Privacy

The Privacy Identity Innovation (pii) conference is THE eclectic gathering of wonks, geeks, and suits. Seattle was lucky to host the third pii  event last week. pii was lucky to score the most beautiful weather Seattle has offered since last September. I was lucky enough to attend and participate. Win-win-win.

I’ll be recapping the pii 2012 conference with Hibe’s Brendan Charles on Tuesday’s #PrivChat (topics here) at 12 pm EDT/9 am PDT. Please join.

A Growing Privacy-Industrial Complex

The theme of my pii lightning talk was a call for balance amidst a growing privacy-industrial complex (slides, video) — a term first coined by Jeff Jarvis last year. The privacy industry is comprised of professionals from legal, compliance, risk, ethics, audit, security, and operations. Since 2000, it has been growing at nearly 50% annually; growth that would make any CEO blush.

Sure, privacy professionals are certainly necessary but hardly sufficient to guide us through this burgeoning era of social media. Their background is often too specialized and too isolated from where technical innovation occurs. Privacy professionals need to be agile across the entire organization and have a strong voice throughout the product lifecycle. Archimedes said, “Give me a place to stand and I will move the earth.” That stand can’t only be in the General Counsel’s office.

Also, as President Eisenhower warned with regard to the military-industrial complex, there’s a risk of survival bias. So, as privacy regulations grow in complexity, more privacy professionals will be needed. For example, how much work has been created to understand and comply with the new E.U. Cookie Directive that can be enforced starting May 26? Why must every privacy nail be hit with a regulatory hammer?

The Pursuit of Balance

The metaphor for my talk, was Da Vinci’s iconic Vitruvian Man. The proportioned body, tender heart, and insightful mind of Vitruvius offers interesting parallels into the struggles we’re facing in the privacy world today.

The technologist is the forceful arms and legs that drive innovation. The humanitarian — philosopher, journalist, economist, anthropologist, economist, and historian — is the heart that tempers the restless drive to innovate. And, it is the mind, which must balance the body and the heart. But balance is not a condition, it’s a pursuit like the one we know from that peculiar Epicurean phrase in the Declaration of Independence: “pursuit of happiness”.

In his 1967 treatise Privacy and Freedom, Alan Westin said: “Each individual is continually engaged in a personal adjustment process in which he balances the desire for privacy with the desire for disclosure and communication of himself to others.” Prescient.

A Balanced Discourse…

Preceding my pii talk was Andrew Keen, whose new book Digital Vertigo, strikes just such a humanitarian chord. Andrew, in his interview with Larry Downes, described today’s technology as a MacGuffin — a literary device that drives the characters but not the plot. He argues that technology is driving us but we need to look through it in order to see where this plot is really going.

The following day, Microsoft’s Marc Davis talked about how we might move from digital feudalism to enlightenment by wrapping personal information in metadata to better control it within the public, joint, and private spheres — a subject I’ve written about here. Marc has proposed an information metadata system to move us into such a digital enlightenment. Might this be a step in the right direction?

Marc challenged my contention that privacy might never be solved (see my comments on the Data Protection panel at ~10:12). Well, even though no one has proven that privacy is an NP-hard problem, I stand by my statement that privacy is very complex because people are complex (and their language is, too).

The discourse also included a lively exchange on Twitter at #pii2012. Check it out.

#pii2012 Final Thoughts

As Larry Lessig taught us, “Code is Law”. And since the law encodes our society’s values, technology’s code and humanity’s values are deeply intertwined. We can’t separate them any more than we can separate our body from our mind from our heart.

pii has proven a great venue for spirited, informed, and respectful debate. Too often, we fall into this gotcha, zero-sum game of ad hominem attacks and scare tactics that does a disservice to the profound journey we’re on. Impassioned argument is the friction that sharpens the ax of progress. If we are to find a wise path forward, this discourse between technologists and humanitarians must continue.

