The Tech Policy Greenhouse is an online symposium where experts tackle the most difficult policy challenges facing innovation and technology today. These are problems that don't have easy solutions, where every decision involves tradeoffs and unintended consequences, so we've gathered a wide variety of voices to help dissect existing policy proposals and better inform new ones.

Our First Greenhouse Topic: Privacy

from the let's-try-something-new dept

For decades the internet has flourished on the back of innovation, creativity, adaptation, and hard work. But while this technological revolution spurred no limit of incredible inventions, services, and profit, a drumbeat of scandals have highlighted how privacy and security were often a distant afterthought ? if they were thought about at all.

Years later and the real cost of this apathy has become clear. We now face a daily parade of deeply entrenched privacy headaches impacting a web of interconnected industries and institutions ? for which there are no quick fixes or easy answers.

Enter the Tech Policy Greenhouse: a new policy forum we?re hopeful will bring more nuance, collaboration, and understanding to a privacy conversation frequently dominated by simplistic partisan bickering, bad faith arguments, and the kind of ideological ruts that can result in bad solutions, no solutions, or missing the forest for the trees entirely.

When it comes to privacy and security, the penalty for our collective failure couldn?t be more obvious.

The global internet of things sector routinely fails to adhere to even the most basic security and privacy standards, resulting in hackable internet-connected Barbies, refrigerators, and tea kettles. Experts note these devices collectively create a form of “invisible pollution” that is easily ignored, but that routinely puts consumers, businesses, and the health of the internet at risk.

Corporations and governments alike repeatedly leave sensitive data unencrypted and openly exposed in the cloud, often failing to implement basic security measures despite ample warning. Avoidable hacks, breaches, and leaks are now a weekly affair, as are “historic” but performative government penalties that neither compensate victims nor seriously deter further malpractice.

The monetization of every last shred of location, behavior, and data has become a multi-billion dollar industry where safeguards or meaningful oversight are often lacking. As a result, sensitive behavioral data is routinely abused by everyone from law enforcement,to those pretending to be law enforcement, with the first casualties often the most vulnerable among us.

All of these problems require intelligent, multi-stakeholder collaboration built on the understanding that every solution has immense ramifications, there is no shortage of bad actors eager to derail effective consensus, and each and every action routinely results in unforeseen consequences.

The country?s privacy issues are also inextricably linked to other problems that the United States has failed to address, from the rampant monopolization and consolidation caused by mindless merger mania, to the slow but steady erosion of meaningful antitrust oversight. The rise of one of the biggest global health threats in a century has only complicated the debate further, shining an even brighter spotlight on existing problems, while creating entirely new challenges in balancing public health and public privacy in the mass surveillance era.

As we stumble collectively in the right direction, the Tech Policy Greenhouse hopes to reboot a conversation in dire need of a constructive fresh start. Over the next few weeks, you’ll be hearing from a diverse chorus of activists, scholars, executives, and experts who will be tackling what they deem the most essential issues of the day. Kicking things off tomorrow will be Oregon Senator Ron Wyden, historically and repeatedly one of the leading DC voices for meaningful privacy reform.

Intelligent privacy policies and solutions won?t be easy to come by, and perfect proposals are likely impossible. But we?re eager to create a platform that can help drive policy makers toward better decision making, and we?re hopeful you?ll be part of the conversation.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Our First Greenhouse Topic: Privacy”

Subscribe: RSS Leave a comment
26 Comments
Bruce C. says:

Re: Optimization problems...

Well, you have several competing factors that can change the definition even among individuals. For example, one person may want to minimize all data gathered about them and is willing to pay hefty subscription fees to buy that privacy, another might be unwilling to pay, but is willing to put up with ads completely irrelevant to them.

So the question isn’t how to define "privacy", it’s how to define the factors that contribute to privacy (or lack thereof) and allow stakeholders, whether online or offline, to identify how important each factor is to them. Are you willing to give up cash to keep your privacy? Or would you like to get paid by companies in exchange for letting them track you to the n-th degree? What are the trade-offs between public records access for things like knowing the lobbyists and officials that interact with each other vs. the legitimate concerns about things like doxing?

Anonymous Coward says:

Re: Re: Optimization problems...

Privacy is also context-dependent. For example, on Facebook you’re supposed to use your real name. Many are comfortable with that but others are not. You can also decide whether your email address is shared with connected apps. Again, some are comfortable with that and others aren’t. For these two cases the "comfortable with that" sets are not necessarily the same.

Directly related to privacy is "personal identifying information", or "PII", such as address and date of birth. Some people, myself included, hoard this information like precious jewels and don’t want anyone to have it. For me it is private data but that is not a universally held stance.

