When we had Snowmageddon 2012 here in Seattle back in January, I spent one of the days when I ordinarily would have been in class blissfully reading a trashy romance novel. (What can I say? Sometimes I just get a craving for an overwrought melodrama full of sexist stereotypes and heaving bosoms.) I’m not exactly ashamed of my taste in reading material, but it’s also not something that I want widely known about me, particularly, say, by folks who don’t know me well enough to understand the critical feminist gaze that I bring to my reading. 
At any rate, I posted on Facebook about my afternoon of furtive reading for the amusement of my friends, who duly poked fun at me, and that was the end of it.
Nick Bergus recently found that one of his humorous Facebook updates—in this case, sharing a link to an enormous container of personal lubricant— had been turned into a sponsored link by Facebook.
As he points out, this is an amusing, annoying, but not terribly surprising, breach of his privacy, which it turns out he had agreed to allow by using Facebook. I’m glad that my taste in trashy novels wasn’t noticed by Amazon so that they could start using my endorsement to peddle a romance novel backlist on Facebook, but until I read about Nick’s unfortunate newfound infamy, I didn’t fully realize that they could. This is the problem with privacy policies and terms of service: without an explicit connection to real consequences, in a world where sharing information online is the overwhelming norm, it can be hard to understand what happens to the private information that we post so blithely.
As we’ve discussed all quarter, privacy is a complex issue that we struggle with as reasonable expectations of privacy are changing rapidly. Sure, we happily hand over our personal information to the websites that we live our lives through, but we as consumers don’t always think through the implications of those privacy breaches. Often, handing over our personal information isn’t a big deal until something shocking happens to jolt us out of it, and we’re not always very good at looking at the big picture when it comes to privacy.
Cory Doctorow, in one of his latest columns for the Guardian lays out some insights into why online privacy isn’t taken as seriously as it ought to be. He points out that privacy breaches rarely produce instantaneous ramifications. Rather, it can take time for the slow accumulation of data to add up to the serious erosion of privacy that can cause obvious problems, by which point many users have become quite desensitized to privacy disclosures. He makes a strong case that privacy needs to be treated as a public health concern; something that the government ought to address through infrastructure to support the learning of good online practices, something which I wholeheartedly support.
We need regulations and advocacy to help us navigate the confusing and conflicting world of online privacy, and what to get concerned about and what not to. An interesting article in Time magazine last year made the distinction between data mining and breaches of online privacy: it’s about control: “Many data-mining companies made this argument to me: How can I complain about having my Houston trip data-mined when I’m posting photos of myself with a giant mullet and a gold chain on Facebook and writing columns about how I want a second kid and my wife doesn’t? Because, unlike when my data is secretly mined, I get to control what I share. Even narcissists want privacy.”
Exactly. I don’t mind sharing my embarassing romance novel habit with my friends, but I sure as heck don’t want friends-of-friends or professional connections on Facebook seeing it. Most of us do care about our privacy, and care deeply, despite some who claim that “normal people don’t care about privacy.” “Normal” is not an identity that I claim with any regularity, and I guess by virtue of writing this post I could be considered both a blogger AND a privacy zealot, I am deeply offended and troubled by Rosoff’s sneeringly dismissive article. His claim that the privacy infringements of various companies (such as Path, as we heard about earlier) just aren’t that bad is both patronizing and short sighted.
Some folks make an argument that, as privacy is rapidly being made obsolete by changing technology and privacy norms, we should instead embrace and be comforted by the idea of transparency: if nothing is private, than privacy doesn’t matter, and so it doesn’t matter if you’re watching me, because a) I know that you’re watching me, and b) I’m watching you right back. While it’s true that conceptions of what is and is not possible to keep private are changing (for one thing, the amount of data that third parties are capable of gathering about is us staggering, and increasing all the time), transparency is not the answer.
Bruce Schneier’s dissection of the “transparency” solution rightly points out the critical role that power imbalances play in this discussion… another element that Rosoff ignores. By ‘normal people’, Rosoff really means ‘privileged people,’ people who don’t have as much to fear about privacy breaches. Our class discussions about the responsibilities of making available sensitive personal data, such as domestic partnership registries, speak to this: if you aren’t gay, of course you don’t have to worry about personal information about your sexual orientation being revealed without your knowledge. As Schneier goes on to point out, mutual transparency isn’t an effective solution when there is a power imbalance discrepancy between the parties.
As we have been reading for class, privacy policies on the web are a vast, mostly unregulated thicket of imposing legal jargon that are created through market pressures rather than systematic legal regulation. To the common user (or “normal people,” I should say!), these policies are unnoticed or vaguely understood, and as Nehf writes, “until privacy becomes a salient attribute influencing consumer choice, Web site operators will continue to take and share more personal information than consumers would choose to provide in a more transparent exchange.” In other words, until we as consumer start understanding exactly what is going on with our data, and start paying more attention in large numbers, folks like Rosoff will be able to make the claim that privacy doesn’t matter.
Transparency isn’t enough, here. I know what Facebook is doing with my data (or I know at least some of what they could be doing), but because I’m not explicitly presented with the knowledge of how my personal data can be used, it’s entirely too easy for me to forget about how it can be used against me. I agree with Nehf and Doctorow’s arguments, and think that there is a moral imperative for governmental regulation of privacy policy. For all of my righteous indignation at Rosoff’s description of normal people as not caring about privacy, there is an element of uncomfortable truth there. I don’t think there’s anyone who doesn’t care about their privacy, but I think it’s true that many of us are not as actively engaged as we could be.
I’ll leave you with this short video of Cory Doctorow, who argues passionately for many of the points I’m making here. He describes how social media sites encourage the hemorrhaging of personal information, and the need to be aware of how one’s information is being used.
As he puts it, the most powerful weapon for securing the privacy of individuals is to get those individuals—normal and abnormal a like—to care about our privacy. Exactly.
I can’t get the font to format itself in a standard way! Alas.