Privacy paradoxes

With the growth of big data and the increasing digitisation of our lives, the media seems to be discussing privacy more and more. In a recent example, iOS users who downloaded Pokemon Go were asked to provide “full access” to their Google account due to an error. The FCC is also proposing a whole host of new privacy regulations for ISPs that would, however, require the FCC to have extensive access to internet traffic to effectively enforce them. When it comes to the internet and privacy, there are a number of contradictions and conflicts. This post will explore three privacy paradoxes of the modern age.

Paradox 1: Local or global?

Digital data is less and less grounded in physical locations. The proliferation of cloud services like Dropbox and iCloud highlight the current move towards storing data digitally so that it can be easily accessed from any device and kept in sync rather than local data storage that is tightly controlled. This ethereal data that lives in “the cloud” often involves data crossing borders and raises questions about what laws and regulations apply to the data itself, particularly for businesses. Are the laws of the country that is hosting the data where the servers are physically based the most relevant? The country where the company that owns the data is based? How about the country where the company collected the data or even where the company is headquartered? These could be four different countries, each with their own privacy regulations which may or may not apply.

This highlights the complexity of trying to apply local legislation to a global medium. As the borders between countries are breaking down and we are increasingly interacting and trading information via the internet, the accompanying regulation also needs to evolve. One answer to this is strict regulation about data crossing boundaries. New Zealand has controls in place around data being transferred internationally for privacy reasons. There is an increasing trend towards regulation around cross-border data flows and rules around data storage. However, this feels like a somewhat futile effort — what about data that New Zealanders enter on an international site with servers based outside the country? What about data that is collected internationally to begin with — a redirect from an NZ site to an international one with servers based offshore?

The controls in place seem to be lagging behind the technology itself. Big data has led companies to collect as much data as possible, often with no specific purpose in mind. This makes it particularly concerning that the location of the data and the regulation around it is so fluid. This would tend to suggest that a more global approach is required for a medium as international as the internet. This is certainly what the UN seem to be pursuing by appointing a global privacy expert to help protect our right to privacy especially with regards to increasing online surveillance.

Paradox 2: Open internet or protect privacy?

Privacy, as the UN’s actions show, is considered to be a human right. It is an ideal that we value. However, another ideal that we hold in high regard is that of an open internet. The internet has been discussed as a democratising force, for example social media can and has been used to support social activism and internet freedom has been described as a “global ideal”.

There is a deep and fundamental contradiction between these two rights and one major struggle that we face as a society is finding a balance between these conflicting ideals. Despite what we are told by surveillance advocates, privacy matters. In a TED talk from 2014, Glenn Greenwald explains that privacy matters because of the things we are only willing to do if no one else is watching. These might be innocuous, like singing in the shower, or could extend to dissident political activity. Greenwald reminds us that a truly free society should be judged by how it treats its dissidents, not its model citizens. So our privacy should be protected.

However, we are also accustomed to an open internet, where we can interact freely and without major restrictions for commercial purposes, personal entertainment, to express our opinions and connect with our friends. We believe that we should be able to do this — to have access to services like social media where we can share everything from photos of our food and stories about our pets to commiseration about terrorist attacks. In fact, the “cute cat theory of digital activism” states that sites used by broad cross-sections of the population are difficult for restrictive regimes to shut down, demonstrating that people expect, value or perhaps even demand a high level of freedom online even in countries where people are accustomed to a lower level of freedom.

I do not believe that there are any simple answers to these conflicting ideals, but that society will have to keep negotiating the interplay and balance between them. With awareness we might start working our way towards a more deliberate balance rather than one that evolves of its own accord.

We’re concerned about our privacy, but we keep doing the same things: the ultimate privacy paradox?

We claim in polls that we are concerned about our privacy, particularly in an online context. In the same poll, we even went so far as to claim that we are not willing to trade our privacy for convenience. However, there is no evidence that our behaviour is matching these claims.

Online platforms and services that offer free access in return for the right to sell our data to advertisers or other companies are hugely successful. We’re more than happy to curate and post moments of our lives on a variety of social media. There is no evidence that our behaviour is matching our claimed levels of concern.

Possible reasons behind this were thoroughly discussed in a recent Harvard Business review article. A few key points from this article stand out to me:

  • privacy is a nebulous concept that is hard to tangibly experience or consider when making online decisions;
  • we are pack animals and tend to follow social norms including those relating to online behaviour;
  • often we don’t understand the implications of what we are sharing including how this data could be combined with other sources of information; and
  • we feel more comfortable sharing information with a computer than we would when speaking to another person.

I believe that all of these are particularly strong drivers of the discrepancy between our concerns and our behaviour. Privacy is, as the article highlights, an abstract concept that can be difficult to directly connect with our own actions. As sites and services gain momentum and gain in popularity, I can also understand how people are likely to trust them and perhaps not evaluate the fine print too closely. Once a certain tipping point is reached, I can also understand how people may feel that they need to belong to the service and do not have a choice. The combination of data from different sources is particularly concerning in the big data era in which we live — with some research suggesting that it is impossible to truly anonymise data as big data can be used to create models that are likely to reveal personal information. The effect of combining data from disparate sources is also something that is unlikely to occur to many people when they are providing information. I believe the last point is particularly salient — we feel very connected with and invested in our online lives, but it never feels quite as real as our day to day existence. Evidence of this can be seen in almost any online comments sections where multitudes of people feel free to express their opinions more strongly and aggressively than many of them would in a face-to-face discussion.

When it comes to the issue of privacy, particularly in an online context, it appears as though we pay it not much more than lip service. Ultimately, the consequences of this paradox are fairly clear: until our online behaviour starts to accurately reflect our privacy concerns, companies and governments are unlikely to change the way they operate. No one will value our privacy as highly as we claim to until our own choices and behaviour start protecting our privacy.