- Image via Wikipedia
Reading a recent Slate piece by Jack Shafer on threats to our online privacy, I took particular note of the following statement:
The privacy problem is really one of our own making. We’re the ones who surrender the privacy of the contents of our e-mail, calendars, and contacts to Gmail, which then sells ads against those contents.
Shafer’s piece made me consider, specifically, how I feel about the idea of advertisers learning enough about me to tailor their efforts to my apparent interests. After some thought, I decided that, all things considered, I’m pretty much in favor of it. Here’s my reasoning: I’m going to have to look at advertisements anyway (because that’s the price I willingly pay for free access to what would otherwise be expensive information), and I’d rather see ads that interest me than ones that don’t.
For example, I have a very great interest in reggae music and no interest whatsoever in beer. So if the Pressure Sounds record label issues a new collection of 1970s dubplates, I very much want to know about it, whereas if Budweiser creates yet another new variety of light beer, I really couldn’t care less. This means that I’m very interested in seeing advertisements from Pressure Sounds, and I’m really not interested in seeing ads from Budweiser (unless they’re funny, in which case I’m happy to watch them — but Budweiser’s money is wasted in making sure that I do). If Google can help make that kind of targeted advertising happen for me, I’m grateful for it, and letting Google see the contents of my Gmail account is a price I’d happily pay.
But it’s one thing to use Gmail in the full knowledge that Google is going to examine the contents of your email and your calendar. It’s another thing, for example, to access e-books and be unsure whether your online reading behavior is going to be examined in the same way.
This worry is what prompted a large group of individuals and organizations (including ALA, ACRL, ARL, the Electronic Frontier Foundation, and the Center for Democracy & Technology) to write an open letter late last year to attorneys involved in the Google Books settlement, asking them to “to urge Google to include enforceable privacy protections along with the amended settlement agreement.” The letter went on to say that:
. . . the failure of the settlement to ensure that readers using the Google Book Search services will have their privacy protected as much as readers using physical books has been a key concern for many authors, libraries and the reading public.
Now, one has to wonder to what degree this has really been a “key concern” for the “reading public.” But it certainly concerns librarians, and it obviously concerns some authors as well — that same letter goes on to quote Jonathan Lethem as saying that:
. . . now is the moment to make sure that Google Book Search is as private as the world of physical books. If future readers know that they are leaving a digital trail for others to follow, they may shy away from important but eccentric intellectual journeys.
Lethem, and the many other signatories to the letter, are surely not mistaken in thinking that the prospect of imperfect privacy might dissuade some readers from pursuing certain paths of inquiry. But it seems to me that we need to weigh that risk against the benefits of free public access to massive numbers of books that would be otherwise unavailable to all but a privileged few.
It seems pretty clear to me that many more “important but eccentric intellectual journeys” will be made possible by Google’s project than will be discouraged by the theoretical possibility of cybersnooping.
The writers of the letter would probably respond that they’re not arguing against the settlement, only in favor of stronger privacy provisions. But make no mistake: to make the use of Google Books as private as the use of physical books would be impossible. You can walk into a library and take a book down from the shelf, or buy a book in a bookstore, without disclosing anything about yourself other than the fact of your presence and your physical appearance. Accessing the Internet, for any purpose, almost always requires much more personal disclosure — to your home access provider, your employer, your library, or whatever other entity is granting or selling you access. To argue that the Google settlement should only be approved if it includes provisions that make use of the service as private as the use of printed books is, in practice, to argue that the settlement should not be passed.
The letter’s signatories make another error, in my view — they assume that people experienced relatively high privacy in the print realm because they wanted it, and therefore that reducing privacy in the online realm means taking away something that people value. I’m not sure that’s self-evident at all. What is certain is that the print book conferred certain privacy benefits simply by virtue of its disconnectedness from other media; the assumption that those benefits were desired by readers is conjectural.
There’s a way to test the validity of that assumption: let people choose how much privacy they get, and offer them rewards for giving up certain privacy protections. To the degree that they are willing either to give up privacy in return for rewards, or to forego rewards to keep their privacy, we’ll get a better idea of how much people value which kinds of privacy, and in what amounts. (Of course, this only works if people are able to make informed decisions — they need to know up front what the privacy stakes are, or else they won’t actually be making choices.)
Does this approach amount to the commodification of privacy? Absolutely, and as such, it’s business as usual.
