Privacy vs. control

It is often suggested that Facebook, Google, and the other major tech companies violate the privacy of their users, and of course the companies are criticized on those grounds.  Yet I never see those critics go after other sources of privacy violations, such as say the friends and acquaintances who gossip behind our backs.  If privacy were so important, you might expect the overall campaign to be “pro-privacy” rather than just “anti-corporate” or “anti-tech.”

One possibility is that service users don’t see much of a chance that the “Zip files” assembled on them by the algorithms stand much chance of harming their fortunes or even being released in decipherable form.

Still, people are made vaguely uncomfortable by some of what is going on.  Could it be a “control” issue rather than a privacy issue?  That is, people do not like “feeling out of control” when it comes to their lives, including their personal data.  They used to “feel in control” and now they do not, in part because of the very media critics who view themselves as solving the privacy problem.

If it is a control problem, the chance that placebos will improve matters is higher, because I do not see our privacy losses as being reversible, or people even caring all that much.  What is the cheapest placebo that can help us address the control problem?  Passing some meaningless piece of legislation?  Self-reforms from the media?  The right kinds of proclamations from the tech companies?  All of the above?

I believe public discourse would be improved if we realized “privacy problems aren’t always about privacy,” to paraphrase Robin Hanson.


--but how are friends and acquaintances EQUIPPED to "gossip behind our backs today"? With the devices and services provided by our courteous and privacy-minded tech firms, of course.

"If privacy were so important, you might expect the overall campaign to be 'pro-privacy' rather than just 'anti-corporate' or 'anti-tech'.”

That is: if privacy were so important to tech firms, you might expect their overall campaign to be "PRO-PRIVACY" rather than just "corporate greed" and "market capture".

As long as we continue to piss off Mark Zuckerberg and Sheryl Sandberg, I'll be happy with whatever you guys come up with. You know those two have corrupt political plans and its no good for America. They will be the Soros and Kochs for the next generation.

There is not ceteris paribus "control." There is only balance. Even in harmony, no individual player will feel utter control. Try reading the Bible and giving it the same affect you give a standard US action movie: Samuel 4.2: Eli shunned trouble and exertion. This led him to indulge his children, without using parental authority to restrain and correct them when young. He winked at the abuses in the service of the sanctuary till they became customs, and led to abominations; and his sons, who should have taught those that engaged in the service of the sanctuary what was good, solicited them to wickedness. "For himself," the priest took. "A pound of that same merchant's flesh is thine," Portia says. "The thigh that is" "under" ….."what?" Well, gender dimorphism exists in the cells in the hypothalamus.

Why are two different things treated differently?? V.Hanson esque

Also, people absolutely do care about people gossiping about them.

And people who gossip about us, and violate our expectations, are easier to punish. Unlike a distant corporation. (Though “exit” is always an option.)

At this moment it looks like the Real Name drive in social media has been defeated, and as a society we accept that anonymous sages (and occasional trolls) are preferable to massive Cambridge Analytica style data harvesting.

You can choose to be a public personality on Facebook, but you don't have to. You can present a narrower slice of yourself on Instagram, or Twitter, or in blogs.

So the present is pretty good, though additional safeguards, especially to preserve anonymity would be a plus. Is it a crime to dox a minor? It certainly should be.

P.S. - we might also be descending into "everybody has a bodycam for their own protection" which implies decisions on when those tapes are used.

There was a Real Name drive? I recall one about 15 years ago in the Wall Street Journal, requiring subscribers to use their real name or be banned (I dropped my subscription over that), but otherwise no.

There was in Europe, led by EU commissioners and politicians in Germany, Austria and others. Granted, it didn't go that far.

I thought that when I first got my Twitter they "required" it, but I might be thinking of the old Google+.

By the way, I sidestepped "Facebook v Gossip" because .. Facebook is *for* gossip. There is no conflict there.

Right - this is the entire raison d'etre of facebook. People put data on themselves on Facebook for the entire purpose of sharing that data with others. It would be pretty strange for people to then complain about that data not being private. Of course Google maybe is different. I don't particularly want my search history shared with other people in a way that could compromise me (sharing of anonymised data doesn't do this). But I would rather rely on their commercial incentive not to do this rather than any government regulation. If it were the case that Google were frequently compromising people by sharing their private data, then people would quickly gravitate to a search engine that didn't do this. So Google wouldn't be stupid enough to do such a thing. My conclusion is this concern is simply rent seeking by some groups hoping to catch a few of the crumbs from Googles table.

