Fallacies About Privacy
posted by Daniel Solove
In today’s Wall Street Journal, Gordon Crovitz has an op-ed arguing that we’ve gotten over privacy:
We seem to be following the advice of Scott McNealy, chairman of Sun Microsystems, who in 1999 said, “You have zero privacy anyway. Get over it.” And the observation by Oracle CEO Larry Ellison: “The privacy you’re concerned about is largely an illusion. All you have to give up is your illusions, not any of your privacy.”
These comments could be dismissed as technology executives trying to minimize complaints about technology. But whatever we say about how much we value privacy, a close look at our actual behavior suggests we have gotten over it. A recent study by AOL of privacy in Britain found that 84% of people said they would not disclose details about their income online, but in fact 89% of them willingly did.
Crovitz makes a common argument — that the fact that people express concern over their privacy but do little to protect it demonstrates that they could really care less about privacy. In my book, Understanding Privacy, I argue that this reasoning is flawed. People might be generally concerned about their privacy but not realize the specific ways that their personal information will be used when they give it out. People give out bits of data here and there, and each individual disclosure to one particular entity might be relatively innocuous. But when the data is combined, it starts to become a lot more telling about a person’s tastes and habits.
Crovitz goes on to argue:
Amazon closely records our taste in books, Gmail scans our emails to deliver relevant ads, and electronic tolls track where we drive. Profiles on MySpace and Facebook are accessible, forever. . . .
Privacy remains a virtue, or at least we still say it does. But the balance has been tipped by other values, such as transparency, a free flow of information and physical security. We’re in the early stages of adapting to more digital and visible lives, with privacy expectations better defined by what we do than by what we say.
The fact that entities have information about us doesn’t mean that we don’t view privacy as valuable. First of all, Crovitz assumes that privacy is about hiding away our information from everybody but ourselves. But this is a far too narrow way to understand privacy. In Understanding Privacy, I argue that “privacy” is not just one thing, but a group of related things. For example, there are many privacy problems that Crovitz overlooks in his analysis. It’s true, for example, that Amazon records our tastes in books. I shop on Amazon.com and I like its book recommendation service. But does that mean that I don’t care about my privacy? Far from it. I would be upset if Amazon kept the data insecure, if it didn’t inform me of the data it had, if it disclosed it to the government without my consent, if it started posting my book purchases online for the world to see, and so on. Caring about “privacy” is more than merely caring about hiding information.
For example, many people care about the privacy of their financial information, yet they share this data with banks, credit card companies, and various merchants. The fact that people give out this information doesn’t mean that they don’t care about “privacy.” In today’s Information Age, if people really wanted to keep all their information concealed, they’d have to live in a shack in the woods. The fact that people give out data in an age where it is nearly impossible not to do so has little bearing on the value of privacy. People give their financial data with the expectation that it will remain confidential, that it will only be used to carry out the bank’s functions or to process their commercial transactions. If the bank suddenly disclosed people’s bank records online, would Crovitz say: “Well, people don’t expect privacy in their financial information, so it’s no problem”? I don’t think so. That’s because privacy is a much more nuanced and complex concept than Crovitz has acknowledged. When privacy is understood as a pluralistic conception — as a group of related things — it becomes much more clear that people do value privacy.
August 25, 2008 at 2:45 pm
Posted in: Administrative Announcements
Print This Post
Responses (2)
Jim Graves - August 25, 2008 at 3:42 pm
The AOL privacy “study” has another serious flaw: the survey asked if people guard their income details, then asked for an income bracket. That proves nothing.
We need to move beyond this sort of half-baked “gotcha!” security study. We know people will give (something that sounds like, but might not actually be) their passwords for chocolate. We know they’ll pick up CDs and USB drives off the ground and put them in their computers. It’s not because they’re dumb, it’s because they’re people, and we’re still trying to figure out how to design decent security systems for actual people.
David Morgan - August 26, 2008 at 8:03 am
It should also be noted that not all the information that people “reveal” is accurate. I am not sure how often people complete web forms using misleading/incorrect personal information, but I suspect it is common practice.
Leave a Reply