In fact, privacy is very clearly a commodity and always has been; all of us trade it, in varying amounts, every day for things we value more. In personal relationships, we trade privacy for intimacy and connection. In commercial relationships, we trade it for the convenience of shopping from home or on credit. We trade some degree of privacy to brick-and-mortar stores in return for discounts or other special deals that come with various kinds of loyalty programs. We trade it to libraries in return for the privilege of using their collections. And the list goes on.
None of this is to say that privacy doesn’t matter. Of course it does, just as accuracy and promptness and patriotism matter. But while it’s essential to recognize the importance of privacy, it’s equally important to recognize that it matters in different degrees depending on context, just as accuracy and promptness and patriotism do. Each of these can be of enormous importance in some circumstances, and in others each can also pale in importance next to other concerns.
What’s the right balance of privacy and access? I think the answer will differ hugely from person to person and situation to situation, and I think all of us should be very wary of anyone who tells us that one answer is always the right one.
Discussion
21 Thoughts on "Privacy, Google, and the Reading Public"
Rick,
Very well argued. I think there is still a case for a categorical “right answer.” If I’m a patron, then I should be able to decide what I disclose about myself to commercial ventures (this is your point about individual rights). But, if the library is acting as my proxy, then it cannot categorically sign away my privacy rights without my consent.
In other words, if the library wants to give me my rights to control my online privacy, the default must be strict privacy. There is no middle ground.
Hi, Phil —
I don’t think there’s a librarian in the world who would disagree!
Rick
And as a librarian, Rick, you therefore support the need for categorical privacy rights for library patrons?
If by “categorical privacy rights for library patrons” you mean that libraries should never (absent a warrant) give or sell personal information about their patrons to outside entities without the patron’s consent, then yes. If that’s not what you mean, then I guess I’d have to ask you to clarify.
Thanks, but more practically, I mean supporting services that require patrons to divulge personal data in exchange for information.
I don’t see any way that a library can provide services without requiring the divulgence of personal information; it would be irresponsible for a library to lend a book procured with public funds to an anonymous individual. So in that sense, I completely support the library’s requirement that I divulge (some) personal data in return for the privilege fo using the the library. What I _don’t_ support is the library failing to keep that information confidential. (Still not positive that I’ve addressed your concern, though — it seems like every time you rephrase it I understand it less…)
Hi Rick,
Welcome to the Kitchen. I’m a strong advocate for privacy, and at the very least, I think we’ve been selling ourselves short. Think of the billions of dollars that Google and Facebook and others are making off of selling our information. We’re giving that to them for a pittance, a free e-mail account or a Facebook page. If we’re going to be inundated by advertisers, and they’re going to be aware of every transaction we make, I want a better offer. Just as Google cuts me in for a share of profits if I run Google Ads on my website, why not a share of the profits from selling off my personal information?
Though I’d probably still opt out. I’ve argued in the past that we’re heading for a point where “privacy is the new luxury”, where we’re going to have a two-tiered internet: those that can afford to pay for services and and avoid exploitation, and those who either can’t afford the upsell to a private account or just don’t care enough to bother. I personally would welcome a chance to have better controls over the exposure of my information, and that’s something I’d pay for (I do pay for a private e-mail account, and use GMail as my “spam” account given to sellers and companies). Just as I’m willing to pay for a cable tv station that doesn’t run ads or to watch a movie on disc or streaming versus network television, there is perhaps value for companies willing to provide a premium experience. I’m not sure how happy I am with the implications of that future though, and the class system it creates.
As for the Google settlement, I still think it’s going to take a while to be ratified for many reasons beyond the questions of privacy. It still creates a monopoly for Google on the orphaned works of the world (for any other company to do the same as Google, they’d have to break the law), it seems to violate a number of international treaties, there’s no provisions for dealing with the rights of artists and photographers’ works contained within the scanned books, and I don’t think that class action lawsuit settlements are the proper venue for rewriting US copyright law (that responsibility remains in Congress).
Hi, David —
The privacy regime you’re proposing is one I’d support: one that gives users the option of trading privacy for rewards (or not) as they see fit. What I object to are two things: companies taking my privacy away by deceptive or nefarious means; and privacy activists trying to impose on me their opinions about the value of my privacy, by trying to limit the range of options that companies like Google are allowed to offer in the marketplace. It seems to me that giving people control over their privacy means giving them the option of using it as they see fit.
Rick
Yes, everyone should be free to sell their privacy, but as you note, it really needs to be clear that they’re doing so.