'for the entire purpose of sharing that data with others'

Well, sharing that data with others you choose, and not with whoever Facebook hands the data to.

+1. Though I think the current level of vitriol thrown at Facebook, Google, etc. is misplaced, and the vast majority of people are just mildly creeped out when they see over-targeted ads. But it's fun to get mad about, because these companies haven't yet embraced the evil public image (nobody seems to expect good behavior from investment banks or defense contractors, and as a result they're never hauled before congress for posturing questions).

In some ways, FB should launch a paid "Pro" version where they don't share your data. Let everyone put their money where their mouth is.

'Yet I never see those critics go after other sources of privacy violations, such as say the friends and acquaintances who gossip behind our backs.'

As if the difference between a company's business model and personal relationships is impossible for an economist to tell apart.

+1. I am a little shocked that Tyler would make this comparison; Robin Hanson and Richard "privacy harms market efficiency by restricting information flows" Posner would, but Tyler usually presents himself as more "human". There's a difference between high school gossip amongst an in-person small peer group that is over in two weeks and eternal postings on social media that involve people from all over the world who have no familiarity with the parties or context involved.

I'd imagine that if it is felt that the main goal for receiving and using the information is to place the subject of that information at a disadvantage, then claims of privacy come to the forefront. For example, knowing what conditions your genetics predispose yourself for is a great thing to know, and it would be great to share this information with your doctor to help find ways to improve your health. However, we all also feel that insurance companies would love this same information as well, specifically to have an excuse to raise rates on individuals. Thus, is it better for the individual to know their health profile and risk others knowing as well, or to never know and ensure that others don't find out?

To understand is to conquer.

None of my doctors I know uses email, ever. One of them, when he phoned to tell me results of a test, hid his name behind a Private User ID; I didn't take the call, of course.

@JosieB - lol, how true, busy professionals rarely use email. Another one is that the super rich don't use email either, most don't even use a PC, and simply phone you when they wish something from you or to gossip. Information always travels by unrecorded phone. That's how the real players roll.

What is "real"?

Fines. $5 billion by EU for Google on antitrust laws vs $22.5 million privacy assurances by FTC for Google. So, monopoly turns out to be a type breach against privacy. And NDA hilarity ensues.

The US simply does not adhere to common law like in Europe. The right to privacy for users is being all mixed up with the right to free speech by companies. How can anyone have a problem with it given the way US elections are run? Depending on your view on advertising, which is what the data is used for, it's potentially a tautological-based democratic argument.

Now, "breaches" are being had, and certainly "pollution" is nasty thing. You know what still hasn't come up in common parlance, "fraud." Both by the advertising companies, who are complicit, and by fraudsters, who are not 12 year old kids in their parents room, though many might be. Just look at viewability. A standard created, and apparently necessary, that specifies that an advertisement is not fraudulent.

"To-date, the U.S. has seen the most focused attention on viewability. In 2014, GroupM announced trading standards for an ad to count as a payable impression. The standards required that 100 percent of the pixels in a display ad must be in view (for any amount of time); and for video, that 50 percent of the video must be played at the user’s initiation, with the sound on, while 100% in view. At the time, only 18 percent of video impressions met GroupM’s standard; by mid-2016, 55 percent of impressions met the standard.

Yes. Privacy discussion in this context is discussion about control and power. It has always been framed as such.

It seems that you belonged to the "to the older generation" Bruce Schneier
refers to in his 2010 Forbes "Privacy and Control" essay. Nice to you to catch up with the younger generation.


"To the older generation, privacy is about secrecy. And, as the Supreme Court said, once something is no longer secret, it's no longer private. But that's not how privacy works, and it's not how the younger generation thinks about it. Privacy is about control. When your health records are sold to a pharmaceutical company without your permission; when a social-networking site changes your privacy settings to make what used to be visible only to your friends visible to everyone; when the NSA eavesdrops on everyone's e-mail conversations--your loss of control over that information is the issue. We may not mind sharing our personal lives and thoughts, but we want to control how, where and with whom. A privacy failure is a control failure."

