Privacy and ad-supported services don't go together. Former Sun Microsystems CEO and fellow Wesleyan alum, Jonathan Schwartz, writes that companies such as Facebook that earn their living by selling users' private information to marketers are much the same as stalkers. Users are acting irrationally, he writes, in expecting Facebook to do anything but exploit their privacy to maximize profit.

{% pullquote %}
Vocal {"dissent from Facebook users isn't irrational behavior, but bargaining for a better deal"}...a large scale price negotiation. How much privacy are people willing to exchange to use Facebook? The complainers say "less", Facebook says "more". Clearly, Facebook hasn't found the privacy price point that all users are happy to pay. Luckily for the competition, Facebook can't please everyone all of the time.
{% endpullquote %}
There will always be people who want more privacy than whatever Facebook offers just as there will always be people willing to trade the details of their entire life for the chance to spend an hour a day pulling virtual weeds on a virtual farm.

Your privacy is priceless…or is it?

Schwartz implies that regulation is the cure for Internet privacy and cites the US healthcare privacy law, HIPAA, as a model that Internet privacy legislation might follow.

First, the economic: HIPAA establishes an extremely high price floor on a person's health information. It takes away your right to independently value your medical privacy. Value your health privacy at $100,000? Too bad…you can't sell it because the buyer's cost to buy is $250,000 in fines plus jail time.

Let's conduct a thought experiment. What if there was a hospital that would treat you for free even for elective procedures, no insurance needed. The catch? You need to to waive your HIPAA rights so they could sell your medical information. Would you take the deal? You might not do it, but my guess is that some people would find it a pretty attractive deal.
{% pullquote %}
Ad-supported Internet services such as Facebook and Gmail are just like that hypothetical hospital. They say we'll give you this service for free in exchange for some of your privacy. That {"the same people who spend over $100 a month on cable TV will give up their privacy to avoid paying the $5 a month Google asks for Gmail"} goes to show how little value they place on privacy.
{% endpullquote %}

HIPAA-style Internet regulation anyone?

Regulation of Internet privacy along the lines of HIPAA would take away those choices from consumers, choices that many consumers happily make. To write off privacy price floors as a cost of doing business and to pretend that an Internet where privacy can't be traded won't have a much smaller supply of the free services consumers love is to ignore the laws of economics. Not a very strong argument for HIPAA-style Internet privacy regulation.

However, the lack of transparency about what happens to your information online after you click submit does present a compelling argument for disclosure regulation. After all, markets don't function very well when participants don't access to information. Consumers can't make decisions about how they value the privacy they're trading to Facebook if they don't even know how much or what they're giving up.

Market to the Rescue!

A better approach is to let technology and the market solve users' privacy concerns. Technology in the form of open standards and decentralized systems can allow users to have the best of both worlds.

Email is a good example of this. If I value my privacy, I can shop around and pick an email provider that treats my data securely or even run my own email server. If I don't want to pay, I can sign up for one of the free ad-supported email services like Gmail. Want something in the middle? I can pay Google $5 a month and they'll give me Gmail and let me keep my privacy by turning off the ads and the tracking.
{% pullquote %}
It wasn't always like this. In the early days, email wasn't interoperable...you could only send email to users of the same system or network. {"Don't like their privacy policy? Tough beans. Use a different system."}..just remember you can't reach your friends/co-workers who use the other systems. Sound like the current state of the "social web" to you?
{% endpullquote %}

Sowing the seeds of destruction

At the present, for social web to reach a level of standardization and interoperability similar to email may seem hopeless in the face of the huge network effects enjoyed by Facebook & Twitter. However, both the technology and the demand from users is starting to appear. This leads me to believe that the days of the walled-off social web will one day come to an end.

The existence of companies like Schwartz's CareZone that make protecting user privacy their priority and offer products that don't ask users to pay for a service with their privacy are one step in that direction.

The creation of technology that provides decentralized and open replacements to major features of Facebook, et al., is another step. Mozilla's Persona is a promising example of a decentralized, open single sign on system that shows that features of today's walled gardens can not only be replaced, but can done so in a way that is both easier to use and offers stronger privacy.

{% pullquote %}
Decentralized technologies and standards threaten walled gardens. So do the companies that use them. If companies with compelling products adopt and support these technologies and continue to innovate, the ecosystem outside the walled garden will grow and blossom into a world that makes Facebook's garden feel stuffy and constricting. {"Remember AOL Keyword? Neither do I."}
{% endpullquote %}