I’ve been quite depressed to witness Bruce Schneier’s ongoing conversion from opponent of government intervention in the high-tech economy (at least on encryption) to vociferous proponent (at least in terms of privacy regulation). Anyway, his latest cheerleading piece for government privacy regulation in The Wall Street Journal includes lots of fear-mongering about private website data collection for, God forbid, purposes of trying to better target advertising and market us products we might actually want.
Schneier uses the term “deceptive” several times in the piece to refer to privacy policies that don’t make it explicitly clear that some of the information you leave on a site, or that is collected preemptively by them, will be used to craft more targeted marketing efforts. Like many other would-be privacy regulators, Schneier seemingly wants companies to fly blimps over your desk as you surf the Net with big signs that basically say: ‘Hey stupid, your info may be used to market you stuff.’ It’s hard to be against more disclosure, of course — and most sites spell out what they do with data in their privacy policies — but it never seems to be good enough for most privacy advocates, who paint consumers out to be mindless sheep who cannot be trusted to make wise decisions for themselves. Sorry, but I just don’t buy it.
Specifically, I think there’s a pretty easy solution to the concern Schneier articulates about cloud computing when he says:
Cloud computing services like Google Docs, and social networking sites like RealAge and Facebook, bring with them significant privacy and security risks over and above traditional computing models. Unlike data on my own computer, which I can protect to whatever level I believe prudent, I have no control over any of theses sites, nor any real knowledge of how these companies protect my privacy and security. I have to trust them.
Huh? Why do you just “have to trust them”? How about just not using those services?! Or, use privacy self-help solutions when possible to manage your privacy preferences. And for God’s sake Bruce, you wrote the definitive textbook on cryptography! How about using encryption if you’re so concerned about who might be collecting your data online??
Meanwhile, Schneier doesn’t bother telling us what economic engine is going to power the Internet economy going forward once the privacy regulations he favors get on the books and make targeted advertising and data collection a federal crime. Should we expect all these free Internet sites and services to just fall like manna from heaven? Again, while the supposed harms from private data collection are largely conjectural, the harm to the Internet economy from heavy-handed, top-down privacy regulations would be all too real. As we always say here, there is no free lunch.