Here is the essay reprinted in Schneier blog:

Good article. Useful distinction. Thanks.

I have a remarkably inane, pig-headed, troglodyte view of all this. I don't like how Facebook works, on a number of levels. So I don't use it. If other people want to, fine. If enough other people don't want to, another company will emerge to meet their needs, that doesn't do the things they don't like Facebook doing. I do not understand what the issue is.

'So I don't use it.'

Which does not prevent Facebook from collecting data about you - '

When you open the downloaded archive, there is a file inside called addressbook.html. This file is supposed to house the contact information you uploaded.

However, due to a flaw in how Facebook implemented this, it also housed contact information from other uploads other users have performed for the same person, provided you had one piece of matching data, effectively building large dossiers on people.

In our testing, we found that uploading one public email address for an individual could reap a dozen additional pieces of contact information.

It should also be noted that the collection of this information goes for all of the data uploaded, regardless of whether or not your contacts are Facebook users.'

That’s a rather old link. Is the content still valid?

That Facebook creates shadow profiles? Yes. The reason for an older link is to demonstrate how long Facebook has been doing such data collection.

Here is a newer link, from Zuckerberg's 2018 congressional testimony - '“You’ve said everyone controls their data, but you’re collecting data on people who are not even Facebook users, who never signed a consent or privacy agreement and you’re collecting their data,” Luján continued. “And you’re directing people who don’t have a Facebook page to sign up for Facebook in order to get their data.”

In the exchange, Luján seized on a serious flaw in Zuckerberg’s consent-driven vision of Facebook, one that could have regulatory consequences in the months to come. The fact is, even if you’ve never signed up for Facebook, the company still has a general sense of who you are, gathered through uploaded contact lists, photos, or other sources.

Facebook’s collection of data on non-Facebook users opens up a world of questions about what data is and isn’t covered by Zuckerberg’s vision of user consent and control. Zuckerberg repeatedly said that Facebook deletes all your profile data if you delete your account, but what about shadow profile data that pre-dated your account? Zuckerberg also cited the ability to download your Facebook data, but not only would a non-Facebook user not have access to that data trove, the download tool omits data Facebook clearly collects and uses, whether it’s data from Facebook’s analytics Pixel or location data pulled from a phone.'

I think two issues are being conflated here. The first is what people *should* be worried about wrt privacy and tech companies. The second is what people actually *are* worried about.
The first consists of what "legal experts", privacy advocates and other social workers make a lot of noise about. The second consists of nothing - the revealed preference for social media and online tech clearly demonstrates that nobody really cares about their privacy being impinged upon.
Placebos won't improve matters on either count - social advocates won't be fooled, the unwashed masses don't care anyway. So don't bother.

What bothers many about Facebook and Google is that they aren't what they appear to be. Sure, smart people like Cowen know what they are, but most people don't because most people aren't very smart. We impose conditions before people are allowed to drive a car, but we don't have any conditions for driving a smart phone, tablet, or laptop even though the latter are as dangerous to the user as the former. The economy would be much smaller if less than smart people were protected from themselves. Cowen believes that protecting less than smart people from themselves denies them "freedom". Maybe. But more importantly, not protecting less than smart people from themselves promotes economic growth, and economic growth has a higher priority. Let them eat cake. Or whatever the propaganda induces them to do. Freedom rings!

We put restrictions on driving cars on public roads.

But as always, scratch a progressive and reveal an authoritarian. Plebs sharing internet memes is apparently a threat to democracy.

What’s more dangerous, Facebook selling targeted ads, or CNN threatening to dox meme makers unless they apologize in writing?

As far as privacy goes, I would much rather focus on the latter.

What does "Let them eat cake." even mean when there's plenty of (artificially sweetened, deceptively labelled, purchased with credit or SNAP) cake for all?

Seems like the activists are just after power and control over the tech companies. Notice, they don't say anything about the credit rating companies that have far more impact on citizens lives.

The political activists and the political class just want the power that China has over their tech companies and people to control what the people think, see and do.

