The Online Privacy Lie Is Unraveling

A new report into U.S. consumers’ attitude to the collection of personal data has highlighted the disconnect between commercial claims that web users are happy to trade privacy in exchange for ‘benefits’ like discounts. On the contrary, it asserts that a large majority of web users are not at all happy, but rather feel powerless to stop their data being harvested and used by marketers.

The report authors’ argue it’s this sense of resignation that is resulting in data tradeoffs taking place — rather than consumers performing careful cost-benefit analysis to weigh up the pros and cons of giving up their data (as marketers try to claim). They also found that where consumers were most informed about marketing practices they were also more likely to be resigned to not being able to do anything to prevent their data being harvested.

“Rather than feeling able to make choices, Americans believe it is futile to manage what companies can learn about them. Our study reveals that more than half do not want to lose control over their information but also believe this loss of control has already happened,” the authors write.

“By misrepresenting the American people and championing the tradeoff argument, marketers give policymakers false justifications for allowing the collection and use of all kinds of consumer data often in ways that the public find objectionable. Moreover, the futility we found, combined with a broad public fear about what companies can do with the data, portends serious difficulties not just for individuals but also — over time — for the institution of consumer commerce.”

“It is not difficult to predict widespread social tensions, and concerns about democratic access to the marketplace, if Americans continue to be resigned to a lack of control over how, when, and what marketers learn about them,” they add.

The report, entitled The Tradeoff Fallacy: How marketers are misrepresenting American consumers and opening them up to exploitation, is authored by three academics from the University of Pennsylvania, and is based on a representative national cell phone and wireline phone survey of more than 1,500 Americans age 18 and older who use the internet or email “at least occasionally”.

Key findings on American consumers include that —

• 91% disagree (77% of them strongly) that “If companies give me a discount, it is a fair exchange for them to collect information about me without my knowing”
• 71% disagree (53% of them strongly) that “It’s fair for an online or physical store to monitor what I’m doing online when I’m there, in exchange for letting me use the store’s wireless internet, or Wi-Fi, without charge.”
• 55% disagree (38% of them strongly) that “It’s okay if a store where I shop uses information it has about me to create a picture of me that improves the services they provide for me.”

The authors go on to note that “only about 4% agree or agree strongly” with all three of the above propositions. And even with a broader definition of “a belief in tradeoffs” they found just a fifth (21%) were comfortably accepting of the idea.  So the survey found very much a minority of consumers are happy with current data tradeoffs.

The report also flags up that large numbers (often a majority) of U.S. consumers are unaware of how their purchase and usage data can be sold on or shared with third parties without their permission or knowledge — in many instances falsely believing they have greater data protection rights than they are in fact afforded by law.

Examples the report notes include —

• 49% of American adults who use the Internet believe (incorrectly) that by law a supermarket must obtain a person’s permission before selling information about that person’s food purchases to other companies.
• 69% do not know that a pharmacy does not legally need a person’s permission to sell information about the over-the-counter drugs that person buys.
• 65% do not know that the statement “When a website has a privacy policy, it means the site will not share my information with other websites and companies without my permission” is false.
• 55% do not know it is legal for an online store to charge different people different prices at the same time of day.
• 62% do not know that price-comparison sites like Expedia or Orbitz are not legally required to include the lowest travel prices.

Data-mining in the spotlight

One thing is clear: the great lie about online privacy is unraveling. The obfuscated commercial collection of vast amounts of personal data in exchange for ‘free’ services is gradually being revealed for what it is: a heist of unprecedented scale. Behind the bland, intellectually dishonest facade that claims there’s ‘nothing to see here’ gigantic data-mining apparatus have been manoeuvered into place, atop vast mountains of stolen personal data.

Stolen because it has never been made clear to consumers what is being taken, and how that information is being used. How can you consent to something you don’t know or understand? Informed consent requires transparency and an ability to control what happens. Both of which are systematically undermined by companies whose business models require that vast amounts of personal data be shoveled ceaselessly into their engines.

This is why regulators are increasingly focusing attention on the likes of Google and Facebook. And why companies with different business models, such as hardware maker Apple, are joining the chorus of condemnation. Cloud-based technology companies large and small have exploited and encouraged consumer ignorance, concealing their data-mining algorithms and processes inside proprietary black boxes labeled ‘commercially confidential’. The larger entities spend big on pumping out a steady stream of marketing misdirection — distracting their users with shiny new things, or proffering up hollow reassurances about how they don’t sell your personal data.

Make no mistake: this is equivocation. Google sells access to its surveillance intelligence on who users are via its ad-targeting apparatus — so it doesn’t need to sell actual data. Its intelligence on web users’ habits and routines and likes and dislikes is far more lucrative than handing over the digits of anyone’s phone number. (The company is also moving in the direction of becoming an online marketplace in its own right — by adding a buy button directly to mobile search results. So it’s intending to capture, process and convert more transactions itself — directly choreographing users’ commercial activity.)

