Everyone recognizes that privacy is important. But if you look at several issues that have been in the press recently, it seems like we’re always being asked to trade privacy for other benefits — security, convenience or even financial benefits.
Arizona State University’s new Privacy by Design Research Lab in the W. P. Carey School of Business is working with industry leaders to change the conversation to one in which we capitalize on best practices in engineering, business and communications to identify practical solutions to improve products and processes without sacrificing privacy, and perhaps even enhancing it. Consider the following situations:
Red light and speed cameras: These traffic enforcement technologies have been widely adopted in Arizona, but they are quite controversial. Those in favor of the cameras focus on improving driver safety and generating revenue for our cash-strapped state. In 2009, Arizona did have the lowest number of fatal collisions on state highways, and the speed cameras generated $19 million in revenue between October 2008 and October 2009, so maybe there is some merit in these arguments. However, these practices also raise serious privacy issues. Many citizens are concerned that Big Brother is watching them on the highway and in major intersections, and they worry that the state is capturing photographs of citizens who have done nothing wrong. For example, the photos taken often show the passengers — clearly enough to be identified — and they haven’t been speeding. Do we have to trade passenger privacy for improved highway safety and state revenue?
Imaging technologies at airports: After the attempted terrorist bombing on an airplane this past Christmas, there was a lively discussion in the media about scanning technologies that could be used at airports to improve the Transportation Security Administration’s ability to spot a wide range of weapons carried close to travelers’ bodies. In almost every newscast, the reporters focused on a backscatter X-ray scanner’s ability to help identify security threats. But they also described the images produced as putting passengers through a “virtual strip search.” In effect, the question that was repeatedly asked was, should American citizens be willing to be viewed “naked” in order to improve national security?
Facebook’s privacy settings: There also has been a lot of discussion around the most recent changes Facebook made to its privacy settings. Over time, the social networking Web site has created more robust privacy settings, allowing members to control their content at a more granular level. But Facebook also has made the default settings for some content public. That means the content of members who do not take the time to adjust their settings is made available to the world. Additionally, the new privacy defaults were changed to public unless users took the time to check that they wanted their former privacy settings honored.
Location-based services: As mobile phones get smarter, creative innovators are developing applications that can greatly enhance our productivity — or at least help us get data that is appropriate, given our location. For example, when traveling you can use OpenTable’s iPhone application to help you find a highly rated, independent restaurant within two miles of your hotel, and it can give you walking directions and lead you step-by-step from your current location to your table. This convenience is amazing. But at the same time, several organizations are tracking your geographic location — accurate to within a few yards. Are the privacy issues that arise worth the great meal? Should you really have to give news services like National Public Radio access to your location data (which you must, by the way) in order to get their news feeds?
Each of these scenarios brings up interesting privacy issues, and when you read about them, it almost always sounds as if we are facing a zero-sum game situation: Business can either deliver on privacy or earn revenue. However, this is absolutely not true, as we are advocating at ASU. The challenge is to identify or develop, if necessary, technologies and processes that can deliver the same level of security and convenience without sacrificing privacy or profits. For example, traffic cameras can “blank out” driver and passenger faces unless authorized individuals enter security codes that allow users to “see” the driver’s face, while still protecting the passenger’s privacy. Similarly, if the TSA adopted millimeter-scanning devices, they would be as accurate as the backscatter devices and simultaneously better at protecting individual privacy. And we could all go through security without taking off our shoes, improving our overall convenience.
What these examples highlight is that there needs to be a radical shift in expectations. Organizations must consider privacy issues when creating new products and services. If they do, they can enjoy a positive-sum game, improving their relationships with customers, which can lead to higher profits. The statement made over a decade ago by former Sun Microsystems CEO Scott McNealy, “You have zero privacy anyway, get over it,” is actively being challenged at ASU’s Privacy by Design Research Lab.
We are working with internationally known privacy guru Ann Cavoukian, the information and privacy commissioner of Ontario, Canada, and primary developer and proponent of the Privacy by Design concept. The ASU research lab is the first such ambassador program in the United States with Cavoukian providing executive guidance. With initial seed funding from the Privacy Projects, we have begun initiatives to develop actionable guidance for emerging business situations. Our first project is focusing on best practices for mobile applications, helping those who are developing applications such as OpenTable to determine what personal data is needed to be successful, and what practices should be put in place to ensure customers get great service without giving up their privacy. If you’d like to learn more and join in the discussions, please join us for one of our monthly meetings.