Equifax like Facebook and Google had their Congressional hearing, had their reputation slammed, paid their million dollar fines and their stock recovered to a decent level. Now America pretends everything is back to normal while leaving deep questions unaddressed. The difference between data brokers and Facebook/GOOG is that you are "forced" into the database of the brokers without consent while FACE/GOOG require consent/registration for them to do their dirty deeds. The libertarian angle here should be one of consent which I find oddly missing from Tyler's quick take. Equifax/Acxiom/Transperian et al. all operate without the consent of the monitored and this has deep implications into the shape of our political-economic future. Think Orwell or as you brought up today's China.

The selling of our private data didn't start with facebook or google. Data brokers, banks, credit card companies and others have been mining and selling our data before FB and Goog got in on the game, it's not clear why FB and Goog are taking all the flak. There is a secret underworld of data brokering that we have no insight into and will never be given access to.

Some organizations that sell our data:

* data brokers like Acxiom, Corelogic, Datalogix, eBureau, ID Analytics, Intelius, PeekYou, Rapleaf, and Recorded Future
* state government agencies, like the DMV
* political parties (ngp van, DNC, RNC, etc)
* credit card companies and banks (anonymized but available by zipcode)
* health insurance companies (semi anonymized)
* restaurants and grocery stores (semi anonymized)

It's been shown that anonymization techniques are easily defeatable:

I think that the public doesn't know or care about how our data is used, but will eventually wake up to it and take action when millenials start taking positions in public office.

Good comment. And it has already begun, AOC is a millenial.

Traditional data brokers bought the buiness's data (i.e., they are a party to the transaction, too)

FB/Google are arguably different because it's clearly "your" content. The best FB/Google can do is argue that you (implicitly?) agreed to exchange that content for hosting services and a web authoring platform.


When you are just one row in a million row table, I think it becomes less about you and more our status quo pseudo-anonymity.

I am sure from all the perspectives cioransen lists above, I am quite average. And that's functionally equivalent to anonymity, for the time being, perhaps until real AIs can waste time trying to figure me out.

Right now would a health insurer try to find and buy my surveillance based health profile? Of course not, they have better data than anything from my apps or credit card receipts.

Medical history is semi-anonymized and in that case, yes - you are a row in a table. But data brokers can somewhat easily re-identify you and associate all that information with your UUIDs. But for the rest of your information (outside of medical records), there is not much requirement
of anonymization

And it is likely that your health insurer / pharmaceutical companies are buying access to your credit card info, social media presence and more, even though they have access to your health history. Just because we can't put a reason behind why they might do so doesn't mean that they aren't

I know of a company, now acquired, that was combining health claims and credit card data to improve their predictive models.

OK, I am surprised that cioransen and Ron say this is happening, largely because the data has to be crap. How many people are you shopping for? How many people drink your beer?

I mean maybe there is some gross correlation that Whole Foods shoppers are healthier than the rest of us, but that too would be bested by our historic blood tests.

I agree that the models will be of low quality. People have used California's Shine the Light Law ( to obtain their records and there are many inaccuracies:

However, even if the models are inaccurate, this doesn't mean that its okay to snoop this data and it might be even worse because the models that affect our day to day (insurance rates, f.e.) are being fed inaccurate information and we can't dispute it.

FB and Goog are selling access to your eyeballs (an advertiser says: "i want to put this ad in front of people with X attributes"), while your telco, ISP and credit card company are selling your browsing and purchase history and location details. These details are not anonymized, either.

I don't see why a company should be allowed to sell my access patterns, even if I am forced to agree to their terms and conditions. Right now, this forced agreement to sale of our personal info is the status quo, but it shouldn't be.

I also expect more privacy law in America's future, and I approve. I think we are also getting some excellent secondary benefits from European privacy laws.

I think the status quo is not so bad, but it is important to protect that. We should not glibly give it all away.

This is not a binary "rights" debate: degree matters.

Google collects your information for years, including searches, location tracking through your phone, reading your gmail conversations, getting health information from your tracker, know about all your credit cards and bank accounts, vacation plans, etc. etc. This information is all stored forever, sold and analyzed by people and companies you know nothing about.

If any "friend" would collect this much data about you for years, then sell it, I bet you you'd get a restraining order for stalking. At the very least, you'd never talk to them again. It's not easy to do that with Google and the tech companies and live a regular life.

We do the work, yet they create the millionaires and billionaires. This is a case where so much of the surplus is so trivially unearned that people are not taking a very kind view as to the divvy-up.

