…if you’re feeling blindly optimistic.
Information science is a field of contradictions and while I’m here for it, I am in no small part intimidated by the tradeoffs. In this post, I briefly explore the tradeoff between the acquisition of digital information and the sacrifice of some degree of user privacy.
First, a little background. Sometime last week I received a work email reminding me that my compliance training was due. Cue moaning and groaning. The overdue training had to do with information security. I’ve taken the training many times before and we are required to retake it an ongoing basis as a refresher and as best practices change. In fact, many employees working in enterprise settings are required to take similar forms of compliance training representing a proactive information governance measure. Gartner, an information technology research and advisory company, provides the following definition of information governance:
Information governance is the specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.
Underlined elements were added for my own emphasis. These portions in particular amount to business motivations to protect user privacy, namely, risk management, best practices, and cost benefit. Let’s unpack that a bit.
Here in the U.S., there are a number of laws and regulations that not only codify information security and privacy practices, they impose penalties when they are skirted or ignored. We might be familiar with a few of these from INFO 204. Laws such as COPPA (Children’s Online Privacy Protection Act) and HIPAA (Health Insurance Portability and Accountability Act) as well as safe harbor exceptions to DMCA (Digital Millennium Copyright Act) and other intellectual property laws. Generally speaking, it is in the best interest of an organization to adhere to these laws to shield themselves from audits, lawsuits, and to maintain consumer confidence. Of course, risk management motivations tend to speak towards best practices and cost benefit, but viewing those latter two considerations on their own, it is quite simply desirable for an organization to maintain the required degree of transparency concerning its information collection and retention practices in order to achieve some level of consistency and efficiency in its transactions and instill enough consumer confidence so as to maintain the bottom line.
However, the privacy path of the Hyperlinked Environments module largely underscores the flip side of this — the motivations and logic behind the collection of users’ digital information and people’s opinions and fears concerning their digital privacy. Taken as a whole, all three Pew findings in the privacy pathway indicate a general consensus that people fear how much of their digital information is recorded or collected and a sense that they do not have enough control over their digital privacy. One study in particular conducted by the Pew Research Center, Privacy and Information Sharing, illustrates both active and passive tradeoffs that occur when internet users utilize digital content. The authors of the study, Lee Rainie and Maeve Duggan, acknowledge that some internet users knowingly sacrifice a degree of privacy in exchange for certain benefits such as financial incentives (discounts or other membership loyalty perks) or targeted content. Others unknowingly relinquish control over their personal information by signing up for free social media and other sites that essentially act as massive ad targeting services. It is not always simply a matter of unchecked data collection because we as users do have a degree of input concerning when to opt in and information concerning what exactly we are opting into.
Rainie and Duggan describe several scenarios in which users actually opt into situations resulting in loss of privacy. “The potential benefits of sharing personal information include saving money, gaining access to useful services or information, and facilitating commercial and social encounters.” It is the useful information portion of that statement that interests me most because what is the internet at its simplest but a repository of information? The largest repository of information. Where does that leave privacy in relation to information if much of the information that is presented to as vis-a-vis the internet is available to us conditionally? Specifically, what if nearly all the information that we access via social media, ad-supported news sites, shopping sites, academic and institutionally affiliated sites, etc. (essentially all information available through the internet) takes some information from us in return? Well, it does. Rainie and Duggan’s study acknowledges that many users understand and accept that fact and that they exercise some form of cost-benefit analysis when accessing and relinquishing information.
People often need convenient and inexpensive access to information, goods and services. Moreover, they generally understand that disclosing personal information makes those transactions possible.
The overall tone of all three Pew studies conveys a simple reality. People are annoyed at best and fearful at worst that these tradeoffs must occur. But these studies also suggest an increasing awareness of these tradeoffs and methods with which individuals employ to safeguard their privacy. Much of this is contingent upon a specific brand of digital literacy that emphasizes knowing your rights or limiting exposure. Mary Madden explored a related tradeoff in Americans’ Attitudes About Privacy, Security and Surveillance.
The surveys find that Americans feel privacy is important in their daily lives in a number of essential ways. Yet, they have a pervasive sense that they are under surveillance when in public and very few feel they have a great deal of control over the data that is collected about them and how it is used.
Again, Americans express a combination of awareness and helplessness with regard to their privacy. And yet, that awareness exists. In this module we are largely exposed to scenarios in which the tradeoff is either explicitly consented to or if not consented to, takes place with some expectation that a tradeoff or violation will occur. We rightly fear illegal surveillance but have some degree of recourse or the knowledge to take preventative measures. However, one statement in this study struck me in particular. “…but many were already engaged in more common or less technical privacy-enhancing measures.” I was not surprised that many individuals take basic privacy-enhancing measures, but rather intrigued by those who must go to more extreme lengths to ensure a basic level of privacy–those who are not afforded government privacy protections and in many cases fear an invasion of privacy by their own government.
As my final thought on this topic, I recount the story of a friend who was so alarmed by the data collection practices of many of the websites he used on a regular basis that he took the very extreme measure of cessation and divestment where possible. Among his list of offenders was Google, which I do not feel it is hyperbolic to say, would be impossible to stop using. Still, he tried. He started by turning off the chat log in Gmail and updating his data collection preferences. Later, he shuttered that account altogether. Several years later, he moved to China in pursuit of a professional opportunity. During that time, his approach to privacy (which was in my book, alarmist), came in handy when he realized that many of American websites he used to keep in touch with his friends and family back home were either limited or blocked altogether by the Chinese government. He employed a VPN scrambler to circumvent the blocks and relied on highly encrypted messaging and communication services to maintain full and open communications. That was an eye opener for me. My friend had to actively obfuscate certain basic information seeking behaviors not because of minimal data collection but because of outright surveillance. This was not a tradeoff. It was all out circumvention. And so I leave you with this:
Duggan, M. & Rainie, L. (2016). Privacy and information sharing. Retrieved from http://www.pewinternet.org/2016/01/14/privacy-and-information-sharing/
Logan, D. (2010). What is information governance? and why is it so hard? Retrieved from http://blogs.gartner.com/debra_logan/2010/01/11/what-is-information-governance-and-why-is-it-so-hard/
Madden, M., & Rainie, L. (2015). Americans’ attitudes about privacy, security and surveillance. Retrieved from http://www.pewinternet.org/2015/05/20/americans-attitudes-about-privacy-security-and-surveillance/