Silicon Valley’s Doublespeak On User Privacy

In a moment of unabashed hypocrisy, this week eight leading tech titans chastised the U.S. government for daring to do what each of them does on a daily basis. Namely, spy on people. Companies like Facebook and Google make billions of dollars by prying into every corner of our increasingly digital lives, then manipulating that data to convince us to do things we might not otherwise do. 

Sure, it's all in harmless advertising fun, and the governments (of course!) have nefarious plans. But the truth is not so neat and tidy. Regardless of intentions, it's hard to see how the Web giants could believe they could create a massive ocean of data without any governments or unscrupulous actors wanting to take a swim is equally baffling.

Spies, after all, are spies.

Shifting The Burden Of Compliance To Uncle Sam

The Web giants' manifesto is as self-serving as it is naïve. As the Financial Times’ John Gapper points out, “[T]hey advocate nothing that would be inconvenient or difficult for themselves. On the contrary, under the heading ‘respecting the free flow of information’, they sneak in a demand that governments must not force companies to ‘locate infrastructure within a country’s borders or operate locally’.”

Why? Well, there are clearly noble reasons to resist. For one thing, once infrastructure sits within a country’s jurisdiction it becomes easier to both monitor and censor information flowing into or out of that country.

But there’s another, far less noble reason, which is that it costs money to do what the offline world has had to do for decades: comply with local regulations. I’m sure banks would love to run unfettered through the streets of Brazil. But financial regulation doesn’t allow it. It’s not surprising that countries would want to protect their citizens’ privacy as assiduously as they protect their money.

Especially given how amazingly poor Silicon Valley’s Web giants have been about protecting privacy.

Silicon Valley’s Shoddy Reputation On Privacy Controls

This is an industry that has bastardized Tim O’Reilly’s Web 2.0 principle of “architectures of participation” to be “architectures of forced participation.” Where your data defaults to public and open, not because it’s in your interest, but because it’s in the interest of Facebook’s or Google’s advertising aspirations. 

When did the web companies become freedom fighters for user privacy? As the Wall Street Journal suggests of Google, "The breadth of Google's information gathering about Internet users rivals that of any single entity, government or corporate." Facebook, for its part, regularly changes privacy settings, and rarely in ways that help users shutter their lives from public view.

This is, after all, the company run by the man who declared "privacy is dead."

Regardless of their moralistic raging against the government machine, however, the reality is that the burden of privacy falls on the Web companies, not governments. Spies are spies: that’s what they do. Asking the NSA not to use Google’s treasure trove of information, for example, is a pipe dream. Nor is there a technical solution to this: better encryption won’t hinder spies. Not even quantum cryptography, as Serge Malenkovich of Kaspersky Systems argues.

Putting Data Back In Its Place

Facebook CEO Mark Zuckerberg says all this is “really bad” for his international business. Well, there’s a solution for that: keep data in the countries where it originates. This would require additional infrastructure costs and would hinder Facebook’s ability to analyze and monetize  global user data, but it would go a long way toward minimizing the movement of user data. Given the unlikelihood of truly securing data in transit, this is a real option, if an imperfect one.

But of course, it would be inconvenient for companies who want to ask governments to respect user privacy ... so that they don’t have to. Cheeky. Naive. And almost certain to fail.