial recognition by governments, businesses, schools and each other.

Louis Brandeis and Samuel Warren visited the same problem more than a century ago, when they became alarmed at the implications of recording and reporting technologies that were far more primitive than the kind we have today. In response to those technologies, they wrote a landmark Harvard Law Review paper titled The Right to Privacy, which has served as a pole star of good sense ever since. Here’s an excerpt:

Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual what Judge Cooley calls the right “to be let alone” 10 Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of private and domestic life ; and numerous mechanical devices threaten to make good the prediction that “what is whispered in the closet shall be proclaimed from the house-tops.” For years there has been a feeling that the law must afford some remedy for the unauthorized circulation of portraits of private persons ;11 and the evil of invasion of privacy by the newspapers, long keenly felt, has been but recently discussed by an able writer.12 The alleged facts of a somewhat notorious case brought before an inferior tribunal in New York a few months ago, 13 directly involved the consideration of the right of circulating portraits ; and the question whether our law will recognize and protect the right to privacy in this and in other respects must soon come before out courts for consideration.

They also say the “right of the individual to be let alone…is like the right not be assaulted or beaten, the right not be imprisoned, the right not to be maliciously prosecuted, the right not to be defamed.”

To that list today we might also add, “the right not to be reduced to bits” or “the right not to be tracked like an animal.”

But it’s hard to argue for those rights in the digital world, where computers can see, hear, draw and paint exact portraits of everything: every photo we take, every word we write, every spreadsheet we assemble, every database accumulating in our hard drives—plus those of every institution we interact with, and countless ones we don’t (or do without knowing the interaction is there).

Facial recognition by computers is a genie that is not going back in the bottle. And there is no limit to wishes the facial recognition genie can grant the organizations that want to use it, which is why pretty much everything is being done with it. A few examples:

  • Facebook’s Deep Face sells facial recognition for many purposes to corporate customers. Examples from that link: “Face Detection & Landmarks…Facial Analysis & Attributes…Facial Expressions & Emotion… Verification, Similarity & Search.” This is non-trivial stuff. Writes Ben Goertzel, “Facebook has now pretty convincingly solved face recognition, via a simple convolutional neural net, dramatically scaled.”
  • FaceApp can make a face look older, younger, whatever. It can even swap genders.
  • The FBI’s Next Generation Identification (NGI), involves (says Wikipedia) eleven companies and the National Center for State Courts (NCSC).
  • Snap has a patent for reading emotions in faces.
  • The MORIS™ Multi-Biometric Identification System is “a portable handheld device and identification database system that can scan, recognize and identify individuals based on iris, facial and fingerprint recognition,” and is typically used law enforcement organizations.
  • Casinos in Canada are using facial recognition to “help addicts bar themselves from gaming facilities.” It’s opt-in: “The technology relies on a method of “self-exclusion,” whereby compulsive gamblers volunteer in advance to have their photos banked in the system’s database, in case they ever get the urge to try their luck at a casino again. If that person returns in the future and the facial-recognition software detects them, security will be dispatched to ask the gambler to leave.”
  • Cruise ships are boarding passengers faster using facial recognition by computers.
  • Australia proposes scanning faces to see if viewers are old enough to look at porn.

Privacy freaks (me included) would like everyone to be creeped out by this. Yet many—perhaps most—people are cool with it to some degree, and not just because they’re acquiescing to the inevitable.

For example, in Barcelona, CaixaBank is rolling out facial recognition at its ATMs, claiming that 70% of surveyed customers are ready to use it as an alternative to keying in a PIN, and that “66% of respondents highlighted the sense of security that comes with facial recognition.” That the bank’s facial recognition system “has the capability of capturing up to 16,000 definable points when the user’s face is presented at the screen” is presumably of little or no concern. Nor, also presumably, is the risk of  what might get done with facial data if the bank gets hacked, or changes its privacy policy, or if it gets sold and the new owner can’t resist selling or sharing facial data with others who want it, or if government bodies require it.

A predictable pattern for every new technology is that what can be done will be done—until we see how it goes wrong and try to stop doing that. This has been true of every technology from stone tools to nuclear power and beyond. Unlike many other new technologies, however, it is not hard to imagine ways facial recognition by computers can go wrong, especially when it already has.

Two examples:

  1. In June, U.S. Customs and Border Protection, which relies on facial recognition and other biometrics, revealed that photos of people were compromised by a cyberattack on a federal subcontractor.
  2. In August, researchers at vpnMentor reported a massive data leak in BioStar 2, a widely used “Web-based biometric security smart lock platform” that uses facial recognition and fingerprinting technology to identify users, was compromised. Notes the report, “Once stolen, fingerprint and facial recognition information cannot be retrieved. An individual will potentially be affected for the rest of their lives.” vpnMentor also had a hard time getting thrugh to company officials, so they could fix the leak.

As organizations should know (but in many cases have trouble learning), the highest risks of data exposure and damage are to—

  • the largest data sets,
  • the most complex organizations and relationships, and
  • the largest variety of existing and imaginable ways that security can be breached

And let’s not discount the scary potentials at the (not very) far ends of technological progress and bad intent. Killer microdrones targeted at faces, anyone?

So it is not surprising that some large companies doing facial recognition go out of their way to keep personal data out of their systems. For example, by making facial recognition work for the company’s customers, but not for the company itself.

Such is the case with Apple’s late model iPhones, which feature FaceID: a personal facial recognition system that lets a person unlock their phone with a glance. Says Apple, “Face ID data doesn’t leave your device and is never backed up to iCloud or anywhere else.”

But special cases such as that one haven’t stopped push-back against all facial recognition. Some examples—

  • The Public Voice: “We the undersigned call for a moratorium on the use of facial recognition technology that enables mass surveillance.”
  • New York Times: “San Francisco, long at the heart of the technology revolution, took a stand against potential abuse on Tuesday by banning the use of facial recognition software by the police and other agencies. The action, which came in an 8-to-1 vote by the Board of Supervisors, makes San Francisco the first major American city to block a tool that many police forces are turning to in the search for both small-time criminal suspects and perpetrators of mass carnage.”
  • Also in the Times, Evan Sellinger and Woodrow Hartzhog write, “Stopping this technology from being procured — and its attendant databases from being created — is necessary for protecting civil rights and privacy. But limiting government procurement won’t be enough. We must ban facial recognition in both public and private sectors, before we grow so dependent on it that we accept its inevitable harms as necessary for “progress.” Perhaps over time appropriate policies can be enacted that justify lifting a ban. But we doubt it.”
  • Cory Doctorow‘s Why we should ban facial recognition technology everywhere is an “amen” to the Selinger & Hartzhog piece.
  • BanFacialRecognition.com lists 37 participating organizations, including EPIC (Electronic Privacy Information Center), Daily Kos, Fight for the Future, MoveOn.org, National Lawyers Guild, Greenpeace and Tor.
  • MIT Technology Revew says bans are spreading in in the U.S.: San Francisco and Oakland, California, and Somerville, Massachusetts, have outlawed certain uses of facial recognition technology, with Portland, Oregon, potentially soon to follow. That’s just the beginning, according to Mutale Nkonde, a Harvard fellow and AI policy advisor. That trend will soon spread to states, and there will eventually be a federal ban on some uses of the technology, she said at MIT Technology Review’s EmTech conference.”

