April 27, 2010

These fillips turn four years old this week. This event calls for the well practised trick of peering into the future by gazing in the mirror of the past.

Studying how scare stories become successful, John Kay provides us with a providential guide (*). Indeed most media view eprivacy negatively, as the target of many threats, rather than positively, as a source of sustainable markets.

John Kay's criteria is as simple as it is clear-eyed. "Successful promotion of a scare requires that some interest group benefits". While interested readers may look up his column for his original examples, it is quite instructive to apply his statement to eprivacy.

Historically ID theft was the first cause of concern in our Information Age. Not that we ignore earlier debates. But in their famous analysis of privacy (1), two centuries ago, Samuel Warren and Louis Brandeis themselves observe how "necessary [it is] from time to time to define anew [its] exact nature". The rise of the Internet amply justifies we try again.

Having slowly dawned on us over the past ten years, the ID theft scare supplies the perfect illustration to John Kay's criteria. Obvious preventive measures, such as forbidding credit reporting agencies to sell consumer data to third parties without first clearing each transaction with the consumer concerned, would only benefit consumers, an amorphous interest group, while destroying the business model of credit report agencies.

An all too real scare whose victims are powerless becomes a wonderful opportunity for creating pseudo cures. Today ID theft has spawned a new multi billion dollar industry. With delicious irony, the abettors themselves, i.e. the credit bureaux, sell credit reports to consumers either directly, to help them monitor any spurious activity after the fact, or through the intermediary of companies whose consumer database have been compromised. Independent entrepreneurs too have rushed to broaden the spectrum of palliative remedies, some with the potential for aggravating the disease.

So forget turning our data rights into sustainable markets. Eprivacy infringements more easily leads to sustainable scares. If ID theft is any indication, we can expect no real solution either to the maturing scare about personal profiles accumulated by data aggregators, from Google to Facebook. Short of physical violence, a Love Canal disaster (2), a car made to kill (3), no "dramatic tipping point" seems likely to ever stir the law maker or empower the regulator to overcome the forces of pronaocracy.

When finding a real solution to a real scare does not create a good enough economic opportunity, John Kay predicts "public concern [...] soon fades". The only hope then arises when the perpetrator itself has even less economic power than its victims and can be targeted by an appropriate lawsuit. Fickle public opinion may find itself relayed or replaced by the slow grind of the wheels of justice and the persistence of a specific victim.

In the United States especially, governments, administrations and other public employers are such suitable targets, no pun intended. Amy Harmon reports how Arizona State University is settling with the Havasupai Indians for having reused "their blood samples [...] to study many other things" besides the original goal of understanding their high rate of diabetes (**). Adam Liptak continues to follow the US Supreme Court case of the police department of the City of Ontario (CA) "reading sexually explicit text messages sent by an officer on a department-issued pager" (***).

While these are but tactical squirmishes in the global eprivacy wars, they can progressively weaken the corporate interests which profit from the violation of our data rights. Imagine if the collection of personal data were to be restricted to what justified it in the first place, e.g. the fulfillment of a specific commercial transaction or a single search request. Imagine the payment of a fee by a user to some telecommunication operator gave one's electronic messages the protection granted to regular mail in all civilized countries against "reading" by third parties with material access.

Still we must not forget that the public is often asking companies to take advantage of them. The recent financial crisis in the US has shown how this phenomenon can lead to explosive bubbles. Like mortgages, even subprime ones, many objective reasons makes information sharing useful and attractive. But danger lurks in the reckless abandon with which some indulge in double-edged instruments promoted by interested third parties.

Brad Stone tells us "Amazon.com [is] wary of [...] Blippy's idea of letting consumers post everything they bought" (****). A thieve can only be scared to learn its designated marks may fall for the confidence trick of gutsier competitors. When "Mark Brooks wants the whole web to know [how he spends his money]", if enough imitators let Blippy "access [...] their Gmail accounts [to look for purchase] receipts", this undercuts no less than two lucrative data conversion businesses, one practiced by Google with Gmail and one planned by Mastercard based on credit card records

Mentally blocking what will happen when the personal data bubble bursts, we cannot but chuckle watching thieves compete among themselves.

Could free competition also enable the emergence of real solutions to the privacy scare? Both the business model and the technology exist. Still such an event would be a true revolution. The bubble behavior which surrounds data sharing greatly enhances the difficulty of overcoming the economic power of companies which profit from the scare, according to John Kay's sober assessment, whether they create the risk or live from its existence.

Perhaps a more partial revolution will happen in special contexts which annihilate both obstacles.

Parents of middle school children do not share the same infectious enthusiasm as their progeny for online promiscuousness while US Congressmen may resist any campaign money offered by companies abusing underage consumers. A solution which truly eliminates spam without having to expose the confidential content of email messages to a censor might have a chance due to lack of opposition.

Similarly compagnies may start rethinking their corporate email system. Future prosecutors have little present economic power. And since, in any future litigation, discovery over an employer's email archives risks unveiling statements by careless employees which prove incriminatory in hindsight, the benefit of monitoring their exchanges may pale next to the protection granted by true confidentiality combined with automatic deletion. If not Fabulous Fab himself, at least Goldman Sachs must find its crafty craftsman's sudden worldwide fame a bit of "a monstruosity [sic]". As Gillian Tett puts it (*****), "another week, another bout of email embarrassment" and she was not speaking of the corruption of English with Gallic spelling.

As our data rights are an obvious area calling for more regulation, one should not forget the power of populism especially once a bubble has burst. It would not be the first revolution led by mobs and exploited by opportunistic leaders as Carl Hulse's portrayal of "Senator Charles E. Schumer of New York" illustrates (******). To avert handing a bludgeon to would be challengers, US senators known for past favors to dominant economic powers implicated in the bubble may find themselves free to turn against their former protégés as eagerly as bankers against cherished clients.

Timing when bubbles burst is notoriously difficult. In an earlier fillip, I suggested a fourth scenario for an eprivacy revolution. No more "dramatic tipping point" than a compromised health related database leading to a series of patient wrongful deaths caused by corrupted medical profile data.

Whatever the scenario, I will continue to write for revolutions in the name of eprivacy.

Philippe Coueignoux

• (*) ............ How our leaders get to grips with a scare story, by John Kay (Financial Times) - April 21, 2010
• (**) .......... Tribe Wins Fight to Limit Research of its DNA, by Amy Harmon (New York Times) - April 22, 2010
• (***) ....... Justices Get Personal Over Privacy Of Messages, by Adam Liptak (New York Times) - April 20, 2010
• (****) ..... Too Much Information? Hah! Sharing All Online Is the Point, by Brad Stone (New York Times) - April 23, 2010
• (*****) ... E-mail howlers bring murky credit business out of shadows, by Gillian Tett (Financial Times) - April 26, 2010
• (******) . A Friend to Wall St., Suddenly Quiet, by Carl Hulse (New York Times) - April 23, 2010
• (1) see the right to privacy by Samuel Warren and Louis D. Brandeis (1890)
• (2) see Love Canal in the wikipedia, about the poisoning of an entire neighborhood newly developed over polluted land
• (3) see examples in Unsafe at any speed, Ralph Nader's classic about manufacturing cars without regard to safety