A Response to Seth Godin's "The Illusion of Privacy"

Dominic White

 

A Response to Seth Godin's "The Illusion of Privacy"

Seth Godin is a smart guy, and people listen to what he says, but he's recently ventured into an area he knows little about, privacy, and made some mistakes I feel should be corrected.

Seth lays out two claims, the first is that we have no privacy, and the second is that consumer "privacy scares" are actually just because consumers don't like surprises. The first is the most important. It's something you hear all the time, and it damages the potential work privacy advocates and developers can achieve.

You have no privacy

The first mistake Seth has made, is to assume that he knows anything about privacy. As Iain Currie points out in his excellent paper "Some implications of a dignity-based conception of privacy":

[Much] writing about privacy tends to be ‘intuitionist’. This is a form of moral argumentation that relies on people’s innate intuitions of right and wrong. [] The difficulty with [intuitionism] is the unreliability of its results. What some people experience as shameful violations of privacy, others do not. A more general problem with intuition as a basis for ethical decision-making is that some extrinsic quality-control measure always seems to be required to test the rightness of one’s intuitions. The fact that a lot of people feel strong moral revulsion at, say, the idea of interracial or homosexual sex is generally not thought to be a good reason for judging those practices as immoral.

It turns out that privacy is actually quite a tricky concept, and both the fields of moral philosophy and law have spent a considerable amount of nailing it down. I tweeted that a good place to start any readings on privacy, is the Stanford Encyclopaedia of Philosophy's entry on the matter. Just wading in to the field and declaring that credit card, phone and web logs are the sum total of your privacy is the first mistake. The second mistake in his final sentence, is assuming that this is a fait accompli. Just because it's happening, doesn't mean we shouldn't be fighting it. Companies make lots of money by collecting information and selling/monetising it. User's don't really understand or directly/immediately/accountably experience the violations, so all we have to keep corporate greed in check are the privacy advocates, who get privacy, and are working to out the abuses in a way the average user can grok. Letting Seth get away with propagating this stuff hurts us all.

We don't like surprises

In the second part of his entry, Seth attempts to boil privacy reactions to not be about privacy, but rather the fact that we don't like surprises. The obvious rebuttal to this is that lots of people do like surprises. Personally, I hate it when I know what my wife is getting me for my birthday. There's nothing intrinsic to a surprise that should make it a negative, or use it as a design guideline for developers. So if we are to be chartiable to Seth's argument, possibly he meant, we don't like bad surprises. This makes sense, nobody likes getting mugged for example. But, in the end, the "surprise" part appears to have nothing to do with it, and the "bad" part has everything to do with it. It's the loss/trauma of the mugging that is bad, not that it was surprising. What this means, is that the charitable interpretation of Seth's point is: "Consumers don't like it when you do bad stuff with their data."

I wish Seth had analysed his argument, and realised that's what he was actually saying. Because, the next logical step is to realise that his advice to developers should be, to stop doing bad stuff with users data. Not, that it's too late to worry about privacy.

Since Seth didn't, I will, here's my advice to developers:

  1. Don't use data in a manner that does not benefit the user.
  2. If you must, gather actual consent, and only use the data in the consented to manner
  3. Allow the user to opt-out, and still retain some service either up-front or at a later stage

Conclusion

In the end, Seth has propagated a lie that many before him have told. He's just a big public figure. Privacy is hard, you can't knee jerk it. Online/electronic privacy is an active field of research, and improvements should be supported not put down with tired throw-away lines. What's more, technical ways of doing this are available and should be investigated, no matter their surprise value.

P.S. If you're interested in this, you may also enjoy my rebuttal of Paul Rubin.

Friday, February 17. 2012
Posted by Dominic White in Privacy
Comments (8) | Trackbacks (0)

 

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

#1 Jonathan Hitchcock wrote (Link) (Reply)
Posted on Saturday, February 18. 2012
You're rather oversimplifying Seth's "surprise" argument there. He gives a good example of a way in which a company can give us a "good surprise", based on information which we know it has, which we would find objectionable. If your bank knows that you have been spending a lot of time in brothels, because it can see the charges on your card, you know this. But you only find it objectionable when it sends you a gift-certificate to have a VD test. That's a nice thing to do, but you're suddenly upset. I would suggest that it is "using your information in ways which you didn't expect" (i.e. to profile you as having VD, in this case; or to profile you on a separate, book-selling website, in another case) that is angering you, which does tie into the surprise thing, and has nothing to do with "bad" or "good". In fact, your labelling it "bad" is an intuitionist judgement itself, it seems.
 
