Maybe, just maybe, users can win the privacy war

Privacy is dead, the captains of Silicon Valley will tell you. They should know — they’re trying to kill it. In the 14 years since Scott McNealy, then CEO of Sun Microsystems, told an NBC interviewer, “You have zero privacy anyway — get used to it,” the big tech stars have been diligently tracking as much about you as possible to sell that information to advertisers, vendors, and even governments. Google and Facebook are particularly notorious about doing this, so much so that they’re regularly in hot water with both European and American regulators over their sneaky ways to extract your personal information without your awareness and sell it to others.

It’s a good business to be in: Give people free services they enjoy and silently collect as much information as possible to sell. People think they’re getting a good deal, but they’re not. Instead, with all that information collected, you’re being boxed in.

[ Subscribe to InfoWorld’s Consumerization of IT newsletter today. ]

For example, when you search on Google, the results are tailored to your profile, which sounds nice until you realize two things: One is that you’re no longer getting a neutral search, so your results are skewed in a way you’re not even aware of. The other is that many of those results are actually paid ads, but not marked as such, so they’re not honest results. It’ll only get worse with services such as Google Now that build up profiles of you, then steer you to what Google — and its advertisers — want you to do based on those profiles and push you down that slippery slope.

The bad economics of “free”

It’s an old saw in the media business that Americans hate to spend money but love to give away personal information that can be mined. It’s a business model Silicon Valley has embraced with zeal. Europeans are more skittish about giving away personal information — the memories of government files during the World War years being used to round up of Jews, gays, Gypsies, communists, dissidents, and other “undesirables” of that era are still strong. This is why the European Union has been so vigorous in taking on Google, Facebook, and others over their personal data mining and in setting privacy laws.

The truth is that mining personal information has become a big business because people are too cheap to pay with money. Free email, free cloud storage, free articles, free television, free music, free research, free banking, free calling, and so on are never free. You pay indirectly. For years, you paid through higher prices on what you bought, with those hidden charges used to pay for the ads that were believed to have swayed your business. In some cases, such as the print edition of InfoWorld discontinued in 2007, you provided business data such as title, contact information, and purchasing intent and authority in return for a “free” subscription that you paid by fielding sales calls from advertisers who had a gross notion of what you might buy — a business model called controlled circulation. (You could also pay for a subscription with money, though few did.)

In the digital world, traditional banner ads have largely fallen by the wayside (they make little money); advertisers want proof that an ad worked, and that means getting users to click and sign up for something à la the old print controlled-circulation model — providing salable personal information. Silicon Valley startups like Google took that model and applied it to search and all sorts of other new services.

But Silicon Valley amped it up by collecting much more information than what you might have filled out in a subscription form. Dot-coms designed services that track what you do, skimming all sorts of information from you — what you search, what you email about, who you know, what you join — so they get enough detailed information about customers to precisely target them or sell them for precise targeting by others.

Many go even further, secretly steering customers to specific services and capturing them into a set of choices where only the house — the service provider — wins. Google is a great example, with its search results tailored to its advertisers, not to your search needs. But almost all social media and free online services do it.

The one Silicon Valley company that protects your privacy the most — Apple — is the one that has customers who actually spend money, such as through the iTunes Store, App Store, and iBookstore. But even Apple uses the data it collects about you to optimize its offerings to its benefit where possible. The others, lacking something to sell you for actual money, have to milk you for even more, which is why they tend to sell your data to others, not just use it internally. Every time you sign up for a free service, you are agreeing to sell your private information, whether you truly understand that or not.

The big problem is that you don’t really know what is being collected about you or how it’s used. You certainly can’t see it to decide what you want shared or to correct inaccuracies (such as when the babysitter surfs porn or doll-making on your computer). Legal language that’s hard to find and hard to understand buries that disclosure in most cases — often misleading users — or simply asserts rights to everything. Think of how many stories you read in the last year about Web companies asserting ownership on any content you posted. Those are just the tip of the iceberg.

Mark Zuckerberg, the founder and CEO of Facebook, has said that a new social norm has developed where people don’t value privacy as they used to, but instead find greater value in sharing. That’s true, but misleading. They find value in sharing what they want to share, not in being spied on and secretly milked as if they were drugged cattle. The Silicon Valley model is all about getting the sheep (you) to come into the ranch on your own and let yourself be milked in your comfy cyber stall every minute of every day. That way, you sell yourself cheap and let them make the money from the value you bring — a value you’re kept ignorant of so that you don’t realize how much you’re giving away to feather their nests.

