NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] How "Privacy Correctness" Is Leading Us Dangerously Astray

      How "Privacy Correctness" Is Leading Us Dangerously Astray


You're probably familiar with the term "politically correct" and its
ramifications.  Simply stated, "political correctness" relates to the
narrowing of discussions, often by focusing on specific examples of
"violations" (in a range of circumstances) that in reality do not have
notable intrinsic, relevant, or significant impacts.

Political correctness can be purposely used as a weapon to manipulate
debates, or it can be the result of genuine confusion regarding the
actual facts of a situation. Frequently, political correctness issues
involve both of these facets.

As we look at the almost daily parade of supposed "privacy problems"
that splash across the Web and other media, followed by calls for
investigations, massive fines, and sometimes large-scale governmental
interventions -- a fundamental question arises.

To what extent are we concerned about actual, important, substantive
privacy concerns, and conversely, to what degree are we engaging in --
perhaps to coin a phrase in this context -- unwise, counterproductive,
manipulative, and even potentially dangerous "privacy correctness."

At first glance, it might appear that the seeming sheer complexity of
the technology surrounding privacy these days would make such
determinations difficult.

Cookies and Flash, JavaScript and AJAX, encryption and targeted ads.
And so on.  How can anyone be expected to untangle all this in terms
of privacy concerns?

In reality though, the complex nature of these technologies -- many of
which are key to providing and helping to pay for services that users
have come to expect, usually without charge -- offers a clue that we
may be spending our time looking in the wrong places.

One thing we can be absolutely sure about is that new, even more
complex technologies -- many of which may have privacy-related
ramifications -- will be arriving almost continually.  To assume that
everyday users of the Web and other environments will have the time or
inclination to understand the functioning and external relationships
of these underlying mechanisms seems unrealistic at best.

In fact, as we've seen in recent cases involving Google and their use
of Web cookies ( http://j.mp/xGZRcT [Lauren's Blog] ) and collection
of unencrypted Wi-Fi data ( http://j.mp/9680wb [Lauren's Blog] ), even
hard-core techies and experts on these systems may at times become
enmeshed in "privacy correctness" quandaries, with various forces
insisting that particular actions represent serious privacy
violations, while other observers see only insignificant
transgressions or none at all.

Cookies and Wi-Fi have been around for many years.  What of new
technologies coming down the line?  Are we going to go through these
battles individually and repeatedly, expecting consumers to
incorporate such ever more intricate complexities in their various
combinations into their routine Internet usage decisions?

And what of the impacts that considerations of genuine privacy
concerns, vis--vis "privacy correctness," will have on issues of great
import to society at large, such as calls for vast communications
surveillance regimes, expansive cybersecurity legislation, and so on?

There are some guidelines that I use in my own analysis of these
issues today, that may be generally useful in these respects.

First, like it or not, what's public is public.  I say this a lot, and
many people don't really like the idea, but that doesn't change the
underlying truth.

It is foolhardy to pretend that something already out in the public
sphere, especially (but not necessarily) on the Internet, can then
somehow be effectively restricted or controlled.  Trying to convince
people otherwise is quintessential "privacy correctness" and can
dangerously lead to false assumptions about what information is or is
not actually available publicly.

Efforts to restrict information that is already public, ranging from
governmental data, to photographs easily taken from municipal streets,
to unencrypted Wi-Fi signals, can only serve to harass legitimate and
innocent usage, while "bad players" will find ways to continue
essentially unencumbered.  Public is public.  Period.

But what about data that isn't public, that has been shared with
individual entities perhaps?  This is the category that sheds light on
what I would call true privacy problems, in contrast to generally
false "privacy correctness" issues.

Except where absolutely mandated by law, when personal information
provided to or collected by one organization is sold or otherwise
provided to another organization without the explicit permissions of
the persons involved, a significant privacy violation may well have

Health information, financial transaction data, communications
addressing and contents, Web search activities, and so on -- these are
all types of data that users have a right to expect will routinely
stay in the hands of the entities they've chosen to trust.  Genuine
violations of that trust, allowing user data to flow to third parties
without user permissions or valid court orders, can be devastating to
users and ultimately to the organizations involved as well.

On the other hand, cavil complaints about complex Web cookie handling,
especially in the course of providing services that users have
requested, and in the face of contradictory and confusing technical
specifications, appears to fall squarely back into the realm of
disingenuous "privacy correctness" machinations.

I mentioned trust earlier.  In the final analysis, trust is a cardinal
aspect of our dealings in all aspects of our lives, online and

On the Internet, on the Web, if we trust the organizations that we've
chosen to patronize -- whether we're paying for their services or 
not -- it makes little sense to endlessly engage in an attempted
micromanagement of their underlying cookies, JavaScript, or other
rapidly evolving technologies, or to play a fundamentally exploitative
form of "gotcha" when technical lapses occur that do not have actual
privacy-damaging characteristics as I noted above.

And if you don't trust a firm enough to accept this, perhaps you
should consider taking your business elsewhere.  If you insist on
assuming that most Web businesses are fundamentally evil, and can't be
trusted regardless of how well behaved they are today, then perhaps
you should consider, for your own peace of mind, not using the
Internet at all.

Or, we can endeavor to see beyond the specious premises of "privacy
correctness," and concentrate instead on actual, genuine privacy
problems that are deserving of our serious attention.

What may seem at first to be "correct" -- isn't always right.

Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org 
 - Data Wisdom Explorers League: http://www.dwel.org
 - Network Neutrality Squad: http://www.nnsquad.org 
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
 - PRIVACY Forum: http://www.vortex.com 
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren 
Tel: +1 (818) 225-2800 / Skype: vortex.com
nnsquad mailing list