Irony alert: the black banner atop that last story says, “We use cookies to offer you a better browsing experience, analyze site traffic, personalize content, and serve targeted advertisements.” Notes the TimesCharlie Warzel, “Devoted readers of the Privacy Project will remember mobile advertising IDs as an easy way to de-anonymize extremely personal information, such as location data.” Well, advertising IDs are among the many trackers that both MIT Technology Review and The New York Times inject in readers’ browsers with every visit. (Bonus link.)

My own position on all this is provisional, because I’m still learning and there’s a lot to take in. But here goes:

The only entities that should be able to recognize people’s faces are other people. And maybe their pets. But not machines.

However, given the unlkelihood that the facial recognition genie will ever go back in its bottle, I’ll suggest a few rules for entities using computers to do facial recognition. All these are provisional as well:

  1. People should have their own forms of facial recognition, for example to unlock phones or to sort through old photos. But, the data they gather should not be shared with the company providing the facial recognition software (unless it’s just of their own face, and then only for the safest possible diagnostic or service improvement purposes).
  2. Facial recognition used to detect changing facial characteristics (such as emotions, age or wellness) should be required to forget what they see, right after the job is done, and not use the data gathered for any purpose other than diagnostics or performance improvement.
  3. For persons having their faces recognized, sharing data for diagnostic or performance improvement purposes should be opt-in, with data anonymized and made as auditable as possible.

I suspect that Polanyi would agree with those.

But my heart is with Walt Whitman, whose Song of Myself argued against the dehumanizing nature of mechanization at the dawn of the industrial age. Wrote Walt,

Encompass worlds but never try to encompass me.
I crowd your noisiest talk by looking toward you.

Writing and talk do not prove me.I carry the plenum of proof and everything else in my face.
With the hush of my lips I confound the topmost skeptic…

Do I contradict myself?
Very well then. I contradict myself.
I am large. I contain multitudes.

The spotted hawk swoops by and accuses me.
He complains of my gab and my loitering.

I too am not a bit tamed. I too am untranslatable.
I sound my barbaric yawp over the roofs of the world.

The barbaric yawps by human hawks say five words, very explicitly:

Get out of my face.

And they yawp those words in spite of the sad fact that obeying them may prove impossible.

 

I came up with that law in the last millennium and it applied until Chevy discontinued the Cavalier in 2005. Now it should say, “You’re going to get whatever they’ve got.”

The difference is that every car rental agency in days of yore tended to get their cars from a single car maker, and now they don’t. Back then, if an agency’s relationship was with General Motors, which most of them seemed to be, the lot would have more of GM’s worst car than of any other kind of car. Now the car you rent truly is whatever. In the last year we’ve rented at least one Kia, Hyundai, Chevy, Nissan, Volkswagen, Ford and Toyota, and that’s just off the top of my head. (By far the best was a Chevy Impala. I actually loved it. So, naturally, it’s being discontinued.)

All of that, of course, applies only in the U.S. I know less about car rental verities in Europe, since I haven’t rented a car there since (let’s see…) 2011.

Anyway, when I looked up doc searls chevy cavalier to find whatever I’d written about my felicitous Fourth Law, the results included this, from my blog in 2004…

Five years later, the train pulls into Madison Avenue

ADJUSTING TO THE REALITY OF A CONSUMER-CONTROLLED MARKET, by Scott Donathon in Advertising Age. An excerpt:

Larry Light, global chief marketing officer at McDonald’s, once again publicly declared the death of the broadcast-centric ad model: “Mass marketing today is a mass mistake.” McDonald’s used to spend two-thirds of its ad budget on network prime time; that figure is now down to less than one-third.

General Motors’ Roger Adams, noting the automaker’s experimentation with less-intrusive forms of marketing, said, “The consumer wants to be in control, and we want to put them in control.” Echoed Saatchi & Saatchi chief Kevin Roberts, “The consumer now has absolute power.”

“It is not your goddamn brand,” he told marketers.

This consumer empowerment is at the heart of everything. End users are now in control of how, whether and where they consume information and entertainment. Whatever they don’t want to interact with is gone. That upends the intrusive model the advertising business has been sustained by for decades.

This is still fucked, of course. Advertising is one thing. Customer relationships are another.

“Consumer empowerment” is an oxymoron. Try telling McDonalds you want a hamburger that doesn’t taste like a horse hoof. Or try telling General Motors that nobody other than rental car agencies wants to buy a Chevy Cavalier or a Chevy Classic; or that it’s time, after 60 years of making crap fixtures and upholstery, to put an extra ten bucks (or whatever it costs) into trunk rugs that don’t seem like the company works to make them look and feel like shit. Feel that “absolute power?” Or like you’re yelling at the pyramids?

Real demand-side empowerment will come when it’s possible for any customer to have a meaningful — and truly valued — conversation with people in actual power on the supply side. And those conversations turn into relationships. And those relationships guide the company.

I’ll believe it when I see it.

Meanwhile the decline of old-fashioned brand advertising on network TV (which now amounts to a smaller percentage of all TV in any case) sounds more to me like budget rationalization than meaningful change where it counts.

Thanks to Terry for the pointer.

Three things about that.

First, my original blog (which ran from 1999 to 2007) is still up, thanks to Jake Savin and Dave Winer, at http://weblog.searls.com. (Adjust your pointers. It’ll help Google and Bing forget the old address.)

Second, I’ve been told by rental car people that the big American car makers actually got tired of hurting their brands by making shitty cars and scraping them off on rental agencies. So now the agencies mostly populate their lots surplus cars that don’t make it to dealers for various reasons. They also let their cars pile up 50k miles or more before selling them off. Also, the quality of cars in general is much higher than it used to be, and the experience of operating them is much more uniform—meaning blah in nearly identical ways.

Third, I’ve changed my mind on brand advertising since I wrote that. Two reasons. One is that brand advertising sponsors the media it runs on, which is a valuable thing. The other is that brand advertising really does make a brand familiar, which is transcendently valuable to the brand itself. There is no way personalized and/or behavioral advertising can do the same. Perhaps as much as $2trillion has been spent on tracking-based digital advertising, and not one brand known to the world has been made by it.

And one more thing: since we don’t commute, and we don’t need a car most of the time, we now favor renting cars over owning them. Much simpler and much cheaper. And the cars we rent tend to be nicer than the used cars we’ve owned and mostly driven into the ground. You never know what you’re going to get, but generally they’re not bad, and not our problem if something goes wrong with one, which almost never happens.

 

Let’s start with Facebook’s Surveillance Machine, by Zeynep Tufekci in last Monday’s New York Times. Among other things (all correct), Zeynep explains that “Facebook makes money, in other words, by profiling us and then selling our attention to advertisers, political actors and others. These are Facebook’s true customers, whom it works hard to please.”

