Why We Lack Good Privacy Guidelines

Ronald Brownstein

When it comes to preserving their privacy in the digital age, many Americans may feel as if they are caught between King Kong and Godzilla.

King Kong would be the wireless giants, Internet providers, and social-media platforms looming over the communications jungle. Although many of these companies are individually among America’s most admired and iconic, the Allstate/National Journal Heartland Monitor Poll released Thursday shows that, collectively, they generate towering doubts about their commitment to privacy. Respondents ranked these industries near the top when asked which institutions are surreptitiously collecting information about them, and near the bottom when asked which they trust to responsibly use information they obtain.

That leaves the federal government as Godzilla—a powerful counterforce, but one whose own loyalties are suspect. The poll, which surveyed 1,000 adults from May 29 to June 2, found strong support for some kind of federal privacy regulation. But it also found endemic suspicion of government on the same questions that revealed distrust of the cybergiants.

The latest revelations about the government’s collection of phone and Internet records (which surfaced after the survey was completed) will surely amplify those suspicions. Other new polls have found that most Americans, however ambivalently, accept those programs on national security grounds. But their disclosure, following the reports of political targeting by the Internal Revenue Service, seems guaranteed to complicate the debate over preserving privacy. Many Americans may understandably wonder if a government peeking through one window is the best choice to prevent private businesses from peeking through another.

Until the latest revelations, Washington had not focused much lately on either security or commercial incursions on privacy. In 2011 and 2012, Congress reauthorized the USA Patriot Act and the Foreign Intelligence Surveillance Act, which govern federal monitoring of communications, without substantial resistance. The new disclosures could prompt a more searching debate, but given the support expressed for the programs by both congressional leaders and this week’s polls, that’s hardly assured.

If anything, commercial intrusions, such as hidden tracking of online behavior and personal data mining, have received less attention. The government has responded primarily through Federal Trade Commission cases targeting individual companies such as Google and Facebook for violating their expressed privacy policies. President Obama offered a systemic approach in February 2012 when he released a “Consumer Privacy Bill of Rights.” That plan recommended seven sweeping principles to govern privately held consumer data—including individual control, security, and the ability to correct mistakes. Privacy advocates initially praised the proposal but are now searching for its pulse. “Unless there is a serious push by the White House … this is just going to fritter away,” says John M. Simpson, director of the privacy project at Consumer Watchdog, a California-based advocacy group.

The White House’s main strategy for advancing its privacy principles was to convene negotiations between key stakeholders such as industry and consumer groups to forge codes of conduct the FTC could enforce. But that process, led by the Commerce Department, has so far yielded only a single laborious negotiation over a narrow issue (disclosure to consumers about the information their mobile applications collect on them). Expecting that voluntary process to produce big change now looks as realistic as clearing a forest with table silverware. “No one has any faith that a multi-stakeholder process like this is going to yield anything meaningful,” says Georgetown law professor David Vladeck, former director of the FTC’s consumer-protection bureau. Another private negotiation formulating rules to regulate commercial online tracking may generate only modestly better results.

The alternative path the White House offered was federal legislation establishing uniform privacy standards for private businesses, which no law now provides. But the administration has never released a bill (although some think it may soon) and even if it does, Congress has shown little inclination to act.

Washington’s limited progress may feed the Heartland Monitor Poll’s strain of digital fatalism—the sense among many surveyed that less privacy is the inexorable cost of more connection. More than nine in 10 respondents said they expect the next generation to have even less privacy.

But Jon Leibowitz, who stepped down in February as FTC chair, argues that fate isn’t inevitable. Although major federal legislation or regulation isn’t likely soon, he says, better privacy protections could emerge from the combination of voluntary negotiations (spurred by the threat of government action) and new technologies, such as blocking tools in browsers, that give users more control over their own data.

Jim Brock, vice president for privacy products at AVG Technologies, and another sharp observer of these debates, agrees. Online providers such as search engines, he notes, must be allowed to extract some value from their interaction with customers to support the free services they offer. But like Leibowitz, Brock says providers have tilted that balance too far. Brock predicts that only if technological advances empower consumers to more completely block data-snooping will providers sue for peace by accepting reasonable privacy protections. It’s a frequent lament that technology outruns regulation, but in this case, the former could enable the latter. “If consumers are technologically powerless,” Brock says, “there will never be progress.”