Privacy: Does Anybody Care?

To paraphrase HL Mencken, no one ever went broke underestimating the American public's commitment to privacy. "Quit Facebook Day" reportedly generated 31,000 account closings, compared with the roughly 500,000 new accounts that Facebook adds each day.

This lack of interest in privacy is a tremendous pity, because privacy violations can cause many types of real harm:

- identity theft
- physical violations including stalking and burglary when people are known to be out
- unjustified commercial treatment (e.g. denial of credit or employment) based on irrelevant or incorrect information
- unjustified government activity (e.g., placement on a No Fly list) based on irrelevant or incorrect information

Ironically, such problems seem to generate less public concern than techniques such as "behavioral targeting", even though the consequence of that is...um...receiving a relevant advertisement. I fully understand the real issue is people feel creepy to know that someone is sort-of watching them. But it's probably a good thing to remind them because the watching will continue whether behavioral targeting is regulated or not.

As the Facebook example shows, most people really don't care enough about privacy to protect it at the cost of other benefits, even minor ones like participating in Facebook. Similarly, many Americans seem downright eager to sacrifice their privacy from government surveillance in the name of national security.

The pity is that it's not an either/or choice. In many cases, technology can be designed to preserve privacy and still give the desired benefits. As a good example of what privacy-consciousness looks like when someone really cares, consider how the gun buyers are protected: gun dealers must check buyers' names against a database of felons, but the buyers' names are erased after a few days. (Of course, loopholes apply to "gun shows" but that's another discussion.) Another example -- never implemented so far as I know -- is that instead of reading drivers license information to prove patrons are old enough to drink, bars could have devices that simply scan the license and flash a green or red light depending on whether the person is old enough.

The point in both cases is that systems can be designed to access and retain the minimum amount of information necessary to fulfill their function. Many behavioral targeting systems already work this way -- capturing relevant data but not the actual identity of an individual. These principles could be applied more broadly and more systematically, but only if the people designing and regulating these systems made them a priority.

In practice it seems that other, less rational approaches are being adopted because they are more popular. To quote Mencken again, “For every problem there is a solution which is simple, clean and wrong.”

Without being excessively cynical, I think it's relevant to point out that privacy doesn't have much of a lobby, at least compared with, say, the National Rifle Association. Businesses want to collect data for marketing purposes. Consumer-friendly government officials are the natural opponents of this collection, but are constrained because many government agencies want the data for their own social and security purposes. The only organized opposition comes from a small set of privacy activists who themselves vary considerably in their priorities and capabilities. This means that, as a marketer, I don't spend much energy worrying about seriously restrictive privacy regulations -- even though I'd actually like to see some intelligent restrictions on data gathering by both business and government.