EOF

Privacy Is Personal

Doc Searls

Issue #255, July 2015

It's a matter of agency and scale—for individuals, not for organizations.

Try to nail two boards together with your bare hands.

It can't be done. You need a hammer. But, the power is not the hammer's. It's yours, because the hammer is your tool. As a tool, it becomes part of you. That's what tools do: they enlarge your capacity for action and effect.

That capacity is called agency. To have agency is to operate with effect in the world. The range of that effect expands with the number and quality of our tools and our expertise in using them.

This range is called scale, and it operates at two levels. The first is personal. The best tools work for many purposes in many places. The hammer I use in Wellington, New Zealand (where I am now), works the same everywhere in the world I want to hammer nails through boards. The second is social. Hammers are familiar tools that lots of people everywhere can use in lots of different ways.

Organizations want scale too. Every new company these days talks about “scaling up”. But personal scale is different. It's about expanding our capacities outward, beyond our bodies. We get scale as drivers when we speak about “my engine” and “my wheels”, because our senses extend through the whole car. And we get scale socially by being many drivers of many cars on roads everywhere.

Now back to the two boards. Say one is the Net, and the other is a company you want to connect with through the Net. Your main hammer is a browser. What's your nail?

Well, there's the company's Web site, which has a login system, a page where you can manage your account with it, and maybe a phone number or a chat thing so you can talk to a company agent. But none of those are yours. Those are tools that give the company scale, not you.

Worse, every company has its own tools for nailing you to its system. And those are different too, for every company. Even if two companies use the same back-end CRM (customer relationship management) systems (for example, Salesforce's or Oracle's), they use those services in different ways. So as a customer, you need to deal with those companies separately, inside their systems. So while their tools scale across may customers, yours don't scale across many companies. And the problem gets worse with every new company you deal with, because all of them require separate, silo'd “relationships”.

To illustrate the difference between your agency and theirs, imagine telling every company you deal with that you have changed your address, or your phone number, or your last name—in one move. You can't, any more than you can push a nail through a board with your bare hands. Instead, you have to go to every company's Web site, one at a time, log in and go through the gauntlet of requirements.

Now look at the same challenge from a company side. If it wants to tell every one of its customers about its new name, address or phone number, it can do that in one move, because it has tools for that. You don't—not yet, and not as long as you are the client and it is the server. Every server is a castle and every client is a serf.

This kind of scale asymmetry has been with us ever since industry won the Industrial Revolution. That victory brought mass manufacture and mass marketing—both are kinds of scale—to business. Henry Ford said: “Any color you want, as long as it's black.” It's likewise with one-sided “agreements” that companies impose on every customer and user.

In 1943, Friedrich Kessler, a law professor at Columbia, observed that freedom of contract, a feature of civilization for centuries (if not millennia), was abandoned by big business in the Industrial Age, for the sake of scale:

The development of large scale enterprise with its mass production and mass distribution made a new type of contract inevitable—the standardized mass contract. A standardized contract, once its contents have been formulated by a business firm, is used in every bargain dealing with the same product or service. The individuality of the parties which so frequently gave color to the old type contract has disappeared. The stereotyped contract of today reflects the impersonality of the market....

He called these contracts of adhesion. With contracts of adhesion, the controlling party is held to terms by velcro, while the controlled party is held by cement. Agency for the controlling party is huge. For the controlled party, it is limited to yes or no. The box you click says “accept”, not “negotiate”.

Kessler despaired that freedom of contract would never again operate in the Industrial world. But that was before the Internet introduced new conditions to that world—ones hospitable to countless new tools that would give every individual new forms of agency with global reach.

The Internet does many things, but the most profound is giving every end point the same status, and reducing the functional distance between end points to zero—or close enough. It's the same with cost. The protocols that govern the Net cost nothing and were not designed to support billing.

Linux would not be here without the Net. Nor would countless other building materials and methods that support networked life and the institutions that rely on networks, which now include approximately everything.

But the Net is new. Only 20 years have passed since April 1995, when the NSFNET shut down and commercial activity on the Net could begin. In the history of civilization, or even of business, that's nothing. We're still in Eden, writing the Net's Genesis while we walk around naked. Only our wizards have a bit of clothing and shelter, thanks to PKI, crypto and such, but as a species we're still bare on all sides.

Meanwhile, machine intelligence in the hands of giants is giving them more scale and us less. In “Be the friction—Our Response to the New Lords of the Ring”, Shoshana Zuboff starts with this subhead: “A new social logic is taking shape: It's all about surveillance. The individual is used as a mere provider of data. It's time to break the arrogance of Silicon Valley.” Below, she summarizes three laws she issued in the 1980s:

First, that everything that can be automated will be automated. Second, that everything that can be informated will be informated. And most important to us now, the third law: In the absence of countervailing restrictions and sanctions, every digital application that can be used for surveillance and control will be used for surveillance and control, irrespective of its originating intention.

Yet surveillance at scale is also delusional. For example, in an interview a few years ago, Google Chairman Eric Schmidt said, “If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.” Yet if that were true, few of us would be here. (Just the ones, I suppose, conceived by acts of public copulation.)

Eric's case is a clear example of the fallacious “nothing to hide” argument in privacy debates. All of us have something to hide, or we wouldn't wear clothes—to cover, among other things, what we call our “privates”.

Clothing and shelter are privacy technologies. They involve tools—clothing, doors, windows—that give us agency and scale. These tools have been well developed and understood for thousands of years. Our civilization is based on those understandings.

So the real privacy challenge is simple one. We need clothing with zippers and buttons, walls with doors and locks, windows with shutters and shades—that work the same for each and all of us, to give us agency and scale.

Giants aren't going to do it for us. Nor are governments. Both can be responsive and supportive, but they can't be in charge, or that will only make us worse victims than we are already. Privacy for each of us is a personal problem on-line, and it has to be solved at the personal level. The only corporate or “social” clothing and shelter on-line are the equivalents of prison garb and barracks.

What would our clothing and shelter be, specifically? A few come to mind.

  • Ways to encrypt and selectively share personal data easily with other parties we have reason to trust.

  • Ways to know the purposes to which shared data is used.

  • Ways to assert terms and policies and obtain agreement with them.

  • Ways to assert and maintain sovereign identities for ourselves, and manage our many personal identifiers—and to operate anonymously by default with those who don't yet know us. (Yes, administrative identifiers are requirements of civilization, but they are not who we really are, and we all know that.)

  • Ways to know and protect ourselves from unwelcome intrusion in our personal spaces.

All these things need to be as casual and easily understood as clothing and shelter are in the physical world today. They can't work only for wizards. Privacy is for muggles too. Without agency and scale for muggles, the Net will remain the Land of Giants, who regard us all as serfs by default.

Doc Searls is Senior Editor of Linux Journal. He is also a fellow with the Berkman Center for Internet and Society at Harvard University and the Center for Information Technology and Society at UC Santa Barbara.