Obamas “Consumer Data Privacy in a Networked World: A Framework For Protecting Privacy and Promoting Innovation in the Global Economy”, better known as simply “privacy bill of rights” has made some headlines this year. Recently, since it was one of the topics at the EU Conference on Privacy and Protection of Personal Data held on March 19th, both in Washington DC and Brussels. The aim of the bill is to increase the privacy of consumers on the Internet and get closer to a common international privacy standard. Currently, the EU is known to have much stricter privacy regulation laws than the US and is working on a proposal for new data protection regulations. Now, the Obama administration created a draft for a new kind of privacy regulation to protect the privacy of consumers. However, critics state one major problem with the plan: It won’t become a law anytime soon. Instead, it is planned to create a more or less voluntary code of conduct that big corporations should commit themselves to. If they do, the FTC has the authority to enforce this commitment. This shows fundamentally different approaches to privacy protection in the US and EU. In the EU privacy is a human right while in the US it is more of a consumer right than anything.
However, I do find arguments in favor of this approach, this code of conduct, interesting. In an interview with a US civil liberty group it is argued that in an election year, it is hard to pass a law, which brings tougher regulations to corporations. Further, one problem with European privacy law, it is stated, is avoided: European law stated “protect peoples privacy” and nobody knows what that exactly means. Instead, the US approach gives this responsibility to the corporations: They have to define what it exactly means and then stick to it. And this is enforceable by the FTC. I personally think it is a nice touch that they want a “do not track button” in browsers, so consumers can turn off cookie tracking. This is one of the few, very concrete measures for privacy protection. I think that this bill is a big step forward in privacy protection in the US and that eventually it will find its way into a law. Until then, this privacy bill of rights is a good start: Amazon, Apple, Google, HP, Microsoft, and Research In Motion already confirmed that they would abide by new privacy principles. And it is definitely not the worst kind of press Obama can wish for in his election year.
A recent study published by researchers from Berlin and Cambridge performed an experiment where ultimately they let consumers choose between providing more information (less privacy) or paying more for a service (more privacy).
The setup was like this: Participants were given the choice to buy movie tickets at two online shops. Shop #1 asked for name, email and birth date. Shop #2 asked for the same information but additionally required the mobile phone number of the participant. For providing the phone number, shop #2 offered the movie ticket for 50 Euro cents less. The obvious choice (for me) would be to provide a fake phone number and pay less. However, this was not possible since phone numbers were checked against the true numbers of the participants.
The result: 71% of customers were willing to provide their phone number to pay 50 cents less for the movie ticket, 29% were willing to pay the premium for more privacy. At first sight this result looks quite shocking. To save just 50 cents people are willing to give up their personal privacy. The study takes a more positive spin in pointing out that 29% of the participants were willing to pay for their privacy.
While 50 cents sounds like a small amount and is good for a nice headline, I believe this should be seen in relation to the ticket price (which isn’t mentioned in the summary). In the long version of the study the ticket price is mentioned: The authors subsidized the ticket so the participant had to pay as little as €3 per piece. This means that people were willing to give up their privacy for a 17% price drop. This does not sound so little anymore and is quite an incentive to give up the phone number. A further contributing factor is that annoying marketing calls are still quite rare in the German region (in Austria at least) where the study was done. So giving up your phone number has little practical implications. I personally probably would have taken the cheaper ticket (yes, call me cheap!).
Following my last post about complete transparency of information to increase privacy the idea to record everything in our lives is intriguing. Something like surveillance of our personal lives. In police work this seems to be the near future, similar to Charles Stross‘s description in his novel Halting State (which is set in 2018). There, everything a police officer sees is recorded, wirelessly uploaded and indexed for future reference and proof. Body worn cameras are already used by police in the US and UK and there is a number of producers of such devices (e.g. TASER recently introduced stylish new Oakley glasses with cameras). From a police point of view it makes sense to have proof of all events for later use. However, it surprised me to read that human right groups endorse such measures and even demand that police wear such cameras. The campaigning group whennooneswatching.org with their four fingers campaign demand that all police officers must have cameras attached, that these must be switched on when interacting with the public and that this data must be made available on request. The aim is to reduce police brutality and to have proof of brutal police officers. However, as IPVM points out(subscription-based access), opponents argue that body worn cameras might cause officer hesitation due to fear of scrutiny and thus risk his or her life. I think this argument is flawed. If certain actions are necessary in police work they should be regulated within reason and if not they should be forbidden. In any case, police officers have to act within the law and thus should not be afraid of scrutiny. But body worn systems still have some drawbacks that have to be solved before they can be used to protect victims as the four fingers campaign envisions it:
- They have to be “always on”: Due to low battery life these systems have to be switched on when the officer sees fit. This has two disadvantages: First, the officer cannot concentrate on his job and instead has to deal with the device. Second, it is very likely that an officer will turn off the device if he or she thinks the video might incriminate him.
- They have to be “live”: Today, the videos can only be used forensically and are not uploaded on the fly (LTE might change that). Thus, the material can easily be altered afterwards.
- Access to videos: Access to videos for persons involved in an incident has to be allowed and have to be easy to manage.
I believe body worn cameras for police are just the first step. It gets really exciting when everyone records every event in their lives (does anyone remember justin.tv? Yes, it still exists!). Thus, no one has an advantage or disadvantage of information. In fact, anyone can do that already today, lifeloggers even made somewhat of a sport out of it. This concept is generally referred to as sousveillance, i.e. the inverse of surveillance (which deserves a blog post by itself). So if you are motivated to start lifelogging now, there are a number of products available that offer functionality to record everything we see (check out these cool sunglasses or this not-so-cool device). However, I doubt that it is legally ok to film strangers without informing them.
I read an interesting interview in Wired online with David Brin, an award-winning sci-fi author who deals in his book The Transparent Society with how privacy in our society might look like in the future. His concept states that it is unrealistic to try to stop surveillance of all parts of our lives and privacy protection laws just create the illusion of privacy. Because by passing privacy laws you restrict access to surveillance information and have to trust powerful authorities to abide to these laws. However, the powerful have no incentive not to break the laws; there is no measure in place to avoid usage of the available data (though I think there are technological solutions to that) – this reminds me of yesterdays story of how the richer you are the more likely your are to break rules.
In order to offer true privacy, Brin states, everyone needs freedom of access to all information, i.e. to level the playing field. If everyone of us has access to all video surveillance feeds, to Facebook data, to phone data, all the time, everyone has the same level of privacy and the freedom to know everything. In a way, this is like everyone is your Facebook friend.
I find this concept fascinating but cannot picture how society might work if this actually happens. It would mean that anyone can spy on their neighbors, that you can never be sure if your neighbor watches you. This would create a state where each of us watches themselves because who knows who is watching (in the sense of Foucaults Panopticon). Further, criminals can use it to determine when to rob a bank or a store or break in a building. For this reason, in our society today, power is not divided equally (and access to information is part of this power). For example, not everyone is allowed to carry guns, but the police is. And this makes sense in a way, otherwise we cannot have an executive branch of our government if it does not have the power to execute laws. So in practice it might be quite difficult to implement Brin’s concept. It would require a complete shift of how our society works today.
By the way, the Wired article is from 1996, where David Brin states that “in a decade, you’ll never know the cameras are there”. Well, clearly 16 years later we still know they are there and CCTV use has not yet exploded the way he might have predicted. However, through new technology, his transparent society already happens in a way, e.g. during protests, where both protesters as well as police use cameras to record events.