[ NNSquad ] Web Privacy Is Obsolete! So Now What?

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ NNSquad ] Web Privacy Is Obsolete! So Now What?
To: nnsquad@nnsquad.org
Subject: [ NNSquad ] Web Privacy Is Obsolete! So Now What?
From: Lauren Weinstein <lauren@vortex.com>
Date: Sat, 11 Jun 2011 12:58:12 -0700

                    Web Privacy Is Obsolete! So Now What?

                http://lauren.vortex.com/archive/000866.html


"It's all too damn complicated!"

I can't begin to count the vast number of times that people -- and not
just non-techies -- have made this comment to me regarding privacy on
Web sites (with the word "damn" frequently replaced with significantly
more colorful invectives).

Such bitter reactions are understandable.  Most folks just want to get
about their business of accessing Web sites and services, without
feeling that a prerequisite for safe use is a prophylactic graduate
course in privacy law -- notwithstanding sites that do make determined
efforts to present privacy-related data (e.g. via "dashboards" and
other formats) in a comprehensive manner.

Even when users fully understand the terminologies and principles
involved, often tortuous and labyrinthine privacy preference settings
can be the "salt in the wound" that causes many persons to throw up
their arms in despair.

Faced with such situations, a common reaction is to either just accept
the default privacy preferences as is, or, depending on personal
proclivities, abandon the involved sites altogether.

Neither of these "all or nothing" reactions are good ones.  Users who
accept defaults that they later consider to be too "lax" regarding
privacy are likely to be quite upset.  Users who refuse to even use a
site in the first place may be depriving themselves of services that
they actually would have found valuable, perhaps in major ways.

Yet Internet privacy issues are complex by definition, and will
continue to become increasingly convoluted as newer technologies like
location-based services, face recognition systems, and who knows what
else -- increasingly come broadly online.

This leads to users often having settings that do not accurately
represent the privacy preferences that they had assumed were actually
in place.

Recently, in "Do-Not-Track, Doctor Who, and a Constellation of
Confusion" ( http://j.mp/kklr7o [Lauren's Blog] ), I suggested that an
accurate assessment of Web site privacy parameters actually entailed a
multidimensional "constellation" of issues, and that most current ways
of looking at Web privacy were actually far too simplistic.

But given that privacy settings today are already frequently far too
complex and ephemeral from the users' standpoint, and subject to
additions, removals, reorganizations, and other confusions with little
or no advance notice to users, how can we possibly consider the
necessary additional privacy aspects and interactions that will be key
to a reasoned and balanced approach to privacy concerns moving
forward?

Even viewed from the standpoint of today's status quo in this area,
it's time to admit that the methods we're providing users to control
their privacy preferences at most Web sites have become woefully
inadequate and obsolete.

Worse yet, the sorts of solutions being touted by various government
and other entities -- such as simplistic "Do-Not-Track" systems -- are
virtually guaranteed to take the current situation and make it far
worse in many ways ( http://j.mp/kklr7o [Lauren's Blog] ).

Attempting to mandate such Do-Not-Track mechanisms to deal with
privacy concerns is akin to destroying a beehive with a nuclear bomb.
Not only will there be enormous and spreading collateral damage, but
an entire range of useful and important attributes associated with
behavioral targeting and other technologies will be indiscriminately
obliterated in the process, to the ultimate detriment of Web users.

We can do much better.

As a starting point, we need to come to grips with the fact that
facing users with a barrage of complex and often interrelated opt-in,
opt-out, and other privacy preference settings will typically do more
harm then good.  As we've seen, users will tend to "tune out" options
with too much complexity, with the strong potential for both users and
services being dissatisfied with the results down the line.

But at least under the hood of Web services, the complex,
multidimensional constellation of detailed settings will need to
exist, to meet an increasing list of technical, legal, and policy
requirements.

Is there a practical way to provide users with a more useful and
accessible means of specifying their privacy preferences in most
cases, while shielding them from the increasingly complex array of
internal privacy-related settings, especially as these are augmented
and change in other ways over time?

