Striking the balance between profit and transparency, and why the FTC's recommendations won't be implemented

This is the third post in a series - and I never intended to write a series in the first place.

The first post appeared in this blog, the Empoprise-BI business blog, back on May 14. It was entitled Striking the balance between freedom and privacy, and the other Empoprises rule. It starts by talking about a video of someone being removed from a plane - while another person is repeatedly barking the order "no photos." It then mentions the emerging trend of establishments banning Google Glass in an attempt to protect the privacy of their other customers. I thought that I had hit upon the perfect solution between the conflicting needs of freedom vs. privacy:

So let me present my Empoprises Rule Regarding Recording Freedom and Privacy:

I am allowed to record anything that I want.

No one, however, is allowed to record me unless I say that it's OK.

For some reason, some of you may think that this is not a good rule to apply to society. However, I don't see any problem with it myself. :)

Apparently there were problems with my proposal, which caused me to perform some further research.

This resulted in the second post in the series, which was posted in my tymshft blog. This post, which appeared earlier this evening, was called Freedom vs. privacy – the Federal Trade Commission’s view. It starts by noting how James Ulvog pointed out a teeny tiny little problem with my proposal - it doesn't work if two people adopt the exact same set of rules. The post then looks at a few technological and business issues - how Jesse Stay combined two Google technologies to hack a facial recognition system with Google Glass; how the steps that you use to protect your data are of no value if someone else shares your data; and, finally, how the FTC proposed some guidelines for commercial entities to follow to protect the privacy of individuals. Seth Colaner summarized the FTC recommendations as follows:

The FTC report boils the above down into three short and sweet principles:

1. Privacy by Design: Companies should build in privacy at every stage of product development.
2. Simplified Consumer Choice: For practices that are not consistent with the context of a transaction or a consumer’s relationship with a business, companies should provide consumers with choices at a relevant time and context.
3. Transparency: Companies should make information collection and use practices transparent.

But then I noted that the FTC's recommendations will not be widely adopted. Not because of the tension between freedom and privacy, but because of the tension between profit and transparency.

To illustrate what I'm talking about, I'm going to talk about a particular company that is well known for collecting your data and making money off of it. To remove any bias, I am going to refer to the company as "COMPANY." Now if COMPANY were to implement the three FTC principles of privacy by design, simplified consumer choice, and transparency, then the following message would appear when you use the service. It would not only appear when you sign up for the service, and at regular reminders thereafter, but it would also appear after every single click that you executed on the service.

COMPANY makes a lot of money because of you. COMPANY doesn't make money by charging you a fee; COMPANY makes money by selling your data to other people. Every click that you make on the COMPANY website - and even on the websites of other companies that provide their data to COMPANY - is recorded. This data, when compared with other data, is used to generate a profile of you so that COMPANY, as well as other companies, can sell you services. You have the right to prevent COMPANY from using this information, but we make it really really hard for you to do so because it's not profitable for us. Oh, and by the way, we allow, and encourage, others to enter information about you.

Now some of you have read that paragraph above, nodded your head in agreement, and said, "Yeah, John's right. Facebook would never be as transparent as to publish a notice like that."

Others of you read the paragraph, nodded in agreement, and said, "Yeah, John's right. Google would never be as transparent as to publish a notice like that."

Others of you thought of other companies - MySpace, Twitter, Foursquare, Verizon, AT&T, Walmart, the Lutheran Church Missouri Synod, the Electronic Frontier Foundation, the White House. Frankly, you probably thought about every single website out there.

However, some of you may have been surprised that I included the Electronic Frontier Foundation in this list. "They're the good guys," you say. "They're the ones that reveal when all of the other websites are ripping us off." Well, guess what? The EFF uses your information to make money also. And if you go to the EFF web page, scroll all the way down to the very bottom of the page, click on the words "Privacy Policy," and then scroll halfway down that page, you'll run across this language:

Voluntarily Submitted Information: In addition, EFF collects and retains information you voluntarily submit to us. It is up to you whether to submit information to us, and how much information to provide. If you choose to become an EFF member or otherwise donate to EFF, we ask for your name, email address, mailing address and phone number. For online donors and shoppers, we also ask for your credit card number. We also maintain records of our members' use of the Action Center. If you use the EFF Shop, you are asked to provide personal information, such as a shipping address, necessary to complete your transaction.

Now this should be painfully obvious, but it bears repeating - when you give information to a website - any website - they retain the information for a limited period of time, or perhaps permanently.

And the EFF may collect information about you, and you may not even know it:

Invitees to EFF: If you invite another person to join EFF or take action in one of our alerts, we will ask for that person's name and online contact information. We use this information to contact and, if necessary, remind that person that he or she has been invited to join EFF.

Incidentally, if you're a freedom-loving EFF member and you have an opponent who is a totalitarian evil data hog, here's something that you can do - invite the person to join EFF. Not that I'm advocating this, mind you.

Oh, and by the way, even when you're on the EFF website, sometimes you're interacting with other organizations. In some cases (grassroots campaign service providers, credit card processors), EFF has some level of control over what those organizations do with your data. But that's not true for ALL third-party providers:

EFF's site also provides links to a wide variety of third-party websites, including interactive links to sites like Twitter or mapping services. EFF is not responsible for, and does not have any control over, the privacy practices or the content of such third parties. We encourage users to read the privacy policies of any website visited via links from EFF’s website.

We do occasionally allow our website to interact with other services, like social networking, mapping, and video hosting websites. It is our policy not to include third-party resources when users initially load our web pages, but we may dynamically include them later after giving the user a chance to opt-in. If you believe a third-party resource is automatically loading, please let us know so we can address it.

Now this is the Electronic Frontier Foundation, who has somewhat of a financial interest in supporting the FTC's guidelines of privacy by design, simplified consumer choice, and transparency. And even the EFF buries its disclosures on a page that requires a scroll down, a click through, and a bunch of reading before you discover that even the EFF collects information about you.

What about all of the other companies that are dependent upon a revenue stream, and who have no financial incentive to take steps to protect your privacy - steps that may endanger that financial revenue stream?