It's often said that services like Facebook, Foursquare, Twitter - you name it - are not the product, you are. Each and every bit of information you share and action you take is used to create a profile of user behavior, which is used then to either advertise directly to you or to people on a whole. But how can we ride the fine line? How can we have great, world-changing services at a price (read: free) everyone can afford without completely selling out the end user?
At a meeting of the Churchill Club last night, this was a topic at the very heart of the debate and it's still very clear that there's no single answer.
According to Laura Berger, an attorney with the Federal Trade Commission, a key point in responsibly handling user information while respecting user privacy lies in staying within the lines of users' expectations.
"If a consumer is using a weather service, you would expect the service to look at your location," said Berger, "but you wouldn't expect them to look at your contact list or call history."
Jim Dempsey, the VP for public policy with the Center for Democracy and Technology, agreed, saying that these expectations should define a form of implicit agreement.
"It's the unexpected for which you should be getting consent," said Dempsey, arguing that Amazon asking for permission to access your shipping address, when you order a book to be delivered to you, is simply cluttering the landscape.
On this point - the cluttered privacy agreement landscape and the lack of informed consent among consumers clicking that "Agree" button on Terms Of Service contracts - everyone agreed: Nobody is reading anything while agreeing to everything.
"Privacy policies are speed bumps..."
"Privacy policies," quipped Reputation.com co-founder and COO Owen Tripp, "are speed bumps on your way to getting free burger coupons."
So what's to be done? How can we ensure that we have continued access to revolutionary forms of interaction and communication without paying an arm and a leg for them? Knapp argued that the companies themselves - the Googles and Facebooks and Twitters of the world - realize that correctly handling these issues of privacy are center to their continued success.
"They all take privacy very seriously," said Loopt COO Brian Knapp. "They believe there's a connection, a trust with their users. They didn't get to where they are without taking it seriously. It's part of the business model."
Tripp argued that this sort of trust in privacy via business sense was not enough.
"I think we're being naïve if we think companies will only go as far as what is required," said Tripp. "Why not collect that extra piece of information?"
Dempsey, of the CDT, contended that there is no one-size-fits-all solution, but rather a compromise.
"There's no perfect solution. There's no single solution," said Dempsey. "The one thing that consumers do understand is the advertisement piece. Consumers more or less understand that free is not truly free, that it's advertising-supports and that involves the collection of information for targeted ads."
What users do fear, said Dempsey, is the unexpected use of that information. When your check-ins end up in the hands of insurance agencies checking up on your eating habits (a scary point brought up multiple times throughout the night by Reputation.com's Tripp), that's when there is a problem.
A Point of Balance
And that seems to be the real point: can companies reach a point of balance? Can legislation or the market itself balance things out to the point where we can reliably click on 100-page-long terms of service for massively popular companies without worrying that our information will be sold off to insurance companies? Can the agreement of how and when and with whom our information is used become implicit, or do we really need to start flipping through the legalese?
"I would hope that in five years, there would be some established uniformity," said Berger. "I hope we'll get to a point where there's a shared understanding about what consumers can expect."
"It is possible," said Dempsey," that we could have a federal baseline privacy law. It's possible that it could provide - hit the sweet spot of - baseline protection, but with the flexibility needed to support innovation."
Tripp argued that it all came down to one simple thing:
"All things equal," he said, "the company that's going to want to win in the next couple years will have the best privacy model."
What do you think? Is the proof in the pudding or is it in the lengthy TOS that, as everyone agrees, none of us read?