There are probably a couple of business opportunities in there for someone willing to set up a rewards system for sharing data (I have a hard time believing the sort of “let’s make it a game where you can win badges” strategy has much of a shelf-life), or for offering a premium service where strict privacy rules are implemented.
I can think of at least two classes of Internet users who value their privacy very highly: terrorists and pedophiles. This is not, of course, an argument for preserving privacy! 🙂
Ah, but one man’s terrorist is another man’s freedom fighter. Just ask Julian Assange.
Continued from Rick Anderson’s last response.
Rick, let me give you a very concrete example. Say you were considering purchasing a service from an e-book company that required your patrons to register with the company, and in the process, agreed to provide personal information about themselves, agreed to have their online behaviors tracked, and agreed for this company to sell this information to another party. Would you agree to such conditions? If not, would you agree with parts of it?
I might — depending on the price. Because the fact is that if I did purchase that service for the library, it would be on the strict condition that patrons be very clearly informed _before using it_ exactly what information they’ll have to provide in order to do so and all of the ways that the information might be used. This puts the patron’s privacy decision where it belongs — in the patron’s hands. The reason I say “depending on the price” is that such a privacy arrangement would make the product less valuable; I would expect that a significant number of patrons might decline to use the service, and therefore I wouldn’t be willing to invest as much library budget in acquiring it as I would if it didn’t require the same sacrifice of privacy.
I find it frankly, appalling, that you would even consider offering up patron information to an e-book vendor. I wonder, would you really be willing to post a huge red flag on catalog records for such items that says “Warning! The Library is selling your personal information to a commercial interest in order to get a better deal on this ebook”
It’s all very well not to mind pop-up ads for something benign like Reggae music, but what if you were interested in sex toys? or reading soft-porn bodice rippers? or getting treatment for bipolar disorder? Would you really want adds for those things popping up on your screen at work?
The problem with letting people chose their own privacy level is, it is impossible for them to have perfect information about what a breach in privacy might possibly mean. For example, it might not matter to me today that my Facebook page is not secure, but it’s going to matter a lot more if an ex- boyfriend starts stalking me.
The fact that there is no such thing as perfect information has always been the flaw in spurious Libertarian arguments about free markets for things like privacy.
As for there being no right answer, I’d say the current ALA position that “Privacy is essential to the exercise of free speech, free thought, and free association” is pretty much the right answer for libraries.
Amy, I’m not sure where you got the idea that I would “(offer) up patron information to an ebook vendor.” Even a moderately careful reading of what I said would have shown that I take the opposite position: that “libraries should never (absent a warrant) give or sell personal information about their patrons to outside entities without the patron’s consent.”
You suggest that allowing people to make their own privacy decisions is problematic, because they never “have perfect information about what a breach in privacy might possibly mean.” That’s a true enough statement, but it’s a terrible argument. For one thing, it doesn’t help us decide who _should_ make privacy decisions for us, since no one can foresee and prepare against everything bad that could conceivably happen as the result of a breach. For another thing, if taken seriously, it’s an argument against giving _any_ entity (including libraries) _any_ personal information — because after all, who knows what a breach in privacy might mean?
Your ALA quote is stirring, but it’s not the answer to any question; it’s just a statement of principle: “privacy is essential.” Well sure it is, but the question remains: what does “privacy is essential” mean in practice for libraries and their patrons? Does it mean that libraries must safeguard with all diligence the private information that patrons entrust to them? (I would say yes.) Does it mean that librarians should arrogate to themselves decisions about how patrons will exercise their personal privacy rights? (I would say no. And it’s your prerogative to disagree, of course, but if you do, then I sincerely hope that you are never the manager of my or my childrens’ library.)
Rick,
I think you are obfuscating on the concept of privacy, dwelling on library as seller of patron information, where Amy (and I) are arguing that a library who enters a deal with a company to collect information directly from patrons is essentially accomplishing the same goal. Being an accomplice does not allow you to claim innocence.
Libraries — as social organizations — have no role in a Libertarian-minded world, where individual rights and privacy are sacrosanct. In such a world, a library may be better off dividing up all the money it spends on collections and redistributing it to readers so they can make their own informed decisions.
Every book purchased, every database licensed, every deal brokered with an information service is a form of “arrogating” (your word) decision-making to someone other than the individual. Libraries are given these funds from their institution (their readers) to assume the arrogant role you so despise.
I don’t understand how you can reconcile the role of libraries in this world-view.
Phil —
You say “obfuscation”; I say “maintaining what seems to me a clear and important distinction.” Amy accuses me of saying libraries should feel free to give patron information to vendors, which is in fact exactly the opposite of what I said. In her case, what we’re dealing with is a combination of sloppy reading and questionable logic.
