For privacy we need tech more than policy

Image for post
Image for post

Nature and the Internet both came without privacy.

The difference is that we’ve invented privacy tech in the natural world, starting with clothing and shelter, and we haven’t yet done the same in the digital world.

When we go outside in the digital world, most of us are still walking around naked. Worse, nearly every commercial website we visit plants tracking beacons on us to support the extractive economy in personal data called adtech: tracking-based advertising.

In the natural world, we also have long-established norms for signaling what’s private, what isn’t, and how to respect both. Laws have grown up around those norms as well. But let’s be clear: the tech and the norms came first.

Yet for some reason many of us see personal privacy as a grace of policy. It’s like, “The answer is policy. What is the question?”

Two such answers arrived with the New York Times on April 2nd: Facebook Is Not the Problem. Lax Privacy Rules Are., by the Editorial Board; and Can Europe Lead on Privacy?, by ex-FCC Chairman Tom Wheeler. Both call for policy. Neither see possibilities for personal tech. To both, the only actors in tech are big companies and big government, and it’s the job of the latter to protect people from the former. What they both miss is that we need what we might call big personal. We can only get that with personal tech that gives each of us agency. (Merriam Webster: the capacity, condition, or state of acting or of exerting power.)

We acquired agency with personal computing and the Internet. Both were designed to make everyone an Archimedes. We also got a measure of it with the phones and tablets we carry around in our pockets and purses. None are yet as private as they should be, but making them fully private is the job of tech.

For example, Customer Commons is working on tools that include cookies that go the other way, true loyalty cards, and terms we can proffer as individuals, and the sites and services of the world can agree to.

Those terms are examples of what we call customertech: tech that’s ours and not Facebook’s or Apple’s or Google’s or Amazon’s. When those personal tools engage the sellers and service providers of the world, they do VRM, or Vendor Relationship Management, which can engage CRM (Customer Relationship Management)systems on the other side.

The purpose of everything in the last paragraph is to turn the connected marketplace into a Marvel-like universe in which all of us are enhanced.

To be clear here, my argument here is not against policy, but for tech development. Without the tech and the norms it makes possible, we can’t have fully enlightened policy.

For lack of privacy tech that gives us full agency, we how have the General Data Protection Regulation, with more privacy laws to come (notably ePrivacy in the EU and AB375 in California).

I had high hopes for the GDPR as it approached, and to some degree I still do; but so far it has mostly made life far worse for everyone. On the sites’ side, it caused countless cookie consent notices (nearly all meant to obtain consent to continued tracking-as-usual) and full employment for lawyers. On our side, it’s a big pain in the ass, with more personal privacy loss than ever. And that state will persist until GDPR enforcement happens.

Meanwhile we still need the tech. Let’s make it.

Bonus link.

Originally published at blogs.harvard.edu/doc on April 2, 2018.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store