The Newsonomics of Spies vs. Spies, from NSA to Google
First published at Nieman Journalism Lab
So who do you root for in this coming battle, as Google petitions the feds? Are you on the side of Big Brother or Little Brother — and remind me, which is which? It’s a 50-year-update on Mad Magazine’s iconic Spy vs. Spy.
The Surveillance State is — at least for this month — in front of the public. The Guardian’s rolling revelations of National Security Agency phone and web spying have again raised the bogeyman of Big Data — not the Big Data that all the airport billboards offer software to tame, but the Big Data that the unseen state can use against us. We’ve always had a love/hate relationship with big technology and disaster, consuming it madly as Hollywood churns out mad entertainments. We like our dystopia delivered hot and consumable within two hours. What we don’t like is the ooky feeling we are being watched, or that we have to make some kind unknowable choice between preventing the next act of terror and preserving basic Constitutional liberties.
Americans’ reactions to the stories is predictable. Undifferentiated outrage: “I knew they were watching us.” Outrageous indifference: “What do you expect given the state of the world?” That’s not surprising. Americans and Europeans have had the same problem thinking about the enveloping spider’s web of non-governmental digital knowledge. (See The Onion headline: “Area Man Outraged His Private Information Being Collected By Someone Other Than Advertisers.”)
While top global media, including The Guardian, The Washington Post, and The New York Times, dig into the widening government spying questions, let’s look at the ferment in the issues of commercial surveillance. There’s a lot of it, and it would take several advanced degrees and decoder rings to understand all of it. No, it’s not the same thing as the issues surrounding PRISM. But it will be conflated with national security, and indeed the overlapping social and political questions are profound. Let’s look at some recent developments and some of the diverse players in this unfolding drama and see where publishers do — and could — fit in.
The commercial surveillance culture is ubiquitous, perhaps even less hemmed in by government policy than the NSA, and growing greatly day by day. While Google asks the FISA court to allow it to release more detail about the nature of federal data demands, its growing knowledge of us seems to have no bounds. From our daily searches, to the pictures (street to sky) taken of our homes, to the whereabouts relayed by Google Maps, and on and on.
It’s not just Google, of course. Facebook, whose users spend an average of seven hours per month online disclosing everything, is challenging Google for king of the data hill. A typical news site might have 30 to 40 cookies — many of them from ad-oriented “third parties” — dropped from it. That explains why those “abandoned” shopping carts, would-be shoe purchases, and fantasy vacation ads now go with us seemingly everywhere we move on the web. It’s another love/hate relationship: We’re enamored of what Google and Facebook and others can do for us, but we’re disquieted by their long reach into our lives. It’s a different flavor of ooky.
We are targeted. We are retargeted. Who we are, what we shop for, and what we read is known by untold number of companies out there. Though we are subject to so much invisible, involuntary, and uncompensated crowdsourcing, the outrage is minimal. It’s not that it hasn’t been written about. Among others, The Wall Street Journal has done great work on it, including its multi-prize-winning three-year series on “What They Know.”
Jim Spanfeller, now CEO of Spanfeller Media Group and the builder of Forbes.com, related the PRISM NSA disclosures to commercial tracking in a well-noticed column (“At What Price Safety? At What Price Targeted Advertising?”) last week. His point: We’re all essentially ignorant of what’s being collected about us, and how it is being used. As we find out more, we’re not going to be happy.
His warning to those in the digital ad ecosystem: Government will ham-handedly regulate tracking of consumer clicks if the industry doesn’t become more “honest and transparent.”
Spanfeller outlined for me the current browser “Do Not Track” wars, which saw its latest foray yesterday. Mozilla, parent of Firefox, the third most-popular browser by most measures, said it will move forward with tech that automatically blocks third-party cookies in its browser. Presumably, users will be able to turn back on such cookies, but most will go with the defaults in the browsers they use.
The Mozilla move, much contested and long in the works, follows a similar decision by Microsoft with its release of the latest Internet Explorer. Microsoft is using a “pro-privacy” stance as a competitive weapon against Google, advancing both Bing search and IE. Spanfeller notes that Microsoft’s move hasn’t had much effect, at least yet, because “sites aren’t honoring it.”
These browser wars are one front, and much decried by forces like the Interactive Ad Bureau, the Digital Ad Alliance, and its “Ad Choices” program — which prefer consumer opt-out. Another front is an attempt at industry consensus through the World Wide Web Consortium, or W3C. Observers of that process believe it is winding its way to failure. Finally, also announced yesterday was the just-baked Cookie Clearinghouse, housed at the Stanford Center for Internet and Society. The driving notion, to be fleshed out: creating whitelists and blacklists of cookies allowed and blocked. (Good summaries by both Ad Age’s Kate Kaye and ZDNet’s Ed Bott.)
Never too far from the action, serial entrepreneur John Taysom was in Palo Alto this week as well. Taysom, a 2012 senior fellow at Harvard’s Advanced Leadership Initiative, is an early digital hothouse pioneer, having led Reuters’ Greenhouse project way back in the mid-’90s. His list of web startups imagined and sold is impressive, and now he’s trying to put all that experience to use around privacy issues. As a student of history, old and modern, his belief is this: “When they invented the Internet, they didn’t add a privacy layer.”
