Privacy Advocacy Theater

Ed Felten recently used the very nice term Privacy Theater in describing the insanity of 6,000-word privacy agreements that we pretend to understand. The term, inspired by Bruce Schneier’s “security theater” description of US airport security, may have been introduced by Rohit Khare in December 2009 on TechCrunch, where he described how “social networks only pretend to protect your privacy.” These are real issues, and I wholeheartedly agree that long privacy policies and generally consumer-directed fine-print are all theater.

I want to focus on a related problem that I’ll call privacy advocacy theater. This is a problem that my friends and colleagues are guilty of, and I’m sure I’m guilty of it at times, too. Privacy Advocacy Theater is the act of extreme criticism for an accidental data breach rather than a systemic privacy design flaw. Example: if you’re up in arms over the Google Street View privacy “fiasco” of the last few days, you’re guilty of Privacy Advocacy Theater. (If you’re generally worried about Google Street View, that’s a different problem, there are real concerns there, but I’m only talking about the collection of wifi network payload data Google performed by mistake.)

I’m looking at you, EU Privacy folks, who are investigating Google over accidental data collection. Where is your investigation of Opera, which provides Opera Mini, billed as “smarter web browsing”, smarter in the sense that it relays all data, including secure connections to your bank, through Opera’s servers? We should be much more concerned about designs that inherently create privacy risk. Oh sure, it’s easy political points to harp on accidental breaches for weeks, but it doesn’t help privacy much.

I also have to be harsh with people I respect deeply, like Kim Cameron who says that Google broke two of his very nicely crafted Laws of Identity. Come on, Kim, this was accidental data collection by code that the Google Street View folks didn’t even realize was running. (I’m giving them the benefit of the doubt. If they are lying, that’s a different problem, but no one’s claiming they’re lying, as far as I know.) The Laws of Identity apply predominantly to the systems that individuals choose to use to manage their data. If anyone is breaking the Laws of Identity, it’s the wifi access points that don’t actively nudge users towards encrypting their wifi network.

Another group I deeply admire and respect is EPIC. Here, they are also guilty of Privacy Advocacy Theater: they’re asking for an investigation into Google’s accidental wifi data collection. Now, I’m not a lawyer, and I certainly wouldn’t dare argue the law with Marc Rotenberg. But using common sense here, shouldn’t intent have something to do with this? Google did not intend to collect this data, didn’t even know they had it, and didn’t make any use of it. Shouldn’t we, instead of investigating them, help them define a process, maybe with third-party auditing from folks at EPIC, that helps them catalog what data they’re collecting, what data they’re using, etc…? At the very least, can we stop the press releases that make no distinction between intentional and unintentional data collection?

I’m getting worked up about this Privacy Advocacy Theater because, in the end, I believe it hurts privacy. Google is spending large amounts of time and money on this issue which is, as I’ve described previously, an inevitability in computer systems: accidental breaches happen all the time. We should be mostly commending them for revealing this flaw, and working with them to continue regular disclosure so that, with public oversight, these mistakes are discovered and addressed. Google has zero interest in making these mistakes. Slapping them on the wrist and having them feel some pain may be appropriate, but too much pain and too much focus on this non-issue is akin to a full-on criminal trial for driving 10 miles per hour over the speed limit: everyone’s doing it. Just fine them and move on. Then spend your time going after the folks who, by design, are endangering millions of users’ privacy.

There are plenty of real, systemic privacy issues: Facebook’s data sharing and privacy controls, Opera Mini’s design (tens of millions of users relaying all of their data to Opera, by design), Google’s intentional data retention practices, web-based ad networks, … We have enough real issues to deal with, who needs the advocacy theater?

8 thoughts on “Privacy Advocacy Theater

  1. I just saw Kim Cameron’s rejoinder about the MAC addresses and SSIDs being farmed by Google and that is the systematic failure (especially MAC).

    I was surprised to see so much concern for MAC addresses in UUIDs (GUIDs) and that the GUID generators that are now abundant all use cryptographically random and likely to be unique ones instead. But if there is a privacy concern for MAC addresses in UUIDs, which tend to not actually be location-tied in many of their uses, I can certainly see a concern with a service that ties MAC addresses to apparent geographical locations. So the move to stop using MAC addresses (which are also not assured to be unique, evidently) in GUIDs has nicely side-stepped an unintended consequence of using MACs as the result of technological change and unexpected privacy-intrusive innovations.

    [I would have commented on Kim’s blog but his comment system is broken.]

  2. I just saw Kim Cameron’s rejoinder about the MAC addresses and SSIDs being farmed by Google and that is the systematic failure (especially MAC).

    I was surprised to see so much concern for MAC addresses in UUIDs (GUIDs) and that the GUID generators that are now abundant all use cryptographically random and likely to be unique ones instead. But if there is a privacy concern for MAC addresses in UUIDs, which tend to not actually be location-tied in many of their uses, I can certainly see a concern with a service that ties MAC addresses to apparent geographical locations. So the move to stop using MAC addresses (which are also not assured to be unique, evidently) in GUIDs has nicely side-stepped an unintended consequence of using MACs as the result of technological change and unexpected privacy-intrusive innovations.

    [I would have commented on Kim’s blog but his comment system is broken.]

  3. Kim Cameron’s blog comments are still broken, so I’m posting here.

    Kim – there’s a touch of grandstanding in your piece on Google. It doesn’t worry me that Google might collect my MAC and SSID addresses. They are not personal identifiers, any more than the serial number of my toaster is.

    You’ll weaken your position not strengthen it by trying to extend the laws of identity to anything and everything going on.n The phrase privacy advocay theater seems very apt.

  4. Kim Cameron’s blog comments are still broken, so I’m posting here.

    Kim – there’s a touch of grandstanding in your piece on Google. It doesn’t worry me that Google might collect my MAC and SSID addresses. They are not personal identifiers, any more than the serial number of my toaster is.

    You’ll weaken your position not strengthen it by trying to extend the laws of identity to anything and everything going on.n The phrase privacy advocay theater seems very apt.

  5. Pingback: Benjamin Fleischer » Blog Archive » Privacy Theatre, Google, and Users of this website accept it’s TOS

  6. Pingback: A ridiculous privacy storm over Facebook ‘Places’ - Kashmir Hill - The Not-So Private Parts - Forbes

Comments are closed.