Stay on Top of Enterprise Technology Trends
Get updates impacting your industry from our GigaOm Research Community
If personal data is collected in a massive database and no one ever sees it, has anyone’s privacy been violated?
Yesterday, I considered what I consider a harsh reality of online privacy, which is that we’re essentially at the mercy of the companies that provide our web services. Once we’re hooked on their utility and, in some cases, have become reliant on them, it’s easy enough for companies to push the limits of their data collection and analysis, little by little. Soon enough, web companies — and the government agencies that want the data they have — can pretty much figure out whatever they want about us and, for better or worse, most users are not in much of a position to do anything about it.
Today, I’m looking at privacy from a different angle. Not one that suggests anything is different about what companies are government agencies are doing or that it’s any less offensive in theory, but one that suggests it’s not worth losing any sleep over.
Counterpoint: Nobody cares about the needle in the haystack
While the work privacy advocates do to highlight the tactics and implications of online data collection is commendable, it’s a little misleading. No, it’s not ideal that companies and agencies like the NSA potentially know so much about us, but the reality is that they probably know very little about any of us as individuals.
There’s an oft-repeated idea that big data is about finding the needle in the haystack, but that’s just not true in many cases. Especially when we’re talking about consumer websites and targeted advertising, for example, it’s really about finding patterns. There’s just not much economic rationale in knowing users at an individual level. While segmentation might be getting more granular, companies and advertisers are still looking for categories of consumers that are broad enough to make economic sense to target with content.
And although cookies do allow advertisers to show ads based on individuals’ actual web behavior, even they don’t really know us as individuals. Yes, they’re a bit off-putting, but they’re the result of an automated system, nothing more. A computer program sees that a visitor has viewed a specific site and automatically places a related banner ad. There is no person staring at individuals’ data and making personal judgments about the types of things they want to see.
Why do you think there are so many false copyright takedowns and questionably placed ads? Because computers are acting automatically without human judgment involved or, more likely, based on human-created algorithms that don’t account for specific situations.
The idea that data is somehow our data might be a red herring, too. Terms of service granting companies rights to collect our data aside, one could argue that a site collecting data we post there or about our activity there is just the digital equivalent of a shopkeeper noticing what regular customers buy when they visit the store. His logs wouldn’t belong to us, so — scale and ease of collection aside — why should digital footprints any different?
OK, maybe the NSA cares about a needle in a haystack
Obviously, though, some organizations — the NSA, for example — do care about tracking down specific individuals and analyzing their activity. Viewed in the light of this knowledge, it’s arguably a lot more troubling for sites like Google, Facebook, Twitter and LinkedIn to have such in-depth data on our posts, contacts and web activity.
But even here I have a hard time getting too worked up, because I don’t really think the NSA cares about what I’m up to. While it’s collecting boatloads of data — often more than the FISA court deems acceptable — the agency’s description of its practices don’t exactly reek of analysts investigating U.S. citizens willy nilly. Sometimes over-broad filters lead to collection of citizens’ emails, for example, but it’s all related to specific topics or keywords the agency has flagged.
And when analysts notice some content belongs to a U.S. citizen, or is between two U.S. citizens, the policy is to destroy it or ignore it (much of it, though, is never even seen). The NSA is looking for specific things or specific people, and If someone is erroneously targeted, it’s probably because they’re somehow associated with suspected terrorists or fit a pattern of behavior that raises a red flag. But I would venture to guess (beyond some rogue agents spying on ex-lovers, for example) analysts don’t have much time to investigate leads once it becomes clear they won’t bear fruit.
Perhaps I’ll change my tune if people erroneously targeted by the NSA’s data collection efforts start coming forward with tales of how it ruined their lives, but otherwise it seems like the only victim (and some of the NSA’s practices to appear to border on criminal, if it weren’t for laws making the agency pretty much above the law) is the Fourth Amendment. That stinks for a number of reasons, but the idea that someone somewhere in an office might have read your emails or analyzed your call records is not exactly like the sheriff’s department kicking in your doors without a search warrant.
Security, not privacy
If anything, maybe the real thing people should be concerned about is security. Companies like Google and Facebook probably aren’t evil, and the NSA probably isn’t expressly targeting your phone calls. At an organizational level, they probably don’t know or care who any of us are.
Maybe the real concern about companies or agencies collecting all our data isn’t that they have it and might use it to target ads or even conduct investigations, but that criminals who might really seek to harm us can get access to it. We’ve already seen what can happen when companies get too lax on data protection and make even seemingly anonymous data publicly available; just imagine a massive breach of the personal data stored inside Facebook.
Assuming we’re not willing to give up using our favorite services, perhaps the answer is just to get smarter about what we share publicly and demand harsh punishments when companies or agencies don’t live up to their end of the bargain on keeping it private.
I’d love to live in a world with free, useful web services (or connected devices or what have you) that don’t collect so much data, but if that’s not possible maybe I shouldn’t sweat it. It’s fascinating to see how the web and digital data are transforming our world, and unnecessarily worrying that large companies or even the government are keeping dossiers on us all ruins the fun.
Feature image courtesy of Shutterstock user Juergen Faelchle.