Stephen Baker

I've been reading Jeff Jarvis' new manifesto, Public Parts. It's a very welcome rebuttal to the concerns of privacy advocates. Jarvis, while making it clear that some of their concerns are warranted, focuses on the other side of our relationships online: sharing with others, and connecting with them.

I wish I had this book when I went on my Numerati book tours, in '08 and '09. I would talk about the future of the data economy, and everywhere I went, people would ask me about privacy. My stock response back then was that in the industrial age, we were regarded as identical dots, or perhaps as vast herds, and now companies were learning to look at us as individuals. Was that necessarily a bad thing?

But Jarvis focuses on the advantages of being public. As those of you who know him might imagine (and I should disclose that we're friends), he dives right in to his blogging and tweeting about his prostate cancer and the havoc that wrecked upon what became his most extraordinarily public part. (Maybe the word I'm looking for is "pubic.") He shows how this communication brought him into contact with people who showered him with friendship and valuable advice. The other side of publicness, of course, is that it brought him more attention and helped to build his brand, no doubt adding more than a few thousand dollars to his advance for the book while also propping up his speaking fees.

Believe me, this is not a criticism. (I'm in the market for some of that magic myself, as I'll describe in later posts.) As Jarvis describes in the sections about media in his book, a key to success is creating a community around a brand. The way to connect with that community is to share valuable or interesting information. Much of the most valuable information we have to offer is in the realm of what used to be known as private. Or even secret. For me, for example, one of the most interesting paragraphs of the book included Jarvis's disclosure of how much he earns as a professor, how much he made on his first book, and the range of his speaking fees. (One # he did not disclose is the dollar advance for this book. I can imagine he may have encountered some resistance there from his editors at Simon & Schuster.)

Some may conclude that Jarvis shares too much detail. So how should he manage that? In the world of old media, as he describes, he might have hired someone to do polling. With those studies in hand, he could calibrate just the right details to disclose about his public parts.

But in the new order, here's how he figures it out. He blogs what he feels like disclosing, or perhaps a bit more. Then he gets feedback. Some people are grossed out. Others love it. If those who object make valid points, perhaps he adjusts. But chances are, they simply stop following him, and they're replaced by others who like what he's sharing. A community grows around his content, just as one has grown around his public-parts role model, Howard Stern.

I'm especially interested in Jarvis' book because I was once considering writing a very similar one. Mine was to be about secrets. But the points were similar. I tried out a few ideas in a 2009 blog post.

Secrets hold great value, far beyond the information they convey. When we tell secrets, we open ourselves to others, and establish trust. We bestow the holder of our secrets with great power—the means to benefit from our secret and to betray us. In that sense, secrets stitch together friendships and alliances, and they tear them apart.

Jeez, now that I dig deeper into Google, I find a similar entry, but directed toward a corporate audience, in a 2005 post on Blogspotting.

What are your secrets worth? Just about every company has had standard practices for decades or longer to protect its secrets. But the rise of blogs, open source, and the networked world should lead them to re-evaluate their secrets, because many of them have stored value. They could be used to forge relationships, either with customers or other companies.

This is all to say that I'm tuned into the subject. It's important and will become more so, and I'm very glad Jeff has written his valuable book.

Data Privacy: the creepy vs. the terrifying

May 26, 2011

At the e-G8 summit yesterday, I got into a little spat over privacy. My point, in a panel discussion, was that there are two different classes of privacy concerns: those that make people feel creepy, and those that terrify them. As technologists and policymakers grapple with the issues, they should focus on the terrifying, I said. We'll get used to the creepy.

This brought a vigorous rebuttal from Mitchell Baker, chairperson of the Mozilla Foundation. She was upset that I appeared resigned to world full of "creepy" privacy invasions, and said that Mozilla, among others, was determined to take measures to help people manage and protect their data. Shouldn't that be the goal?