Irony Alert: the same is true for the Times, along with every other publication that lives off adtech: tracking-based advertising. These pubs don’t just open the kimonos of their readers. They bring readers’ bare digital necks to vampires ravenous for the blood of personal data, all for the purpose of aiming “interest-based” advertising at those same readers, wherever those readers’ eyeballs may appear—or reappear in the case of “retargeted” advertising.

With no control by readers (beyond tracking protection which relatively few know how to use, and for which there is no one approach, standard, experience or audit trail), and no blood valving by the publishers who bare those readers’ necks, who knows what the hell actually happens to the data?

Answer: nobody knows, because the whole adtech “ecosystem” is a four-dimensional shell game with hundreds of players

or, in the case of “martech,” thousands:

For one among many views of what’s going on, here’s a compressed screen shot of what Privacy Badger showed going on in my browser behind Zeynep’s op-ed in the Times:

[Added later…] @ehsanakhgari tweets pointage to WhoTracksMe’s page on the NYTimes, which shows this:

And here’s more irony: a screen shot of the home page of RedMorph, another privacy protection extension:

That quote is from Free Tools to Keep Those Creepy Online Ads From Watching You, by Brian X. Chen and Natasha Singer, and published on 17 February 2016 in the Times.

The same irony applies to countless other correct and important reportage on the Facebook/Cambridge Analytica mess by other writers and pubs. Take, for example, Cambridge Analytica, Facebook, and the Revelations of Open Secrets, by Sue Halpern in yesterday’s New Yorker. Here’s what RedMorph shows going on behind that piece:

Note that I have the data leak toward Facebook.net blocked by default.

Here’s a view through RedMorph’s controller pop-down:

And here’s what happens when I turn off “Block Trackers and Content”:

By the way, I want to make clear that Zeynep, Brian, Natasha and Sue are all innocents here, thanks both to the “Chinese wall” between the editorial and publishing functions of the Times, and the simple fact that the route any ad takes between advertiser and reader through any number of adtech intermediaries is akin to a ball falling through a pinball machine. Refresh your page while reading any of those pieces and you’ll see a different set of ads, no doubt aimed by automata guessing that you, personally, should be “impressed” by those ads. (They’ll count as “impressions” whether you are or not.)

Now…

What will happen when the Times, the New Yorker and other pubs own up to the simple fact that they are just as guilty as Facebook of leaking data about their readers to other parties, for—in many if not most cases—God knows what purposes besides “interest-based” advertising? And what happens when the EU comes down on them too? It’s game-on after 25 May, when the EU can start fining violators of the General Data Protection Regulation (GDPR). Key fact: the GDPR protects the data blood of what they call “EU data subjects” wherever those subjects’ necks are exposed in borderless digital world.

To explain more about how this works, here is the (lightly edited) text of a tweet thread posted this morning by @JohnnyRyan of PageFair:

Facebook left its API wide open, and had no control over personal data once those data left Facebook.

But there is a wider story coming: (thread…)

Every single big website in the world is leaking data in a similar way, through “RTB bid requests” for online behavioural advertising #adtech.

Every time an ad loads on a website, the site sends the visitor’s IP address (indicating physical location), the URL they are looking at, and details about their device, to hundreds -often thousands- of companies. Here is a graphic that shows the process.

The website does this to let these companies “bid” to show their ad to this visitor. Here is a video of how the system works. In Europe this accounts for about a quarter of publishers’ gross revenue.

Once these personal data leave the publisher, via “bid request”, the publisher has no control over what happens next. I repeat that: personal data are routinely sent, every time a page loads, to hundreds/thousands of companies, with no control over what happens to them.

This means that every person, and what they look at online, is routinely profiled by companies that receive these data from the websites they visit. Where possible, these data and combined with offline data. These profiles are built up in “DMPs”.

Many of these DMPs (data management platforms) are owned by data brokers. (Side note: The FTC’s 2014 report on data brokers is shocking. See https://www.ftc.gov/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014. There is no functional difference between an #adtech DMP and Cambridge Analytica.

—Terrell McSweeny, Julie Brill and EDPS

None of this will be legal under the #GDPR. (See one reason why at https://t.co/HXOQ5gb4dL). Publishers and brands need to take care to stop using personal data in the RTB system. Data connections to sites (and apps) have to be carefully controlled by publishers.

So far, #adtech’s trade body has been content to cover over this wholesale personal data leakage with meaningless gestures that purport to address the #GDPR (see my note on @IABEurope current actions here: https://t.co/FDKBjVxqBs). It is time for a more practical position.

And advertisers, who pay for all of this, must start to demand that safe, non-personal data take over in online RTB targeting. RTB works without personal data. Brands need to demand this to protect themselves – and all Internet users too. @dwheld @stephan_lo @BobLiodice

Websites need to control
1. which data they release in to the RTB system
2. whether ads render directly in visitors’ browsers (where DSPs JavaScript can drop trackers)
3. what 3rd parties get to be on their page
@jason_kint @epc_angela @vincentpeyregne @earljwilkinson 11/12

Lets work together to fix this. 12/12

Those last three recommendations are all good, but they also assume that websites, advertisers and their third party agents are the ones with the power to do something. Not readers.

But there’s lots readers will be able to do. More about that shortly. Meanwhile, publishers can get right with readers by dropping #adtech and going back to publishing the kind of high-value brand advertising they’ve run since forever in the physical world.

That advertising, as Bob Hoffman (@adcontrarian) and Don Marti (@dmarti) have been making clear for years, is actually worth a helluva lot more than adtech, because it delivers clear creative and economic signals and comes with no cognitive overhead (for example, wondering where the hell an ad comes from and what it’s doing right now).

As I explain here, “Real advertising wants to be in a publication because it values the publication’s journalism and readership” while “adtech wants to push ads at readers anywhere it can find them.”

Doing real advertising is the easiest fix in the world, but so far it’s nearly unthinkable for a tech industry that has been defaulted for more than twenty years to an asymmetric power relationship between readers and publishers called client-server. I’ve been told that client-server was chosen as the name for this relationship because “slave-master” didn’t sound so good; but I think the best way to visualize it is calf-cow:

As I put it at that link (way back in 2012), Client-server, by design, subordinates visitors to websites. It does this by putting nearly all responsibility on the server side, so visitors are just users or consumers, rather than participants with equal power and shared responsibility in a truly two-way relationship between equals.

It doesn’t have to be that way. Beneath the Web, the Net’s TCP/IP protocol—the gravity that holds us all together in cyberspace—remains no less peer-to-peer and end-to-end than it was in the first place. Meaning there is nothing about the Net that prevents each of us from having plenty of power on our own.

On the Net, we don’t need to be slaves, cattle or throbbing veins. We can be fully human. In legal terms, we can operate as first parties rather than second ones. In other words, the sites of the world can click “agree” to our terms, rather than the other way around.