In your case, I understand you to be arguing that not only should libraries keep patron information confidential (with which, again, I completely agree) but also that libraries betray their principles when they act as brokers to facilitate a patron’s interaction with a product that requires the patron to give up personal information if he chooses to use it.
Here’s why I think your position would serve patrons poorly in practice: suppose that access to Product X requires the divulgence of one’s home address, but Patron A values access to that product more highly than he values the protection of his home address. Now suppose that Product X is expensive, and the only way he can have access to it is if the library acts as a broker. If the library were to decline brokering that access on the principle that “privacy is essential,” then Patron A is denied the opportunity to decide for himself whether the privacy tradeoff in this case is worth the benefit. On the other hand, if the library were to go ahead and broker the access, then the patron still has just as much control over his privacy (since he can choose not to use the product), but also has the option of trading some privacy for access if he wishes. To me, this approach seems to be in keeping with the most fundamental principle of librarianship: making sure that people have access to the information they need. In this case, the library has given no patron information to any vendor; it has only made it possible for the patron to choose whether or not to give private information to the vendor.
You and Amy have both brought up libertarianism, a philosophy which I do not espouse. Believing that people should be allowed to choose whether and how they trade private information for other benefits (something which, again, all of us do every day in a variety of contexts) does not make one a libertarian any more than believing in publicly-supported libraries makes one a communist.
Lastly, it is certainly true that in some cases we all allow others to make decisions for us. However, the fact that we accept it in some circumstances doesn’t mean that we have to consider it equally acceptable in every circumstance. As for me, I have no problem with libraries using my tax money to choose what books and databases it will buy. I do have a problem with a librarian deciding for me how I will exercise my right to personal privacy.
Imperfect information is an important point to raise. Remember that nearly every single “terms of service” agreement includes a clause stating that the provider can completely alter the terms at any moment with no notice.
So even if you find a provider that offers a secure, protective environment for your information, that can disappear overnight. If the company is sold to another company with a different business model, if the company goes out of business and sells off its assets, if the company simply changes its mind, your information goes from private to public with no chance on your part to opt out.
Think of all the changes Facebook has rolled out in the last year. No user had any prior warning that they were going to happen, and much information was made public by default. Note that even if you quit Facebook over such an incident, all the information you put up in the past still exists, and they can still exploit it and sell it off to anyone they choose.
David, you’re right of course that terms-of-service agreements very often give consumers far too little protection. But none of the examples you cite are actually examples of imperfect information. In fact, they’re the opposite; they’re examples of the vendor telling you, right up front, that if you give that vendor your private information you have no guarantee that it will be kept confidential. That information should obviously inform your choice about whether or not to share private information with that vendor.
By the way, no competent librarian would allow unilateral alteration language to persist in the final version of a license agreement to a brokered product. In fact, such language arguably renders a true contract (as opposed to a contract of adhesion such as a click-through terms-of-use document) null and void. A contract is only legally defensible if it requires consideration from both parties, and a contract that can be altered after acceptance by one or the other party fails that crucial test.
Is it possible to have “perfect” information in such a volatile, changeable agreement? That’s why I’ve personally chosen to opt out of most such services.
As for the legality, would love to see this tested in a court of law, either for a site or for a software EULA. And many competent librarians are on Facebook, so they are accepting of such a clause at least in some circumstances…
I’d argue that it’s possible, in most cases, to make a rational choice based on the information available — bearing in mind that lack of information is, itself, a form of information. (In other words, if Facebook had no privacy policy at all, that fact should raise a serious red flag.) If you don’t feel that Facebook’s security assurances are sufficient, then you should feel free to opt out of Facebook. Same goes for a patron faced with a library-provided database. She should examine the terms of use and decide for herself whether they’re acceptable.
Courts have sent mixed messages on the enforceability of contracts of adhesion. In some cases (and especially in UCITA states) they’ve been considered valid; but usually a contract is only valid if both parties have had the chance to negotiate terms, and if both parties end up actually bound to some performance or forebearance.
You’re right, of course, that there are lots of competent librarians on Facebook — but accepting FB’s security regime as a private individual is a very different matter from signing an unacceptable contract in one’s role as a negotiator for a library. I might decide that I’m willing to accept a certain level of personal risk for myself that I would not accept on behalf of my library. The former may say something about my personal wisdom, but it’s the latter that defines my competence as a negotiator for the library.
