Blog Post

Pondering privacy, Part 2: Let’s get over ourselves already

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

If personal data is collected in a massive database and no one ever sees it, has anyone’s privacy been violated?

Yesterday, I considered what I consider a harsh reality of online privacy, which is that we’re essentially at the mercy of the companies that provide our web services. Once we’re hooked on their utility and, in some cases, have become reliant on them, it’s easy enough for companies to push the limits of their data collection and analysis, little by little. Soon enough, web companies — and the government agencies that want the data they have — can pretty much figure out whatever they want about us and, for better or worse, most users are not in much of a position to do anything about it.

Today, I’m looking at privacy from a different angle. Not one that suggests anything is different about what companies are government agencies are doing or that it’s any less offensive in theory, but one that suggests it’s not worth losing any sleep over.

Counterpoint: Nobody cares about the needle in the haystack

While the work privacy advocates do to highlight the tactics and implications of online data collection is commendable, it’s a little misleading. No, it’s not ideal that companies and agencies like the NSA potentially know so much about us, but the reality is that they probably know very little about any of us as individuals.

There’s an oft-repeated idea that big data is about finding the needle in the haystack, but that’s just not true in many cases. Especially when we’re talking about consumer websites and targeted advertising, for example, it’s really about finding patterns. There’s just not much economic rationale in knowing users at an individual level. While segmentation might be getting more granular, companies and advertisers are still looking for categories of consumers that are broad enough to make economic sense to target with content.

And although cookies do allow advertisers to show ads based on individuals’ actual web behavior, even they don’t really know us as individuals. Yes, they’re a bit off-putting, but they’re the result of an automated system, nothing more. A computer program sees that a visitor has viewed a specific site and automatically places a related banner ad. There is no person staring at individuals’ data and making personal judgments about the types of things they want to see.

Why do you think there are so many false copyright takedowns and questionably placed ads? Because computers are acting automatically without human judgment involved or, more likely, based on human-created algorithms that don’t account for specific situations.

The idea that data is somehow our data might be a red herring, too. Terms of service granting companies rights to collect our data aside, one could argue that a site collecting data we post there or about our activity there is just the digital equivalent of a shopkeeper noticing what regular customers buy when they visit the store. His logs wouldn’t belong to us, so — scale and ease of collection aside — why should digital footprints any different?

OK, maybe the NSA cares about a needle in a haystack

Obviously, though, some organizations — the NSA, for example — do care about tracking down specific individuals and analyzing their activity. Viewed in the light of this knowledge, it’s arguably a lot more troubling for sites like Google, Facebook, Twitter and LinkedIn to have such in-depth data on our posts, contacts and web activity.

But even here I have a hard time getting too worked up, because I don’t really think the NSA cares about what I’m up to. While it’s collecting boatloads of data — often more than the FISA court deems acceptable — the agency’s description of its practices don’t exactly reek of analysts investigating U.S. citizens willy nilly. Sometimes over-broad filters lead to collection of citizens’ emails, for example, but it’s all related to specific topics or keywords the agency has flagged.

And when analysts notice some content belongs to a U.S. citizen, or is between two U.S. citizens, the policy is to destroy it or ignore it (much of it, though, is never even seen). The NSA is looking for specific things or specific people, and If someone is erroneously targeted, it’s probably because they’re somehow associated with suspected terrorists or fit a pattern of behavior that raises a red flag. But I would venture to guess (beyond some rogue agents spying on ex-lovers, for example) analysts don’t have much time to investigate leads once it becomes clear they won’t bear fruit.

The NSA has more data than we can fathom. Scary, but it's unlikely anyone's data really stands out.
The NSA has more data than we can fathom. Scary, but it’s unlikely anyone’s data really stands out.

Perhaps I’ll change my tune if people erroneously targeted by the NSA’s data collection efforts start coming forward with tales of how it ruined their lives, but otherwise it seems like the only victim (and some of the NSA’s practices to appear to border on criminal, if it weren’t for laws making the agency pretty much above the law) is the Fourth Amendment. That stinks for a number of reasons, but the idea that someone somewhere in an office might have read your emails or analyzed your call records is not exactly like the sheriff’s department kicking in your doors without a search warrant.

Security, not privacy

If anything, maybe the real thing people should be concerned about is security. Companies like Google and Facebook probably aren’t evil, and the NSA probably isn’t expressly targeting your phone calls. At an organizational level, they probably don’t know or care who any of us are.

Maybe the real concern about companies or agencies collecting all our data isn’t that they have it and might use it to target ads or even conduct investigations, but that criminals who might really seek to harm us can get access to it. We’ve already seen what can happen when companies get too lax on data protection and make even seemingly anonymous data publicly available; just imagine a massive breach of the personal data stored inside Facebook.

Assuming we’re not willing to give up using our favorite services, perhaps the answer is just to get smarter about what we share publicly and demand harsh punishments when companies or agencies don’t live up to their end of the bargain on keeping it private.

I’d love to live in a world with free, useful web services (or connected devices or what have you) that don’t collect so much data, but if that’s not possible maybe I shouldn’t sweat it. It’s fascinating to see how the web and digital data are transforming our world, and unnecessarily worrying that large companies or even the government are keeping dossiers on us all ruins the fun.

