Computers, Privacy & the Constitution

The Faustian Bargain

-- By AlexeySokolin - 12 Mar 2013

Just Trust Me

Many of the "free" consumer web services are not free at all. Users give up their data and the data of their network in order to use the software. This trade is done without much awareness, particular thought or attention. The web service company, in turn, sells that data to advertisers and other entities whose purpose is not always aligned with the consumer. This bargain has become the ecosystem of the web. Our generation is largely disinterested in the consequences, and few are working to change the equation.

Given the recognition that data is valuable, and is a form of currency, new companies have emerged to rewire the economic benefit away from the Facebooks of the world to, potentially, the people. They are still involved in the business of selling and buying data, but shift the onus on the consumer to decide how that transaction is managed. From a normative point of view, it is dangerous to even put the option of selling personal data on the table, since we can not know the consequences at the time of sale. Yet to change the situation we must start somewhere--at the least, in this permutation, the consumer becomes aware of her data and what the bargain actually entails. To highlight the dangers, we must expose them.

A New Hope

A few companies have sketched the outlines of an exchange, where a consumer has her data and then chooses whom to sell it to, and how to apply its economic value. Most such companies are in early stages. Instead of paying consumers upfront, the companies host merchants that can provide discounts, offers, and upgrades. Take Enliken, which helps people understand what data they already sell, helps them capture it, and then monetize it. Another such company is DataCoup, which focuses on the idea that a user can better negotiate for the value of her data then a middleman. A third permutation on the theme is Chime.in, which is a personal social network founded by Bill Gross of Overture. It shares the revenue from selling our data with us: fifty percent for being complicit in exposure to advertisers. If we can't beat them, the Chime.in will have us join them.

The idea of the exchange, bypassing third party data collectors, requires a lot of work on both building the consumer and advertiser part of the network. These companies are unlikely to gain fast traction. Another permutation on the theme are "Personal Data Lockers". This is a central account where people store information about themselves, accessible across devices. Using such a service is a large privacy risk and it remains to be seen whether (1) the security technology can be respectable, and (2) the incentives of the companies to meaningfully protect customers are there. One example is Personal, a young company that wants to store our financial, education, and health records -- in addition to all of our passwords. In exchange, the company builds a layer of security and privacy to be controlled by the user. Alignment of interest is closer than with that of Facebook. Still, the risk is obvious. A free software version of the same is called the Locker Project and is under active development. Once the data is collected in one place, we are a quick hop away from paying people to share it.

But if in addition to controlling the data we are storing it ourselves, and if "sale" occurs in a system of accountability for expiration, so that the availability of the personal data can be temporary as well as situationally limited by use-commitments, we would be closer to what we want than a survey of what people hoping to make money off us are presently thinking about hoping we might accept. We do have to start somewhere, but why not—instead of surveying websites—discuss what the best place to start must be. "What I am talking about is a bunch of self-serving nonsense but we have to start somewhere" is not a particularly attractive bunch of data.

A number of other companies have explored related approaches. These serve as warnings of what will continue to happen to personal data if it is not protected by a robust technology layer.

This, which could be rephrased as above "What I am talking about is noxious but it helps to remind us what we should do something about," isn't a much more attractive coming-attractions sign for some websites you dug up.

A young company called Singly, has developed an API for other apps that pulls personal information from 18+ networks with social graphs (e.g., Facebook, Instagram). Access to the API is sold in a SAAS model and is free under 100 users. As a result, any developer can within hours launch an application that aggregates personal data, with some level of required user authentication, across social networks. The barrier to entry is gone. And although there are no meaningful consumer-advertiser exchanges yet, Exelate and BlueKai do run advertiser-merchant exchanges that show the scale at which our data is commoditized. Each has millions upon millions of accounts of rich data, collected via cookies, bought en masse, and anonymized.

A Penny For Your Thoughts

The sale of personal data will be made to look like a mundane transaction. It will not seem out of the ordinary. It will not provide the consumer a lot of money. It may disproportionately target those of lower income, thereby selling their preferences to advertisers that then effectively drive behavior. Like obesity and broadly failing public education, behavioral bullying via advertising will become just another pressure on America's poor.

There is not much money for the consumer in selling their data, but some will clip the coupon. For example, Enliken only provides $12 per year under its plan, and even that cannot be cashed out and must be redeemed for merchant services, as per the company. A JPMorgan Chase study claimed that a Facebook unique is worth $4 and Google unique is worth $24. At the high end, this statistic tops out at $120. See this article. It pays to be the tech company aggregating millions of users and selling their data; it does not pay to do so yourself unless your really need the money.

The silver lining is that perhaps the data exchange companies will bring awareness to the public at large about how web-services make their money. As a second step, people will compare the value offered against the risks involved, and make an informed opinion against selling their information.

So we can do everything wrong but at least maybe then we will learn what we should be doing instead, and perhaps the web services I've just been advertising might pay me something for driving some eyeballs in their direction?

I think the motto of the revision should be "Dare to be Great, Joanie Caucus." Instead of telling us about a good deal of presently-existing snake oil, tell us what should actually be done, to contribute to solving problems, instead of being better warned about them, or better able to understand the problem after we've made it worse, or some other sophisticated reason for not actually being about solving it.

Other Sources

http://www.dailydot.com/news/enliken-sell-personal-information-data-advertisers http://boss.blogs.nytimes.com/2012/10/02/what-if-web-users-could-sell-their-own-data/ http://www.nytimes.com/2012/02/13/technology/start-ups-aim-to-help-users-put-a-price-on-their-personal-data.html?_r=0 http://www.geekwire.com/2013/enliken/ http://strata.oreilly.com/2011/02/data-is-a-currency.html http://www.technologyreview.com/view/426235/is-personal-data-the-new-currency/ http://www.law.cuny.edu/academics/clinics/immigration/clear/Mapping-Muslims.pdf http://www.slate.com/articles/news_and_politics/explainer/2013/03/harvard_email_search_scandal_can_your_employer_read_your_private_messages.html


You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.

Navigation

Webs Webs

r6 - 14 Jan 2015 - 22:44:39 - IanSullivan
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM