To get real privacy in the online world, we need to get the tech horse in front of the policy cart.
So far we haven’t done that. Let me explain…
Nature and the Internet both came without privacy.
The difference is that we’ve invented privacy tech in the natural world, starting with clothing and shelter, and we haven’t yet done the same in the digital world.
When we go outside in the digital world, most of us are still walking around naked. Worse, nearly every commercial website we visit plants tracking beacons on us to support the extractive economy in personal data called adtech: tracking-based advertising.
In the natural world, we also have long-established norms for signaling what’s private, what isn’t, and how to respect both. Laws have grown up around those norms as well. But let’s be clear: the tech and the norms came first.
Yet for some reason many of us see personal privacy as a grace of policy. It’s like, “The answer is policy. What is the question?”
Two such answers arrived with this morning’s New York Times: Facebook Is Not the Problem. Lax Privacy Rules Are., by the Editorial Board; and Can Europe Lead on Privacy?, by ex-FCC Chairman Tom Wheeler. Both call for policy. Neither see possibilities for personal tech. To both, the only actors in tech are big companies and big government, and it’s the job of the latter to protect people from the former. What they both miss is that we need what we might call big personal. We can only get that with personal tech that gives each of us power not just resist encroachments by others, but to have agency. (Merriam Webster: the capacity, condition, or state of acting or of exerting power.) When enough of us get personal agency, we can also have collective agency, for social as well as personal results.
We acquired both personal and social agency with personal computing and the Internet. Both were designed to make everyone an Archimedes. We also got a measure of both with the phones and tablets we carry around in our pockets and purses. None are yet as private as they should be, but making them fully private is the job of tech. And that tech must be personal.
I bring this up because we will be working on privacy tech over the next four days at the Computer History Museum, first at VRM Day, today, and then over next three days at IIW: the Internet Identity Workshop. We have both twice every year.
On the table at both are work some of us, me included, are doing through Customer Commons on terms we can proffer as individuals, and the sites and services of the world can agree to.
Those terms are examples of what we call customertech: tech that’s ours and not Facebook’s or Apple’s or Google’s or Amazon’s.
The purpose of customertech is to turn the connected marketplace into a Marvel-like universe in which all of us are enhanced. It’ll be interesting to see what kind of laws and social effects follow.*
But hey, let’s invent the tech we need first.
*BTW, I give huge props to the EU for the General Data Protection Regulation, which is causing much new personal privacy tech development and discussion. I also think it’s an object lesson in what can happen when an essential area of tech development is neglected, and gets exploited by others for lack of that development.
Also, to be clear, my argument here is not against policy, but for tech development. Without the tech and the norms it makes possible, we can’t have fully enlightened policy.
I found the image in this search for cart & horse images that were free to use .