experimentation, stylistic diversity, and growth.
As this book goes to press, the U.S. Federal Trade Commission is proposing a Do Not Track list, modeled after the highly successful Do Not Call list. At first blush, it sounds pretty good: It would set up a single place to opt out of the online tracking that fuels personalization. But Do Not Track would probably offer a binary choice—either you’re in or you’re out—and services that make money on tracking might simply disable themselves for Do Not Track list members. If most of the Internet goes dark for these people, they’ll quickly leave the list. And as a result, the process could backfire—“proving” that people don’t care about tracking, when in fact what most of us want is more nuanced ways of asserting control.
The best leverage point, in my view, is in requiring companies to give us real control over our personal information. Ironically, although online personalization is relatively new, the principles that ought to support this leverage have been clear for decades. In 1973, the Department of Housing, Education, and Welfare under Nixon recommended that regulation center on what it called Fair Information Practices:
• You should know who has your personal data, what data they have, and how it’s used.
• You should be able to prevent information collected about you for one purpose from being used for others.
• You should be able to correct inaccurate information about you.
• Your data should be secure.
Nearly forty years later, the principles are still basically right, and we’re still waiting for them to be enforced. We can’t wait much longer: In a society with an increasing number of knowledge workers, our personal data and “personal brand” are worth more than they ever have been. Especially if you’re a blogger or a writer, if you make funny videos or music, or if you coach or consult for a living, your online data trail is one of your most valuable assets. But while it’s illegal to use Brad Pitt’s image to sell a watch without his permission, Facebook is free to use your name to sell one to your friends.
In courts around the world, information brokers are pushing this view—“everyone’s better off if your online life is owned by us.” They argue that the opportunities and control that consumers get by using their free tools outweigh the value of their personal data. But consumers are entirely unequipped to make this calculation—while the control you gain is obvious, the control you lose (because, say, your personal data is used to deny you an opportunity down the road) is invisible. The asymmetry of understanding is vast.
To make matters worse, even if you carefully read a company’s privacy policy and decide that giving over rights to your personal information is worth it under those conditions, most companies reserve the right to change the rules of the game at any time. Facebook, for example, promised its users that if they made a connection with a Page, that information would only be shared with their friends. But in 2010, it decided that all of that data should be made fully public; a clause in Facebook’s privacy policy (as with many corporate privacy policies) allows it to change the rules
To enforce Fair Information Practices, we need to start thinking of personal data as a kind of personal property and protecting our rights in it. Personalization is based on an economic transaction in which consumers are at an inherent disadvantage: While Google may know how much your race is worth to Google, you don’t. And while the benefits are obvious (free e-mail!), the drawbacks (opportunities and content missed) are invisible. Thinking of personal information as a form of property would help make this a fairer market.
Although personal information is property, it’s a special kind of property, because you still have a vested interest in your own data long after it’s been exposed. You probably wouldn’t want consumers to be able to sell all of their personal data, in perpetuity. France’s “moral laws,” in which artists retain some control over what’s done with a piece after it’s been sold, might be a better template. (Speaking of France, while European laws are much closer to Fair Information Practices in protecting personal information, by many accounts the enforcement is much worse, partly because it’s much harder for individuals to sue for breaches of the laws.)
Marc Rotenberg, executive director of the Electronic Privacy Information Center, says, “We shouldn’t have to accept as a starting point that we can’t have free services on the Internet without major privacy violations.” And this isn’t just about privacy. It’s also about how our data shapes the content and opportunities we see and don’t see. And it’s about being able to track and manage this constellation of data that represents our lives with the same ease that companies like Acxiom and Facebook already do.
Silicon Valley technologists sometimes portray this as an unwinnable fight—people have lost control of their personal data, they’ll never regain it, and they just have to grow up and live with it. But legal requirements on personal information need not be foolproof in order to work, any more than legal requirements not to steal are useless because people sometimes still steal things and get away with it. The force of law adds friction to the transmission of some kinds of information—and in many cases, a little friction changes a lot.
And there are laws that do protect personal information even in this day and age. The Fair Credit Reporting Act, for example, ensures that credit agencies have to disclose their credit reports to consumers and notify consumers when they’re discriminated against on the basis of reports. That’s not much, but given that previously consumers couldn’t even see if their credit report contained errors (and 70 percent do, according to U.S. PIRG), it’s a step in the right direction.
A bigger step would be putting in place an agency to oversee the use of personal information. The EU and most other industrial nations have this kind of oversight, but the United States has lingered behind, scattering responsibilities for protecting personal information among the Federal Trade Commission, the Commerce Department, and other agencies. As we enter the second decade of the twenty-first century, it’s past time to take this concern seriously.
None of this is easy: Private data is a moving target, and the process of balancing consumers and citizens’ interests against those of these companies will take a lot of fine-tuning. At worst, new laws could be more onerous than the practices they seek to prevent. But that’s an argument for doing this right and doing it soon, before the companies who profit from private information have even greater incentives to try to block it from passing.
Given the money to be made and the power that money holds over the American legislative system, this shift won’t be easy. So to rescue our digital environment from itself, we’ll ultimately need a new constituency of digital environmentalists—citizens of this new space we’re all building who band together to protect what’s great about it.
In the next few years, the rules that will govern the next decade or more of online life will be written. And the big online conglomerates are lining up to help write them. The communications giants who own the Internet’s physical infrastructure have plenty of political clout. AT&T outranks oil companies and pharmaceutical companies as one of the top four corporate contributors to American politics. Intermediaries like Google get the importance of political influence, too: Eric Schmidt is a frequent White House visitor, and companies like Microsoft, Google, and Yahoo have spent millions on influence-mongering in Washington, D.C. Given all of the Web 2.0 hype about empowerment, it’s ironic that the old adage still applies: In the fight for control of the Internet, everyone’s organized but the people.
But that’s only because most of us aren’t in the fight. People who use the Internet and are invested in its future outnumber corporate lobbyists by orders of magnitude. There are literally hundreds of millions of us across all demographics—political, ethnic, socioeconomic, and generational—who have a personal stake in the outcome. And there are plenty of smaller online enterprises that have every interest in ensuring a democratic, public-spirited Web. If the great mass of us decide that an open, public-spirited Internet matters and speak up about it—if we join organizations like Free Press (a nonpartisan grassroots lobby for media reform) and make phone calls to Congress and ask questions at town hall meetings and contribute donations to the representatives who are leading the way—the lobbyists don’t stand a chance.
As billions come online in India and Brazil and Africa, the Internet is transforming into a truly global place. Increasingly, it will be the place where we live our lives. But in the end, a small group of American companies may unilaterally dictate how billions of people work, play, communicate, and understand the world. Protecting the early vision of radical connectedness and user control should be an urgent priority for all of us.