These platforms also work to instill a feeling of impotence in users in various subtle ways, burying privacy settings within labyrinthine submenus. And technical information in unreadable terms and conditions. Doing everything they can to fog rather than fess up to the reality of the gigantic tradeoff lurking in the background. Yet slowly, but slowly this sophisticated surveillance apparatus is being dragged into the light.

The privacy costs involved for consumers who pay for ‘free’ services by consenting to invasive surveillance of what they say, where they go, who they know, what they like, what they watch, what they buy, have never been made clear by the companies involved in big data mining. But costs are becoming more apparent, as glimpses of the extent of commercial tracking activities leak out.

And as more questions are asked the discrepancy between the claim that there’s ‘nothing to see here’ vs the reality of sleepless surveillance apparatus peering over your shoulder, logging your pulse rate, reading your messages, noting what you look at, for how long and what you do next — and doing so to optimize the lifting of money out of your wallet — then the true consumer cost of ‘free’ becomes more visible than it has ever been.

The tradeoff lie is unraveling, as the scale and implications of the data heist are starting to be processed. One clear tipping point here is NSA whistleblower Edward Snowden who, two years ago, risked life and liberty to reveal how the U.S. government (and many other governments) were involved in a massive, illegal logging of citizens’ digital communications. The documents he released also showed how commercial technology platforms had been appropriated and drawn into this secretive state surveillance complex. Once governments were implicated, it was only a matter of time before the big Internet platforms, with their mirror data-capturing apparatus, would face questions.

Snowden’s revelations have had various reforming political implications for surveillance in the U.S. and Europe. Tech companies have also been forced to take public stances — either to loudly defend user privacy, or be implicated by silence and inaction.

Another catalyst for increasing privacy concerns is the Internet of Things. A physical network of connected objects blinking and pinging notifications is itself a partial reveal of the extent of the digital surveillance apparatus that has been developed behind commercially closed doors. Modern consumer electronics are hermetically sealed black boxes engineered to conceal complexity. But the complexities of hooking all these ‘smart’ sensornet objects together, and placing so many data-sucking tentacles on display, in increasingly personal places (the home, the body) — starts to make surveillance infrastructure and its implications uncomfortably visible.

Plus this time it’s manifestly personal. It’s in your home and on your person — which adds to a growing feeling of being creeped out and spied upon. And as more and more studies highlight consumer concern about how personal data is being harvested and processed, regulators are also taking notice — and turning up the heat.

One response to growing consumer concerns about personal data came this week with Google launching a centralized dashboard for users to access (some) privacy settings. It’s far from perfect, and contains plentiful misdirection about the company’s motives, but it’s telling that this ad-fueled behemoth feels the need to be more pro-active in its presentation of its attitude and approach to user privacy.

Radical transparency

The Tradeoff report authors include a section at the end with suggestions for improving transparency around marketing processes, calling for “initiatives that will give members of the public the right and ability to learn what companies know about them, how they profile them, and what data lead to what personalized offers” — and for getting consumers “excited about using that right and ability”.

Among their suggestions to boost transparency and corporate openness are —

• Public interest organizations and government agencies developing clear definitions of transparency that reflect consumer concerns, and then systematically calling out companies regarding how well or badly they are doing based on these values, in order to help consumers ‘vote with their wallets’
• Activities to “dissect and report on the implications of privacy policies” — perhaps aided by crowdsourced initiatives — so that complex legalize is interpreted and implications explained for a consumer audience, again allowing for good practice to be praised (and vice versa)
• Advocating for consumers to gain access to the personal profiles companies create on them in order for them to understand how their data is being used

“As long as the algorithms companies implement to analyze and predict the future behaviors of individuals are hidden from public view, the potential for unwanted marketer exploitation of individuals’ data remains high. We therefore ought to consider it an individual’s right to access the profiles and scores companies use to create every personalized message and discount the individual receives,” the report adds.

“Companies will push back that giving out this information will expose trade secrets. We argue there are ways to carry this out while keeping their trade secrets intact.”

They’re not the only ones calling for algorithms to be pulled into view either — back in April the French Senate backed calls for Google to reveal the workings of its search ranking algorithms. In that instance the focus is commercial competition to ensure a level playing field, rather than user privacy per se, but it’s clear that more questions are being asked about the power of proprietary algorithms and the hidden hierarchies they create.

Startups should absolutely see the debunking of the myth that consumers are happy to trade privacy for free services as a fresh opportunity for disruption — to build services that stand out because they aren’t predicated on the assumption that consumers can and should be tricked into handing over data and having their privacy undermined on the sly.

Services that stand upon a futureproofed foundation where operational transparency inculcates user trust — setting these businesses up for bona fide data exchanges, rather than shadowy tradeoffs.