Simson Garfinkel: Chicken Little or Paul Revere?
Pages: 1, 2, 3
Interview Transcript
|
RealAudio -- High Bandwidth or Low Bandwidth MP3 Download 
|
Listen to this interviewPizzo: Simson Garfinkel, thanks for joining us today. I know you've been busy and it's nice of you to sit down and give us some of your time. Your book, "Database Nation," has been generally well reviewed in papers such as The New York Times. It has garnered some criticism, the criticism that mostly revolves around it being the worst-case scenario on each one of the issues that you brought out. How do you respond to those criticisms?
Garfinkel: I haven't heard that criticism. The criticism I've heard is that it's calling for government regulation, and people have argued that cyberspace shouldn't be regulated by government because government is the biggest threat to privacy issues. And the other two criticisms are that I don't really talk about the international experience and that we don't really talk about workplace monitoring issues except in the first chapter.
Pizzo: Have you read for example the book "Cluetrain Manifesto"? We did an interview with the authors of that a couple weeks ago. One of the main thrusts in their book is that the marketplace is the best place to regulate this kind of thing.
Garfinkel: Well, there's a lot of arguments for not using the marketplace to regulate privacy, for the same reason that we don't use the marketplace to regulate the chemical industry or the food industry. We tried using the marketplace to regulate the chemical industry in the 1950s, and the result was that we killed a lot of species, we polluted rivers, and the air was unbreathable in many cities. The marketplace doesn't regulate issues when there are externalities. You need to have regulation so that companies are forced to bear the brunt of what they throw onto society. And privacy is very much like that. If you have a marketplace, as we do today, in which some people -- some companies -- can be privacy winners and some companies can be privacy, you know, mavens or not very good privacy people, what happens is that the poor players benefit from the good publicity created by the market leaders. It actually puts companies that have strong privacy policies at a disadvantage to those who claim that they have policies but violate those policies, or those policies have tricky wordings and they don't really, they mislead consumers.
Another problem with relying on the marketplace to regulate privacy issues is that most users, most people in our society, are not really well-versed enough to protect their privacy by making informed decisions, just as they aren't really well-versed enough to protect their health by reading the ingredients and deciding if a particular ingredient on a bottle is known to cause cancer or not. Instead what we do is we have a law that says if a substance is known to cause cancer you can't put it in the food supply. But we don't have rules right now that say if a product is known to cause privacy problems you can't put it in the information industry.
Pizzo: Wouldn't it be better just to boil this down to an opt-in opt-out sort of policy, that if we just simply had a rule that simply said, "Look, people have to opt-in and opt-out of this," and if they want to give an online retailer like amazon.com a personal profile so that retailer can customize their content for them as a convenience, then they say "yes." If they don't want that to happen, they don't want Amazon.com to track them or their buying habits, they say "no."
Garfinkel: Well, it's really dangerous doing what you're doing, which is saying, "Isn't this just an opt-in opt-out?," because the first thing is that that's very much marketing speak and it's becoming very much Internet marketing speak, and we talk very little about the Internet in this book because the real privacy problems facing us in the 21st century are not online privacy problems but they're privacy problems from the real world. For example, many stores in the United States have video cameras, and stores in England are now adding face recognition features to those video cameras, building up profiles as people walk in the streets and as people walk through stores. Now there's no opt-in opt-out language that really applies there. You are in the environment, and the cameras are in the environment, and the only way you can prevent them from recording your image and making use of that information is to wear a ski mask. And I don't really enjoy shopping while wearing a ski mask, and the people in the store don't like it when I wear a ski mask either.
The idea of using opt-in opt-out to resolve privacy issues -- it really minimizes the scope of privacy issues that we're facing. I'll give you two other examples. One of the large privacy issues is the role of government in preventing terrorism. Well, I can't envision a system where you could use opt-in opt-out to decide who the FBI is allowed to go after or who they're not allowed to go after. We establish standards for police investigations, and those standards have nothing to do with opt-in opt-out.
And there's another issue that I talk in in the book and that is genetic profiling, whether you're going to be scanned so that medical services can be delivered better to you but sometimes that information might make it into other people's hands. You can apply an opt-in opt-out to that, saying that, "Well, if you opt to have your genetic profile compiled, then who knows who gets it?" But I think that's a very, that's a very punitive way of applying the advances that medical technology is bringing us, saying that the only way that you can benefit from these advances is if you give up all of your privacy. We know that we can benefit from those advances and simply regulate what people can do with that information.