My point is that our data is already everywhere, much of it beyond our control. Many people find this creepy, but that's the modern life. We are increasingly surrounded by surveillance cameras, which will soon be supplemented by more sophisticated facial recognition software. Our credit cards spill the beans on our purchases. Our telephones describe our movements and social networks, not to mention the words we text and the pictures we send. Our cars are bristling with sensors and computers, and will be reporting on us in ever richer detail. Machinery at the airport sends images of our naked bodies through networks. I could go on and on--and in fact I did in The Numerati. So while it might be a good idea to add controls on Internet browsers or establish tighter norms for advertisers, this doesn't rescue our privacy.

I'll admit: most of the surveillance I describe above doesn't bother me much. Some, however, find it creepy. And this is where I'm likely to get into another argument. I would argue that certain privacy advocates raise these issues of advertiser and cell-phone tracking as fundamental threats to privacy. In doing this, they elevate the creepy to the terrifying. (Now it's true that the advertisers and media companies facilitate this by hiding their practices in unreadable privacy disclaimers.) And this risks distracting people from the most serious risks.

What are those? For me, the terrifying is related more to issues of life and freedom. That's where governments must defend us. Here are three scenarios:

1) The police, after going through your behavioral data, determine that you fit the profile of a terrorist. Your life becomes hell.

2) You're a teacher, and investigators analyze loads of your behavioral data and calculate that there's a 46% chance that you're a pedophile. Do they have a responsibility to share that conclusion with your boss? What then?

3) Insurers mine your data, determine that you have a high risk for a dreaded disease, and cut off your coverage.

Should it bother me that Apple knows where I am?

April 21, 2011

I read these stories that Apple collects users' location data, and I lament: Why do I bother writing articles no one apparently reads! In a BW story in February, 08, I wrote about Sense Networks, and the analysis of vast amounts of user data that they got from cell phone companies.

If you read the coverage and are worried about the disclosure of location data, there are steps to take to keep it private. But I think the great majority of people would rather spill the data than suffer the inconveniences. For starters, any cell phone use leaves a trail of our movements, whether or not we have the map function activated. So drop the cell phone. Second, credit card purchases describe many of our movements. Visa could map my trip to the Midwest last week, even pinpointing the restaurants and bars I visited in Madison, and comparing me and my behavior to the rest of eating and drinking humanity, and placing us all in "tribes."

I was happy to see, as I drove to the Midwest, that EZPass has spread to the Midwest. So now instead of throwing quarters anonymously into bins in Illinois and Indiana, I drove through and the toll booth registered my location. I could go on and on. When writing the Numerati, I concluded that people, while they care in principle about privacy, usually opt instead for convenience and economic savings. I know I do.

Privacy regulations: fear, loathing and AOL

November 10, 2010

My timing was off. I marketed my book on data, the Numerati, when the world economy was collapsing. I should have picked now, when the government appears to be moving to clamp down on online tracking. Looking back, I'd want to beef up the coverage of privacy in the book. But that said, one thing the book makes clear is that data privacy extends far beyond the Internet, into grocery stories, hospitals, EZ pass, cell phone networks, not to mention the cloaked world of counter-terrorisim.

I think it will be next to impossible to draw up legislation that can foster growth and creativity and business on the Internet while satisfying everyone's privacy concerns. This would be tough for an intelligent, highly informed, ethical and far-sighted group of people. I can only imagine what will come out of the U.S. Congress. In the end, I expect some crowd-pleasing gestures, a bow toward opt-in, and then pretty much the status quo. The commercial and security interests in online data are too strong for the government to clamp down too tight.

As I mentioned on a previous post, fears about online privacy create all sorts of market opportunities for companies in the business of selling or guaranteeing privacy. It's the privacy pay-off. And it occurs to me that privacy could be the solution for AOL. It could finally give the struggling service, after a lost decade, a raison d'etre.

Imagine if AOL rebranded itself as the place for privacy. The site could provide all sorts of tools for people to control their data, institute stict opt-in policies, have clear information at every juncture about the risks, the opportunities and the choices. AOL could be special. And I'm betting that other portals would hurry to catch up. This is a better strategic option than folding into Yahoo.

Yahoo could do make the same privacy play, of course. But I sense that Yahoo is still too big and unwieldy. AOL, with its legacy as a wall-garden, has a better chance.