An approach that I feel is worth considering involves what I call User
Privacy Preference Themes (UPPTs).

The idea is fundamentally straightforward.

Most of us tend to fall into a relatively small set of categories
regarding our personal privacy concerns.  Some of us are willing to
broadly share information, including for example location data -- but
only to our friends or other associates.  Other persons are open to
even broader sharing beyond such circles.  And some persons would
prefer to share as little data as possible, and want to stay as
anonymous as is practicable.

I believe it is possible to create a "mapping" between these and other
comparatively generic "personal privacy sensibility sets" regarding
privacy issues, and use this analysis to create broad "privacy
preference themes" -- that themselves can be used internally to select
many detailed privacy settings -- based on the aspects of each
individual theme itself.

In other words, if we know that someone has declared themselves to be
a user of the "glad to share info with friends" theme, this knowledge
can be employed to reasonably anticipate and control the settings of a
large number of individual privacy-related parameters on a site for
that user, and to make a reasonable judgment as to how this person
would likely want their settings configured for new features that may
later be deployed.

The same sort of process would hold true for users selecting other
privacy preference themes as well.

Best practices would still necessitate that sites clearly notify users
when significant privacy preference options have been extended with
new features or otherwise altered, and users would naturally still
have access to (and control of) all detailed privacy settings on
demand.

But by starting from the baseline of a user's privacy preference theme
choice -- their UPPT -- and using that as a guide for future
individualized defaults as new privacy-related technologies augment
the existing environments, users are likely to be far more satisfied.
Their settings associated with these new capabilities will already
likely be "in sync" with their historical preferences related to data
sharing, behavioral targeting, and the many other aspects of sites
that can be important both to users and to the functioning viability
of Web services themselves.

Users stand to gain mightily from such an approach.  User privacy
preference themes could provide a means to help assure that individual
privacy-related settings are optimally configured not only to protect
data and functions as each specific user expects, but also to enable
users' maximal engagement with those aspects of sites that they have
chosen to access.

Unlike a complex array of detailed privacy settings that default the
same way for everyone, or the "feature obliteration" doomsday approach
of Do-Not-Track, individualized UPPTs could provide a framework for a
highly customized approach to privacy preferences, capable of dealing
with extremely complex preference constellations, without requiring
users to manually analyze and manipulate the detailed settings
incorporated within these environments, unless they prefer to do so.

Obviously, practical implementation of this concept would likely not
be trivial -- but I believe that this approach is a practical one with
potentially major benefits for both Web users and services.  I have a
pile additional details and thoughts on this that I'd be happy to
share, though currently they are not in a suitable form for public
posting.

We need to bite the bullet, and admit that while privacy issues are
critical to the Web, our traditional approaches to dealing with this
area are increasing frayed, tattered, and entangling users in a
confusing mess rather than helping them.

Nor is cutting off our nose to spite our face, in the manner of
Do-Not-Track, the best way to help users navigate privacy issues
without potentially crippling many of the very services that they most
wish to use.

Singing the same old songs regarding Web privacy may feel reassuring,
but no longer is a practical path.  Perhaps some new "themes" will
help to get us back into tune with the best interests of Internet
users and of the Web at large.

--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org
Founder:
 - Network Neutrality Squad: http://www.nnsquad.org
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
 - PRIVACY Forum: http://www.vortex.com
Member: ACM Committee on Computers and Public Policy
Blog: http://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein 
Google Buzz: http://j.mp/laurenbuzz 
Tel: +1 (818) 225-2800 / Skype: vortex.com
Prev by Date: [ NNSquad ] CNN Money: "The checkered past of Groupon's chairman"
Next by Date: [ NNSquad ] Google's Eric Schmidt on CNN - Restoring the American Dream: How to Innovate
Previous by thread: [ NNSquad ] CNN Money: "The checkered past of Groupon's chairman"
Next by thread: [ NNSquad ] Google's Eric Schmidt on CNN - Restoring the American Dream: How to Innovate
Index(es):
- Date
- Thread