More from Jim Adler
Chief Privacy Officer, Intelius

The difference between European and American privacy approaches is typically framed as E.U. aspiration versus U.S. pragmatism:

• The E.U. views privacy as a source “right of personality” versus the U.S. mosaic of privacy torts;
• the E.U. has comprehensive, federal law versus U.S. spotty, sectoral statutes; and
• the E.U. has spotty enforcement at the nation-state level versus U.S. rigorous enforcement through private right of action, state enforcement through attorneys general, and federal regulation through the Federal Trade Commission.

As Don Cohn has said, “hell on earth is E.U. law and U.S. enforcement.” There’s some truth to these characterizations, but they miss the point. The E.U. and U.S. simply disagree on the priority of two key cultural values, disclosure and discretion — that is, freedoms of the public (i.e., speech, press, assembly) and freedoms of the person (i.e., equal treatment, privacy). We get mired in technocratic detail without recognizing this fundamental cultural difference.

Last week, the European data protection authorities came to Silicon Valley to discuss access and use of online personal data. The clash of values, between rights of the public and rights of the private, could not be more clear. At the Berkeley Law Privacy Forum, Peter Hustinx (European Data Protection Supervisor) said:

“When data have been published or have been shared and it is within your [company’s] power to get them back, you have to make reasonable effort to get the spirit back in the bottle.”

Mr. Hustinx seems to be saying that even if information is published, there’s an obligation to re-cloak it. For example, if two Twitter users get into a heated fight (hey, it happens), and both agree to delete their exchange, Twitter should make “reasonable effort to get the spirit back in the bottle” and delete the tweets. But what if these public tweets are retweeted far and wide? Does Twitter have the obligation to delete them, too? I don’t think so.

What is noticeably absent from this point of view is the public’s right to history, knowledge, and lessons learned. Sure, a public fight often results in public humiliation of the combatants (or at least the loser), and they want to erase the experience from the public record. That’s a mistake. Many of life’s lessons have been learned by witnessing (or sometimes engaging in) playground, barroom, and online fights.

What’s more, the duty to have our public mistakes remembered isn’t just important to our social fabric, it’s a key ingredient to technology innovation. Entrepreneurs aren’t deterred by risking the embarrassment that comes with public failure. To paraphrase famed marketer Geoffrey Moore, please fail publicly so we can learn from your humiliation. We’ll forgive you and thank you.

More from Jim Adler
Chief Privacy Officer, Intelius

This year, Data Privacy Day stretched into Data Privacy Week. I celebrated by participating in a Churchill Club panel on The Collection of Online Consumer Data: The Good, The Bad, and The Unknown. The discussion centered on consumer interest in protecting personal data and the importance of striking the right balance between regulation and innovation. January has been such a busy month for data privacy issues that we had several recent events to noodle…

First, there was the SOPA kerfuffle which resulted in the withdrawl of the legislation. My take here.

Then, in U.S. v Jones, the Supreme Court of the United States decided that the government cannot attach tracking devices to your personal effects, like your car. Expect more privacy cases given the concurrences by Justice Sotomayor and Justice Alito on the reasonable expectation of privacy when third-parties handle your data.

Then, Google announced a new privacy policy which says they’ll be unifying all your information across all Google services, including search, emails, and calendars to deliver more “intuitive” results. The automatic opt-in feature means that the cost of non-participation means dragging yourself back to Yahoo!, bing or *gasp* AOL for email and search. Needless to say, the announcement is causing quite a stir.

Then, as if Microsoft and Google were coordinating, Microsoft Trustworthy Computing released survey data saying that everything you do online from “responding to emails and texts to clicking the ‘like’ and ‘retweet’ buttons on favorite Web pages, uploading photos and making purchases online” contributes to the creation of your online reputation.

Then, the EU proposed a massive overhaul of their data protection laws, which is troubling for a number of reasons. Chief among my concerns is the oversimplification of privacy policies; an attempt to export their privacy regime outside the EU; and their attempt to create a right to be forgotten which could collide with our right to know. The tension between competing values, like disclosure and discretion is something I discussed last summer.