Customer Commons is working on exactly those terms. The first publication to agree to readers terms is Linux Journal, where I am now editor-in-chief. The first of those terms is #P2B1(beta), says “Just show me ads not based on tracking me,” and is hashtagged #NoStalking.

In Help Us Cure Online Publishing of Its Addiction to Personal Data, I explain how this models the way advertising ought to be done: by the grace of readers, with no spying.

Obeying readers’ terms also carries no risk of violating privacy laws, because every pub will have contracts with its readers to do the right thing. This is totally do-able. Read that last link to see how.

As I say there, we need help. Linux Journal still has a small staff, and Customer Commons (a California-based 501(c)(3) nonprofit) so far consists of five board members. What it aims to be is a worldwide organization of customers, as well as the place where terms we proffer can live, much as Creative Commons is where personal copyright licenses live. (Customer Commons is modeled on Creative Commons. Hats off to the Berkman Klein Center for helping bring both into the world.)

I’m also hoping other publishers, once they realize that they are no less a part of the surveillance economy than Facebook and Cambridge Analytica, will help out too.

[Later…] Not long after this post went up I talked about these topics on the Gillmor Gang. Here’s the video, plus related links.

I think the best push-back I got there came from Esteban Kolsky, (@ekolsky) who (as I recall anyway) saw less than full moral equivalence between what Facebook and Cambridge Analytica did to screw with democracy and what the New York Times and other ad-supported pubs do by baring the necks of their readers to dozens of data vampires.

He’s right that they’re not equivalent, any more than apples and oranges are equivalent. The sins are different; but they are still sins, just as apples and oranges are still both fruit. Exposing readers to data vampires is simply wrong on its face, and we need to fix it. That it’s normative in the extreme is no excuse. Nor is the fact that it makes money. There are morally uncompromised ways to make money with advertising, and those are still available.

Another push-back is the claim by many adtech third parties that the personal data blood they suck is anonymized. While that may be so, correlation is still possible. See Study: Your anonymous web browsing isn’t as anonymous as you think, by Barry Levine (@xBarryLevine) in Martech Today, which cites De-anonymizing Web Browsing Data with Social Networks, a study by Jessica Su (@jessicatsu), Ansh Shukla (@__anshukla__) and Sharad Goel (@5harad)
of Stanford and Arvind Narayanan (@random_walker) of Princeton.

(Note: Facebook and Google follow logged-in users by name. They also account for most of the adtech business.)

One commenter below noted that this blog as well carries six trackers (most of which I block).. Here is how those look on Ghostery:

So let’s fix this thing.

[Later still…] Lots of comments in Hacker News as well.

[Later again (8 April 2018)…] About the comments below (60+ so far): the version of commenting used by this blog doesn’t support threading. If it did, my responses to comments would appear below each one. Alas, some not only appear out of sequence, but others don’t appear at all. I don’t know why, but I’m trying to find out. Meanwhile, apologies.

Power of the People is a great grabber of a headline, at least for me. But it’s a pitch for a report that requires filling out the form here on the right:

You see a lot of these: invitations to put one’s digital ass on mailing list, just to get a report that should have been public in the first place, but isn’t so personal data can be harvested and sold or given away to God knows who.

And you do more than just “agree to join” a mailing list. You are now what marketers call a “qualified lead” for countless other parties you’re sure to be hearing from.

And how can you be sure? Read the privacy policy,. This one (for Viantinc.com) begins,

If you choose to submit content to any public area of our websites or services, your content will be considered “public” and will be accessible by anyone, including us, and will not be subject to the privacy protections set forth in this Privacy Policy unless otherwise required by law. We encourage you to exercise caution when making decisions about what information you disclose in such public areas.

Is the form above one of those “public areas”? Of course. What wouldn’t be? And are they are not discouraging caution by requiring you to fill out all the personal data fields marked with a *? You betcha. See here:

III. How we use and share your information

A. To deliver services

In order to facilitate our delivery of advertising, analytics and other services, we may use and/or share the information we collect, including interest-based segments and user interest profiles containing demographic information, location information, gender, age, interest information and information about your computer, device, or group of devices, including your IP address, with our affiliates and third parties, such as our service providers, data processors, business partners and other third parties.

B. With third party clients and partners

Our online advertising services are used by advertisers, websites, applications and other companies providing online or internet connected advertising services. We may share information, including the information described in section III.A. above, with our clients and partners to enable them to deliver or facilitate the delivery of online advertising. We strive to ensure that these parties act in accordance with applicable law and industry standards, but we do not have control over these third parties. When you opt-out of our services, we stop sharing your interest-based data with these third parties. Click here for more information on opting out.

No need to bother opting out, by the way, because there’s this loophole too:

D. To complete a merger or sale of assets

If we sell all or part of our business or make a sale or transfer of our assets or are otherwise involved in a merger or transfer of all or a material part of our business, or participate in any other similar business combination (including, without limitation, in connection with any bankruptcy or similar proceeding), we may transfer all or part of our data to the party or parties involved in the transaction as part of that transaction. You acknowledge that such transfers may occur, and that we and any purchaser of our business or assets may continue to collect, use and disclose your information in compliance with this Privacy Policy.

Okay, let’s be fair: this is boilerplate. Every marketing company—hell, every company period—puts jive like this in their privacy policies.

And Viant isn’t one of marketing’s bad guys. Or at least that’s not how they see themselves. They do mean well, kinda, if you forget they see no alternative to tracking people.

If you want to see what’s in that report without leaking your ID info to the world, the short cut is New survey by people-based marketer Viant promotes marketing to identified users in @Martech_Today.

What you’ll see there is a company trying to be good to users in a world where those users have no more power than marketers give them. And giving marketers that ability is what Viant does.

Curious… will Viant’s business persist after the GDPR trains heavy ordnance on it?

See, the GDPR  forbids gathering personal data about an EU citizen without that person’s clear permission—no matter where that citizen goes in the digital world, meaning to any site or service anywhere. It arrives in full force, with fines of up to 4% of global revenues in the prior fiscal year, on 25 May of this year: about three months from now.

In case you’ve missed it, I’m not idle here.

To help give individuals fresh GDPR-fortified leverage, and to save the asses of companies like Viant (which probably has lawyers working overtime on GDPR compliance), I’m working with Customer Commons (on the board of which I serve) on terms individuals can proffer and companies can agree to, giving them a form of protection, and agreeable companies a path toward GDPR compliance. And companies should like to agree, because those terms will align everyone’s interests from the start.

I’m also working with Linux Journal (where I’ve recently been elevated to editor-in-chief) to make it one of the first publishers to agree to friendly terms its readers proffer. That’s why I posted Every User a Neo there. Other metaphors: turning everyone on the Net into an Archimedes, with levers to move the world, and turning the whole marketplace in to a Marvel-like universe where all of us are enhanced.

If you want to help with any of that, talk to me.

 

The original version of this ran as a comment under Francine Hardaway‘s Medium post titled Have we progressed at all in the last fifty years?

My short answer is “Yes, but not much, and not evenly.” This is my longer answer.


