Paper Says Public Doesn't Know How To Keep Score In Privacy Discussion While Glossing Over Government Surveillance

Techdirt|Tim Cushing

Lawfare -- a blog primarily devoted defending the practices of spy agencies -- has released a paper authored by Benjamin Wittes and Jodie Liu that theorizes that the public's concern over privacy encroachments are -- if not overblown -- then failing to properly factor in the privacy "gains" they've obtained over the past several years.

The theory is solid, but the paper fails to differentiate between what sort of privacy losses people find acceptable and which ones they don't -- mainly by leaving privacy invasions by government entities almost completely undiscussed. It opens by quoting a scene from an old Woody Allen film in which the protagonist attempts to "hide" his purchase of porn at a magazine stand by purchasing several unrelated (and presumably uninteresting) magazines at the same time. This leads to the conclusion that people's ability to enjoy porn in private has risen with the advent of the internet, while simultaneously opening them up to data harvesters and internet companies less interested in personal privacy than selling users to advertisers.

True enough, but there's a big difference between exposing that information to the Googles of the world, rather than the surveillance agencies of the world. On one hand, Google and its competitors provide something in exchange for the privacy loss -- tailored ads, relevant search results, email, document creation platforms, etc. And there are still those -- a steadily-growing minority -- that realize Google's privacy invasions are often inseparable from the government's privacy invasions (via court orders, subpoenas and NSLs) and work hard to keep their personal information away from both. What the government offers in exchange for access to much of the same info is intangible: "security." While one might recognize the value of the first exchange, it's harder to sell the latter tradeoff, especially since intelligence agencies are much, much better at scooping up information than they are at loss -- tailored ads, relevant search results, email, document creation platforms, etc. And there are still those -- a steadily-growing minority -- that realize Google's privacy invasions are often inseparable from the government's privacy invasions (via court orders, subpoenas and NSLs) and work hard to keep their personal information away from both. What the government offers in exchange for access to much of the same info is intangible: "security." While one might recognize the value of the first exchange, it's harder to sell the latter tradeoff, especially since intelligence agencies are much, much better at scooping up information than they are at those -- a steadily-growing minority -- that realize Google's privacy invasions are often inseparable from the government's privacy invasions (via court orders, subpoenas and NSLs) and work hard to keep their personal information away from both. What the government offers in exchange for access to much of the same info is intangible: "security." While one might recognize the value of the first exchange, it's harder to sell the latter tradeoff, especially since intelligence agencies are much, much better at scooping up information than they are at loss -- tailored ads, relevant search results, email, document creation platforms, etc. And there are still those -- a steadily-growing minority -- that realize Google's privacy invasions are often inseparable from the government's privacy invasions (via court orders, subpoenas and NSLs) and work hard to keep their personal information away from both. What the government offers in exchange for access to much of the same info is intangible: "security." While one might recognize the value of the first exchange, it's harder to sell the latter tradeoff, especially since intelligence agencies are much, much better at scooping up information than they are at disseminating it.

A huge amount of technological development follows this basic pattern. Google and Microsoft and Yahoo! enable you to search for information privately—with data collection by the companies and possible retrieval by other actors as a consequence. Amazon lets you buy all sorts of products with nobody the wiser—but with your purchase history stored and mined for patterns.

Your smartphone lets you put all this capability in your pocket and take it with you— and thus also lets you use it more and record your location along the way. That information too is then subject to retrieval. Facebook allows you to identify discrete groups of people with whom you want to share material—yet it stores your actions for processing and retrieval as you go. In our mental tabulation of gain and loss, we tend to count only one side of the ledger, pocketing what we have won as though it were of no privacy value while bemoaning what we have given up.

Even more mischievously, when we do acknowledge the gains, we tend to redefine them as gains in something other than privacy. We define them, most commonly, as mere convenience or efficiency gains—a dismissive description that implies we have won something inconsequential or time-saving while giving up something profound. But the construction leaves us with a distorted and altogether-too-bleak outlook on technology’s impact on our lives. Yes, technology involves gains in convenience and efficiency, but those are not the only gains.

To reiterate, we do not argue here that technology is necessarily privacy-enhancing in the aggregate, or that technology does not erode privacy. Rather, our general point is that the interaction between technology and privacy is less clear-cut than the debate commonly acknowledges, that we don’t keep score well, and that the actual privacy scorecard is a murky one.

The paper does make the solid argument that technology has resulted in greater individual privacy -- provided it's measured on the scale the paper's authors present. In one example, the authors point to a teen's desire to discuss a sexual or health issue as being more "private" because of access to medical websites and forums where information can be obtained with relative anonymity -- something a doctor's office can't completely provide.

But medical records are private information, governed by a specific set of laws. If anything, the online search is less private because these websites are not subject to patient privacy laws. Someone inquiring about a teen's visit to a health clinic would be frozen out, but any number of entities can access web-related information without facing similar statutory roadblocks.

While there are some good points made, the paper is undermined by the authors' insistence that Americans just don't know how to properly balance their privacy concerns. The implication -- given author Benjamin Wittes' frequent defense of government surveillance -- is that if the public can't weigh privacy gains and losses correctly in the context of private corporations, it certainly can't be expected to make informed decisions when it comes to government surveillance. And it's true that most citizens aren't likely to rigorously examine their fears of privacy erosion.

The paper does very little to compare privacy "violations" by internet entities to government surveillance programs, choosing instead to focus almost entirely on the tradeoffs made by people who hand over a certain amount of personal info for the privilege of watching porn or googling STD symptoms without having to involve another living, breathing person. It's presented as being in favor of a "more rigorous balance sheet" when it comes to personal privacy, but then fails to closely examine government surveillance concerns. There's another tradeoff being performed here -- without the input of those surveilled and who receive almost nothing tangible in exchange for the privacy erosion. Because of this, there's little comparison between the Googles and the NSAs of the world.

You don't hand a government the tools of totalitarianism and a long leash and simply assume it will end well. Google, et al may be similarly close-fisted when it comes to producing specifics on the use of personal data, but they also don't bear the same obligation to the American public that the US government does. Even if Google is more intrusive than the NSA, it still is only one of many platform providers and there are options (admittedly not many and not easily achieved) for avoiding its data-gathering efforts. The government provides no such options, other than forgoing the use of phones, the internet, etc.

I think the paper does add to the discussion of privacy gains and losses, but the authors' unwillingness to honestly approach government surveillance efforts in the same context blunts its impact. It quotes privacy advocates like the ACLU and EFF on the subject of data harvesting by private companies, but doesn't address the similar concerns they've raised about the erosion of privacy by government actions.

There's an attempt being made here to paint the government as no worse (and possibly even better) than private companies' data harvesting efforts, albeit by way of omission rather than by comparison. It's disingenuous to depict the public as ignorant of their privacy "gains" against the domestic surveillance backdrop, while omitting any mention of similar privacy erosions at the hand government intelligence agencies. Wittes opens his post on the paper by claiming American and European privacy debates "keep score very badly" and then points to a paper that leaves key parties in the privacy debate almost wholly unmentioned. I'm all for an open discussion about privacy gains and losses, but a paper that focuses solely on interactions with private companies -- while claiming the public can't keep score -- isn't much of an addition to the debate.