Tracking cookies are another whole area that doesn’t inherently have access to any of your PII or other private data but does a fantastic job of tracing your every move on the net. Most people think of that as an invasion of privacy and hold similar views about ALPRs and cell tower connection records.

Defining "privacy" is fraught with peril. In the end the definers will have to weigh the requirements of the public against the desires of corporations and government to find a balance that doesn’t piss off corporate lobbyists and still affords privacy to individuals. Personally I’m hoping that leans heavily toward the latter.

Anonymous Coward says:

Re: "Dumb" Items should be offered

Really this is a symptom of the anti-circumvention provisions of the DMCA that the peverse business model of subsidizing sold hardware is possible while a logical niche (selling a lobotomizer or a lobotomized refurbishes) are illegal because they involve bypassing their shitty "security" to make devices actually secure.

Koby (profile) says:

Space Rocket

There was a saying that if NASA waited to perfect orbital space vehicles until they were relatively safe, then we never would have sent a man into orbit. Early space travel was inherently risky, and some paid the ultimate price along the way.

A similar thing seems to be happening now, where there is a race to build tech products and then sell them. Code the app now, launch and then sell it, but then fix the privacy/security problems later. Except that for most products, later never arrives.

Putting a product security bond onto the each sale might provide a financial incentive for companies to work on that security before it’s too late. If the company secures the product, and proves to continue to be secure after some amount of time, then the company gets its money back. If hackers beat them to it, then the bond money goes to consumers, or perhaps to whatever agency is left cleaning up the mess.

Anonymous Coward says:

Re: Space Rocket

NASA was just a mile-thick hair more careful than that. The risks involved with spaceflight engineering were frequently unknown (and yes they also did some bonehead-stupid things).

IoT producers (and a lot of code-pokers and admins) keep ignoring the basic stuff we’ve known for 30 years, and even longer.

So no, not buying the comparison.

Celyxise (profile) says:

Re: Space Rocket

The security bond idea is interesting, like a public bug bounty program. But I expect it wouldn’t accomplish its intended purpose for the same reason IoT security is so lackluster now: the vast majority of consumers don’t care.

Maybe put it the other way, a company can apply for a security investment, if they can show their security is reasonable and working for a certain time they get to keep the money. If not then they have to pay it back and some of it goes to the person/group who demonstrated the flaws. This way a business is incentivized to pay attention to security, and can even use that to build public trust with their consumers.

tz1 (profile) says:

Anonymity = Privacy

However Facebook outed many transitioning transgenders, but Zuck wrote a huge check to the gay pride parade promoters so their float was allowed.

Facebook has a “real names” policy, but that means the privacy violation goes deeper. There can be no privacy because your name can easily be linked (by facebook if no one else), and “people you may know” will include you even where you might not want it to be. Another example was a teacher that had a nightlife – under two different identities.

I don’t think you can fence things. The lady in central park with the dog was doxxed and is now “on leave”. Comply or lose your job? A virtual windowed Kristallnacht?

This is another reason for the divide in our country. If you are open and willing to discuss, instead of a rational argument you will be attacked, doxxed, hacked, demonitized, and deplatformed.

But this is a simple metric for privacy. Can you freely express any opinion, or any legal activity, and not be in danger of this.

tz1 (profile) says:

Anonymity = Privacy

However Facebook outed many transitioning transgenders, but Zuck wrote a huge check to the gay pride parade promoters so their float was allowed.

Facebook has a “real names” policy, but that means the privacy violation goes deeper. There can be no privacy because your name can easily be linked (by facebook if no one else), and “people you may know” will include you even where you might not want it to be. Another example was a teacher that had a nightlife – under two different identities.

I don’t think you can fence things. The lady in central park with the dog was doxxed and is now “on leave”. Comply or lose your job? A virtual windowed Kristallnacht?

This is another reason for the divide in our country. If you are open and willing to discuss, instead of a rational argument you will be attacked, doxxed, hacked, demonitized, and deplatformed.

But this is a simple metric for privacy. Can you freely express any opinion, or any legal activity, and not be in danger of this.

cgrotke says:

I think one solution is making data hungry companies pay individuals for said data.

  • it would cut into profits, and slow the addition of new players
  • it would make people aware of all of the tracking, since each vendor would be paying
  • we’d all get rich if we opt in
  • opt in and out boxes would be more apparent

So, in terms of a tech solution required, all tracking beacons would need a way to send payment and identification to those being tracked.

