#ItsYourData, Obama, and going beyond “privacy”
President Obama gave a keynote address today at South by Southwest. He talked in part about phone security and encryption, charged topics in light of the ongoing battle between Apple and the FBI. In a characteristic move, Obama urged conciliation and seeking middle ground: “I’m not a technical expert, but let’s not be absolutists about this whole ‘backdoor key’ thing.” It was nothing surprising, even if it inspired strong words from some. The most interesting thing about Obama’s remarks on security and privacy was a stray metaphor.
“Everybody’s walking around with a Swiss bank account in their pocket. So there has to be some concession, for a need to get into that information somehow,” Obama said. The “Swiss bank” is your un-backdoored phone, wherein your data is supposedly locked away from government access as surely as if it were in a Zurich vault. Obama clearly meant to make this sound like an undesirable outcome, but what about his analogy made having a secure phone sound bad? Swiss bank accounts are associated with privilege, but they’re not illegal. And Obama is no Bernie Sanders when it comes to anti-bank rhetoric. So is securing money permissible and good in a way that securing data — including the data that allows you to access and move money — is not? Why is it OK to place certain valuable things beyond the easy reach of the United States government, but not others?
My analysis is a little unkind to Obama’s throwaway line, but there’s an important point here: We don’t value user data properly. We don’t even seem to know how to go about valuing it. This isn’t a question of attaching a dollar value to the texts, emails, photos, login credentials and everything else you generate and store on your phone, though that would be a worthwhile exercise. At a more basic level, we haven’t had a real conversation about who should control user data, and what benefits accrue from doing so. In Apple’s struggle with the FBI and similar cases, we see the emerging outlines of an important debate that is as much about control and value as it is conventional security and “privacy.” As it happens, one of Obama’s subordinates is subtly giving us some of the help we need in fleshing out the terms of this discussion.
Yesterday, Federal Communications Commission chair Tom Wheeler took to Twitter to campaign for digital privacy:
Wheeler has proposed rules that will regulate the ability of Internet service providers, such as Comcast and Time Warner, to mine user data and share it for profit with advertisers and others. As Wheeler specifies in an op-ed outlining his proposal, he’s not advocating banning ISPs from mining data and sharing it: “This is not to say network providers shouldn’t be able to use information they collect — only that since it is your information, you should decide whether they can do so. This isn’t about prohibition; it’s about permission.” Wheeler’s proposal is mostly about making sure ISPs are transparent about what they’re doing, so that in turn, users understand how their data is actually used.
All of which may sound like “common sense,” to adopt Wheeler’s phrasing. Yet what would it really mean for us to conceive of our digital data as “ours”? In a legal and political theory sense, given that we live in a liberal democracy, it probably means that data would be viewed as a form of private property. We have copyright protections for what we create digitally, so there’s already a legal regime partially in place. But is any form of property, intellectual or otherwise, treated as fungibly as the data we trust to ISPs and services and platforms such as Gmail, Facebook, et al?
Unless you’re proactively preventing third parties from accessing your data — through encrypting your communications, for instance — you don’t exercise the kind of control over your emails, photos, and messages that you do over your car. If I took your car and drove it somewhere for my own benefit without your express permission, you’d consider that theft. If I appropriate information you transmit over a social media app I built and share it in some form with advertisers to make money… do we really know how to think about who owns what in that obscured transaction? That example is familiar to all of us, it’s legal, and after all, you’re willingly using someone else’s platform. And to be sure, we find ourselves in this strange position because digital data is so easy to copy and move and has other qualities that make it unlike a cow or a fridge. Yet we simply haven’t done the collective work of thinking through the implications of what it means to be so fuzzy about who controls or benefits from our data. Jaron Lanier and others have taken their stabs at the problem. But given how much value user data creates when aggregated (look at Google or Facebook’s market capitalization numbers to confirm this), reconciling what it means to possess it remains a hugely important, badly under-addressed issue.
Calling something “property” doesn’t necessarily solve anything. I don’t believe that treating data as private property is a utopian end goal. My aim above was to illustrate the deficiencies in our current under-articulated approach to protecting user data. We need a discourse that goes well beyond “privacy” vs. state authority. As encryption advocates are fond of saying, a fight over crypto backdoors is not a question of freedom versus authority, but of two competing ways of conceiving of the basic user safety that both sides claim to be trying to achieve. In a similar way, if you say you’re on the side of users in a digital space, you are always in a concrete sense on the side of their data — protecting it, treating it as important. Obama and Wheeler would probably both be in nominal agreement with me on that. Yet Wheeler is pushing for clarity around who should control what, whereas Obama is implying a kind of conceptual muddiness that’s become all too familiar when these topics arise. What the divergence in their rhetoric shows is just how far we are from even having the lexicon we need to talk about what’s right for ordinary Internet users.