Our First Greenhouse Topic: Privacy
from the let's-try-something-new dept
For decades the internet has flourished on the back of innovation, creativity, adaptation, and hard work. But while this technological revolution spurred no limit of incredible inventions, services, and profit, a drumbeat of scandals have highlighted how privacy and security were often a distant afterthought — if they were thought about at all.
Years later and the real cost of this apathy has become clear. We now face a daily parade of deeply entrenched privacy headaches impacting a web of interconnected industries and institutions — for which there are no quick fixes or easy answers.
Enter the Tech Policy Greenhouse: a new policy forum we’re hopeful will bring more nuance, collaboration, and understanding to a privacy conversation frequently dominated by simplistic partisan bickering, bad faith arguments, and the kind of ideological ruts that can result in bad solutions, no solutions, or missing the forest for the trees entirely.
When it comes to privacy and security, the penalty for our collective failure couldn’t be more obvious.
The global internet of things sector routinely fails to adhere to even the most basic security and privacy standards, resulting in hackable internet-connected Barbies, refrigerators, and tea kettles. Experts note these devices collectively create a form of "invisible pollution" that is easily ignored, but that routinely puts consumers, businesses, and the health of the internet at risk.
Corporations and governments alike repeatedly leave sensitive data unencrypted and openly exposed in the cloud, often failing to implement basic security measures despite ample warning. Avoidable hacks, breaches, and leaks are now a weekly affair, as are "historic" but performative government penalties that neither compensate victims nor seriously deter further malpractice.
The monetization of every last shred of location, behavior, and data has become a multi-billion dollar industry where safeguards or meaningful oversight are often lacking. As a result, sensitive behavioral data is routinely abused by everyone from law enforcement,to those pretending to be law enforcement, with the first casualties often the most vulnerable among us.
All of these problems require intelligent, multi-stakeholder collaboration built on the understanding that every solution has immense ramifications, there is no shortage of bad actors eager to derail effective consensus, and each and every action routinely results in unforeseen consequences.
The country’s privacy issues are also inextricably linked to other problems that the United States has failed to address, from the rampant monopolization and consolidation caused by mindless merger mania, to the slow but steady erosion of meaningful antitrust oversight. The rise of one of the biggest global health threats in a century has only complicated the debate further, shining an even brighter spotlight on existing problems, while creating entirely new challenges in balancing public health and public privacy in the mass surveillance era.
As we stumble collectively in the right direction, the Tech Policy Greenhouse hopes to reboot a conversation in dire need of a constructive fresh start. Over the next few weeks, you'll be hearing from a diverse chorus of activists, scholars, executives, and experts who will be tackling what they deem the most essential issues of the day. Kicking things off tomorrow will be Oregon Senator Ron Wyden, historically and repeatedly one of the leading DC voices for meaningful privacy reform.
Intelligent privacy policies and solutions won’t be easy to come by, and perfect proposals are likely impossible. But we’re eager to create a platform that can help drive policy makers toward better decision making, and we’re hopeful you’ll be part of the conversation.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: greenhouse, policy, privacy, tradeoffs
Reader Comments
Subscribe: RSS
View by: Thread
Privacy doesn't seem to be even on the agenda of the people making decisions about the architecture of "it".
[ link to this | view in chronology ]
Step 1: Clearly scope and define "privacy" for various actors such as individuals, corporations and governments.
[ link to this | view in chronology ]
Optimization problems...
Well, you have several competing factors that can change the definition even among individuals. For example, one person may want to minimize all data gathered about them and is willing to pay hefty subscription fees to buy that privacy, another might be unwilling to pay, but is willing to put up with ads completely irrelevant to them.
So the question isn't how to define "privacy", it's how to define the factors that contribute to privacy (or lack thereof) and allow stakeholders, whether online or offline, to identify how important each factor is to them. Are you willing to give up cash to keep your privacy? Or would you like to get paid by companies in exchange for letting them track you to the n-th degree? What are the trade-offs between public records access for things like knowing the lobbyists and officials that interact with each other vs. the legitimate concerns about things like doxing?
