My colleague Jim Harper and I have been having a friendly internal argument about Internet privacy regulation that strikes me as having potential implications for other contexts, so I thought I might as well pick it up here in case it’s of interest to anyone else. Unsurprisingly, neither of us are particularly sanguine about elaborate regulatory schemes—and I’m sympathetic to the general tenor of his recent post on the topic. But unlike Jim, as I recently wrote here, I can think of two rules that might be appropriate: A notice requirement that says third-party trackers must provide a link to an ordinary-language explanation of what information is being collected, and for what purpose, combined with a clear rule making those stated privacy policies enforceable in court. Jim regards this as paternalistic meddling with online markets; I regard it as establishing the conditions for the smooth functioning of a market. What do those differences come down to?
First, a question of expectations. Jim thinks it’s unreasonable for people to expect any privacy in information they “release” publicly—and when he’s talking about messages posted to public fora or Facebook pages, that’s certainly right. But it’s not always right, and as we navigate the Internet our computers can be coaxed into “releasing” information in ways that are far from transparent to the ordinary user. Consider this analogy. You go to the mall to buy some jeans; you’re out in public and clearly in plain view of many other people—most of whom, in this day and age, are probably carrying cameras built into their cell phones. You can hardly complain about being observed, and possibly caught on camera, as you make your way to the store. But what about when you make your way to the changing room at The Gap to try on those jeans? If the management has placed an unobtrusive camera behind a mirror to catch shoplifters, can the law require that the store post a sign informing you that you’re being taped in a location and context where—even though it’s someone else’s property—most people would expect privacy? Current U.S. law does, and really it’s just one special case of the law laying down default rules to stabilize expectations. I think Jim sees the reasonable expectation in the online context as “everything is potentially monitored and archived all the time, unless you’ve explicitly been warned otherwise.” Empirically, this is not what most people expect—though they might begin to as a result of a notice requirement. Continue reading →
Thanks to Adam for the kind introduction; for folks to whom I’m unfamiliar, my Ars Technica archive has the bulk of my tech writing over the past year and change, though plenty of it is straight reporting now well past its expiration date. It’s been suggested that for openers, I crosspost last week’s Cato @ Liberty thumbsucker on behavioral advertising regulation, which riffs on some of the commentary here, but in the interest of avoiding redundancy, I’ll just do the digest version and let the curious click through. Since they say the first day in lockup, you should pick a fight with the biggest mofo in the yard, I’ll excerpt the part where I disagree with Berin a bit:
First, while it’s certainly true that there are privacy advocates who seem incapable of grasping that not all rational people place an equally high premium on anonymity, it strikes me as unduly dismissive to suggest, as Berin Szoka does, that it’s inherently elitist or condescending to question whether most users are making informed choices about their privacy. If you’re a reasonably tech-savvy reader, you probably know something about conventional browser cookies, how they can be used by advertisers to create a trail of your travels across the Internet, and how you can limit this. But how much do you know about Flash cookies? Did you know about the old CSS hack I can use to infer the contents of your browser history even without tracking cookies? And that’s without getting really tricksy. If you knew all those things, congratulations, you’re an enormous geek too — but normal people don’t. And indeed, polls suggest that people generally hold a variety of false beliefs about common online commercial privacy practices. Proof, you might say, that people just don’t care that much about privacy or they’d be attending more scrupulously to Web privacy policies — except this turns out to impose a significant economic cost in itself.
That aside, I want to get down to the more important business of suggesting a TLF theme song: The Magnetic Fields’ sardonic “Technical (You’re So)” (whence the title of this post), in which wordsmith/crooner Stephin Merritt delivers such lines as: “There are no papers on you / The laws don’t cover what you do / You and your think-tank entourage / Are all counterculture demigods” and “You’re a Libertarian / The death of the left was you / You look like Herbert Von Karajan / You live underneath the zoo.” Sure, they’re meant as mockery when Merritt sings them, but then, “queer” used to be a pejorative too. Reappropriation, baby.
Also, rhyming “Libertarian” with “Von Karajan” is the greatest act of poetry in music since Sting paired “He starts to shake and cough” with “the old man in / that book by Nabakov.” Fact.