How Much is Your Privacy Worth?

In my recent post regarding Apple and DRM I made some comments about how little value most young people seem to place on Privacy these days. Most people are posting incredible amounts of personal information all over the Internet. I try to be pretty careful to not put anything more specific than the town I’m living in (okay, in College, I would mention the Residence Hall I occupied), certainly in even remotely public discussions. It doesn’t matter if I know 98% of the people in an IRC chat room, I don’t necessarily trust them all, and there still might be some crazies in that 2%.

One of my coworkers, was telling me that his three year old had figured out how to turn on a Macintosh computer, find, and start a paint suite she liked to use. How much longer before she’s introduced to the Internet? I certainly understand the impact technology has on young people. My family had a computer in the house since I was about five years of age. I knew far more about the device than either of my parents did, even at that young age. The digital divide isn’t going to be as significant for this upcoming generation as it was for people my age and our parents, simply because people like me, who grew up with Computers, are starting to have children. We have lived the computer revolution, and there hasn’t been a paradigm shift significant enough to throw the greatest benifit to the youngest people just yet.

Still, with the growth of the Internet, mobile phones, and ubiquitous computing, people seem to have lost all sense of proper trust. The line between public and private has blurred as we all become our own personal papparazzi, airing our own dirty laundry without any regard for consequences. More than once, otherwise qualified candidates have lost their opportunities because of things they’ve posted on the Internet. In blurring the lines between Public and Private, many people have destroyed their ability to hide their private life from their professional life, causing everything they do to be scrutinized by potential clients and business associates. Is this right? Probably not. But it’s the way it is, and is going to remain.

You can’t blame the Internet for this. After all, the Internet is nothing more than an enabling force. A system which facilitates communication and sharing. Ultimately it is the responsibility of the User to ensure that they share only that which they are comfortable sharing. However, other technologies threaten to reduce or eliminate a Users ability to choose. Cities like London are literally covered in cameras, ostensibly meant to solve crimes and detect threats. While the success of these programs may be called into question, the implications for Privacy are hard to ignore. One might argue that the feeds are only accessible to Law Enforcement. This is true, to a degree. But any time a feed is made available, it can, under some circumstances, be made available to unintended parties.

As an example, I was listening to the Lex & Terry show on my way to work a few days ago. They had a guy call in to talk about a situation he found himself in where a neighbor had, unintentionally (I hope), made a wireless camera feed of his bedroom available to his neighbors. The caller had discovered this when his daughter had finished playing with her Barbie Web Cam, and that when the camera was turned off they got a different video feed of a bedroom. Once they figured out who it was, they would call the guy while he was in his bedroom, more than once apparently witnessed him masturbating via this camera. I am operating under the assumption that this neighbor had no intention of broadcasting his bedroom 24 hours a day, 7 days a week. I believe he had a very specific desire when he set up this camera, and I don’t think it’s worth posting any of that speculation here. Still, because he didn’t configure the device correctly, he inadvertantly allowed himself to be spied on by his neighbors.

Misconfiguration can cause all sorts of data to be accidentally released to the public. I once worked with a company that inadvertantly published their customer’s private data (including address and credit card number) on the web, and Google happened to find and index it. I removed the offending data, and had to work hard to get Google to remove their cached copy quickly. This was a company with several million dollars a year in sales. If individuals and companies can accidentally release private data, are we to believe the government might not make a similar error? By allowing the government to film us whenever we’re in public, we’re trusting them implicitly to ensure that no one else can get their hands on that feed, and that they aren’t harvesting enormous amounts of data about our habits. Where we go, and when. Who we spend time with. What brands we purchase. What shops we frequent. Enormous amounts of data, which could easily be used to create a frighteningly complete profile of our lives. And if that information were to make it into the wrong hands…

The Camera issue may seem a little bit paranoid, and the above may have been slanted toward the paranoid. There was a reason for that. This is a situation where the availability of this information is not being controlled by the user. Where Data Mining (and you know the British government is using the London Cameras to mine data about their residents) is being done with information you can’t control, save by never leaving the house.

Can we avoid data mining? Not without some inconvenience. Everytime I buy anything using a credit card, or even a check, that information is logged by my bank, and often the organization I’m buying from. Anytime I visit an online store, they’re examing what I’m purchasing (and likely what I’m viewing) in an attempt to better offer me things that I wasn’t explicitly searching for, but might be convinced to buy. There is big, big business in mining information about you, usually for the purposes of advertising. Almost always this information is collected in such a way that you have no idea this kind of information is being tracked. I’m not against advertising, but I prefer my advertising to be in the widely-targetted-at-venues-percieved-demographic style like Television, rather than a narrow-we-know-who-you-are-and-what-you-like style like the Data Miners are trying to make possible. Google Ads, which are used on this very site, appear to focus their advertising based on the content of my pages, rather than any information that Google has on you personally. I’m not 100% certain this is the case, and Google is certainly in a unique position (Adsense, GMail, Search, Analytics, etc) to be a data-mining giant, and they do mine utilize their position somewhat. I have no reason to believe that Google is any less moral than any other Advertiser out there, and I think they might be somewhat more so. Until I’m proved otherwise, I’ll continue to favor Google over other searches.

Of course, I have ignored one last source that companies use extensively these days to gather data about customers: Rewards Cards. Almost every major chain store offers some form of rewards program where by spending money at their store, you get something back. If they offer such a program, you can be guaranteed that any attempts to shop at that store will be met with an attempt to get you to sign up for the card. Part of the reason for the card, is to convince you to shop at their store above other choices. I believe most as people who sign up for these programs are likely to sign up for these programs at a lot of places, rather than be faithful to a single store because of them. Actually, this is a place where Barnes & Noble is ingenious. By charging $25 per year for memebership to their rewards program, people are far, far less likely to shop at competitors. I know it’s impacted my own purchasing decisions in the past.

By using these Rewards cards, everything you purchase is being tied to an account. And that account can be tied to you. Since most of these accounts can be referenced via phone number, I’ve given some thought to signing up for these accounts and sharing the fake number associated with it with many people in order to invalidate the farmed data (of course, you’d need a lot of people, and geographic proximity to a decent number of them for this to work). I know this isn’t a unique idea, and I suspect many people have done it. To combat this, some stores are fighting back. Safeway Stores now has a program where you get $0.10 off each gallon of gas you buy (redeemable for only one pumping session) for each $100.00 in groceries you spend. In a situation where you’re trying to fight against the data mining efforts, you lose your ability to really take advantage of a program like this. Staples’ RewardZone program, sends a voucher for store credit based on the amount of money paid in store for things. By offering tangible rewards which take effect by later action (instead of relying solely on immediate rebates), users are less likely to share their credentials for reward programs.

It turns out, that I’m willing to sell my privacy (for my food purchaes, at least) for 20%+ off my food bill. What’s your price?