[ link to this | view in chronology ]
Re: Optimization problems...
...and of course, such a process is made much more difficult, if not impossible, with all the political posturing around issues of cybersecurity, privacy, copyright, encryption and on and on...
[ link to this | view in chronology ]
Re: Optimization problems...
Privacy is also context-dependent. For example, on Facebook you're supposed to use your real name. Many are comfortable with that but others are not. You can also decide whether your email address is shared with connected apps. Again, some are comfortable with that and others aren't. For these two cases the "comfortable with that" sets are not necessarily the same.
Directly related to privacy is "personal identifying information", or "PII", such as address and date of birth. Some people, myself included, hoard this information like precious jewels and don't want anyone to have it. For me it is private data but that is not a universally held stance.
Tracking cookies are another whole area that doesn't inherently have access to any of your PII or other private data but does a fantastic job of tracing your every move on the net. Most people think of that as an invasion of privacy and hold similar views about ALPRs and cell tower connection records.
Defining "privacy" is fraught with peril. In the end the definers will have to weigh the requirements of the public against the desires of corporations and government to find a balance that doesn't piss off corporate lobbyists and still affords privacy to individuals. Personally I'm hoping that leans heavily toward the latter.
[ link to this | view in chronology ]
Re:
And once you've created a new standard for the industry, how do you get the industry to all follow yours instead of theirs?
https://xkcd.com/927/
[ link to this | view in chronology ]
"Dumb" Items should be offered
I think there should be new "dumb" items on the market. That is, since "smart" TVs, Cars, Dishwashers, Washing Machines, Refrigerators, etc. tend to have the problems that computers have, why not just remove the computer from the equation? Just offer the product sans computer for a higher price!
[ link to this | view in chronology ]
Re: "Dumb" Items should be offered
You can't really make a working TV without a computer in it anymore.
But just because a device has a computer in it doesn't mean that computer has to have network connectivity.
[ link to this | view in chronology ]
Re: Re: "Dumb" Items should be offered
Sure but yeah they don't need connectivity, cameras, mics, extraneous applications...
There are "dumb" modern tvs yet, mostly under a certain size, but we like big-ass tvs because reasons. (And then we'll watch movies on our phones.)
[ link to this | view in chronology ]
Re: Re: "Dumb" Items should be offered
Sure you can. I own one. It has no 'smart' features but has multiple HDMI and USB ports that allow me to add dongles to customize it. If I want to be absolutely sure it isn'tt sending video anywhere, I disconnect the camera.
[ link to this | view in chronology ]
Re: "Dumb" Items should be offered
Really this is a symptom of the anti-circumvention provisions of the DMCA that the peverse business model of subsidizing sold hardware is possible while a logical niche (selling a lobotomizer or a lobotomized refurbishes) are illegal because they involve bypassing their shitty "security" to make devices actually secure.
[ link to this | view in chronology ]
Re: "Dumb" Items should be offered
All too often, adding a simple off switch to the network hardware breaks their crappy inbuilt DRM system. And therein lies the problem.
[ link to this | view in chronology ]
Space Rocket
There was a saying that if NASA waited to perfect orbital space vehicles until they were relatively safe, then we never would have sent a man into orbit. Early space travel was inherently risky, and some paid the ultimate price along the way.
A similar thing seems to be happening now, where there is a race to build tech products and then sell them. Code the app now, launch and then sell it, but then fix the privacy/security problems later. Except that for most products, later never arrives.
Putting a product security bond onto the each sale might provide a financial incentive for companies to work on that security before it's too late. If the company secures the product, and proves to continue to be secure after some amount of time, then the company gets its money back. If hackers beat them to it, then the bond money goes to consumers, or perhaps to whatever agency is left cleaning up the mess.
