Can a Market for Privacy Succeed?
posted by Frank Pasquale
Siva Vaidhyanathan has fascinating essay on the nature of privacy that challenges the individualistic ethos of many policy recommendations in the field. He describes our eroding lack of control of reputation-affecting information as a “nonopticon:”
What we have at work in America today is the opposite of a Panopticon: what has been called a “Nonopticon” (for lack of a better word). The Nonopticon describes a state of being watched without knowing it, or at least the extent of it. . . .We don’t know all the ways we are being recorded or profiled. We are not supposed to understand that we are the product of marketers as much as we are the market. And we are not supposed to consider the extent to which the state tracks our behavior and considers us all suspects in crimes yet to be imagined, let alone committed.
Vaidhyanathan suggests that we can only attempt to modify the “nonopticon” collectively, not individually. This goes against the grain of much progressive privacy policy. Scared of slow-footed or Procrustean government regulation, many advocates have hoped that a combination of market pressures, tailored contracts, and technology could let individuals set their own “privacy preferences.” For example, Ask.com “competes on privacy” with search engines like Google to give searchers a “right to delete” their digital dossiers. Many have expected that rational consumers will bargain in the marketplace for the privacy policies that best suit them.
I have long thought that such an approach all but guaranteed a ratcheting down of privacy protections. What better way to call attention to oneself than to be the one person bargaining for more privacy? Randy Picker’s blog has also brought to my attention the concept of “unraveling,” described as follows:
If I don’t smoke and if I went to buy life insurance tomorrow, I would want to disclose that fact to the insurance company. Insurance is priced based on a pool of risks, and as a nonsmoker, I want to be placed in a different pool than the smokers are in. But when I reveal that I am not a smoker, I set in motion a chain of inferences which should, on average, have the consequence of revealing that smokers are smokers, even if they never say anything. This is a standard result in information economics—we call it unraveling—and creates what we might think of as a privacy externality: when I reveal information about me, it has the consequence of revealing something about you.
Of course, as Picker notes, given the negative externalities of smoking, it may make perfect sense to encourage this sort of “unraveling.” But what happens when the unraveling (or, literarily, Unbinding) becomes more general? As Vaidhyanathan notes, self-help measures here may do little more than set off an arms race:
Every incentive in a market economy pushes companies to collect more and better data on us. Every incentive in a state bureaucracy encourages extensive surveillance. Only widespread political action can put a stop to it. Small changes, like better privacy policies by companies like Google and Amazon.com, are not going to make much difference in the long run, [Privacy scholar James A.] Rule argues. The challenge is too large and the risks too great. . . .”Self help” merely ratchets up the arms race of surveillance. Rule demands that we actively change the policies and actions of the state for the greater good.
I want to focus a bit more on the “self-help” point, and the types of sacrifices made to assure individual privacy preferences. I have been troubled by Google’s privacy practices for some time, but I am a heavy user of Gmail and cloud computing generally. It’s simply a matter of efficiency–if I were to use Lotus Notes (a default business email system), I’d be spending at least 10 more minutes a day just managing email. The Gmail interface is just that much better–especially in terms of searchability of messages.
Ten minutes may not sound like much time, but by the end of the week it’s over an hour of frustrating waiting avoided. So what happens when we find the efficiency and cost-savings of privacy-eroding innovations too great to ignore? Given the scarcity of time that nearly every professional faces nowadays, we are effectively required to adopt the privacy-eroding innovation.
Now perhaps the Gmail example will not convince those technically savvy enough to get all their communications dumped into a equally efficient email system. Still, consider the type of suspicions that might result if you were applying to a new job and said “By the way, in addition to requiring 2 weeks of vacation a year, I need to keep my email confidential.” The bargaining model is utterly inapt there. . . . just as it would have been for women to “bargain” for nondiscrimination policies, or mineworkers to bargain, one by one, for safety equipment.
As I wrote in another post, privacy might better be considered an “irreducibly social good” than some quantum of enjoyment individuals trade off for money. As Sunstein and Frank suggested in their work on CBA and relative position, given the importance of positional goods in today’s society, people who trade off safety/privacy/etc. will likely “outcompete” peers who won’t do so. They will have more money, and can thereby purchase better homes, send their children to better schools, afford better health insurance, and generally enjoy a higher standard of living than those who take the monetary and time-wasting sacrifices entailed by demanding greater privacy.
