As many expected would happen, Mark Zuckerberg did an op-ed column with a mild about face on Facebook’s privacy changes. Coming soon, you will be able to opt out of having your basic information defined as “public” and exposed to outside web sites. Facebook has a long pattern of introducing a new feature with major privacy issues, being surprised by a storm of protest, and then offering a fix which helps somewhat, but often leaves things more exposed than they were before.
For a long time, the standard “solution” to privacy exposure problems has been to allow users to “opt out” and keep their data more private. Companies like to offer it, because the reality is that most people have never been exposed to a bad privacy invasion, and don’t bother to opt out. Privacy advocates ask for it because compared to the alternative — information exposure with no way around it — it seems like a win. The companies get what they want and keep the privacy crowd from getting too upset.
Sometimes privacy advocates will say that disclosure should be “opt in” — that systems should keep information private by default, and only let it out with the explicit approval of the user. Companies resist that for the same reason they like opt-out. Most people are lazy and stick with the defaults. They fear if they make something opt-in, they might as well not make it, unless they can make it so important that everybody will opt in. As indeed is the case with their service as a whole.
Neither option seems to work. If there were some way to have an actual negotiation between the users and a service, something better in the middle would be found. But we have no way to make that negotiation happen. Even if companies were willing to have negotiation of their “I Agree” click contracts, there is no way they would have the time to do it.
Some companies take opt-out so far, giving the user so much control over privacy settings that users become confused by the interface and don’t use it, or have trouble finding the settings they do want.
The reality is that opt out is often a cop-out alternative to finding a way to make things work without exposing data. There are systems which allow users to do useful functions, even social media, without making all that they do public. Not long ago, all applications ran on PCs and while they did all sorts of things with our data, the information never left your house. Companies like Flickr developed APIs so that programs running on home PCs could get access to private photos and do useful things with them, without exposing those photos to those who were not invited to see them. I believe there is a middle ground (which I write about on this blog under the name data hosting between handing all your data over to 3rd parties, and having to run everything on a home PC, that still offers more of the protections that the home PC had.
When we allow the opt-out cop-out, we may feel we can protect ourselves, but the privacy bar is lowered for the vast majority of users. But isn’t that their business? If they want to have no privacy, why should we interfere?
This is a difficult question with several subtle answers.
- As noted, most of these users say they want their privacy protected. They just don’t feel that strongly about it because they have not been exposed to a a major privacy invasion. Given the choice, they do want more protection.
- As users lower the bar on privacy, it becomes more and more difficult for people who want privacy to obtain it. “Everybody else is making everything public? What’s your problem?” “If you’re innocent, what do you have to hide?” Protecting other people’s privacy protects your own. This does not mean you have a paternalistic duty to protect them beyond what they truly want, but that it is reasonable to protect your own interests to fight for what they also want with less intensity.
- There is real danger that as the apparatus of a surveillance state are installed, even without being switched to “full surveillance” mode, you have changed the question to being one of just throwing that switch. When you permit the apparatus to exist, the switch will be thrown — and it has been thrown in many countries, and even in the USA with warrantless wiretaps.
- Police, juries and the general public don’t understand the danger of finding things in big seas of data that aren’t actually there. Even scientists trained not to do this sometimes fall prey to this mistake.
- Many shy people are just wired that way. In a non-privacy world, they are psychologically unable to participate.
- As I outlined last week, there is a market pressure to reduce privacy which must be countered. When a leader structures things so that 99% of users will take the default and 1% will opt-out to protect their privacy, the next competitor sees no need to even allow opting out to gain those few activist users.
After 9/11, it was commonly declared that we must give up some of our rights, particularly privacy, to get added security. And anybody who has flown knows this the result of this well — a travel-ruining experience that adds little. However, one post-9/11 step really did enhance security — stronger doors on the cockpits. These strong doors had no cost in civil rights.
We must push not to accept “you can opt out” as an answer. Instead we want the metaphorical strong cockpit door. It may be harder to do from an engineering standpoint, and in some cases it may not be possible at all, but it should always be striven for.
We’ll only be able to convince web sites to truly protect our rights if we can sit down and negotiate with them. Users can’t negotiate, and privacy control panels create the illusion of negotiating, but letting you tweak the terms. But you can only choose among the options they have decided they like. Opt-out control panels may seem like they enable user choice but they can actually harm it. Real choice comes only in being able to put your terms forward in negotiations. The only way users can negotiate with a company is as a group. They don’t actually have to be an organized group, but giving the users the illusion of choice dissolves their collective strength. It is a way to silence the troublemakers and keep the sheep in line, and those no victory for the user.