8 comments [view]

Please take my privacy poll

September 24, 2010

I have a poll running on the SmartDataCollective site. It's about privacy. Please visit. It'll take about 10 seconds (though you're welcome to stick around and explore the blog).

Here are the three options:

1) Privacy advocates are exaggerating the dangers. Some of them are real, but the industry will get a grip on them.

2) Personal privacy is under siege, and the industry is not paying enough attention to the issue.

3) Privacy as we once knew it is finished. People and companies will have to come up with new definitions of it for the data age.

Should I have framed the questions differently? Is there a fourth option, Other, that you would have checked? If so, what would you say?

***

I've been head-down writing my book of late. Yesterday I took a train up to Boston for lunch with my editor and meetings at MIT. The first eight chapters of the book are due a week from today. I've got one more to write, and quite a few revisions to make in others. Once those chapters are in, I'll start working on the last four, though I'll have to deal with revisions on the first eight as I do. This is a highly crunched process.

37 comments [view]

The coming privacy boom

August 17, 2010

A piece I posted on SmartDataCollective last week:

A year ago, at a cover meeting at BusinessWeek, I proposed a big story: The Privacy Pay-off. The idea was that tracking and other data surveillance would spark a reaction: People would fear for their privacy. And this would create all sorts of business opportunities, the privacy pay-off.

It sounded like a plausible idea to the editors. So I went off hunting for companies cashing in on this expanding new market. I figured that certain advertisers would seek competitive advantage by offering privacy guarantees. I hoped that at least a couple would transform their privacy statements, changing them from unreadable legalese into a clear and compelling promise. Someone, somewhere had to be turning privacy statements into marketing tools.

I also talked to the research divisions of major tech companies. They had to be developing technology to help individuals manage and defend their privacy in a data-driven world.

Long story short: I did lots of research, and I never found the cover story. Sure, I picked up threads of it. EMC's Mozy service, for example, offers cloud-based data storage with military-grade encryption. It costs more than, say, Google Docs. That's the privacy premium. Researchers at Microsoft, HP and IBM were coming up with new filters and tools. I learned about data records that "aged," vanishing after six months or a year. That Viagra receipt you might not want marketers to see would go poof. A hint of privacy pay-off? Perhaps.

This new market requires awareness, and feeds on fear. Last week's Wall Street Journal series on privacy, which carried some provocative headlines, provides a dose of that. And now I see that others are pointing to the market potential for privacy. Jeff Jarvis agrees with me. Fred Wilson does too. Wilson, a VC, holds investments in Twitter, Foursquare, and other start-ups built on publicness (Jarvis' word). And yet Wilson says:

"There are business opportunities in privacy-related services...The challenge is to get someone [whether business or consumer] to pay $2-$10 dollars per month to ensure that sort of premium privacy."

As I researched my doomed story, I saw two mass-market data economies taking shape. One, the free economy (embodied by Google), provides users with near limitless services free of charge, and in return asks only for their data. It gains intelligence from that data, which supports its advertising business. The privacy policy in this free economy is simple: Trust us.

The second (and far smaller) data economy is built upon distrust. If you place your private data--your clickstream, your finances, health records, kids pictures, your location, social network--onto the networks, people will take advantage of you, harm you, spill your secrets, steal from you. So pay a privacy premium and stay safe. This is the policy companies have been following for decades, and now outfits like Mozy are offering these services to individuals.

I'm still grappling with the question of why the privacy payoff is taking so long to materialize. I think it has a lot to do with two basic factors. First, people tell pollsters they care about privacy. But they also like free stuff and hate to pay premiums, especially in a down economy. Second, despite all the fears about privacy, people have reason to share lots of their data. Far beyond gossip, there's a value to it. It connects people to friends, answers, insights, business opportunities. For proof, look no further than the half billion folks on Facebook, or at Fred Wilson's thriving portfolio. Even cookies serve a useful function. (Erase them and you'll go crazy typing passwords to visit Web sites.)

Yes, I still believe the privacy pay-off will come. Turning privacy policies into marketing opportunities seems like a no-brainer. Smart filters will sell. But given the power of the free and public data economy, I suspect the privacy-wing will remain a niche market. In BusinessWeek lingo, a six-column story, not a cover.

