My context – why does privacy matter?

I first started thinking about privacy when the news media reported Microsoft had ‘accidentally’ left on a testing feature that sent information about the user of the Windows operating system to Microsoft, without that person’s knowledge. They took some public flak for a short time, but were never really held accountable in any way. If we know nothing else about human behavior, we know that humans respond to rewards and punishment. If you do something bad, and there are no consequences, and you got a reward, you will continue to do it. Fast forward to today and having your information sent to Microsoft is pretty much the default. You have to work really hard to turn that off.

From my perspective, the bigger risk today is Google. I do what I can to avoid giving my personal data to Google. I avoid all Google products, well, except search of course. Oh, and I guess my Android powered phone. And far too many people use Google docs, so I had to get a gmail account to get access to working documents. There is also an adwords account for my startup. Plus, Google reads about 60% of the global email, so everyone who I send email messages using a gmail account, that information goes to Google.

It is hard to live in the world today and avoid Google altogether. Many people actively go to Google for their finance or document management. To provide a contrast, I’ll say a little about how I mitigate the Google Data Ocean risks. I don’t use my gmail account for email, ever. It is just used to login / authenticate. When I have to communicate with someone who uses a gmail account, I limit or avoid sensitive or personal data, encrypt attachments, or offer them a non-gmail email address on one of my domains for our future communication. I clear my browser cache and cookies frequently. This is far from perfect because Google can still pull my IP address and follow me that way. I do periodically turn off my router in the hopes that the DCHP process gets me a new IP, but no guarantees. My phones are not associated with my name. (I have a very uncommon name that in itself tends to be uniquely identifying.) I never add apps to my phone. Most of my contacts are pseudonyms. Not sure how much this helps if Google already knows who they are from the contact using their real name on their phone. I use the adwords account on a different computer than my personal computer, but unfortunately it is still using the same IP address. I use Google docs for policy work when I am forced by colleagues to do so, but I never enter personal information. I was recently asked to share personal information in a Google doc for a financial transaction, and I absolutely do not want to add identifiable personal financial information to the Google Data Ocean. This might seem like a lot of effort, but it just routine, so it requires no thought and very little effort. The bigger challenge is when policies and processes have to change because of something Google changes. Of course, it is not uncommon for the person wanting to share my personal information with Google to be annoyed that I am making their life and processes more complicated, so there can be a relationship cost.

Why do I care about privacy? Perhaps most importantly, the Internet remembers forever. Once data has been shared it can never be unshared. We have no ability today to make any guess about how our data might be used in the future. How many teens or young adults will lose a job offer because of silly choices they photographed and posted online? They will never know that sharing their personal information hurt them financially. To be clear, the second most important point is that we are not explicitly monitoring for harms, so we don’t see them. Third, your identity is probabilistic. You are only you if others think you are you. If someone else has your information, they can also be you. This is how identity theft works. The more information you share, the easier it becomes for someone to become you. For Google, the more bits of information they have about us, the more they know us in ways that make our lives more convenient, but could also be used to hurt us. They are able to follow the thread of data (like breadcrumbs in Hansel and Gretel) and combine two or more small data lakes into ever larger data repositories. It only takes a small amount of data overlap for Google to identify that two separate data lakes are actually different aspects of the same person. Google can then merge the information to know us increasingly holistically. Consider how good they are at identifying what word you are typing when texting in Android based only on the language that preceded that word. Google is great at making accurate inferences. The convenience is the allure, and again, because we don’t monitor for harm, we don’t know when harm is happening.

The harms may not be obvious or may not relate to current Google businesses today but ones in the future. Google is constantly looking at new ways to monetize the data they collect. Not to give them any ideas, but maybe they charge businesses to do ‘background’ checks. That might help businesses avoid certain ‘undesirable’ people, but maybe the algorithm is broad enough to include items that might not normally disqualify you for a position. Think the current level of automated resume review that looks for keywords, but with 100 times more depth of knowledge and intelligence. What about a line of business that looks at meals you have eaten combined with purchases you have made to infer your health status. Any chance that might raise your healthcare premium? You do not now know and cannot predict in the future how your data might be used in perfectly legal and even ethical ways to harm you. If you used gmail to send information about your startup company, and Google has explained in its terms of use that it examines your information to advertise to you, a minor change in terms might allow them to compete with you. Do you read all of the changes in terms of use of every product you continue to use? Your continued use of the product says you did.

Maybe your next thought is that people should be accountable. 'If people make unhealthy choices, I don’t want to pay for them. They should pay for their choices.' I don’t disagree. What I oppose is black boxes resulting in people not knowing that their actions are causing a problem so they do not know to change their choices, or at least to recalculate them based on the new information. I favor accountability, transparency, and personal choice. You can't make an informed choice if a black box based on data you hadn't thought about is used to make decisions about you.

Another thing most people do not seem to consider is when they use ‘free’ tools to share personal information about other people. (like the comment posted yesterday on the first article) If there is a privacy cost, the cost is borne by the other person. If there is a risk, the risk is felt by the other person. We need social change to cause sharing another person’s personal information without their consent to be widely seen as bad manners. If you want to use a ‘free’ tool to collect my information, ask me first if I am OK with it. Otherwise, you are deciding that it is OK to risk harm to me. Society should see that as a violation. Today it does not. I am often frustrated to hear someone has shared my personal information with a third party without asking me first. In the next article, we’ll talk about those third parties whose business model is based on this ethically inappropriate but prevalent social norm.

Prior Article: Fight for Your Privacy -=- Next Article: Third Party Violation

What do you think? Should we not care about the harms? If we haven’t seen them, does that mean they don’t occur? Should it continue to be OK to just share someone else’s phone number or birth date or Social Security Number with a third party because the free or low cost tool makes it easier for the person doing the sharing, even when it offers no benefit to the person whose data is shared? Should we chat in social media about when people are out of town or post their picture without their OK?