Feature image courtesy of Shutterstock user Juergen Faelchle.

6 Responses to “Pondering privacy, Part 2: Let’s get over ourselves already”

  1. Re: “…maybe the real thing people should be concerned about is security. ”

    Facing the problem with privacy and security of personal data, we come with the same conclusion at Pryv. We are doing a service where your data is private, you even get to choose where it is stored. Pryv is also a more personal way of sharing selected life streams with specific people. You may also share on social media without sacrifying data ownership. You could find out more about PRYV on Indiegogo:


  2. Will White

    You may be right that the NSA and others don’t care what you or I are up to, but that is not the same thing as not caring what individuals are up to. Some individuals are just more interesting and valuable than others.

    Imagine legislation before congress that is not in a telco’s interests. Would it be reasonably fair to assume that they might monitor cell phone usage statistics for known members of congress to look for “incriminating” behavior that could be used as leverage to change the votes of congressmen? What if a telco had leaked the photo’s of Anthony Wiener … is that really so hard to imagine?

    This can be easily expanded every which way to include any number of public and private individuals in any number of positions of influence.

    The interesting thing here is that much of this is broader than Facebook or Twitter or LinkedIn since no matter what we do, groups will be able to collate more and more data together whether we are using these sites or not based on what people we communicate with are doing.

    Have an email address?, a credit card?, a toll pass?, a mobile phone?, hell even a landline phone?, a face in a photo anywhere? All of this information will be gathered together and collated whether we like it or not.

    It has nothing to do with the legislation or services that exist out in the world and whether we are using them, but instead with the vastly and rapidly increasing volume of data and data processing capacity.

  3. Unsecurity

    If you are having trouble comprehending or visualising the implications of ubiquitous, warrant-less, suspicion-less surveillance by a hybrid government/private complex built on denial and obstruction of transparency, retaining data indefinitely, beyond your capacity to audit or control, potentially available for any and all predictive analytic or evidentiary purpose dreamed up now or in future, there may be some exercises that help.

    – think “confidentiality”, “personal information security”, “presumption of innocence” and “freedom of association/ speech/ belief” when you think “privacy”. The latter can be a little amorphous.

    – de-emphasise the moralising about the intentions of those doing it. It is the unintentional end results that are what we should be scared about. Google’s brilliant ‘Don’t be evil’ motto apparently conceals the usual big corporate’s amoral obsession on pursuing their own technical ends insensitive to any impact on others which might warrant restraint, and NSA’s obsession with means results in insensitivity to their potential harm to the core of what is good about the system they think they are defending.

    – investigate the impact of the awareness of uber-veillance on the human mind, spirit and society: studies ont he chilling effect, the Panopticon effect and experience from Stasi-land and modern China demonstrate the evil, corrosive effects of even well-intentioned destruction of the presumption that you have a zone where you aren’t being watched. Awareness of the spy looking over your shoulder is oppressive and freedom-crippling.

    – just because no-one seems to care about you (“it’s not about you”) doesn’t mean that either (a) bad things can’t happen to you as a result of the data analytics running on auto, or (b) a sudden interest in you in particular could not deliver that massive psychographic and transaction profile to someone who is not your friend.

    – think about what it means to all us people outside of the US, who have none of even the flimsy protections of US Constitution or the re-awakened politicians, and who find ourselves exposed to aggressive spying by public and private giants led from the least privacy respecting jurisdiction. Trust is not easily re-gained.

  4. Privacy as civil liberty or freedom from nuisance are the typical ways of approaching this growing issue. However, consumer brands ignore this growing uneasiness among consumers at their peril.

    The aspect I believe your article overlooks is that of privacy (and its kissin’ cousin, discretion) as part and parcel of a satisfying brand experience–esp. luxury brands. In real life, customers expect higher-end brands to demonstrate a higher level of privacy and discretion in their service vs. what they expect at Walmart. The no-privacy, no-discretion paradigm of Web ecommerce, where the servers run the show, is fundamentally incompatible with a high-end experience.

  5. Re: “I don’t really think the NSA cares about what I’m up to.”

    History has not been kind to people whose response to rising totalitarianism has been a calculated analysis of whether they are personally at risk.

    As for the hypothetical instance of people being “erroneously targeted by the NSA’s data-collection efforts,” it us not a question of “if” but “when” and “how often” that happens.

    The most cursory review of U.S. criminal-justice practices will show you the troubling frequency with which police identify the wrong suspect for even the most serious crimes. Once that happens, it can be tough to halt the Juggernaut, especially if you are a poor person of color who is mentally ill or developmentally disabled. The vulnerability if this population to wrongful arrest and conviction is among the dirty little secrets of the U.S. criminal justice system.

    • Derrick Harris

      You’re absolutely right to worry about that, and I am too. I hope I made clear that while I largely don’t approve of the NSA activity, I was trying to put forth an argument as to why we shouldn’t let it overtake our thinking about how use the web.

      Re: false identification, etc., though, I actually do think it might be a little harder to ID and pursue false leads because there is so much data without reason to look at a suspect in the first place. I suspect it’s a lot different of a situation than a local DA railroading an innocent person on a criminal charge, but time will tell.