In defense of a “purely aggressive privacy stance”
The AT&T-funded Future of Privacy Forum launched this week. Their stated agenda can be found here. In discussing the new group, Michael Zimmer writes:
[...]
While some are skeptical of an industry-funded effort to shape privacy policy and legislation, I’m optomistic that the FPF will work in good faith to bring together “dedicated technologists, policymakers, industry groups and advocates†to work towards new privacy practices and frameworks.
I’ve long argued that rather than a purely aggressive stance, we privacy advocates must work collaboratively with industry in order to find pragmatic solutions that foster the value-conscious design of new technologies to protect privacy, support corporate social responsibility, and yes, even profitability.
[...]
Although I frequently agree with Michael, I disagree with him on this one. If some privacy advocates want to work with industry, that’s fine, but I wouldn’t underestimate the value of a “purely aggressive stance.”  It’s what brings some people to the bargaining table, makes them more receptive to working with other privacy advocates, and what elevates the debate to issues that some might not address if there was no outside pressure to do so. In fact, I am no longer surprised when corporate attorneys privately thank me for the poking and prodding and some of the criticisms or comments I’ve published on PogoWasRight.org or this blog. They tell me that it makes it easier for them to try to get their clients to do what they should do — they use my sites to help convince their clients of what might happen if they do not do the “right thing.”
I realize that Michael wasn’t specifically referring to me in his discussion of an aggressive privacy advocacy stance, but I am squarely behind EPIC, EFF, and the ACLU when they take aggressive stances on privacy. The CDT, who he seemingly has more regard for than I do, seems to align too much with businesses and seems too willing to water down privacy. And who accomplished more on the important issue of telecoms participating in warrantless surveillance? The “play nice with others” folk or the EFF and ACLU who sued the telecoms and kept the pressure on Congress to deal with the issue?
When industries violate our privacy, it is appropriate to point out the problem and issues to them, but if they do not mend their ways, then I’m all for an aggressive stance. Nor is it my responsibility to help them fix or prevent messes. If they want my opinion or advice, they’re welcome to it, but it’s on them to conduct themselves responsibly when it comes to respecting and protecting privacy.  If a pharmaceutical company develops a medication and an independent researcher points out that the medication has harmful side effects, it is not the researcher’s responsibility to help the pharmaceutical company figure out how to fix that.  Similarly, it is not the responsibility of privacy advocates to help industries figure out the how-to. I think that our job is to keep the bar high on privacy and give them feedback — both positive and negative — as to their success in respecting and protecting privacy. If we happen to see a possible solution, fine, share it, but that’s not in my job description.
So we’ll see what the FPC actually does and I hope that they do something meaningful. I’d write and ask them some questions using their contact form, but their form requires you to give your name and zip code, and well, no……
AT&T is definitely a privacy advocate., that’s why they didn’t want to tell us about their secret room full of NSA equipment.
Thanks for the comments, Dissent.
I obviously didn’t adequately convey that I do support aggressive stances (and they often are necessary), but also feel they can and should be complemented by more collaborative approaches.
Keep up the amazing work!
Thanks for clarifying, Michael. Behavioral advertising is a useful example of my concerns about industry-funded or industry-initiated efforts. You may remember at the PLSC session when Ari was talking about the “how to” issues while one other person and I were saying “Hold it, what about if we don’t want it at all? People shouldn’t have to opt out.” I had also reiterated that message earlier in the day in response to something Kirk had said. In both cases, such concerns were dismissed as if it is a foregone conclusion that some things are going forward. There appears to be a genuine resistance to go back to Square One and consider whether businesses should be doing some of these things at all.
People are shocked when they learn that BNY Mellon had their personal information or that some company they never heard of had their data from years ago. Things are a mess, but I don’t think that any industry-funded group is really going to take a firm enough stand on privacy. I hope I’m wrong.