< Internet Banking, 22seven & Security Fallacies | Tracking the Trackers (my mods to the Collusion AddOn) >
Seth lays out two claims, the first is that we have no privacy, and the second is that consumer "privacy scares" are actually just because consumers don't like surprises. The first is the most important. It's something you hear all the time, and it damages the potential work privacy advocates and developers can achieve.
You have no privacy
The first mistake Seth has made, is to assume that he knows anything about privacy. As Iain Currie points out in his excellent paper "Some implications of a dignity-based conception of privacy":
[Much] writing about privacy tends to be ‘intuitionist’. This is a form of moral argumentation that relies on people’s innate intuitions of right and wrong.  The difficulty with [intuitionism] is the unreliability of its results. What some people experience as shameful violations of privacy, others do not. A more general problem with intuition as a basis for ethical decision-making is that some extrinsic quality-control measure always seems to be required to test the rightness of one’s intuitions. The fact that a lot of people feel strong moral revulsion at, say, the idea of interracial or homosexual sex is generally not thought to be a good reason for judging those practices as immoral.
It turns out that privacy is actually quite a tricky concept, and both the fields of moral philosophy and law have spent a considerable amount of nailing it down. I tweeted that a good place to start any readings on privacy, is the Stanford Encyclopaedia of Philosophy's entry on the matter. Just wading in to the field and declaring that credit card, phone and web logs are the sum total of your privacy is the first mistake. The second mistake in his final sentence, is assuming that this is a fait accompli. Just because it's happening, doesn't mean we shouldn't be fighting it. Companies make lots of money by collecting information and selling/monetising it. User's don't really understand or directly/immediately/accountably experience the violations, so all we have to keep corporate greed in check are the privacy advocates, who get privacy, and are working to out the abuses in a way the average user can grok. Letting Seth get away with propagating this stuff hurts us all.
We don't like surprises
In the second part of his entry, Seth attempts to boil privacy reactions to not be about privacy, but rather the fact that we don't like surprises. The obvious rebuttal to this is that lots of people do like surprises. Personally, I hate it when I know what my wife is getting me for my birthday. There's nothing intrinsic to a surprise that should make it a negative, or use it as a design guideline for developers. So if we are to be chartiable to Seth's argument, possibly he meant, we don't like bad surprises. This makes sense, nobody likes getting mugged for example. But, in the end, the "surprise" part appears to have nothing to do with it, and the "bad" part has everything to do with it. It's the loss/trauma of the mugging that is bad, not that it was surprising. What this means, is that the charitable interpretation of Seth's point is: "Consumers don't like it when you do bad stuff with their data."
I wish Seth had analysed his argument, and realised that's what he was actually saying. Because, the next logical step is to realise that his advice to developers should be, to stop doing bad stuff with users data. Not, that it's too late to worry about privacy.
Since Seth didn't, I will, here's my advice to developers:
- Don't use data in a manner that does not benefit the user.
- If you must, gather actual consent, and only use the data in the consented to manner
- Allow the user to opt-out, and still retain some service either up-front or at a later stage
In the end, Seth has propagated a lie that many before him have told. He's just a big public figure. Privacy is hard, you can't knee jerk it. Online/electronic privacy is an active field of research, and improvements should be supported not put down with tired throw-away lines. What's more, technical ways of doing this are available and should be investigated, no matter their surprise value.
P.S. If you're interested in this, you may also enjoy my rebuttal of Paul Rubin.