In your case and mine, it has taken the better part of a century to see how some revolutions take generations to play out. Not only won’t we live to see essential revolutions complete; our children and grandchildren may not either.

Take a topic not on your list: racial equality—or moving past race altogether as a Big Issue. To begin to achieve racial equality in the U.S., we fought the Civil War. The result was various degrees of liberation for the people who had been slaves or already freed in Union states; but apartheid of both the de jure and de facto kind persisted. Jim Crow laws and practices emerged, and in still live on in culture if not in law.

The civil rights movement in the Fifties and Sixties caused positive social, political and other changes. The Civil Rights Act of 1964 especially helped. But the murders of Martin Luther King Jr. and Robert F. Kennedy in 1968 put civil rights almost back where it was before its revolution started. I participated in civil rights activism in Greensboro, North Carolina at the time of both assassinations, and I can’t overstate how deep and defeating our despair felt after both events. And that feeling proved correct.

Small incremental improvements followed over the decades since, but no leaps forward like we had before those murders. (Even the election of Barack Obama failed to change a terribly durable status quo. Backlash against that election is at least partly responsible for Trump and the Republican Congress.)

We are still stuck with inequality for races, religions and so much else. Will we ever get over that? I think we will, inevitably; but only if our species survives.

One collateral victim of those assassinations in the Sixties was the near-end of non-violence as a strategy toward change. Martin Luther King Jr. used it very effectively, and kept the flame alive and well-proven until violence took him out. Martyred though he was, it was not to the cause of nonviolence or pacifism, both of which have been back-burnered for fifty years. We (in the largest sense that includes future generations) may never find out if non-violence can ever succeed—because violence is apparently too deeply ingrained as a human trait.

Back to tech.

I too was, and remain, a cyber-utopian. Or at least a cyber-optimist. But that’s because I see cyber—the digitization and networking of the world—as a fait accompli that offers at least as many opportunities for progress as it does for problems. As Clay Shirky says, a sure sign of a good technology is that one can easily imagine bad uses of it.

What I’m not writing at the moment are my thoughts about why some of those advantaged by power, even in small ways, abuse it so easily. I’m not writing it because I know whatever I say will be praised by some, rebuked by others, and either way will be reduced to simplicities that dismiss whatever subtle and complex points I am trying to make, or questions I am trying to ask. (Because my mind is neither sufficiently informed nor made up.) I also know that, within minutes for most of my piece’s readers, the points it makes will be gone like snow on the water, for such is the nature of writing on the vast sea of almost-nothing that “social” media comprises. And, as of today, all other media repose in the social ones.

Some perspective:

Compared to that, and its effects on the planet, all other concerns shrink to insignificance.

But, as The Onion said a few weeks after 9/11, A Shattered Nation Longs to Care About Stupid Bullshit Again.

Stupid bullshit is what the meteor of humanity hitting the planet cares most about. Always has. Wars have been fought over far less.

The only fully consequential question is how we end the Anthropocene. Or how it ends without us.

Tags:

Who Owns the Internet? — What Big Tech’s Monopoly Powers Mean for our Culture is Elizabeth Kolbert‘s review in The New Yorker of several books, one of which I’ve read: Jonathan Taplin’s Move Fast and Break Things—How Facebook, Google, and Amazon Cornered Culture and Undermined Democracy.

The main takeaway for me, to both Elizabeth’s piece and Jon’s book, is making clear that Google and Facebook are at the heart of today’s personal data extraction industry, and that this industry defines (as well as supports) much of our lives online.

Our data, and data about us, is the crude that Facebook and Google extract, refine and sell to advertisers. This by itself would not be a Bad Thing if it were done with our clearly expressed (rather than merely implied) permission, and if we had our own valves to control personal data flows with scale across all the companies we deal with, rather than countless different valves, many worthless, buried in the settings pages of the Web’s personal data extraction systems, as well as in all the extractive mobile apps of the world.

It’s natural to look for policy solutions to the problems Jon and others visit in the books Elizabeth reviews. And there are some good regulations around already. Most notably, the GDPR in Europe has energized countless developers (some listed here) to start providing tools individuals (no longer just “consumers” or “users”) can employ to control personal data flows into the world, and how that data might be used. Even if surveillance marketers find ways around the GDPR (which some will), advertisers themselves are starting to realize that tracking people like animals only fails outright, but that the human beings who constitute the actual marketplace have mounted the biggest boycott in world history against it.

But I also worry because I consider both Facebook and Google epiphenomenal. Large and all-powerful though they may be today, they are (like all tech companies, especially ones whose B2B customers and B2C consumers are different populations—commercial broadcasters, for example) shallow and temporary effects rather than deep and enduring causes.

I say this as an inveterate participant in Silicon Valley who can name many long-gone companies that once occupied Google’s and Facebook’s locations there—and I am sure many more will occupy the same spaces in a fullness of time that will surely include at least one Next Big Thing that obsolesces advertising as we know it today online. Such as, for example, discovering that we don’t need advertising at all.

Even the biggest personal data extraction companies are also not utilities on the scale or even the importance of power and water distribution (which we need to live), or the extraction industries behind either. Nor have these companies yet benefitted from the corrective influence of fully empowered individuals and societies: voices that can be heard directly, consciously and personally, rather than mere data flows observed by machines.

That direct influence will be far more helpful than anything they’re learning now just by following our shadows and sniffing our exhaust, mostly against our wishes. (To grok how little we like being spied on, read The Tradeoff Fallacy: How Marketers are Misrepresenting American Consumers and Opening Them Up to Exploiitation, a report by Joseph Turow, Michael Hennessy and Nora Draper of the Annenberg School for Communication at the University of Pennsylvania.)

Our influence will be most corrective when all personal data extraction companies become what lawyers call second parties. That’s when they agree to our terms as first partiesThese terms are in development today at Customer Commons, Kantara and elsewhere. They will prevail once they get deployed in our browsers and apps, and companies start agreeing (which they will in many cases because doing so gives them instant GDPR compliance, which is required by next May, with severe fines for noncompliance).

Meanwhile new government policies that see us only as passive victims will risk protecting yesterday from last Thursday with regulations that last decades or longer. So let’s hold off on that until we have terms of our own, start performing as first parties (on an Internet designed to support exactly that), and the GDPR takes full effect. (Not that more consumer-protecting federal regulation is going to happen in the U.S. anyway under the current administration: all the flow is in the other direction.)

By the way, I believe nobody “owns” the Internet, any more than anybody owns gravity or sunlight. For more on why, see Cluetrain’s New Clues, which David Weinberger and I put up 1.5 years ago.

Nobody is going to own podcasting.990_large By that I mean nobody is going to trap it in a silo. Apple tried, first with its podcasting feature in iTunes, and again with its Podcasts app. Others have tried as well. None of them have succeeded, or will ever succeed, for the same reason nobody has ever owned the human voice, or ever will. (Other, of course, than their own.)

Because podcasting is about the human voice. It’s humans talking to humans: voices to ears and voices to voices—because listeners can talk too. They can speak back. And forward. Lots of ways.

