The economics of privacy is, like anything else, a matter of trade-offs… The problem is that people can’t make informed decisions if they don’t know exactly what the trade-offs are. And they’ve proven that they don’t.[From Protect the Willfully Ignorant | Newsweek International Edition | Newsweek.com]
I couldn’t agree more. As it happens, Consult Hyperion is part of a consortium that has just been chosen by the U.K.’s Technology Strategy Board to carry out a research project in this field, trying to find better ways to describe and display privacy so that the consumers and citizens can make informed choices, can negotiate around privacy in a constructive way and can deal more effectively with both corporate and government organisations. The article goes on to make a comparison that I’m not sure is entirely valid: the comparison is between privacy and safety, and the reason I’m unsure about it is because it uses the example of cars, seat belts and accidents — all of which are things that consumers understand and can experience in a way that they cannot with privacy (at least, they cannot until our research project bears fruit!). Anyway, the article says
Car manufacturers let consumers pick engine sizes, color and the fabric on the seats, but not the design of the seat belt. “Consumers lack expertise about seat-belt design and don’t want to invest time learning about it,”… Rather than let people figure out the optimal seat belt for themselves, experts pick a standard.[From Protect the Willfully Ignorant | Newsweek International Edition | Newsweek.com]
Ok, so let’s pick a standard. I vote for… er… hmmm… wait, I’ll get back to you on this.
It may not even be possible to reduce privacy to a simple seat-belt issue, so that people need only fasten their seat belt (ie, run some piece of software or whatever) before browsing. Seat belts are there to mitigate against death or serious injury, either of which is a bad thing. Privacy is not so neat an issue and it is bound with the concept of digital identity, which embraces a spectrum of relationships embodied in different virtual identities with different degrees of disclosure, not a simple black/white, on/off (or alive/dead, for that matter). Perhaps the nearest equivalent might be some kind of “default to minimal disclosure” scheme which, in my mind, is the equivalent of a “default to a secure virtual identity anchored by two-factor authentication” implementation. In other words, make users actively select to do more than minimal disclosure rather than have it happen as a side-effect of merely being on the internet.
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]