Then, the U.S. Commerce Department and FTC promised two separate communiqués on U.S. privacy policy before February 1st. FTC Commissioner Julie Brill participated in Facebook’s Privacy Day webcast and noted the agency’s continued interest in privacy audits for past offenders like Google and Facebook. Commissioner Brill also called upon data brokers to share personal, public data with consumers and offer them an opportunity to correct or amend inaccurate information. TrueRep, an Intelius service, allows just that—awareness and control of your own public information (more here).

So, we had much to chew on at the Churchill Club event. Check out the video:

The panel was moderated by Jules Polonetsky (Co-chair and Director, Future of Privacy Forum) and featured Nick Bicanic (CEO and Founder, Echoecho Media), Jules Cohen (Director of Online Privacy, Microsoft), Nicole Ozer (Technology and Civil Liberties Policy Director, ACLU of Northern California), Paul Schwartz (Faculty Director, Berkeley Center for Law & Technology, UC Berkeley).

More from Jim Adler
Chief Privacy Officer

It's always refreshing to hear insights from our Chief Privacy Officer Jim Adler. Last week he gave his Accidental Chief Privacy Officer talk at LinkedIn (video, slides).

In his talk, Jim revamped the section on regulation, attempting to deconstruct privacy framing into spaces, players, and consequences. In his words, "the space defines whether we’re engaged in a public, private, or shared experience with players of varying power disparity where consequences can be assessed."

On Wednesday, Jim participated in a panel at pii2011 Venture Forum on Social Sharing and the Data-Driven Economy. The panel was hosted by AllThingsD’s Kara Swisher. Jim was joined by David Glazer, director of engineering for Google+; Roger McNamee of Elevation Partners; and Fred Wilson of Union Square Ventures (video).

Stay tuned for Jim’s talk at the Strata Conference in March on how we might better think about data-use, its benefits and consequences. Thanks for your insights, Jim!

More from Jim Adler

Earlier this week, Intelius Chief Privacy Officer Jim Adler spoke at O’Reilly’s Strata Conference.  His talk, The Accidental Chief Privacy Officer (CPO), discussed how the industrial privacy professional is evolving from a compliance enforcer to a product innovator.  Here are the slides and interview with O’Reilly’s Alex Howard (@digiphile):

Jim Adler interviewed at Strata NY 2011

The key takeaway from the talk (see summary slide) is that the privacy pro is becoming a key evangelist for responsible innovation within fast-moving, high technology organizations. To be successful, four lessons:

1. Innovation is a team sport. Communication is key. So talk and (more importantly) listen to your toughest critics, both inside and outside your organization. They’ll better understand your perspective and you’ll often get great ideas.
2. Build a confluence of influence. Good decisions come from every corner of the business, early in the product cycle. Find the members of any team that are inventive, collaborative, and capable of creating the Reality Distortion Field (used so effectively by Steve Jobs) that’s so vital to disruptive innovation.
3. Be the happy warrior. Innovation, by definition, changes the status quo and makes some people uncomfortable. Engage with them in a constructive, respectful way inline with Graham’s Hierarchy of Disagreement.
4. Find clarity in the confusion. Use math, data, and history to find the clarity within the confusion. Privacy issues are especially difficult. As Jeff Jarvis points out in his new book, Public Parts, even defining privacy is a journey through an Escher maze. Jeff has a great, well referenced chapter on What Is Privacy? that illustrates the perennial struggle we all have navigating the privacy maze.
   
   The good news is that the privacy labyrinth can be traversed with sufficient situational assessment, data analysis, and historical perspective. Then, to remix metaphors, you can be that excited child in the room of manure who finds that elusive pony.

More from Jim Adler, Chief Privacy Officer at Intelius

Earlier this month, Intelius' Chief Privacy Officer & General Manager of Data Systems spoke at the Wolfram Data Summit on what we in the data privacy community might learn from a century’s history of food policy. Here’s his abstract and presentation:

Data is the new medium of social communication and is forcing a healthy debate to define public/private boundaries, fair access, and appropriate use. Like food, social communication (and the data that drives it) is a necessity for humanity’s survival. This talk will discuss the key ingredients to avoid the empty calories.