When it comes to tracking customers, few match the Wall Street Journal

August 4, 2010

Advertisers who track user behavior online always put in this qualifier: It's anonymous. In other words, they track a Web surfer who seems interested in new cars or romantic movies, but not the specific person. In its latest in a series on data tracking, the Wall Street Journal today reports that this anonymity is "in name only." New technologies can come close to zeroing in on the person with just a smattering of data. Peter Eckersley, staff scientist at the Electronic Frontier Foundation, a privacy advocacy group, says, 33 bits on a person is enough.

Yet the Wall Street Journal, a vigorous customer tracker itself, doesn't have to go to all that trouble. A reader, Mark Naples, pointed out in an email that the Journal, one of few media outlets with a pay-wall, collects personally identifiable info online and has the ability to marry it with the behavior data scooped up with cookies.

Another commenter on this site, Michael Sandora, details the same points on his blog, Indigestion. The difference between most data trackers and the Wall Street Journal, he writes, is this:

To a data tracker, I am a cookie number interested in bluegrass music, jam-bands, Star Wars, Indiana Jones, and reading about digital media.

To the Wall Street Journal’s subscription service, I am Michael Sandora, email address: msandora@thisnotmyemail.com, credit card number ####-####-####-####, bluegrass listener, Star Wars fan, and digital media follower.

What's more, the Journal's privacy policy, dating from 2008, reserves the right to share this valuable trove with "other select companies to send you promotional materials about their products and services (that is, unless you've told us not to do so...)

I subscribe to the Journal, use their site, and really don't have problems with their blending my behavioral data with the personally identifiable stuff. I don't mind targeted advertising. And as someone who has lived off of advertising in media my entire career, I want journalism to find a funcional business model for the Internet age. But if the Journal is going to write a series on data privacy, they should pay more than passing attention to the practices of their own company.

366 comments [view]

Privacy loses every time

August 2, 2010

Monday morning, and before I'm finished my first cup of coffee, I see two stories about the fall of privacy. First, the United Arab Emirates is shutting down Blackberry data services in their corner of the Arabian Peninsula because they can't evesdrop on the heavily encrypted messages. Next, I see in the Wall Street Journal (behind firewall) that the advertising side of Microsoft, in 2008, fought back a plan that would have thwarted cookies (as a default setting) in the the Internet Explorer 8.0 browser. How could Microsoft sell ads, they argued, with a browser that keeps advertisers from learning about the Web-surfing patterns of their potential customers?

Both the UAE and Microsoft have reasons to do what they're doing. The UAE is an oasis of relative freedom in a region that's short of it. People of all nationalities work in Abu Dhabi and Dubai. I was there last March. You meet Filipinos, Indians, Kenyons, Europeans, Moroccans. It's a regular UN. No place would be easier for Al Qaeda to do banking, organizing, bombing. You can even drive to the UAE from Yemen (though Google maps,for one reason or another, isn't able to give me the directions). I'm sure this move by the government angers many in the country (not least the Blackberry subscribers), but there's a defensable national security argument for it. It's at least as solid as the reasoning behind the 2001 Patriot Act in the U.S.

Microsoft also had its reasons not to interfere with cookies. It had to do with the profits in its online business, which struggles mightily against Google, among others. Given the choice between contracts from paying advertisers and appreciation of privacy-loving and non-paying Web surfers, they went with the bucks.

And that's my point. Privacy almost always loses. People say they care about it, but most of us are really like the UAE and Microsoft. Given a choice between the promise of security and privacy, we usually opt for security. (We march like sheep through the scanners at the airport, letting them oggle and grope us, and we even tolerate it when they snap, NO JOKES!)

At the same time, most of us drop our privacy concerns in a snap to save $5 at the supermarket, with a customer loyalty card, or five minutes at a toll booth. What's more, if we really cared deeply about privacy on the Internet, more of us would ditch Web mail, enable privacy browsing on our computers (and go to the trouble of typing a lot more passwords). And we'd heave the biggest surveillance machines, our cell phones, into the nearest gutter. I, for one, choose not to.

