Over the course of writing this book we have been asked many times about how it was to collaborate on this grand production of ours. The next question, of course, was whether we changed our minds about the state of privacy in the age of big data. (And the final question was where we still friends? The answer, unequivocally, is yes.) Within the book, we tried to represent all sides of the privacy debate regardless of where we stood (although we are equally sure that you might be able to discern our opinions on some of the topics). This is our opportunity to share with you our thoughts (singularly as opposed to the all inclusive “we”) on the process and on privacy in general.
Mary and I have been friends and co-workers for a long time. This is our second startup together. It is considered a fait accompli in startup land that a technical founder/CEO (me) and a classically trained VP of Marketing (her), will not get along – but thankfully, in our case it has been a pleasant and fruitful collaboration with both of us learning from each other. So how hard could co-authoring a book be? Pretty damn hard, it turns out. There are the mechanics of the writing process itself, meeting deadlines, matching styles, fighting over different interpretations of grammar rules – Mary is a fan of Strunk & White and I, on the other hand, think e.e. cummings is a god. Then there is the content itself. Privacy, as we mention in the book, is one of “those topics” – as controversial in its way as what my Father called the bar fight trifecta: Religion, Politics and Another Man’s Spouse. (Those three topics when combined with a couple of beers, could be guaranteed to get even the best of friends swinging bar stools at each other with abandon.)
Privacy seems to get people and governments just as riled up but with much broader consequences. For Mary and me, our virtual brawls always seemed to revolve around my adopting two seemingly incompatible positions – a fear of what the erosion of privacy by big data technology could mean and my agreement in the now known to be apocryphal quote by Mark Zuckerberg that “privacy is dead.”
In my childhood, I was a U.S. citizen living in a country with a military dictatorship (Nigeria). I still remember with pride that after my Mom and I were evacuated with the rest of the U.S. women and children in the preamble and during the famously brutal Nigerian Civil War, many of the U.S citizens that remained, including my Father, hid university students and employees caught on the wrong side of the battle lines in their attics and basements.
The war resulted in over two million dead, many from starvation. If the refugees had been found, it is almost certain that both they, and the people giving them sanctuary, would have been killed out of hand. Having seen that tragedy unfold as well as having many close friends who suffered under the surveillance state that was the USSR, has always given me pause and helped to form my approach to digital privacy.
What if something like what happened in Nigeria happened here? In 2011, in any digitized nation, finding those refugees and the brave men that hid them would be simple. Using relatively cheap hardware and readily available commercial analytics software similar to the one sold by my company, finding them would have required nothing more than mashing up several easily available data sources: social media, cell phone transmissions, student, and employee records. Once likely supporters were “found,” you could then correlate them with unusual deviances in power or water consumption or search loyalty card data for increased food or toilet paper purchases to discover their location.
Prior to writing this book, my approach to digital privacy was geared towards keeping as much information off the net as possible and, failing that, to keep it as inaccurate as possible. This struck many of my nearest and dearest as excessive and paranoid. I replied that until they had lived in a country that had been struck by war and understood how quickly things can unravel they would probably never understand. Writing the book changed my view in a couple of interesting ways.
The first is an admittedly defeatist one. I have come to believe that unless you are willing to live completely off the grid with all the inconvenience that it entails, you simply can’t reasonably expect to maintain traditional levels of privacy from your neighbors, let alone your government. It simply can’t be done in our increasingly digitized world. I am not willing to give up Google Maps, Facebook, Groupon, mobile phones, and electronic tax refunds. And whether I like them or not, Internet tracking, DRM, the mashups of public and private data, and high speed analytic software and hardware are here to stay.
The second is more hopeful. Whatever your stance on the correctness of the recent disclosure of US government secrets by WikiLeaks, it has clearly shown that even the world’s preeminent military power is not immune to the transparency-inducing effects of ubiquitous computing. Not only is individual privacy being eroded, but so is big brother’s ability to keep secrets (a friend to corrupt governments, criminals, and dictators throughout human history). Privacy erosion is a subset of secrecy erosion. My sincere hope is that the potential horrors enabled by the former will be outweighed by the horrors prevented by the light of the latter. And since I believe that the chances of our returning to our previous privacy norms is a pipe dream, we should all keep our fingers crossed that I am right.
But just in case I am not, here is one thing to remember from the book: “What happens on the Internet, Stays on the Internet.”
Well, our book is almost done—it’s now in production phase and Terence and I are finished with most of the heavy writing (unless our editor has some additional thoughts!). In terms of time, it really has not been that long since we signed on to do it—less than six months from initial concept to publication date. In terms of thought and brain-power, well now, that’s a very different story!