People seem less offended by Google than Facebook because they know Google is the best service provider in a competitive market, whereas Facebook is your basic natural-monopoly cruddy utility that many people have co-ordinated toward for social contacts, but otherwise resent.

Odd how questions about control look from another perspective - 'The French data protection watchdog CNIL has fined Google a record €50m (£44m) for failing to provide users with transparent and understandable information on its data use policies.

For the first time, the company was fined using new terms laid out in the pan-European general data protection regulation. The maximum fine for large companies under the new law is 4% of annual turnover, meaning the theoretical maximum fine for Google is almost €4bn.

The fine was levied, CNIL said, because Google made it too difficult for users to find essential information, “such as the data-processing purposes, the data storage periods or the categories of personal data used for the ads personalisation”, by splitting them across multiple documents, help pages and settings screens.

That lack of clarity meant that users were effectively unable to exercise their right to opt out of data-processing for personalisation of ads.

Additionally, the watchdog found that even when user consent was collected, it did not meet the standards under GDPR that such consent be “specific” and “unambiguous”, since users were not asked specifically to opt in to ad targeting, but were asked simply to agree to Google’s terms and privacy policy en masse.'

As Stalin would say, quantity has a quality onto itself. Being able to get a policeman to tal a person for a month is made less dangerous by how expensive it is. If you can tail absolutely everyone forever, at negligible per unit cost, you have a very different ability than following people in public.

It’s the same for tech companies: My friends can say a lot of the things about me than Google could, but you have to work to find the,, and get them to tell you. When the cost drops to zero, and you can aggregate averages across all people, follow all the links for fee, and run predictive analytics that require samples of hundreds of thousands of people to come up with. It’s a different ballgame. Same with mixing credit card data, phone location records, browsing history, movie watching history... It’s the scale that changes everything.

The one thing that saves us is that if Google weaponized their data as I mentioned, the government backlash would be very real. But the power is there, waiting for the second where it is seen as acceptable.

> “They used to “feel in control” and now they do not, in part because of the very media critics who view themselves as solving the privacy problem.“

Any thoughts on what Tyler means by the second half of that sentence quoted above?

I don’t quite understand what he’s referring to there. But maybe the observation is that even the “pro-privacy” folks are still offering up a paternalistic, bureaucratic set of solutions. And if the problem isn’t “privacy” per se, but a sense of “control” over our lives, then these efforts aren’t really solving anything.

It's meant to make the reader feel like she knows nothing and shouldn't worry about anything big corporations do. Seriously, the game is up around here.

Tyler, it's telling that the two tech companies you mentioned, FB and Google, are entirely free services. I think it's a bug of the early internet business model to offer entirely free services because customers tend to severely overestimate the dollar value of their data and this in turn forces the company to pretend to be pro-social in order to placate the overly wary and entitled customer. And whatever pro-social things FB and Google do, it's never enough. Each customer thinks their Google history is worth millions to the company, but an Amazon or Uber customer is a bit more grounded and understands the value of the data can't exceed what they spend.

So you're OK with Natasha knowing your porn preferences?

They are a married couple - why shouldn't he be OK with that? One would reasonably assume they know each other's preferences in all kinds of ways, not just porn.

Transaction security is closely related to privacy, I think that is the underlying issue. When someone steals another 100 million identities, I watch my balance and often get a new card. Another trick is that I hold off on on line purchases so IO can look and verify no bizarre charge show up, as happened to me with Jeff Bozo once.

I am real paranoid about transactions, but obviously could care less about privacy.

I expect very little protection from Facebook and other corporations. I like control or at least the illusion that I have it. Therefore, I don't use Facebook.

"you might expect the overall campaign to be “pro-privacy” rather than just “anti-corporate” or “anti-tech.”"

I'll challenge the premise. People are at least as concerned about collection of data by the government.

Personally, I'd argue people are more concerned about governmental data collection, but that might be a function of my political leanings.

I get at least 10 BS marketing and scam phone calls per day on my cell phone, often with area codes similar to those I have recently called. Perhaps my friends and acquaintances are to blame for giving away my calling info...

I don't get so many but a surprising number are in Chinese. I think it's because I registered a Xiaomi fitness band once.

Happens to the inlaws. With the calls coming from Vancouver BC area codes. They are always falling for weird shit on the internet so I figure they filled out a form field somewhere.

