“CALLER ID POSES INVASION OF PRIVACY” blared the headline of a 1990 op-ed in the Chicago Tribune by law professor Jeffrey M. Shaman. In the piece, Professor Shaman argued that the newfangled technology for displaying phone numbers of incoming calls “may have disastrous consequences,” including deterring people “from calling crisis centers that deal with suicide, rape, child abuse or AIDS for fear of having their identities revealed.” He also warned that “psychiatrists, doctors, social workers and lawyers will not be able to return emergency calls from home… Victims of domestic violence will not be able to call spouses or their children…People will be discouraged from making anonymous calls to the police to report crime.”
Civil libertarians and privacy advocates also sounded the alarm about the dangers of knowing the phone numbers of incoming calls. Deborah Ellis, the legal director for the American Civil Liberties Union (ACLU) of New Jersey, said “banks and other lenders could use the service to discriminate against callers from poor areas.”Others questioned the motives behind the companies deploying the new technology. Marc Rotenberg, then-director of the Computer Professionals for Social Responsibility, said, “This is a case of a company that has a great deal of personal information making money exploiting the sale of that information without the consent of the phone subscriber. Three years ago if a phone company employee had talked about selling someone’s phone number to a business, they would have been fired.”
The apocalypse was nigh, and the fifth Horseman was… Caller ID.
None of these worries came to pass, of course. Telephone systems added the ability to block Caller ID on a per-call basis by dialing *67 before the phone number, heading off most of the potential privacy harms. As for the greedy telephone companies, it is now common for phone contracts to bundle Caller ID into the standard service price at no additional cost.
Many new technologies go through this “privacy panic cycle” (e.g., RFID tags, cameras, loyalty cards). It often begins with advocacy groups — such as the Electronic Privacy Information Center (EPIC), the Center for Democracy & Technology (CDT), Access Now, and others — feeding the natural tendency of media outlets to exaggerate the risks associated with a new technology because audiences love negative news (“if it bleeds, it leads”). As the frenzy escalates, headlines start to declare that the sky is falling. Then, despite the Chicken Little omens, fears begin to diminish over time as reality sets in. The cycle ends — not with a bang, but a whimper — as consumer appreciation of the new technology or service proves the deciding factor in its ultimate widespread adoption.
Privacy Fundamentalism Is a Moral Panic
Sources: Privacy indexes: a survey of Westin’s studies; Choice Architecture and Smartphone Privacy: There’s A Price for That; and Would a privacy fundamentalist sell their DNA for $1000 … if nothing bad happened as a result? The Westin categories, behavioral intentions, and consequences
“Privacy” is not a term that anyone uses in a negative way. Like money or liberty, it is good by definition; more is better, less is worse. But humans have a multiplicity of values and differing hierarchies — more privacy is not always better when it comes at the expense of another good. That’s what makes privacy scholar Alan Westin’s privacy segmentation index (PSI), which categorizes people’s privacy attitudes as “pragmatists,” “fundamentalists,” or “unconcerned” a useful tool in peering through the often-hysterical nature of the public debate surrounding privacy.
Contrary to the popular narrative, most Americans do not place a high value on their privacy for non-sensitive information, such as purchasing habits or online browsing histories. (However, people do value keeping sensitive information such as health or financial records private.) In surveys over the last few decades, about 50 to 65 percent of Americans are privacy pragmatists, meaning they continually evaluate the trade-offs associated with sharing private information, and make decisions on a case-by-case basis. To be clear, this does not mean they’re all reading the legalese in privacy policies — they simply use heuristics to make disclosure decisions.
Source: Pew Research Center
Roughly 10 percent of Americans are privacy unconcerned, which Westin quipped as willing to “give you any information you want about their family, their lifestyle, their travel plans, and so forth” for a 5-cent discount. In one experiment, the vast majority of participants were willing to reveal their monthly income to a video rental store in exchange for a one euro discount on a DVD (without the discount, about half still shared this private information in exchange for no benefit). A different study found that most subjects would happily sell their personal information for just 25 cents, and almost all of them waived their right to shield their information.
The remaining 25 to 35 percent of Americans are privacy fundamentalists — those with an ideological commitment to privacy, claiming they would never trade their privacy for economic benefits (even if they often do in practice). This group also wants stronger privacy laws to prevent companies from acquiring anyone’s personal information.