“We need a Underwriters Laboratory for our time,” he told me Wednesday. UL served a great purpose at a time (1894) of another tech revolution: electricity. Electricity, like computer tech these days, seemed exciting, but the public was wary. It wasn’t afraid of behind-the-scenes chicanery — it literally was concerned about playing with fire. So UL, as a “global independent safety science company” — a kind of neutral, Switzerland-like enterprise — was set up to assure the public that electrical appliances were indeed tested and safe.
Could we do the same with the Internet?
He’s now working on a model, colloquially named “Three’s A Crowd,” to reinsert a “translucent” privacy layer in the tech stack. His model is based on a lot of current thinking on how to both better protect individual privacy and actually improve the targeting of messages by business and others. It draws on k-anonymity and Privacy by Design principles, among others.
In brief, Taysom’s Harvard project is around creating a modern UL. It would be a central trusted place, or really set of places, that institutions and businesses (and presumably governments) could draw from, but which protect individual identification. He calls it an I.D. DMZ, or demilitarized zone.
He makes the point that the whole purpose of data mining is to get to large enough groups of people with similar characteristics — not to find the perfect solution or offer for each individual. “Go up one level above the person,” to a small, but meaningfully sized, crowd. The idea: increase anonymity, giving people the comfort of knowing they are not being individually targeted.
Further, the levels of anonymity could differ depending on the kind of information associated with anyone. “I don’t really mind that much about people knowing my taste in shirts. If it’s about the location of my kids, I want six sigmas” of anonymity, he says. Taysom, who filed a 2007 U.K. patent, now approved, on the idea, is now putting together both his boards of advisors and trustees.
Then there are emerging marketplace solutions to privacy. What havoc the digital marketplace hath wrought may be solved by…the digital marketplace. D.C.-based Personal.com is one of the leading players in that emerging group. Yes, this may be the coming personal data economy. Offering personal data lockers starting at $29.99 a year, Personal.com is worth a quick tour. What if you could store all your info in a digital vault, it asks? Among the kinds of “vaults”: passwords, memberships and rewards programs, credit and debit card info, health insurance, and lots more.
It’s a consumer play that’s also a business play. The company is now targeting insurance, finance, and education companies and institutions, who would then offer consumers the opportunity to ingest their customer information and keep it in vault and auto-fill features then let consumers re-use such information once it is banked. Think Mint.com, but broader.
Importantly, while Personal.com deals potentially with lots of kinds of digital data, its business doesn’t touch on the behavioral clickstream data that is at the heart of the Do Not Track fracas.
Do consumer want such a service? Personal.com won’t release any numbers on customers or business partners. Getting early traction may be tough.
Embedded in the strategy: a pro-consumer tilt. Personal.com offers an “owner data agreement,” basically certifying that it is the consumer, not Personal.com, that owns the data. It is a tantalizing idea: What if we individually could control our own digital data, setting parameters on who could use what and how? What if we as consumers could monetize our own data?
Neither Personal.com nor John Taysom’s project nor the various Do Not Track initiatives envision that kind of individually driven marketplace, and I’ve been told there are a whole bunch of technical reasons why it would be difficult to achieve. Yet, wouldn’t that be the ultimate capitalist, Adam Smith solution to this problem of runaway digital connectedness — a huge exchange that would facilitate the buying and selling of our own data?
For publishers, all this stuff is headache-producing. News publishers from Manhattan to Munich complain about all the third-party cookies feeding low-price exchanges, part of the reason their digital ad businesses are struggling. But there is a wide range of divergent opinion about how content-creating publishers will fare in Do Not Track world. They may benefit from diminished competition, but would they be able to adequately target for advertisers? Will Google and Facebook do even better in that world?
So, for publishers, these privacy times demand three things:
- Upscale their own data mining businesses. “There’s a big difference between collecting and using data,” says Jonathan Mendez, CEO of Yieldbot, that works with publishers to provide selling alternatives to Google search. That’s a huge point. Many publishers don’t yet do enough with their first-party data to adequately serve advertiser needs.
- Take a privacy-by-design approach to emerging business. How you treat consumers in product design and presentation is key here, with some tips from Inc. magazine.
- Adopt a pro-privacy position. Who better than traditionally civic-minded newspaper companies than to help lead in asserting a sense of ownership of individual data? If news companies are to re-assert themselves as central to the next generation of their communities and of businesses, what better position than pro-privacy — and then helping individuals manage that privacy better?
It’s a position that fits with publishers’ own interests, and first-party data gathering (publisher/reader) makes more intuitive sense to citzen readers. For subscribers — those now being romanced into all-access member/subscribers — the relationship may make even more sense. Such an advocacy position could also help re-establish a local publisher as a commercial hub.
News and magazine publishers won’t have to create the technology here — certainly not their strong suits — but they can be early partners as consortia and companies emerge in the marketplace.