This post is essentially correct. I agree that it is control and not privacy that is -the- issue. I would say privacy is actually zero in importance in equilibrium (and the problem comes when lack of privacy is harnessed for purposes of control e.g. social media mob finds your statement to a friend four years ago, looks up your address, and then devastates your normal life.)

Let us consider our relationships with Google and with the US government. Which is more critical to us on the margin? In a "feasibility-weighted" policy space there is no question that Google matters more. Why--with the US gov we have a gargantuan system of rights and processes and constraints much of which cannot be easily violated (and even less easily, not more, with our lesser privacy.) So the government cannot too easily screw you, at least not without major cost.

Google on the other hand is bound by literally ZERO obligations to me as far as I can tell. All of the following actions are available to Google, at all times, and with essentially zero cost:
- deny a person's access to google search engine
- revoke a person's access to their email archive
- delete all files uploaded to Google drive
- deny access to viewing of Youtube videos
- delete a person's income-earning work output off of Youtube
- deny access to all behind-the-scenes services involved in and necessary for the access of non-google websites
- disclose all information generated in the history of my relationship with google to any third party
It is literally true that these actions are technically available for Google at all times.

Economics people often respond with two claims. Claim 1 is "Google has no profit incentive to do any of this." Claim 2 is "if Google did for some reason do this, rational actors in the free market would deliver the product that did not." Sorry, both of these claims are just plainly false.

Claim 1 fails because applied to most people (i.e. non-celebrities) these actions come at essentially zero cost. (This is why the products can cost zero in the first place.) Therefore if there is any tiny positive benefit to Google which is greater than zero, these actions will be taken. And indeed we have seen these increasingly over the past years and months. The benefit might be "increase attachment of a subset of the userbase by emphasizing moral resonance", or "increase political influence by pleasing a government."

Claim (2) fails essentially for the reason stated by Glen Weyl: as a network becomes larger, it becomes more efficient, and so the technology called Internet has increasing returns to scale. Moreover for technical and other reasons, the existing Internet network is highly dependent upon nodes controlled by either Google or Facebook (increasingly so over time). For the normal economist reasons, increasing returns to scale neuter the competitive forces that lead to equilibrium constraints on actions a company will take. Yes, there is no threat that "Youtube-Plus-Alex-Jones" emerges in the marketplace, regardless of whether it would outcompete regular Youtube. (On the other hand, amazon consumer marketplace is highly competitive, and here products are highly sensitive to user preferences.)

I think this illustrates why the situation is so foreboding. Remedies seem difficult indeed. For one start, we should think of Google as a governmental state entity with enforcment powers as above, and in that context think whether the status quo would be acceptable. For another, we can think of how to change the basic network architecture to one that will not lead to centralization around Google, Facebook, or any particular nodes in equilibrium. For a third (Tyler suggests) brainwashing people, which I agree is the most likely outcome. Remedies seem difficult indeed.

+1 I admit, I'm shocked how the Internet evolved toward proprietary platforms like Google and FB. Ten years ago, I would have bet real money on the combo of standards and open source.

How can Google deny access to their search engine to a specific person? Unlike Facebook, you don't sign in to use the service. Of course they could deny access to a specific IP address but that's easily circumvented

Who controls the controllers?

Yet I never see those critics go after other sources of privacy violations, such as say the friends and acquaintances who gossip behind our backs.

-- Who exactly are you imagining that are OK with their friends gossiping private information about them, behind their back? Most people hate that, feel betrayed, feel their trust violated, etc. I don't see the inconsistency.

Gossiping has been frowned upon for at least several thousand years. Prohibitions against it are built into our etiquette and even language in some cases. Sure, we still do it--but it's never been considered a good thing, only a useful evil.

That's not to say that there are no differences. Gossip is personal--you do it to me, intentionally or at least knowingly. Large companies buy and sell data wholesale, without regard for the individual. More significantly, though, we've learned to deal with gossip--we don't allow it in courts, we do allow it in private, and we have enough of a prohibition against it to make people hesitate but not enough of one to make people stop sharing information. It's pretty finely calibrated. We have no similar mechanism with regard to large companies buying and selling data. We're pretty much at sea here; there's nothing in our history as a society to use as a model for how to approach this, and we're at the point where it has the potential (actualized in some cases) to ruin lives.