Podcasting is one way for markets to have conversations; but the podcast market itself can’t be bought or controlled, because it’s not a market. Or an “industry.” Instead, like the Web, email and other graces of open protocols on the open Internet, podcasting is all-the-way deep.

Deep like, say, language. And, like language, it’s NEA: Nobody owns it, Everybody can use it and Anybody can improve it. That means anybody and everybody can do wherever they want with it. It’s theirs—and nobody’s—for the taking.

This is one of the many conclusions (some of them provisional) I reached after two days at The Unplugged Soul: Conference on the Podcast at Columbia’s Tow Center for Digital Journalism, which I live-tweeted through Little Pork Chop and live-blogged through doc.blog at 1999.io.

Both of those are tools created by Dave Winer, alpha dad of blogging, podcasting and syndicating. Dave was half the guests on Friday evening’s opening panel. The other half was Christopher Lydon, whose own podcast, Radio Open Source, was born out of his creative partnership with Dave in the early chapters of podcasting’s Genesis, in 2003, when both were at Harvard’s Berkman (now Berkman Klein) Center.

One way you can tell nobody owns podcasting is that 1.5 decades have passed since 2003 and there are still no dominant or silo’d tools either for listening to podcasts or for making them.

On the listening side, there is no equivalent of, say, the browser. There are many very different ways to get podcasts, and all of them are wildly different as well. Remarkably (or perhaps not), the BigCo leaders aren’t leading. Instead they’re looking brain-dead.

The biggest example is Apple, which demonstrates its tin head through its confusing (and sales-pressure-intensive) iTunes app on computers and its Podcasts app, defaulted on the world’s billion iPhones. That app’s latest version is sadly and stupidly rigged to favor streaming from the cloud over playing already-downloaded podcasts, meaning you can no longer listen easily when you’re offline, such as when you’re on a plane. By making that change, Apple treated a feature of podcasting as a bug. Also dumb: a new UI element—a little set of vertical bars indicating audio activity—that seems to mean both live playing and downloading. Or perhaps neither. I almost don’t want to know at this point, since I have come to hate the app so much.

Other tools by smaller developers (e.g. Overcast) do retain the already-downloaded feature, but work in different ways from other tools. Which is cool to me, because that way no one player dominates.

On the production side there are also dozens of tools and services. As a wannabe podcaster (whose existing output is limited so far to three podcasts in twelve years), I have found none that make producing a podcast as easy as it is to write a blog or an email. (When that happens, watch out.)

So here’s a brief compilation of my gatherings, so far, in no order of importance, from the conference.

  • Podcasting needs an unconference like IIW (the next of which happens the first week of May in Silicon Valley): one devoted to conversation and forward movement of the whole field, and not to showcasing panels, keynotes or sponsoring vendors. One advantage of unconferences is that they’re all about what are side conversations at standard keynote-and-panel conferences. An example from my notes: Good side conversations. One is with Sovana Bailey McLain (@solartsnyc), whose podcast is also a radio show, State of the Arts. And she has a blog too. The station she’s on is WBAI, which has gone through (says Wikipedia) turmoil and change for many decades. An unconference will also foster something many people at the conference said they wanted: more ways to collaborate.
  • Now is a good time to start selling off over-the-air radio signals. Again from my notes… So I have an idea. It’s one WBAI won’t like, but it’s a good one: Sell the broadcast license, keep everything else. WBAI’s signal on 99.5fm is a commercial one, because it’s on the commercial part of the FM band. This NY Times report says an equivalent station (WQXR when it was on 96.3fm) was worth $45 million in 2009. I’m guessing that WBAI’s licence would bring about half that because listening is moving to Net-connected rectangles, and the competition is every other ‘cast in the world. Even the “station” convention is antique. On the Net there are streams and files:stuff that’s live and stuff that’s not. From everywhere. WBAI (or its parent, the Pacifica Foundation), should sell the license while the market is still there, and use the money to fund development and production of independent streams and podcasts, in many new ways.  Keep calling the convening tent WBAI, but operate outside the constraints of limited signal range and FCC rules.
  • Compared to #podcasting, the conventions of radio are extremely limiting. You don’t need a license to podcast. You aren’t left out of the finite number of radio channels and confined geographies. You aren’t constrained by FCC anti-“profanity” rules limiting freedom of speech—or any FCC rules at all. In other words, you can say what the fuck you please, however you want to say it. You’re free of the tyranny of the clock, of signposting, of the need for breaks, and other broadcast conventions. All that said, podcasting can, and does, improve radio as well. This was a great point made on stage by the @kitchensisters.
  • Podcasting conventionally copyrighted music is still impossible. On the plus side, there is no license-issuing or controlling entity to do a deal with the recording industry to allow music on podcasts, because there is nothing close to a podcasting monopoly. (Apple could probably make such a deal if it wanted to, but it hasn’t, and probably won’t.) On the minus side, you need to “clear rights” for every piece of music you play that isn’t “podsafe.” That includes nearly all the music you already know. But then, back on the plus side, this means podcasting is nearly all spoken word. In the past I thought this was a curse. Now I think it’s a grace.
  • Today’s podcasting conventions are provisional and temporary. A number of times during the conference I observed that the sound coming from the stage was one normalized by This American Life and its descendants. In consonance with that, somebody put up a slide of a tweet by @emilybell:podcast genres : 1. Men going on about things. 2. Whispery crime 3.Millennials talking over each other 4. Should be 20 minutes shorter. We can, and will, do better. And other.
  • Maybe podcasting is the best way we have to start working out our problems with race, gender, politics and bad habits of culture that make us unhappy and thwart progress of all kinds. I say that because 1) the best podcasting I know deals with these things directly and far more constructively than anything I have witnessed in other media, and 2) no bigfoot controls it.
  • Archiving is an issue. I don’t know what a “popup archive” is, but it got mentioned more than once.
  • Podcasting has no business model. It’s like the Internet, email and the Web that way. You make money because of it, not with it. If you want to. Since it can be so cheap to do (in terms of both time and money), you don’t have to make money at it if you don’t want to.

I’ll think of more as I go over more of my notes. Meanwhile, please also dig Dave’s take-aways from the same conference.

Ingeyes Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking, @JuliaAngwin and @ProPublica unpack what the subhead says well already: “Google is the latest tech company to drop the longstanding wall between anonymous online ad tracking and user’s names.”

So here’s a message from humanity to Google and all the other spy organizations in the surveillance economy: Tracking is no less an invasion of privacy in apps and browsers than it is in homes, cars, purses, pants and wallets.

That’s because our apps and browsers, like the devices on which we use them, are personal and private. Simple as that. (HT to @Apple for digging that fact.)

