In response to Professor Jonathan Zittrain’s op-ed in The New York Times last Monday about online privacy and open platforms (which Adam thoroughly refuted last week) I have a letter to the editor in today’s The New York Times:
To the Editor: Re “Lost in the Cloud” (Op-Ed, July 20): In discussing the privacy risks that have accompanied the growth of the Internet, Prof. Jonathan Zittrain rightly bemoans the willingness of governments to violate individuals’ privacy rights. Unfortunately, he proposes new legal restrictions that would stifle online innovation while doing little to enhance consumer privacy. Mr. Zittrain proposes a “fair practices law” that would require companies to release personal data back to users upon request. Such a rule may sound workable, but purging specific data across globally dispersed server farms is no simple endeavor. Who is to pay for the implementation of such privacy procedures — especially for free services like Facebook or Twitter that have yet to turn a profit? A better approach to online privacy is to educate users on safeguarding personal information. Ultimately, however, the only foolproof approach to protecting sensitive data online is to simply not disclose it.
To clarify my last point, I don’t think that universal nondisclosure of sensitive data online is necessarily a wise approach to privacy. Rather, my point is that it’s important to remember that transmitting data on the Internet — a very public network — entails some degree of risk, no matter how strong the encryption or how diligent the party at the other end. And free services like Facebook and Twitter are all about making personal information public — they simply aren’t designed to provide ironclad data security or anything remotely resembling it. Other online services, like bank websites or enterprise-grade Web collaborative tools, are able to offer far stronger privacy assurances backed by strong terms of service. Privacy is not a black and white matter. It involves shades of gray, which is one reason why legislation is such an ineffective means of dealing with privacy challenges.