In 2001 testimony before the House Committee on Energy and Commerce, Westin summarized his catalog of research and direct experience with dozens of national privacy surveys going back to 1979 by saying:
American consumers, by large majorities, want all the benefits and opportunities of a consumer service society and of a market-driven social system… We know that a majority of the American public does not favor the European Union style of omnibus national privacy legislation and a national privacy regulatory agency, but when it comes to sensitive information such as financial information or health information, overwhelming majorities are looking to legislative protections to set the rules and the standards for that kind of activity.
According to more recent surveys, not much has changed in the intervening years. As the charts below show, privacy concerns in the United States have, if anything, decreased over time.
Source: National Telecommunications and Information Administration
Source: National Telecommunications and Information Administration
A recent paper in the Journal of Economic Literature summarized the theoretical and empirical research on the economics of privacy, concluding:
Extracting economic value from data and protecting privacy do not need to be antithetical goals. The economic literature we have examined clearly suggests that the extent to which personal information should be protected or shared to maximize individual or societal welfare is not a one-size-fits-all problem: the optimal balancing of privacy and disclosure is very much context-dependent, and it changes from scenario to scenario. [emphasis added]
In the past, privacy fundamentalists and advocacy organizations have relied on the media and our natural predilections to focus on the negative to push a misleading narrative that does a great disservice to evidence-based policy debates. Now, in the ongoing debate over passing prescriptive baseline privacy regulations, they have a powerful new ally: Big Tech.
Big Tech Bootleggers and Privacy Baptists
In 1983, Bruce Yandel, the executive director of the Federal Trade Commission (FTC), wrote an article in which he coined the term “bootleggers and Baptists” to describe regulations that are supported by a coalition with both virtuous and venal interests. In his canonical example, he observed that bootleggers supported laws prohibiting the sale of alcohol on Sundays because they were good for business; Baptists, on the other hand, were in favor of the same laws for moral or religious reasons. This kind of diverse coalition can prove very effective in passing and maintaining welfare-reducing regulations.
When European Commissioner Věra Jourová traveled to Silicon Valley last year to meet with American tech firms, including Google and Facebook, she expected to hear grumbling about the General Data Protection Regulation (GDPR), the European Union’s new baseline privacy law. Instead, she said, “They were more relaxed, and I became more nervous. They have the money, an army of lawyers, an army of technicians and so on.” Compliance with GDPR would not be a problem for Big Tech.
During a recent Senate hearing, Keith Enright, Google’s chief privacy officer, gave a clue as to why that’s the case. He estimated that the company spent “hundreds of years of human time” to comply with the new privacy rules. The Global Fortune 500 will spend an estimated $7.8 billion in compliance costs for GDPR. While these are significant costs to Big Tech, they also represent regulatory barriers to entry for small- and medium-sized enterprises trying to become the next Facebook or Apple.
Big Tech has entered into a “bootleggers and Baptists” coalition with privacy fundamentalist groups to support new omnibus regulations in the United States. Last month, the Information Technology Industry Council — the lobbying group for, among others, Apple, Amazon, Google, Facebook, and Microsoft — released its policy framework which was “inspired” by GDPR and sought to “create alignment with the privacy protections of other privacy regimes across the globe.” In a keynote speech two days later in Brussels, Apple CEO Tim Cook said, “We should celebrate the transformative work of the European institutions tasked with the successful implementation of the GDPR … It is time for the rest of the world, including my home country, to follow your lead.” At the same conference, Facebook’s chief privacy officer said the company would “unequivocally” support an American version of GDPR.
From the perspective of multinational incumbent technology firms, this is the rational position to take on privacy regulation. Since the European market is large and regulatory compliance costs are fixed, it is often more efficient for global corporations to comply with European regulations everywhere than it would be to meet the local regulatory minimum in each market. This phenomenon where Europe becomes the de facto global regulator via market mechanisms is known as the “Brussels effect.” (When this occurs domestically, it’s known as the “California effect”). Incumbents lobbying to spread de jure GDPR-style regulations to other countries is an obvious strategy to prevent would-be rivals from entering the market.
Regulation is among the most effective ways of raising a rival’s cost. Indeed, economists Avi Goldfarb and Catherine Tucker found that smaller and more general websites were hit the hardest in the wake of European privacy regulation in the late 2000s. Evidence from the first six months of GDPR show that Google and Facebook have been winners relative to smaller competitors:
Source: Cliqz
The United States Is Not the Wild West of Privacy
Some have claimed that the United States is the “Wild West of privacy.” This is a curious position considering “
No comments:
Post a Comment