To help the online advertising business understand what ought to be obvious (but isn’t yet), let’s clear up some misconceptions:

  1. Tracking people without their clear and conscious permission is wrong. (Meaning The Castle Doctrine should apply online no less than it does in the physical world.)
  2. Assuming that using a browser or an app constitutes some kind of “deal” to allow tracking is wrong. (Meaning implied consent is not the real thing. See The Tradeoff Fallacy: How Marketers Are Misrepresenting American Consumers and Opening Them Up to Exploitation, by Joseph Turow, Ph.D. and the Annenberg School for Communication at the University of Pennsylvania.)
  3. Claiming that advertising funds the “free” Internet is wrong. (The Net has been free for the duration. Had it been left up to the billing companies of the world, we never would have had it, and they never would have made their $trillions on it. More at New Clues.)

What’s right is civilization, which relies on manners. Advertisers, their agencies and publishers haven’t learned manners yet.

But they will.

At the very least, regulations will force companies harvesting personal data to obey those they harvest it from, with fines for not obeying. Toward that end, Europe’s General Data Protection Regulation already has compliance offices at large corporations shaking in their boots, for good reason: “a fine up to 20,000,000 EUR, or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher (Article 83, Paragraph 5 & 6).” Those come into force in 2018. Stay tuned.

Companies harvesting personal data also shouldn’t be surprised to find themselves re-classified as fiduciaries, no less responsible than accountants, brokers and doctors for confidentiality on behalf of the people they collect data from. (Thank you, professors Balkin and Zittrain, for that legal and rhetorical hack. Brilliant, and well done. Or begun.)

The only way to fully fix publishing, advertising and surveillance-corrupted business in general is to equip individuals with terms they can assert in dealing with others online — and to do it at scale. Meaning we need terms that work the same way across all the companies we deal with. That’s why Customer Commons and Kantara are working on exactly those terms. For starters. And these will be our terms — not separate and different ones that live at each company we deal with. Those aren’t working now, and never will work, because they can’t. And they can’t because when you have to deal with as many different terms as there are parties supplying them, the problem becomes unmanageable, and you get screwed. That’s why —

There’s a new sheriff on the Net, and it’s the individual. Who isn’t a “user,” by the way. Or a “consumer.” With new terms of our own, we’re the first party. The companies we deal with are second parties. Meaning that they are the users, and the consumers, of our legal “content.” And they’ll like it too, because we actually want to do good business with good companies, and are glad to make deals that work for both parties. Those include expressions of true loyalty, rather than the coerced kind we get from every “loyalty” card we carry in our purses and wallets.

When we are the first parties, we also get scale. Imagine changing your terms, your contact info, or your last name, for every company you deal with — and doing that in one move. That can only happen when you are the first party.

So here’s a call to action.

If you want to help blow up the surveillance economy by helping develop much better ways for demand and supply to deal with each other, show up next week at the Computer History Museum for VRM Day and the Internet Identity Workshop, where there are plenty of people already on the case.

Then follow the work that comes out of both — as if your life depends on it. Because it does.

And so does the economy that will grow atop true privacy online and the freedoms it supports. Both are a helluva lot more leveraged than the ill-gotten data gains harvested by the Lumascape doing unwelcome surveillance.

Bonus links:

  1. All the great research Julia Angwin & Pro Publica have been doing on a problem that data harvesting companies have been causing and can’t fix alone, even with government help. That’s why we’re doing the work I just described.
  2. What Facebook Knows About You Can Matter Offline, an OnPoint podcast featuring Julia, Cathy O’Neill and Ashkan Soltani.
  3. Everything by Shoshana Zuboff. From her home page: “’I’ve dedicated this part of my life to understanding and conceptualizing the transition to an information civilization. Will we be the masters of information, or will we be its slaves? There’s a lot of work to be done, if we are to build bridges to the kind of future that we can call “home.” My new book on this subject, Master or Slave? The Fight for the Soul of Our Information Civilization, will be published by Public Affairs in the U.S. and Eichborn in Germany in 2017.” Can’t wait.
  4. Don Marti’s good thinking and work with Aloodo and other fine hacks.

We all know what this symbol means:

usedhead

Two people are not allowed to share an iPad.

Just kidding. It means the lavatory in the airplane is occupied. Also that it can be used by persons of either gender.

Which gender you are is of no concern to the airline. Or to the lavatory. Because it doesn’t matter.

The fact that lavatories outside airplanes generally sort visitors by gender is also not a big deal. They’ve done that for a long time. To my knowledge this is a matter of custom more than of law.

But for some damn fool reason, “conservative” legislators (you know, the kind that supposedly don’t like new laws and bigger government) in North Carolina, which was my home state for two decades, decided to pass the Public Facilities Privacy & Security Act, which was meant to overturn a piece of local legislation in Charlotte prohibiting operators of public facilities from discriminating on the basis of gender identity or sexual orientation.

Much freaking out has ensued since then. All of it could have been avoided if conservative sympathies actually applied. Meaning, leave well enough alone.

Or just don’t be stupid and pigheaded, which North Carolina’s legislature and governor are clearly being right now.

 

 

It didn't happen in 2010, but it will in 2016.

It didn’t happen in 2010, but it will in 2016.

This Post ran on my blog almost six years ago. I was wrong about the timing, but not about the turning: because it’s about to happen this month at the Computer History Museum in Silicon Valley. More about that below the post.
_________________

The tide turned today. Mark it: 31 July 2010.

That’s when The Wall Street Journal published The Web’s Gold Mine: Your Secrets, subtitled A Journal investigation finds that one of the fastest-growing businesses on the Internet is the business of spying on consumers. First in a series. It has ten links to other sections of today’s report.

It’s pretty freaking amazing — and amazingly freaky, when you dig down to the business assumptions behind it. Here’s the gist:

The Journal conducted a comprehensive study that assesses and analyzes the broad array of cookies and other surveillance technology that companies are deploying on Internet users. It reveals that the tracking of consumers has grown both far more pervasive and far more intrusive than is realized by all but a handful of people in the vanguard of the industry.

It gets worse:

In between the Internet user and the advertiser, the Journal identified more than 100 middlemen — tracking companies, data brokers and advertising networks — competing to meet the growing demand for data on individual behavior and interests.The data on Ms. Hayes-Beaty’s film-watching habits, for instance, is being offered to advertisers on BlueKai Inc., one of the new data exchanges. “It is a sea change in the way the industry works,” says Omar Tawakol, CEO of BlueKai. “Advertisers want to buy access to people, not Web pages.” The Journal examined the 50 most popular U.S. websites, which account for about 40% of the Web pages viewed by Americans. (The Journal also tested its own site, WSJ.com.) It then analyzed the tracking files and programs these sites downloaded onto a test computer. As a group, the top 50 sites placed 3,180 tracking files in total on the Journal’s test computer. Nearly a third of these were innocuous, deployed to remember the password to a favorite site or tally most-popular articles. But over two-thirds — 2,224 — were installed by 131 companies, many of which are in the business of tracking Web users to create rich databases of consumer profiles that can be sold.

Here’s what’s delusional about all this: There is no demand for tracking by individual customers. All the demand comes from advertisers — or from companies selling to advertisers. For now.

Here is the difference between an advertiser and an ordinary company just trying to sell stuff to customers: nothing. If a better way to sell stuff comes along — especially if customers like it better than this crap the Journal is reporting on — advertising is in trouble.

