Try to discuss data privacy with someone outside of the tech world and an indignant, “I don’t have anything to hide!” usually comes up. Yet most of those people not only have locks on their doors, they have doors! Maybe even curtains or blinds on the windows. What nerve, wanting to choose who can rummage through their personal things and watch their every move.
When I worked at a huge Internet company, our first steps into collecting data for the purpose of personalization were made with the best intentions. If we must show you ads in order to provide a service at a reasonable price, isn’t it better if the ads are relevant to you? Focus groups said yes. Won’t you be more interested if we help you find content and services that are connected to topics you already visit regularly? Those certainly had a higher clickrates. There was no nefarious goal but a desire to provide a more compelling product and minimize complaints. Over time, of course, the data gained a value of its own and that thin line between serving and exploiting users has been breached again and again.
This season of Parks & Rec has featured smart satire about a tech company that offers exciting products and services, but with utter disregard for personal privacy (though the company motto is, “Wouldn’t it be tight if everyone was chill to each other?”) The clip above is one example, where Gryzzl sends gifts to the townspeople of Pawnee that are startlingly appropriate. And that’s the thing: personalization can be wonderful, but when it’s done based on data gathered without your knowing consent, it isn’t ok.
Living with an Amazon Echo, I’m realizing what it’s like to have a digital assistant with very few ties into my personal data. It’s not good. It could be so much more useful by integrating with my email, messaging, calendar, network folders, and my Internet-connected devices. In fact, without those connections I don’t think it can be successful. Though I have some friends who are almost off-grid and others that have overshared since birth, I try to take a middle path: I want the benefits that come from detailed and accurate personal data smartly integrated, but I want my information protected like it was the Crown Jewels and never used or shared without my clear and unambiguous consent. I would like to require reauthorization to use my data, on a regular basis, perhaps every year or two. I believe I should be able to review the data that is collected and how it is being used, and be empowered to request deletions and amendments.
On the theme of reviewing what is collected, I downloaded a copy of my Facebook data this week. Even though I have a good idea of what I share and wasn’t concerned, the contents made me angry. What was in there? Every event that I had been invited to, not just the ones I had accepted. My entire list of Friends (of course), but also requests sent/received but not accepted. My “Friend Peer Group” was categorized as “Established Adult Life”. Fair, I suppose. They had all of my Wall posts, including activity notes from apps that I have set not to share and that never appear on my Wall on Facebook itself. Every app I’ve used even once to enter a contest. Then, there was the ridiculous Ads Topics list, apparently for targeting purposes. Some of the items seem to be misunderstandings of my other data. Here, take a look at some of the bizarre ones, with my snarky commentary:
- #Pro-Ject [huh?]
- #Harvest (wine) [wine is lovely, but someone else can pick the grapes, thanks]
- #Phonograph [I also like my velocipede]
- #Jesús Arellano [who? I have a friend with that surname, but I do not have a friend in Jesús.]
- #Farmer [???]
- #Calendar (Mac OS) [I last used an Apple product in 1982]
- #Gramophone record [for the phonograph, duh]
- #Shoe [just one, please]
- #World [I keep my stuff there.]
- #Colors (TV channel) [?? Apparently a Hindi station. Hmm. I’ve got a color TV?]
- #Extras (TV series) [I’ve been an extra, but… I have no idea.]
None of those are particularly awful. It’s not as if they’ve wrongly labeled me as a two-time felon with a heroin habit. However, the items are inaccurate and stupid. I’m torn between more emphatically liking things that appeal to me and liking everything, to screw with the data.
If you’re willing to give away some privacy for a benefit, it’s incredibly important to read the fine print. I smashed my smartphone this week (insert lots of cursing because I’m not at my upgrade date), which gave me a reason to visit the Verizon Wireless website. I wasn’t aware of the Verizon Rewards/Verizon Select program before this, and sure, it sounded appealing: earn points by simply paying my bill and use those points for gift cards and discounts. Great. What’s the catch? Oh, it’s a big one. They’ll analyze my data and sell it to marketers to target ads at me. Here’s an excerpt from their participation agreement about what data they’ll use:
- Addresses of websites you visit when using our wireless service. These data strings (or URLs) may include search terms you have used.
- Location of your device.
- Apps and device feature usage.
- Demographic, interest and behavior characteristics provided to us by other companies, such as gender, age range, sports fan, pet owner, shopping preferences, and ad responses.
- Demographic, interest and behavior characteristics developed by Verizon.
- Information about the quantity, type, destination, location, and amount of use of your Verizon voice services and related billing information (also known as Customer Proprietary Network Information or “CPNI”).
- Other information about your use of Verizon products and services (such as data and calling features and use, FiOS service options, equipment and device types).
The balance between privacy and personalization is extremely tough to achieve. I dream of a near future with useful devices, charismatic robots, and meaningful connections in the Internet of Things. That requires me to extend limited trust to corporations who have done little to nothing to earn it. At the same time, it has become clear that putting trust in any level of government is stupid; it makes the most sense to assume my personal data is being collected and can be retroactively searched and misinterpreted to suit any agenda. Whether or not I have anything to hide, I choose to have curtains and doors and locks on those doors; I want and deserve the authority to control access to my personal life.
For now, I seek to find a precarious balance by using privacy tools online (HTTPS Everywhere, Disconnect, Adblock Plus, Privacy Badger, and sometimes Tor). I skim Terms of Service before clicking, and I don’t install apps or programs that want more than I’m willing to give up, no matter how appealing they are. I don’t trust Google, but I choose to use many of their products because they work together and I don’t spread my data across a bunch of services. I have long-term alter ego accounts that I can use if I need, as well. These methods are occasionally annoying, but the whole result is something I can live with. I can keep my optimism and quiet my paranoia, and maybe that’s the best I can hope for right now.