Privacy and identity: Questions abound, answers pending

The consensus: There is no consensus on the issue of privacy and identity in the age of the Internet. Thursday, GMSV attended pii2011, a conference on privacy, identity and innovation being held in Santa Clara, which ends tomorrow. If there is a world after tomorrow — we’ve heard rumors to the contrary, but we’re crossing our fingers the anonymous sources are wrong — the privacy questions will remain.

Do we need a digital-economy framework? It’s not just government types who are pushing for such a thing. And it’s not just a question of regulating corporations, said one technologist during the first panel of the day.

“We are in the midst of a constitutional moment,” said Marc Davis, partner architect at Microsoft and former tech researcher and scientist for everywhere from UC-Berkeley to Yahoo to MIT Media Lab. He talked about the need to “globally establish digital rights,” meaning settling questions such as what it means to be a digital citizen, who owns personal data, and more. As an example, Davis cited the official processes we follow in the offline world involving births and deaths, such as certificates. What about your online legacy — what happens to it when you die? We would have a more effective digital economy, he said, if we have frameworks regarding technology, privacy and identity.

What role should government play? The technologists seemed to outnumber the policy wonks at the conference Thursday, but not all start-ups were singing the “government is out to ruin innovation” refrain. Michael Fertik, CEO of Redwood-City based Reputation.com — OK, so he graduated from Harvard Law School, too, so he straddles both worlds — said “large media companies use the word ‘innovation’ like a club before Congress. If you look at “who’s showing up” to the privacy hearings on Capitol Hill, he said “people who believe in privacy are outgunned.” What he’s really worried about is “anemic legislation that gives people the impression that they’re being protected when they’re not.”

Privacy sure has been a buzzword on Capitol Hill lately. Apple, Google and Facebook have appeared before different Congressional committees recently to answer questions about privacy issues, including what Apple and Google do with location data collected from mobile-phone users. In fact, the big screen in the Marriott ballroom was tuned to C-SPAN, showing testimony by representatives of the Silicon Valley companies in front of a Commerce Consumer Protection subpanel before pii2011 began yesterday. And Julia Angwin of the Wall Street Journal, who kicked things off by talking about her “What They Know” series, said she counted five privacy bills introduced in Congress this session, including, of course, the Do Not Track bill by Bay Area Sen. Jackie Speier, D-San Mateo. (See Privacy: Bills, a ‘do not track’ Safari… and Online-privacy efforts by Obama, Microsoft: Will they work?)

Chris Kelly, formerly chief privacy officer at Facebook, cautioned that the government needs to strike the right balance to encourage innovation. “Having been on both sides” as a Facebook exec and Democratic candidate for California Attorney General last year, he said what we need is a “comprehensive framework that makes sense.”

Government’s role goes beyond legislation, of course. In another panel, about implementing an identity ecosystem, the talk turned to how government and tech companies can work together to make online transactions safer. The Obama administration last month unveiled a plan to establish digital credentials that would take the place of passwords, the NSTIC (National Strategy for Trusted Identities in Cyberspace). (See Security, two ways: Online transactions…) Said Eric Sachs of Google when asked about why the Silicon Valley giant supports the proposal: “Without intending to, we became sources of identity. … It costs us to help people whose IDs have been stolen.” And Don Thibeau of the OpenID Foundation, a coalition of tech and telecom companies, said: “Technology is far outpacing policy and legislation.” (This was another common refrain at the conference, laws that are outdated by the time they’re passed.) “Government needs to be in dialog with the private sector.”

Do people care? Tara Hunt, CEO of Montreal-based Buyosphere, got some laughs when she said during her panel talk that “I like talking about the opportunities involved (with identity); the privacy discussion is such a downer.”

The question of whether people really care is fair, and it’s asked often. The pattern is undeniable: There’s a privacy brouhaha, or a security breach. Some people express outrage. Lawmakers write letters, grill companies. Then everyone goes back to their normal routines. They use the same devices, perhaps continue to do business with the company that allowed their information to be stolen.

