A lot of people are interested in your data, data about where you are, what you buy, what you search for and talk about, what you are doing right now, who you communicate with and how often, and what you are likely to do or want next. Right now there are weak laws with largely ineffective enforcement, especially were cybercriminals and governments are involved. There is potential danger to you in this big data. There are some encouraging sectors: financial with PCI DSS and health care with HIPAA are getting better at protecting your data.
We are in the information age. I suspect at lot more money is made dealing with information than dealing with hard products. Most financial transactions are actually about information, not currency. Companies, criminals and governments collect information because information is power and, in all cases, except governments, correlates to money.
Jaron Lanier has an interesting article in the November 2013 Scientific American “How Should We Think about Privacy?” Dr. Lanier is a computer scientist at Microsoft Research and probably best known for his work with virtual reality. One of his points: the information a company collects from you should not be free.
If the information a company collects about you brings the company money, than that information is essentially part of that company’s raw material. And, like steal or corn or other commodities and intellectual property it should have a cost to the company. Right now, Google, Amazon, utility companies and the myriad other companies who collect your data do not pay anything to get your data. Why don’t we treat personal data like any other intellectual property: you own it, and you get to decide who gets to use it at what price.
The important point is that last sentence is “use.” Let anybody or any organization collect anything they want. The weird techie walking by you with a helmet cam can take your picture and store it in the Cloud for free. But if he looks at it, publishes it in any form, or uses it even as a statistical data point in some study, he should have your permission and pay you.
So Google can collect anything it wants about what you do around Google. But if it uses that information to place an ad on a search results screen for you, or a friend of yours, it should have to pay you. After all, your information is enabling Google to make money from placing that ad.
If you buy a product from a brick-and-mortar store or its on-line presence, then that store shares in the ownership of the data about that transaction. It can freely use it, for example, for inventory control, product-ordering predictions, sending you recall or safety information about the product, and other uses directly related to that company or that product. However, if it wants to sell that information to another company, it should have to pay you in order to do that.
We clearly have the technology to make this work. We could allow individuals to set prices for specific types of information (email address, browsing or search history, age, facial image, email and phone meta-data or content, utility usage, library book checkouts, and maybe another dozen or so categories) and penalize companies monetarily for failing to pay you appropriately and promptly. It wouldn’t be any harder than setting your Facebook privacy options.
With the appropriate settings, you could go from a lot of privacy to a small stream of money, probably enough for that extra cup of latte each week.
These laws would provide another attack point on cybercriminals, much like the RICO laws gave the government a financial attack point for organized crime. Plus, the government should be compelled to follow the same laws. If the NSA wants the data from a library, Verizon, or Amazon, NSA would have to buy it, and the seller then would have to pay you. If NSA wants to collect your email messages, let them. If they look at them, either manually or electronically, then they drop some pennies in your PayPal account for each email. If they wanted to be secret and not let you know they were looking at your information, they simply pay everybody.
This makes the usage of your personal data a business decision for companies and government agencies. Is the information they get worth the price?
If you do not believe that the US government is at least collecting everything they can about you and your business, consider that for the past couple of years there has hardly been a single month where we have not learned that the government has deliberately lied to us about what information they are collecting and what they are doing with that information. You should at least consider that the government is lying anytime they deny doing something.
While the news lately has been about the NSA, there is a whole set of alphabet soup government and government monitored private agencies that also collect your private information, from transportation systems, the IRS and state taxing authorities, E-ZPass and equivalent toll road transceivers, utility companies, and insurance companies.
The last word:
A friend recently sent me a link to a Gizmodo article on how companies are encrypting your data. It has an interesting chart that compares 17 companies from Amazon to Yahoo! Only four are green all the way across (Dropbox, Google, Sonic.net, and SpikerOak). Others are not doing a very good job at adopting appropriate encryption best practices to protect your data to and from its servers and between its data centers.
Keep your sense of humor.