#1.1 Dominic White wrote (Link) (Reply)
Posted on Monday, February 20. 2012
I'm not sure if you made a typo but I don't see how the bank doing something objectionable (synonym bad) with data we know it has is a "good surprise." That aside, you're right that I didn't define good/bad, but that was in the interests of space not an intuitionist argument. Even then, my take on it doesn't matter as Seth is talking about "people in general" it seems. I'm happy to replace "bad" with a middle ground based on an inversion of the "guidelines" that fits with your take somewhat. How's this: "People don't like their data being used in un-consented ways that do not benefit them." Which, as an aside, is the concept driving much privacy legislation, including our own POPI bill.
 
#1.1.1 Jonathan Hitchcock wrote (Link) (Reply)
Posted on Monday, February 20. 2012
Sending somebody a gift certificate is nice, not "objectionable". There you go being intuitionist again. And, no, your new statement still doesn't work. A website using your data to recommend the books you might want to buy is beneficial (as is the gift certificate).
 
#1.1.1.1 Dominic White wrote (Link) (Reply)
Posted on Monday, February 20. 2012
You said: "X, which we would find objectionable" I said: "something objectionable is not good" You said: "X is nice, not 'objectionable'" Looks like you're contradicting yourself? Second part: You said "X is beneficial (as is the gift certificate)" I said: "ways that do not benefit them" No clash.
 
#1.1.1.1.1 Jonathan Hitchcock wrote (Link) (Reply)
Posted on Monday, February 20. 2012
Sorry, let me try one more time, without getting my words garbled. We *do* find the gift card objectionable, and we *do* think that a website using our data to profile us objectionable. However, both of these things *are* nice or beneficial to us - we get a free gift card, and we get better recommendations. Thus I am challenging you saying "doing bad stuff with their data" or "use data in a way that does not benefit them". Neither of those two actions were inherently bad or unbeneficial. I posited that the reason we don't like those actions is because we did not expect our data to be used like that, regardless of whether it was nice or not. It's the surprise thing that Seth was talking about. I guess we know abstractly that the bank *could* see that we'd been going to the brothel, but didn't actually expect that they would examine our data and actually interpret it and send us a gift card for a VD test.
 
#1.1.1.1.1.1 Dominic wrote (Link) (Reply)
Posted on Tuesday, May 22. 2012
Ok, nice formulation. If it is the surprise part that we don't like, then would removing the surprise make it alright? If you knew your bank would inspect your purchases and, for example, send you the VD testing card every time you visited a brothel, would that be ok? Or phrased in the context of actual events, if you knew the bank would hand your transactions over to a repressive government potentially disclosing your activist activities, or send a congratulations on coming out card to your home address before you told your father (based on your counseling activities). My guess is that wouldn't be okay, and people would prefer not to have the bank track them at this level. Of course, there are more positive examples; sending you a gift voucher on your birthday or congratulating you on the birth of a child. But, if that comes at the cost of the above, maybe we just want the bank to provide a really good banking service, and not track us. So in the end, maybe I should rephrase it to include that consumers don't like the possibility (or instance) of badness being highlighted (or occurring) if the benefit does not justify it, or something equally clumsy. I still don't think the actual problem is the surprise. Surprise is just how a sudden realisation of what's actually happening manifests.
 
#1.1.1.1.1.1.1 Jonathan Hitchcock wrote (Link) (Reply)
Posted on Tuesday, May 22. 2012
If the bank said up front what it was going to do with the data, and what it was going to do was not harmful, I think most people would have absolutely no problem with it. Obviously if the bank said "we are going to hand your info over to a repressive government", the users would not be keen. But that is because that is an inherently harmful thing. As is the coming out card that your dad sees. Those are just obviously bad things that nobody wants. But if a site says "we're going to gather data about you and use it to improve recommendations" people *do* opt in and have no problem with it. So, we come down to: people don't like surprises, and people don't like bad things. Nothing really revolutionary there.
 
#1.1.1.1.1.1.1.1 Dominic White wrote (Link) (Reply)
Posted on Friday, June 8. 2012
I think you may be trying to separate "we're going to gather data about you and use it to improve recommendations" and the bad things. I guess my argument is that "we're going to gather data about you and use it to improve recommendations" implies the bad things. It's usually not even intentional.
 

Add Comment