Signs that users and thus governments are waking up to the reality of privacy invasion

This all sounds pretty dire, doesn’t it? Especially if you use Google (or anyone’s) Search, Yahoo, Facebook, Twitter, YouTube, Flickr, Gmail, Outlook.com/Hotmail, Google Now, and pretty much any free Web service. The good news is that people seem to be waking up, and even the American government — notorious for not caring about these issues — is taking some action.

Here’s evidence of a potential change in users’ views on their personal data being strip-mined:

• Microsoft’s “Scroogled” ad campaign calling out some of Google’s privacy-invading business practices shows that marketers — whose job it is to keep up on what people care about — see pro-privacy messages as a good business strategy. (Never mind Microsoft follows some of the same practices that its ads decry.)
• A recent Ovum study of people in 11 countries shows privacy-invasion fears are growing. Ovum even warned Internet firms they would need to “rebalance” their approach to strip-mining users’ data given the growing concerns.
• A new revision to the U.S. Health Information Portability and Accountability Act (HIPAA) regulations governing how patient data is kept private has made it harder for hospitals to use medical records in big data analyses to uncover the most effective treatments or find health risks that may be undetected. Ironically, the effects of this change are bad, and its goals could have been as easily accomplished without losing the positive results of the analysis simply by requiring that all such data be anonymized.
• The Federal Trade Commission has urged app developers and app stores to take better care of users’ private data. Most will ignore the FTC guidelines, but at some point such defiance is likely to lead to actual laws; a proposal for one such law is already circulating in the House. The state of California recently issued guidelines to mobile developers over user privacy — and privacy law is an area where other states typically look to California to lead.
• The European Union continues to aggressively review potential privacy violations by the big tech and Internet businesses, calling out bad behavior publicly and forcing changes on them (Google and Facebook are perennial targets, but the EU is now also looking at Microsoft). U.S.-based multinational businesses chafe, but users should cheer the EU on as the only dependable ally in the fight for their privacy.

Of course, there’s also action under way that would keep users on the losing side. Beyond the individual privacy-invasion shenanigans at many Web companies, Congress is again considering the fatally flawed Cyber Intelligence Sharing and Protection Act (CISPA) bill that would allow rampant sharing of personal data across companies in the name of security. Security fears are often used to scare people into giving up rights they shouldn’t.

A game plan to tilt the privacy battlefield in users’ favor

I think the fight should go beyond the right to privacy as the default. I urge lawmakers to require any company that uses your personal data to provide an annual summary of how much money it made from your information. If people knew how much was made off their data, they’d demand change — or at least a cut of the proceeds (a few start-ups are trying to create a service around the very concept). These companies track a lot about you, so they can easily track what they sell that value for as well.

You know the industry would fight that proposal tooth and nail, but we may get a sense of how much people are giving away for a “free” service if the French government follows through on a proposal to tax Web giants like Google based on the value of the information they collect on users. Almost every major tech or Web company has been accused of tax evasion in Europe by shifting the money around in a way that pretends there is no income or profits in countries that tax businesses and instead declares it in countries that don’t. It’s legal, if dishonest.

Fed up by trying to figure out what money Google and the like made from French citizens’ information, that government came up with the idea of simply taxing it on the value of that information. Even if the accountants move the income to low-tax Luxembourg, Cayman Islands, or Holland, the companies can’t escape the tax on the value generated. I love the idea, and a few folks at a major accounting firm told me it was a brilliant way to get around the tax games companies have played so well (albeit with the complicity of some governments).

I’m all for businesses making money, but if I’m the product, I want creative control and a cut of the action I allow. I also want the right to have the information I get be kept pure, not skewed for someone else’s sales agenda. I’ll even pay for those free services in return for that purity. I hope I’m not alone. Because ultimately, as long as we delude ourselves into thinking free services have no cost, we’ll encourage the privacy strip-mining to continue. When we do decide the service is worth giving up information about us, we should know exactly what information is used, for which purposes, and by whom.

At the end of the day, the good news is that people seem to be waking up to the “silent Big Brother” information state emerging. It’s time to take action and to support those who have been fighting the battle already, and change our own behavior to favor those who donn’t treat us like data cattle to be milked dry without really realizing it’s happening.

In the battle of who owns you, there’s a new chance of users winning. Let’s take it — and understand it is a battle.

This article, “Maybe, just maybe, users can win the privacy war,” was originally published at InfoWorld.com. Read more of Galen Gruman’s Smart User blog. For the latest business technology news, follow InfoWorld.com on Twitter.