Confirmed that Tyler doesn't know very much about "goss". Take a few days on NextDoor if you want to see people complain about gossip and privacy.

NextDoor is full of racists and sexists. If you are a shade of darker than Donald Trump and a man, be prepared for the creepy stalkers that will destroy you on the web. The worst part is that you live with these people. They are your neighbors.

This type of conversation makes me think we need to have some new language for talking about different classes of privacy problems.

Here's a thought experiment:

1. Consider someone standing on the street and seeing my car drive by, and looking at the license plate. (for this conversation, we will assume that license plate is trivially convertible into identity)

2. Now consider the non-local knowledge of my car being at a particular place at a particular time (e.g. randos watching an internet enabled high resolution traffic camera, and seeing I just passed through an intersection)

3.a. Now consider the non-local knowledge of my car being at any of a large number of different locations (e.g. a network of traffic cameras recording my license plate) as I move throughout my day

3.b. Consider the non-local knowledge of my car being at one particular place at a particular time (e.g. condition #2) except with historical data incorporated. i.e. a record of every time I've driven through an intersection, as captured by a traffic camera.

NOTE: I imply no order to 3.a. and 3.b., I consider them to be in the same general area.

4. Consider 3.a. and 3.b. combined: a complete knowledge of every time I've passed through a series of points (e.g. a large network of traffic cameras), and all of the history in those points.

5. Now consider persistent tracking of where my car is at all times, with full history, in all locations, forever.

I think we can all agree that Case #1 there is no imaginable violation of privacy really possible. I think most people would agree that in Case #5, we're dealing with private information. There's a line, however, somewhere between obviously public information (someone walking down the street reading the license plate hanging off the back of my car) and complete causal knowledge of where my car ends up at all times. (where would you draw it? Between 1 and 2? After 5?)

Note that we can extend this metaphor quite easily: it doesn't really matter if I click through and read a single news article, but the full internet history of every article on every news site I've been on is a little bit different.

I think this is where the anti-Google/ Facebook/ Apple/ NSA comes from. You can't do but so much with a single datapoint. However, with a database of a massive number of datapoints from a lot of sources with extensive history, the ability to instantly cross-reference all of that data to build an extensive profile, and an obscene amount of computing power, you're in a very different category of privacy worry.

The tricky thing is that we're perfectly OK #4 can be done w.r.t. alleged(!) criminals - think the "stake outs" depicted in every crime drama - without even a warrant. We're even OK with #4 plus a bunch of other stuff, like pulling your phone records, recording who visits your home, etc., also without even a warrant.

With a warrant, it's beyond #5. They can pull non-public data sources.

The question is, is there a principled reason to say police can do all that to alleged(!) criminals, but not to me?

Another point is that among companies that violate your privacy, Facebook and Google are not the biggest violators. People use a service like Facebook generally expecting to share the information they post there (that is after all the point), and Facebook technically does not give that information away except when a user consents. In contrast, your banks and credit cards share your financial transaction information with data brokers, which is generally not expected of them and involves much more personal information than what is typically shared on Facebook profiles. So why are people not more upset with the data brokers and all of the companies that sell them their information?

This makes me think that there is a dimension of ill-will toward so-called tech companies, perhaps because of its youth, wealth, perceived naivete, or something else.

Control is indeed the issue. The tech giants are partners with the establishment in its war on democracy. They can't manipulate you if you delete your account.

Speaking of privacy, the IRS sure does know a lot about us. Fortunately, the government has never misused that information.

I think the issue might boil down to freedom. When companies collect massive information about you, centralize it in a single or few sources, and then use complicated technology to analyze it, they can predict your actions in a way you never imagined possible. This prediction can be used to target ads, prices, news, or anything else towards you, effectively limiting your "market" freedom. In addition, it becomes much harder to "restart" or have a "fresh beginning" when a data trail follows you everywhere you go. A few people "gossiping" about you could never have this capability. The difference is this scale and capability.

This is a relatively minor point though. The major point is the limitation on freedom by a state that can predict your actions, like China or Israel are increasingly doing (to Uyghurs or Palestinians respectively). Similar to Minority Report (the movie), but with more science and statistics rather than prophetic oracles. Scary stuff.

Comments for this post are closed