It has been a long, arduous, sometimes acrimonious (in the nicest possible way, of course) journey. You know, working for a small, privately held company means that even in the best of times, you already have multiple jobs so when you add writing a book on top of those, you tend to get a little fractured. This means that your family and friends may get a wee bit irritated with you because you simply do not have time and even when you do, you are usually talking about some aspect of privacy. So, to all my friends and family, thank you for being so understanding and for reading and reviewing our chapters!
When we started this process, we both thought that we could bring something interesting to the table. Between us, Terence and I represent different genders, different functions (marketing versus über geek/technologist/ceo), and a multitude of ethnicities. We come from very different places and have different worldviews—particularly when it comes to privacy. Although we both talk and blog about the topic a lot, it’s safe to say that each of us has been known to say to the other, “You’re missing the point.” We figured that together, we could pretty much cover the privacy landscape and that our differing views might make for some interesting discussions. And they did.
What I didn’t count on is how writing the book would affect my view of privacy. Now if you follow our blog, you are probably quite familiar where I stand on the privacy debate because I’ve posted about it quite often (see our blog at http://blog.patternbuilders.com/). For those of you not familiar with my views, here’s the short version:
The U.S. needs more comprehensive privacy legislation and its needs to have some significant enforcement teeth.
Anyone who collects and rents/sells personal information must always inform the user and all uses of data should be opt-in only.
Privacy policies should be standardized and anything to do with privacy that is not standard should be explained, including specific third party uses, and offered as an opt-in.
Pretty simple huh? Except that privacy is not a simple topic. It’s complicated and nuanced and there are so many facets to it. Then add in the fact that technology keeps giving us new and different ways to do pretty much anything online and that data has no boundaries but privacy regulations do, and it’s enough to throw up your hands and say, “I surrender!”
I have to admit that when we started the book, I was pretty sure that I knew how it ended. There’s so much of our personal information out there and we know very little about how it’s being used, making the outlook on retaining one’s privacy in the digital world pretty dismal. But I discovered that although the outlook might not be rosy, each one of us has control over what we do next.
It’s a given that our personal information is out there (if you don’t believe me, just spokeo yourself) but we still have control over how much we add to it every time we do something on our Smartphone, iPad, laptop, or fill-in-the-blank-with-your favorite-device. So think about what level of privacy you would like to have online and then start making some decisions on what you are going to do from this day forward (and if you’re happy with the status quo, keeping doing what you’re doing). For me, it’s this:
No Facebook presence—I never had an account and have decided that I never will. And if you think this is just because Facebook is not “great” (to put it mildly) in the privacy department, you’d be wrong. I made a decision long ago to keep my personal life offline (my professional one is pretty much everywhere) and I am sticking to it.
No doing business with companies who have egregious privacy violations—until they clean up their act and prove to me that they are once again on the straight and narrow.
Doing business with companies who toe the privacy line by getting privacy certifications, building privacy into their products, or quickly responding (and fixing) privacy problems (because anyone can make a mistake).
No putting personal photos and videos and anything else “personal” online. Hey, this is not for everyone but it’s a rule I live by (and yes, family and friends give me a hard time about it, but they all do me the kindness of not including me in their Facebook pages, etc.).
Being a privacy activist—if I don’t like what’s going on I am saying something about it on Twitter, on our blog, or in comments. The great thing about the world we live in today is that we can all be heard via social media.
Listen, there are things that we can do to mitigate our loss of privacy from using tools to simply not being so forthcoming online. We can give our business to those we trust looking for privacy seal guarantees (like TRUSTe), or those who commit to a privacy code of conduct, or those who build privacy into their products (Privacy by Design). When companies behave badly, there are penalties that we (not just the courts) can apply—like no longer using a site or revoking our membership. Instead of throwing up my hands in defeat (as in there is no such thing as privacy in the digital world), I am more energized than ever before.
There’s still time for our voices to be heard in this debate and there’s still time for meaningful change but it’s up to us, me, you, and everybody else, to start figuring out exactly what privacy means in the digital age and then how to, in the words of Tim Gunn on Project Runway: “Make it work.”
When we finished the last chapter of the book, Terence and I had a long conversation about where we stood on privacy and I will share with you what I shared with him. Here’s my dream (people looking for a startup idea, please take note): if Microsoft and Dartmouth college can develop PhotoDNA to help remove images of child sexual exploitation from the Internet (this is an amazing story and if you haven’t read about it before, go to that link because it has lots of information), then who’s to say that five years down the road someone won’t be able to come up with personal data DNA which will track where our data is from that point forward (and what it’s being used for) all over the Internet? Then when we give our personal information out we will be able to see exactly what happens to it or in my scenario, pay some company $20/month to be the Equifax version of privacy (as in monitor and alert me when my privacy may have been violated).
Now for those of you who say it will never happen, think about all the devices you now use to power through your life. Many of them did not exist five years ago and most of them did not exist ten years ago. Who’s to say what the privacy landscape looks like in five years? There’s one thing that I am sure of: I’ll be keeping an eye out to see what happens next!