Why Privacy Isn't Privacy

by Scott Rice5/4/2014 4:23:00 PM


One of the more vocal sub-populations in the identity community focuses on consumer privacy.   But privacy, like the word identity, has taken on a different meaning in the context of technology that differs from its pre-tech, historical meaning.   Privacy originally meant being away from others or being alone.   When you wanted privacy, you went somewhere absent of other people.    In our connected world, being absent of other people is both horribly true and horribly false.   Horribly true because as a connected society we run the risk of only connecting digitally which many claim isn’t really a “connecting” at all.    Horribly false because any digital connection is, of necessity, made possible only by others even if the only other is our ISP.

But privacy has been recast to mean a person’s right to control what information is revealed to the public and what information is not.    Today’s privacy means control over the flow of information from the private side of your life into the public domain.   Examples of the kind of information over which we most often want to exercise this flow control are our salaries and our medical conditions, our views about politics and religion, our social-security-number… even our opinion about whether or not Pluto should be a planet.   But these are just pieces of information that could potentially flow from private to public so it begs the question: where is the border between those two lands?    My first assertion is that there isn’t really a border at all.

An example would help and since PacificEast focuses quite of a bit of its attention on telephone numbers, let’s use those.   When do I want my phone number to be private and when do I want it to be public?   As for my cell phone I probably never want it to be truly “public” but only because I don’t really want unsolicited texts or calls trying to sell me something.   I think that’s a fairly common line that most of us draw.    But it’s important to recognize that this line isn’t a border between what is private and what is public.   Rather it is only a differentiation between the purposes for which I agree others may use my phone number and those for which they may not.  We’ve always had a word for this concept in English, but only recently has it been “privacy”.    Previously we called this concept “intention”.   The great thing about the word intention is that it is a word that evokes a sense of movement and action.  Privacy feels static; like a state that can exist or not exist.   But the concept of intention is tied to action and it is the action someone might perform with my data that I really want to control. 

If I give you my phone number, what do you intend to do with it?   Will you call me to sell me something I haven’t mentioned I wanted?  Will you send me a text when my child is sick in school?    Will you call me to remind me of my doctor’s appointment?    Will you use my number to prevent fraud on my account?   Will you use my number to find other ways to contact me if I lose my phone?     What are your intentions?    These are examples of different points on a continuous spectrum of intention.    But as with all continuous spectra, there are an infinite number of points.   Unfortunately, humans aren’t good at intuitively grasping a concept with infinite variations.  

There are movements within the identity and privacy community that would have consumers making decisions about each detail decision on this spectrum.    Don’t get me wrong, I’m not saying consumer consent isn’t good.   On the contrary, I think the ability to better manage a consumer’s consent is going to be one of the big things that come out of the next decade of information technology.  But I believe it’s a misguided strategy to inundate the consumer with too many microscopic decisions about how their data gets used and who uses it.   Giving consumers microscopic control is not the same as giving them meaningful control.  Controlling the flow of information at this conceptual level is much easier for consumers to grasp than a constant, disconnected flow of questions about whether this ap can do this or access this information or if your information can be used for things like marketing, or ID verification, or even fraud prevention.  However, it is just as much of a misguided strategy to give a consumer too few, or no decisions over data privacy.   

My second assertion is that the intention needs to be a reasonable trade for the information being requested.   When a consumer loads a flashlight ap on their smartphone and the ap wants to have access to contacts or the device’s geo-location, I have to wonder what the ap’s intention really is.  (There have been numerous articles lately about such applications that were not really built to help you find your way in the dark.)   It’s not enough to tell the user what you want to do with their information.   True consumer consent means you should be telling the user why you want to do it.    For consumers to trust you with their data it is a reasonable expectation that they know your intentions and be able to choose to grant you access to their non-public information based not only on your intentions but on the fact that you are offering them a reasonable compensation in exchange for what you are requesting.  

All too often many in the technology field hide behind a wall of complexity so only the really brave would dare peak around the corner and ask the tough “why” question.    We who use consumer data to do many great and laudable things had better get a handle on helping consumers better grasp these cloudy intentions before consumers decide to take away all access to their information.   That would hurt them, yes, but they wouldn’t know it until it was too late.    We aren’t just stewards of a consumer’s information; we need to be consumer educators as well and help them decide which intentions are in their best interests and understand the value we are returning to them in exchange for their permission to use their private information.

Comments are closed

Month List