Though Sunstein and Frank were inspired by health and safety regulations, their work’s upshot applies equally well to privacy:
When a regulation requires all [individuals to purchase] additional [privacy], each . . . gives up the same amount of other goods, so no [one] experiences a decline in relative living standards. The upshot is that an individual will value an across-the-board increase in [privacy] much more highly than an increase in [privacy] that he alone purchases.
A collective commitment to privacy may be far more valuable than a private, transactional approach that all but guarantees a “race to the bottom.” The big question, of course, is whether such rules would effectively “cripple” innovative companies like Google and prevent the development of interfaces like Gmail. Here, I can only suggest that we watch what Europe does. For example, its privacy regulators led the way in requiring certain concessions of Google, and those do not appear to have crippled the company. My main point is just that to the extent we want privacy, it may be something that can only be achieved collectively–by its very nature it may well be a good that is impossible for the market to provide, because the very act of bargaining for it in some ways lessens its value (by suggesting, however errantly, that the bargainer has “something to hide.”).
Photo Credit: Glutnix.
February 15, 2008 at 10:57 am
Posted in: Privacy
Print This Post
Responses (5)
Logical Extremes - February 15, 2008 at 11:28 am
Thank you! This is the first article I’ve seen that effectively distills the privacy dilemma encountered by individuals, i.e., the problem of drawing attention to yourself (and consuming additional personal resources) by objecting to privacy intrusions. Unfortunately, I don’t see much hope for an end to the arms race, one that only the most technically savvy individuals can stay ahead in.
geoff - February 15, 2008 at 12:31 pm
As always, you presume markets fail. Ask.com (and you don’t even mention Microsoft’s privacy principles) “competes on privacy,” but a simple wave of the hands and . . . presto–that’s meaningless. If your premise is true–that people other than you care about privacy–then market responses will cater to that, and will do so in creative ways that minimize the problems of self identification. And if people don’t have the demand for privacy that you do, then your efforts to impose your values on society should rightly fail.
What most gets me is the proffered (as usual, unsupported) presumption that business would never sacrifice access to your private information (or its ability to discriminate or to indiscriminately kill and maim mine workers) without coercion. Your concerns rest substantially on this flimsy notion of business intransigence. But competition in this space as in others is very real. Google may prefer to maintain as much access as possible to your private information, but that is an opportunity for Microsoft and Ask.com to differentiate themselves in the market against the market leader. You don’t think that’s incentive enough? You think Microsoft’s need to propagate the “nonopticon” is so strong that it will just ignore competitive pressures and allow itself to disappear into Google’s jet stream? Hardly.
Maryland Conservatarian - February 16, 2008 at 1:52 pm
…and let’s not forget the privacy enhancements that a universal health insurance plan will not doubt endow us with.
Private business wants my info because they want to convince me to give them my money; for the government, it just makes it easier for them to take it.
Logical Extremes - February 16, 2008 at 4:30 pm
@geoff, the two main problems with the pure market approach are:
1. When (if !) the market reacts satisfactorily, damage has already occurred (and there’s really no clean-up for the internet).
2. The market may address the concerns of many people, but that can easily leave the minority out in the cold. Rights can be protected without undue burden on the affected corporations or on uninterested individuals.
P.S. I suspect that the “wave of the hands” may really have been a reference to the flawed way in which Ask.com implements their scheme. You may not be aware of the significant shortcomings of Ask.com’s approach.
Jardinero1 - May 15, 2009 at 8:19 pm
The problem with the handwringing about privacy is that the handwringing is about a service which is essentially, non-essential. Google didn’t exist sixteen years ago and we could live without it today. It isn’t anything at all like food, water or a roof over your head. A little perspective is in order. Why regulate something you don’t need? Your typical Googler is using the service to troll for crap to buy or entertain himself with and their privacy vis a vis consumption and entertainment is really not that important to them. Why would we invite a collective(euphemistically government) solution to a problem that the vast majority of users can’t even see; with a service that is basically a luxury. What’s next on the hit list for regulation: Rolex, Louis Vuitton, Gumps?
The second issue I have is with, well, I’ll just say it: sloth. Mr Pasquale wants privacy and admits he could have it if he used, among other things, Lotus notes. But his privacy just is not worth those extra ten minutes a day. It’s much easier to use Gmail and spend hours researching, writing and arguing for his preferred collective(I suppose governmentally coerced) solution. Gee, thanks. I would rather you spend the extra ten minutes on Lotus notes, rather than imposing your solution on me. I’ll just opt out of using Google if I feel they are imposing on me. I won’t be able to opt out of a collective solution.
Leave a Reply