[ link to this | view in chronology ]
Re: Space Rocket
NASA was just a mile-thick hair more careful than that. The risks involved with spaceflight engineering were frequently unknown (and yes they also did some bonehead-stupid things).
IoT producers (and a lot of code-pokers and admins) keep ignoring the basic stuff we've known for 30 years, and even longer.
So no, not buying the comparison.
[ link to this | view in chronology ]
Re: Space Rocket
The astronauts knew the risks that they were taking, as they were very involved with the development of vehicles and techniques. The public is not aware of the risks, and are caught out by being sold shiny things that do more that they are told about.
[ link to this | view in chronology ]
Re: Space Rocket
The security bond idea is interesting, like a public bug bounty program. But I expect it wouldn't accomplish its intended purpose for the same reason IoT security is so lackluster now: the vast majority of consumers don't care.
Maybe put it the other way, a company can apply for a security investment, if they can show their security is reasonable and working for a certain time they get to keep the money. If not then they have to pay it back and some of it goes to the person/group who demonstrated the flaws. This way a business is incentivized to pay attention to security, and can even use that to build public trust with their consumers.
[ link to this | view in chronology ]
Anonymity = Privacy
[ link to this | view in chronology ]
Did…did you seriously compare the social consequences of speech to the Nazi-led anti-Jewish pogrom that is widely regarded as the precursor to the Holocaust? I mean, I’ve seen some ridiculous Godwinning in my time, but that damn near takes the cake.
[ link to this | view in chronology ]
Re:
This is the same guy who read the first post on the Greenhouse and thought "This must be another "Orange Man Bad!" forum". The display of irrationality is confusing, but unfortunately not surprising.
[ link to this | view in chronology ]
I think one solution is making data hungry companies pay individuals for said data.
So, in terms of a tech solution required, all tracking beacons would need a way to send payment and identification to those being tracked.
Different forms of tracking could cost different amounts. Or heck, let's use the google model. Companies can bid for our data in real time. Up to individuals if the offer is good enough to warrant a click and subsequent payment.
This could, as an incentive to advertisers, and be a way to get more accurate information about us all, too. Take away the AI and guessing. We'll just tell your directly. For a fee.
[ link to this | view in chronology ]
Re:
I am not so sure handing financial account information to every website I visit is a good idea. There is a whole lot of information exposed by careless companies and to trust the majority of them would be insane.
Now, if we first made the Internet secure, it might be a different story. But I have been told that because security was not a part of the original design that it is impossible now.
We could suggest that a new Internet/World Wide Web be started that is secure, and over time migrate from what we have now to the secure one. While I believe that is feasible, it probably isn't practical, and getting everyone to agree to do this would be a major, major chore.l
[ link to this | view in chronology ]
Snail mail!
Refinement to proposal: all payments must be sent by US Postal mail to physical addresses.
The idea of writing gazillions of checks for $0.0003 and mailing them should cause profit-seekers to pause before harvesting.
Needless tracking ended! Privacy restored! US Mail saved! (and it isn't even 10:30 EDT)
[ link to this | view in chronology ]
Stop framing the issue as being about personal privacy. That immediately elicits the 'nothing to hide' response and the characterisation of the people complaining as weirdos and deviants. The problem is not inconsequential intrusions into individuals’ privacy – it is the consequences of powerful actors accumulating extensive, detailed personal information on entire populations – and the corrupt arrangement where they think that that information belongs to them.
The issue is information ownership and the power of data (which is just refined information) to manipulate and control individuals, groups and entire societies.
Stop pretending that the problem is primarily government. The line between the state and corporations is invisible when it comes to societal mass surveillance. They are in a symbiotic relationship that is harmful to everyone else.
The problem is the business models of the organisations funding this project. Targeted advertising is intolerable. The data theft business models of the organisations funding this platform is intolerable.
[ link to this | view in chronology ]
Balancing Rights and Responsibilities
I hope that this discussion as well as future ones take note of both rights and responsibilities. It seems the latter is all too often muted.
[ link to this | view in chronology ]