Almost a decade ago, there were fierce policy debates in regulatory backrooms about how digital privacy might be managed as the commercial Internet blossomed towards the multimedia broadband wonder that it is today. The heart of the dialogue was whether or not people should “opt in” to or “opt out” of use of their personal information for advertisement, experience customization, personalization, etc.
While there were already countless laws on the books and regulations promulgated to protect consumer privacy, financial transactions, health records, etc, and so forth (although almost all drafted in the pre- or early-commercial Internet age and arguably ill-fit or un-tested in the digital world), the opt in-opt out debate – focused on driving commercial value from the Internet – was a watershed.
In markets where, for instance, direct mail and telemarketing were commonplace, the initial kneejerk was in the opt out direction – if someone didn’t like the use of their data they would have the option of stopping the process (if, of course, they even noticed). In other markets, where such practices were frowned upon (or even illegal), opt in was the preferred mechanism.
Long story short, opt in emerged as the status quo, and specifically in the context of people opting in based on the concept of “informed consent.” In other words, people had the right to a full description of how their data might be used in advance of agreeing to its use. Notably, the general public was largely unaware that this debate was taking place, nor that a common policy had been defined and agreed.
Over the last 10 years, reaching a crescendo as social networks have exploded allowing people to share more personal information, there has been growing consumer concern related to identity theft, cyber/real-world stalking (via e.g. Google Streetview or mobile location-social network mashes like Foursquare, Loopt and Gowalla), and other privacy intrusions or mis-uses of personal data. The fundamental question facing people today is: Even if I opted in, was my consent really informed?
The most recent and perhaps most resonant hullabaloo has been around Facebook’s iterative editing (and lengthening) of its privacy policy and settings, culminating in the introduction of Facebook’s “Instant Personalization Program.” Overnight, the IPP resulted in Facebook members suddenly broadcasting their activities on a wide variety of otherwise unrelated websites, like Pandora, Yelp, and Microsoft docs.
Notwithstanding Facebook's Zuckerber Washington Post “apology” (which was not his first and anything but, and included the strangely cultish mantra “If people share more, the world will become more open and connected…a better world”), opting out of IPP is doable, yet only truly effective if all of your FB friends do as well (if any of your friends visit the other websites without opting out, they get your info anyway).
Meanwhile, in the less mainstream/not-yet discovered/feared realm, sites like Spokeo offer downright spooky profiles based on publicly available digital data. Spokeo, which bills itself as “not your grandma’s phonebook, asks for nothing more than a name and city and state.
The results: Name, phone number, street address (without the specific number), household members (an incomplete list in my case), age, ethnicity, marital status, occupation, hobbies (not sure where this wild list came from), estimated home value, gender, zodiac sign (they got it wrong for me, but only by a month), level of education, home ownership, length of residence, basic socio-economic data on your neighborhood, and, of course, a Google Earth shot of the immediate neighborhood, with your house and neighboring grayed out.
And that’s the free offering. For $2.95 a month you can get a one year membership that will fill in the blanks and add photos, videos, etc. pulled from social networks, blogs, etc., as well as (I’m really not sure what this might entail) religious and political and other affiliations.
For whatever it may be worth, Spokeo is only one of many such sites offering similar “services.”
So, with all of the above said and known, and despite the efforts of groups like the Electronic Frontier Foundation, the Online Privacy Alliance, The Center for Democracy and Technology and the Electronic Privacy Information Center (EPIC) to better educate consumers on how to protect themselves online, the general population remains somewhat schizophrenic in it’s behavior and concerns. To wit, in a recently conducted (private) poll of a statistically relevant population (100’s, relatively affluent, ranging in age 15 to 45), the following results emerged:
• Almost 2/3’s of respondents are online daily for non-work/school experience, split more or less evenly between 1-2 hours and 3-5 hours daily.
• Few perceive benefit from personalized ads (based on service provider understanding of their online activity), half simply don’t care, almost 1/3 are slightly unnerved and 10%+ consider it an intrusion.
• Over half of the surveyed population make online purchases regularly or often, 2/3 recognize a remote possibility of identity theft, 25% are completely unconcerned, only a small percentage are deterred from online financial transactions for privacy concerns.
• 3/4 most trust their credit card companies to manage such transactions, with Paypal a second preference (essentially an extension of their credit cards), more than half neither trust nor distrust Apple and Google, while half list Facebook as least trusted.
• Over half of respondents use their mobile device to go online at least 1-5 hours a week, with another 1/3 going online 1-5 hours daily.
• ~60% rarely use location-based services (mapping, social location, etc.) on their mobile device, but almost 20% report using same more than 10 times a week or “practically always” (evenly split).
• Just over 10% perceive a benefit from customized services linked to their mobile device location but almost 50% would find it somewhat unnerving (29%) or an intrusion on their privacy (21%).
• No clear trusted party for managing such services emerged, indeed, 51% listed “no-one” as most trusted partner. To the extent trusted parties might be ranked, wireless operators/service providers edged out Google, with almost 50% listing Facebook as least trusted.
From a policy perspective, the good news is that EPIC, CDT, EFF and the Online Privacy Alliance seem to be united in promoting market-based as opposed to heavy-handed regulatory-based solutions to ensuring privacy protection without bringing digital commerce and social activity to a grinding halt. That said, they are also actively engaging in Washington to ensure that egregious behavior does not go unchecked – for instance, EPIC recently led 14 other organizations in filing a joint complaint with Federal Trade Commission (FTC) related to Facebook’s IPP. And, these groups are maintaining their initiatives to educate the general population appropriate individual protection. For instance, EFF is tracking Facebook’s privacy changes closely and providing clear instructions how to adjust personal settings accordingly, to the extent that Facebook makes that possible.
And, in the face of Congress preparing measures to regulate online privacy, and the FTC warning it will endorse such efforts if the industry fails to step up self-regulation, Internet companies like Yahoo and Microsoft and advertising giants like WPP are promoting a new market-based system to police privacy abuses by companies that track consumers' Web-surfing habits for ad targeting (see WSJ report).
Further good news for those of us who are fans of market-based solutions is the fact that (as also reported by the WSJ), venture capitalists – including top tier firms like Kleiner Perkins and Accel Partners - have identified privacy as a new investment opportunity and are pumping millions of dollars into privacy-related start-ups.
• Online privacy start-up ReputationDefender Inc. which provides a service to monitor what is said about an individual online and can help remove private information from certain websites, will soon disclose that it has raised $15 million in new venture funding—even though the company wasn't actively looking for new cash.
• SafetyWeb Inc., which helps parents monitor their kids' online activities recently closed $8 million in funding.
• And the well-branded Truste (a not-for-profit until 2008), which offers seals of approval to websites that meet certain privacy standards, recently raised $12 million.
• SocialShield Inc., funded by Venrock Associates and others, like SafteWeb has launched a web service that parents can use to help them track and analyze their children's online behavior, telling parents when others have posted and tagged photos of their kids online, giving them a chance to have them removed, among other thing.
• And, Abine Inc., funded by Atlas Venture, recently launched a product that can block online tracking and opt out of online ad networks.
As consumer awareness of privacy threats increases, even if behavior is not changing apace to address the threats, the market is responding with appropriate solutions and, hopefully, genuine commitment to self-regulation. But, all it may take to trigger potentially over-zealous lawmakers and regulators to step in will be more snafus from Facebook, a monster-scale case of identity theft, or a gruesome headline or two related to cyber-stalking.
A space worth watching, both in terms of personal security and business opportunity.
Later…
No comments:
Post a Comment