Privacy – Hindsight makes us wiser: Will we NOW think of privacy from first principles after the Google privacy changes?


Privacy – hindsight is a wonderful thing ..

This week, the rubber hits the road for privacy – with the new Google privacy changes becoming live on March 1. Google’s privacy changes have sparked a Europe wide inquiry. Google is ‘simplifying’ its privacy rules by consolidating 60 policies into a single one.  Users cannot opt out of the new policy if they want to continue using Google’s services. Quietly at the same time, Twitter also makes a major change by selling its archive to marketers. It is now possible for businesses to pay a fee to access all of the tweets written on Twitter going back to January 2010. While individuals can access their own tweet archive for the last 30 days, companies can get individuals’ archives from 2010 onwards (for a fee ofcourse .. ).  Not to be left behind, Douglas Rushkoff says that You are Facebook’s product, not customer

These changes illustrate a fundamental problem.

We do not think of privacy from first principles (we think of privacy only retrospectively).

While Google can ask us to ‘take our data and walk away’ if we want to (The Google funded Data liberation foundation allows you to ‘liberate’ your own data ..)  - it is not possible to do this in retrospect i.e. if you as a customer were told in advance that the service would change dramatically, you may have second thoughts about signing up in the first place.  But having signed up, it is hard to leave and companies know that only too well.

Privacy by design and webinos

For a long time, Ann Cavoukian – the current Information and Privacy Commissioner for the Canadian province of Ontario – has been a lonely voice advocating for Privacy by design (which advocate incorporating privacy from the outset into a new product/service).

A few products like webinos, which I have been working with over the last year, have privacy principles inbuilt into them.

Webinos has been at the forefront of implementing these ideas i.e. how a system could be designed with privacy at the centre (and not as an afterthought).  The User expectations on privacy and security document from webinos  describes three significant contributions: a high level review of the state of the art in user expectations of security and privacy, a detailed model of the context of use of webinos based on the user stories and use cases created in other deliverables, and a high level threat analysis based on this context of use. The context of use model consists of a detailed set of personas, tasks and environment models, aimed at understanding, representing and supporting different stakeholder perspectives throughout the design and development of webinos.  Overall, 18 personas (representing a selection of users, developers and attackers), 10 tasks and their associated environments have been investigated, modelled and validated, together with 6 attack trees representing significant high-level threats to webinos. The webinos security and privacy APIs also give more implementation details

Privacy – the tangible and the philosophical issues

Why are these ideas (implementing privacy from first principles like webinos does) significant now?

After every computing cycle, we become wiser to the strategies of the previous cycle.

In I’m Being Followed: How Google—and 104 Other Companies—Are Tracking Me on the Web – Alexis Madrigal says that the issue is beyond tech:

Most privacy debates have been couched in technical. We read about how Google bypassed Safari’s privacy settings, whatever those were. Or we read the details about how Facebook tracks you with those friendly Like buttons. Behind the details, however, are a tangle of philosophical issues that are at the heart of the struggle between privacy advocates and online advertising companies: What is anonymity? What is identity? How similar are humans and machines?

Thus, we will see more on this subject in terms of philosophy, regulation (ex- EU regulation) and ofcourse technology.

We are just beginning to see the impact of the Google privacy changes in mobile. Alex Hanff, a privacy campaigner from Lancaster has filed a test claim for £400 at the small claims court. He claims Google’s new privacy policy is “a significant infringement of the right to privacy” that cannot be avoided by Britain’s 9.3 million Android users unless they buy a alternative handset. This is because some applications like Android Market cannot be used without a Google account (whose permissions have changed due to privacy regulations).

Perhaps it is time to reconsider privacy and incorporate it from the outset as opposed to treating it as an afterthought

Image source: America explained