What's this all mean? We have hand-me-down notions of privacy that don't really fit our modern machines, networks and lives. In coming years, we'll see that some invasions of privacy (like cookies, in my opinion) are largely abstract. But we'll find others that are all too real. (I fear them in areas of police and medical surveillance.) For now, though, privacy loses, just about every time, to economics and promises of safety.

7 comments [view]

Smart systems, dumb ones, and privacy

July 11, 2010

Everywhere I talk about the Numerati, I find people worrying about the erosion of personal privacy. This post is about the flip side of that fear, about living in a world run by systems that don't know us, that are dumb and fixed in their ways. In short, this is about the world we've been living in for the last century or so.

A couple days ago, we received a copy of our credit report. The amount of wrong information was startling. We lived for years in Paris, France. The credit report has it as Paris, Texas. And it misunderstood the address of my office in Mexico City for someplace in Ohio. These are not the smart systems that cause so much concern. These are the dumb computers we've been living with for decades. They're clueless, and their misunderstandings cause all sorts of problems extending far beyond the world of credit.

These old computer systems do not know us. They treat us like dots and place us into groups (often based on misreading of our data) and then they use rules to manage us. Living under these formal systems and their kissing cousins, bureaucracies, some of us nurse the illusion of privacy.

The way I see it, we're going to be managed by machines, one way or another. We cannot build logistics for seven billion people on face-to-face interactions. So the question is whether we want those systems running our lives to know us, and to be (relatively) smart. Or do we stick with the clueless status quo?

I'm for smart systems. I want Amazon to know my book tastes, the bank to give me loans based on my personal record (and not my general profile), most junk-mailers to understand that I would never buy what they're selling, the electricity company to hitch me to a smart grid. I could go on and on. Privacy? Yes, it can be a problem, and we'll figure out ways to deal with it. But these dumb formal systems are for the birds.

The payback of "publicness."

May 25, 2010

I see that my friend Jeff Jarvis, author of BuzzMachine.com and What Would Google Do?, has a contract for a new book, Public Parts, on living a public life. Here's how he describes it:

In Public Parts, I’ll argue, as I have here, that in our current privacy mania we are not talking enough about the value of publicness. If we default to private, we risk losing the value of the connections the internet brings: meeting people, collaborating with them, gathering the wisdom of our crowd, and holding the powerful to public account.

I agree that we have to rethink our hand-me-down ideas on privacy. Every secret that we keep has a value, and an opportunity cost. By keeping it private, we forego the connections we can make by sharing it, and the information and contacts people can potentially add to it. Jeff's prostate cancer, which he has written about a lot, is a case in point. If he had kept it to himself, his readers wouldn't have learned some of the details that would embarrass most of us. But Jeff would not have benefitted from the advice and know-how of hundreds of his readers and online friends.

If we bring business into the picture, and start to piece together a cost-benefit analysis, Jeff's openness led to a major story by Steven Johnson in Time Magazine, a radio session with Howard Stern, and lots of other exposure. This couldn't have hurt when Jeff and his agent were negotiating his advance with HarperCollins for his next book. So "publicness" can help to build a personal brand. If you count lost opportunities, keeping certain secrets can cost money. (Conversely, there is information that we routinely used to share, such as commercial preferences, which now can be used to target us with advertising campaigns and phone spam. So we have to rethink our secrets in both directions.)

In any case, here's one point where I think Jeff should tread carefully. In his writings, he often uses himself as the guinea pig. That's natural. It's what bloggers do. But Jeff's risk-reward ratios, when it comes to publicness, are not like most people's. He's an excellent and well-known writer and a brand. When he blogs about his indignities, it makes waves--and creates bankable opportunities.

The networked world he is operating in, however, works on the curve of a power law. He doesn't just get twice or five times as much attention as another person who chooses to go public online. He might get 100, 1,000 or 10,000 times as much attention. That's how power laws work.

So while "publicness" pays off for Jeff, the same rewards are not likely to reach most people who write openly about traditionally private stuff. There can be payoffs for them as well. They can make friends, gain support and insights. But their ratios are different.

28 comments [view]