Here is the difference between an active customer who wants to buy stuff and a consumer targeted by secretive tracking bullshit: everything.

Two things are going to happen here. One is that we’ll stop putting up with it. The other is that we’ll find better ways for demand and supply to meet — ways that don’t involve tracking or the guesswork called advertising.

Improving a pain in the ass doesn’t make it a kiss. The frontier here is on the demand side, not the supply side.

Advertising may pay for lots of great stuff (such as search) that we take for granted, but advertising even at its best is guesswork. It flourishes in the absence of more efficient and direct demand-supply interactions.

The idea of making advertising perfectly personal has been a holy grail of the business since Day Alpha. Now that Day Omega is approaching, thanks to creepy shit like this, the advertsing business is going to crash up against a harsh fact: “consumers” are real people, and most real people are creeped out by this stuff.

Rough impersonal guesswork is tolerable. Totally personalized guesswork is not.

Trust me, if I had exposed every possible action in my life this past week, including every word I wrote, every click I made, everything I ate and smelled and heard and looked at, the guesswork engine has not been built that can tell any seller the next thing I’ll actually want. (Even Amazon, widely regarded as the best at this stuff, sucks to some degree.)

Meanwhile I have money ready to spend on about eight things, right now, that I’d be glad to let the right sellers know, provided that information is confined to my relationship with those sellers, and that it doesn’t feed into anybody’s guesswork mill. I’m ready to share that information on exactly those conditions.

Tools to do that will be far more leveraged in the ready-to-spend economy than any guesswork system. (And we’re working on those tools.) Chris Locke put it best in Cluetrain eleven years ago. He said, if you only have time for one clue this year, this is the one to get…

Thanks to the Wall Street Journal, that dealing may finally come in 2010.

[Later…] Jeff Jarvis thinks the Journal is being silly. I love Jeff, and I agree that the Journal may be blurring some concerns, off-base on some of the tech and even a bit breathless; but I also think they’re on to something, and I’m glad they’re on it.

Most people don’t know how much they’re being followed, and I think what the Journal’s doing here really does mark a turning point.

I also think, as I said, that the deeper story is the market for advertising, which is actually threatened by absolute personalization. (The future market for real engagement, however, is enormous. But that’s a different business than advertising — and it’s no less thick with data… just data that’s voluntarily shared with trusted limits to use by others.)

[Later still…] TechCrunch had some fun throwing Eric Clemons and Danny Sullivan together. Steel Cage Debate On The Future Of Online Advertising: Danny Sullivan Vs. Eric Clemons, says the headline. Eric’s original is Why Advertising is Failing on the Internet. Danny’s reply is at that first link. As you might guess, I lean toward Eric on this one. But this post is a kind of corollary to Eric’s case, which is compressed here (at the first link again):

I stand by my earlier points:

  • Users don’t trust ads
  • Users don’t want to view ads
  • Users don’t need ads
  • Ads cannot be the sole source of funding for the internet
  • Ad revenue will diminish because of brutal competition brought on by an oversupply of inventory, and it will be replaced in many instances by micropayments and subscription payments for content.
  • There are numerous other business models that will work on the net, that will be tried, and that will succeed.

The last point, actually, seemed to be the most important. It was really the intent of the article, and the original title was “Business Models for Monetizing the Internet: Surely There Must Be Something Other Than Advertising.” This point got lost in the fury over the title of the article and in rage over the idea that online advertising might lose its importance.

My case is that advertisers themselves will tire of the guesswork business when something better comes along. Whether or not that “something better” funds Web sites and services is beside the points I am making, though it could hardly be a more important topic.

For what it’s worth, I believe that the Googles of the world are well positioned to take advantage of a new economy in which demand drives supply at least as well as supply drives demand. So, in fact, are some of those back-end data companies. (Disclosure: I currently consult one of them.)

Look at it this way…

  • What if all that collected data were yours and not just theirs?
  • What if you could improve that data voluntarily?
  • What if there were standard ways you could get that data back, and use it in your own ways?
  • What if those same companies were in the business of helping you buy stuff, and not just helping sellers target you?

Those questions are all on the table now.

___________________

9 April 2016 — The What They Know series ran in The Wall Street Journal until 2012. Since then the tracking economy has grown into a monster that Shoshana Zuboff calls The Big Other, and Surveillance Capitalism.

The tide against surveillance began to turn with the adoption of ad blockers and tracking blockers. But, while those provide a measure of relief, they don’t fix the problem. For that we need tools that engage the publishers and advertisers of the world, in ways that work for them as well.

They might think it’s working for them today; but it’s clearly not, and this has been apparent for a long time.

In Identity and the Independent Web, published in October 2010, John Battelle said “the fact is, the choices provided to us as we navigate are increasingly driven by algorithms modeled on the service’s understanding of our identity. We know this, and we’re cool with the deal.”

In The Data Bubble II (also in October 2010) I replied,

In fact we don’t know, we’re not cool with it, and it isn’t a deal.

If we knew, The Wall Street Journal wouldn’t have a reason to clue us in at such length.

We’re cool with it only to the degree that we are uncomplaining about it — so far.

And it isn’t a “deal” because nothing was ever negotiated.

To have a deal, both parties need to come to the table with terms the other can understand and accept. For example, we could come with a term that says, Just show me ads that aren’t based on tracking me. (In other words, Just show me the kind of advertising we’ve always had in the offline world — and in the online one before the surveillance-based “interactive” kind gave brain cancer to Madison Avenue.)

And that’s how we turn the tide. This month. We’ll prepare the work on VRM Day (25 April), and then hammer it into code at IIW (26–28 April). By the end of that week we’ll post the term and the code at Customer Commons (which was designed for that purpose, on the Creative Commons model).

Having this term (which needs a name — help us think of one) is a good deal for advertisers because non-tracking based ads are not only perfectly understood and good at doing what they’ve always done, but because they are actually worth more (thank you, Don Marti) than the tracking-based kind.

It’s a good deal for high-reputation publishers, because it gets them out of a shitty business that tracks their readers to low reputation sites where placing ads is cheaper. And it lets them keep publishing ads that readers can appreciate because the ads clearly support the publication. (Bet they can charge more for the ads too, simply because they are worth more.)

It’s even good for the “interactive” advertising business because it allows the next round of terms to support advertising based on tracking that the reader actually welcomes. If there is such a thing, however, it needs to be on terms the reader asserts, and not on labor-intensive industry-run opt-out systems such as Ad Choices.

If you have a stake in these outcomes, come to VRM Day and IIW and help us make it happen. VRM Day is free, and IIW is very cheap compared to most other conferences. It is also an unconference. That means it has no keynotes or panels. Instead it’s about getting stuff done, over three days of breakouts, all on topics chosen by you, me and anybody else who shows up.

When we’re done, the Data Bubble will start bursting for real. It won’t mean that data goes away, however. It will just mean that data gets put to better uses than the icky ones we’ve put up with for at least six years too long.

_________________

This post also appears in Medium.

Tags: ,

« Older entries