Different forms of tracking could cost different amounts. Or heck, let’s use the google model. Companies can bid for our data in real time. Up to individuals if the offer is good enough to warrant a click and subsequent payment.

This could, as an incentive to advertisers, and be a way to get more accurate information about us all, too. Take away the AI and guessing. We’ll just tell your directly. For a fee.

Anonymous Anonymous Coward (profile) says:

Re: Re:

I am not so sure handing financial account information to every website I visit is a good idea. There is a whole lot of information exposed by careless companies and to trust the majority of them would be insane.

Now, if we first made the Internet secure, it might be a different story. But I have been told that because security was not a part of the original design that it is impossible now.

We could suggest that a new Internet/World Wide Web be started that is secure, and over time migrate from what we have now to the secure one. While I believe that is feasible, it probably isn’t practical, and getting everyone to agree to do this would be a major, major chore.l

cgrotke says:

Re: Re: Snail mail!

Refinement to proposal: all payments must be sent by US Postal mail to physical addresses.

The idea of writing gazillions of checks for $0.0003 and mailing them should cause profit-seekers to pause before harvesting.

Needless tracking ended! Privacy restored! US Mail saved! (and it isn’t even 10:30 EDT)

Anonymous Coward says:

Stop framing the issue as being about personal privacy. That immediately elicits the ‘nothing to hide’ response and the characterisation of the people complaining as weirdos and deviants. The problem is not inconsequential intrusions into individuals’ privacy – it is the consequences of powerful actors accumulating extensive, detailed personal information on entire populations – and the corrupt arrangement where they think that that information belongs to them.

The issue is information ownership and the power of data (which is just refined information) to manipulate and control individuals, groups and entire societies.

Stop pretending that the problem is primarily government. The line between the state and corporations is invisible when it comes to societal mass surveillance. They are in a symbiotic relationship that is harmful to everyone else.

The problem is the business models of the organisations funding this project. Targeted advertising is intolerable. The data theft business models of the organisations funding this platform is intolerable.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
Older Stuff
12:04 SOPA Didn't Die. It's Just Lying In Wait. (5)
09:30 Demanding Progress: From Aaron Swartz To SOPA And Beyond (3)
12:00 How The SOPA Blackout Happened (3)
09:30 Remembering The Fight Against SOPA 10 Years Later... And What It Means For Today (16)
12:00 Winding Down Our Latest Greenhouse Panel: Content Moderation At The Infrastructure Layer (4)
12:00 Does An Internet Infrastructure Taxonomy Help Or Hurt? (15)
14:33 OnlyFans Isn't The First Site To Face Moderation Pressure From Financial Intermediaries, And It Won't Be The Last (12)
10:54 A New Hope For Moderation And Its Discontents? (7)
12:00 Infrastructure And Content Moderation: Challenges And Opportunities (7)
12:20 Against 'Content Moderation' And The Concentration Of Power (32)
13:36 Social Media Regulation In African Countries Will Require More Than International Human Rights Law (7)
12:00 The Vital Role Intermediary Protections Play for Infrastructure Providers (7)
12:00 Should Information Flows Be Controlled By The Internet Plumbers? (10)
12:11 Bankers As Content Moderators (6)
12:09 The Inexorable Push For Infrastructure Moderation (6)
13:35 Content Moderation Beyond Platforms: A Rubric (5)
12:00 Welcome To The New Techdirt Greenhouse Panel: Content Moderation At The Infrastructure Level (8)
12:00 That's A Wrap: Techdirt Greenhouse, Broadband In The Covid Era (17)
12:05 Could The Digital Divide Unite Us? (29)
12:00 How Smart Software And AI Helped Networks Thrive For Consumers During The Pandemic (41)
12:00 With Terrible Federal Broadband Data, States Are Taking Matters Into Their Own Hands (18)
12:00 A National Solution To The Digital Divide Starts With States (19)
12:00 The Cost Of Broadband Is Too Damned High (12)
12:00 Can Broadband Policy Help Create A More Equitable And inclusive Economy And Society Instead Of The Reverse? (11)
12:03 The FCC, 2.5 GHz Spectrum, And The Tribal Priority Window: Something Positive Amid The COVID-19 Pandemic (6)
12:00 Colorado's Broadband Internet Doesn't Have to Be Rocky (9)
12:00 The Trump FCC Has Failed To Protect Low-Income Americans During A Health Crisis (26)
12:10 Perpetually Missing from Tech Policy: ISPs And The IoT (10)
12:10 10 Years Of U.S. Broadband Policy Has Been A Colossal Failure (7)
12:18 Digital Redlining: ISPs Widening The Digital Divide (17)
More arrow