I was recently interview about privacy on the BBC Online Magazine by Kate Dailey. Here is the interview:
Could Google’s data hoarding be good for you?
By Kate Dailey BBC News Magazine
Google’s announcement that is now tracking users’ web movements has upset privacy advocates. But consider what you get in return for the information.
With the news that Google is to merge data collected from its many platforms – including YouTube, Gmail and Blogger – privacy advocates say the company will have more information than it should. Even before this change, web users had too little control over their online information, they say.
“Your data is out there,” says Jeff Blevins, an associate professor of communications law and policy at Iowa State University.
“It’s really blind to us. We don’t know what information they have and how they’re using it, and we have no right to access it.”
Web companies use browsing behaviour to paint consumers into boxes, making assumptions about their identities and targeting ads at them. Sometimes users can opt out. But often they are tracked without even knowing it.
Risk and rewardBut one economist says concerns about privacy are misguided – and that having more online is better than having less.
Users are richly compensated for their personal information, says Paul Rubin, a professor of economics at Emory University in Atlanta. In exchange for it, he says, they receive a free and useful internet.
“It makes the internet work much better, in many dimensions.
“If you and I search on the same topic, we may have different interests, if the results are tailored to me and tailored to you, that’s a better experience.”
When the data is used to sell ads, the ads we get are tailored to things we might like, and the profits can work in our favour.
“Sure, Google makes some money, but they use that money to give away all kinds of stuff, like Gmail,” says Mr Rubin.
“My life is on Google,” he says, referring to the calendars, documents and other services Google provides. “It needs to be funded somehow.”
Counterintuitively, having more information available online could better protect consumers from fraud, Mr Rubin says.
A consumer seeking a new credit agreement, for example, currently has to provide information found in the public record, such as current and previous addresses.
Thieves with only an incomplete set of information – say, your name and social security number – can often access those answers.
But with more information online, a clearer picture of who that social security number really belongs to emerges, making it easier for online verification systems to ask more relevant questions, such as recent purchase history.
“The other thing people worry about is ID theft and fraud, but with more information that’s available, it’s easy to verify someone’s identity,” he says.
The information companies collect does not form a personal dossier so much as a collection of data points and assumptions about each user based on their web history. It is kept separate from a name, face, or address.
And as Business Insider pointed out, those Google assumptions can often miss the mark – incorrectly classifying users based on the data available.
That is in part because only computers are handling the sensitive information collected online, Mr Rubin notes.
“People have a notion that if something is known about them somebody knows it,” he says. “In fact, there’s a huge amount of stuff that’s only known by computers.”
He says reputable companies do a good job of making sure that data stays on the servers and out of human reach.
A data stereotype of an individual’s online shopping behaviour can make it easier to flag when that behaviour is out of the ordinary, for instance.
Privacy experts worry that the risks of having too much personal information online far exceed the potential rewards.
“At the moment in the US, there are almost no protections,” says Lorrie Cranor, associate professor of computer science and engineering and public policy at Carnegie Mellon University.
“It would be good to have some baselines established – certain types of data uses that can’t be done. To really make it illegal for companies to go and sell this info to your employer or your insurance company, for instance,” she says.
Social media records can be subpoenaed in legal cases, she said. In 2010, Google sacked an engineer accused of inappropriately accessing Gmail accounts to spy on people.
Currently, it is difficult to determine whether Europe’s strong privacy laws are being enforced, says Jonathan Mayer, fellow at the Center for Internet and Society at Stanford University.
He is part of the World Wide Web Consortium Tracking Protection Working Group, which is drafting rules for what data can be collected, and how, across the web.
“The harm for the moment does not seem to be some particular economic injury that people are out in the wild suffering, but the principal of ‘would you hand your web browsing to a stranger’,” he says.
When it comes to privacy protection, he says he would prefer to err on the side of caution.
“It doesn’t seem to me that we should have to wait for the very bad things that could happen before we let users take control of their data,” he says.