Also, Raman Khanna, a venture capitalist and managing director of Menlo Park-based Onset Ventures, pointed out that when he was CIO at Stanford University, they used to go to great lengths to protect student data. “Then,” he said, “Facebook comes along.”

Still, Angwin, the Wall Street Journal reporter, gave concrete examples of why people should care. She ticked off a list of things she found during the course of her research for her much-cited series on online privacy:  Popular websites for kids and teens planted more cookies on computers. Domestic-violence victims tracked using GPS on cell phones. Credit-card interest rates based on tracked information. A person with a medical problem posting on what he thought was a private forum, then sees his information exposed.

Venture capitalists such as Mike Maples of Palo Alto-based Floodgate, an investor in Twitter, said “consumers are consciously making a trade-off” when they share information online. This is true in our social-media-infused, always-connected world. But the risks are real. The “stakeholders” — individuals, companies and government — are asking questions and suggesting solutions. Now we need answers.

 
 

Share this Post



 
 
 
  • sd

    It’s a very complex issue, which — unfortunately — should have been addressed “yesterday”. There are, however, a few very powerful forces at work.

    The first two are fear and security, both of which were preyed upon to pass the “Patriot Act” and to eliminate checks on abusive monitoring of individuals. Americans have signed away many Constitutionally-enumerated rights in the false belief that the perpetrators of the abuses are keeping them safe and secure.

    The third force is the power of marketing. We have an economy in which few real things are made anymore and companies are reduced to trying to differentiate their airplane seats or burgers or Web gathering sites; typically on how well they anticipate your “needs” based on what they are able to learn about you. Sadly, so much of this intelligence-gathering is done /sub rosa/ — your supermarket loyalty card, your Web store purchase history, even when your car drives past the SpeedPass sensor every morning. Would that we could make the gatherers of such information explain clearly to those creating the information just how it will be used (“We will keep track of your purchases so we can make you special offers based on your shopping preferences.).

  • Clearly these are issues too complex and profound to be settled by a gathering of lobbyists, policy wonks, and random observers in a single day or even a single year. The pity is that our national and other policy mechanisms are by now so gunked up by special pleaders paid for by special interests — mostly, those with skin in the game who will do whatever generates for them the most dollars (or euros or renmibi or rupees or whatever) — that the basic choices to be made are unclear. As the rambling conversation described in the article indicates, they may even be invisible under a coating of sophism that passes for wisdom.

    When these issues first became manifest in the 1970s, in California the Legislature reacted by proposed a privacy clause for our State Constitution that the people ratified. It’s still there. In the 1980s, the Legislature further extended these rights in a halting fashion to digital media. (I worked on those new laws.) I didn’t see any reference to the privacy clause or the laws on the books.

    The US Supreme Court has likewise interpreted the Bill of Rights to create a penumbra around an unstated but evident privacy right. I didn’t see any reference to it, either. Instead, we get a lot of palaver about the people want this, the people want that, the people…. Hell, it’s not even clear who “the people” are anymore. They’re just personas.

    There are a priori reforms to our policymaking machinery that are required before privacy or any other fundamental right can be justly handled. That these reforms go unspoken in article after article about almost every issue these days, not just civil rights and liberties but also economic propirety, the waging of wars, how health is to be enhanced or denied in ours society, where safe energy will come from when the unsafe energy runs out, etc., etc. — that is the big lacuna. Or the Big Kahuna.

    When we get around to fixing our democracy so that it is once more serving most of us and not just a few, maybe then we can move on to dealing with privacy. As things stand, the cacophony described above is obscuring a big emptiness when it comes to enunciating a serious, enforceable, and just privacy policy. Why waste the time and energy to debate “options” when it’s evident to all that the status quo is setting its own rules? Unfortunately, in this case not even the increasingly popular practice of packing heat, concealed and condoned by law, can protect us.

 
 
css.php