Bartering our Privacy

Many years ago I worked for a brilliant man, an industry analyst who did groundbreaking work in developing models for delivering broadband services to residential customers. I recommend you check out his current company, DEEPfutures.

Last August, he wrote a post on LinkedIn discussing new business models for Internet services. It’s a good read, but I disagreed with a key point that he made about the business model of presenting ads based on personal data:

“That business model is an unequal barter. In old-style, traditional barter, a farmer might trade a sheep and two chickens to have the barn roof repaired: both sides would have calculated the value and benefit. In our unequal barter, we trade all our personal information for…cat videos [and] free-to-us online services: Gmail, Facebook, Whatsapp, Twitter, etc. It’s unequal in that we, the users, have no say over or insights into the value the adtech giant firms abstract from our data. It’s also unequal in that all people’s data, mine, yours, a billionaire banker’s, a poor farmhand’s, are traded for the same “free” service, although our data clearly have different utility and value to the adtech companies and their customers.”

I disagree with this statement in two key areas:

  1. “It’s unequal in that we, the users, have no say over or insights into the value the adtech giant firms abstract from our data.” Yes, it may be unequal, but it’s certainly not unfair. In the old-style barter system, we assume that the farmer traded his sheep or chickens to the roof repairer so that the latter could feed his family. But what if the roof-repairer had discovered a way to make chickens lay golden eggs and he could generate millions of dollars in income going forward? That’s still not an unfair barter, since the farmer received something valuable — a now leakproof roof — in exchange for something he considered valuable. In the same way, companies like Google, Facebook and others who give us cat videos or apps in exchange for our data are providing something of value — we don’t lose in the bargain if they are smart enough to turn our data into something more valuable than we consider it be when we hand it over.
  2. “It’s also unequal in that all people’s data, mine, yours, a billionaire banker’s, a poor farmhand’s, are traded for the same “free” service, although our data clearly have different utility and value to the adtech companies and their customers.” Here again, that doesn’t really make the barter unfair — if adtech companies find more value in a billionaire banker’s data than they do in the data from a farmhand, but are willing to provide the same free services to both, that’s not really unfair to the banker or farmhand. These individuals, as well as the adtech companies, are willing to enter into a barter relationship for something they each perceive to be of value.

This should not be interpreted as any kind of defense of Google, Facebook or others who have clearly demonstrated that they often play fast and loose with others’ data. Nor is it a defense of adtech companies and others that take your data without permission. For example, TechCrunch has found that companies like Air Canada and Hotels.com will record your mobile phone interactions, sometimes without permission. That’s not barter, since something of value has been taken from you without your consent in exchange for nothing in return.

Instead, I believe the fundamental problem is that too many aficionados of cat videos and various types of “free” apps place too little value on their privacy. They are too quick to hand over their data without first considering the consequences of doing so. The transaction is fair, but the adtech companies are thinking critically about what they can do with data owned by people who don’t think critically about entering into a relationship with them.

Any unfairness in the bartering between individuals and adtech companies will be solved only when the former begin to think seriously about the implications of handing over data without first considering the consequences.

Monitor Your Social Media Exposure

Social media is an amazingly useful tool to share meaningful information (along with lots of drivel, humblebrags and photos of that amazing breakfast your friends are about to eat in Cancun). However, the ease with which social media can be used as a vehicle for sharing good information enables users to share some really stupid things, as well. The most recent case in point is the (now former) CBS Vice President and senior counsel who posted some very insensitive comments on Facebook about the victims of the horrific shooting in Las Vegas earlier this week. In 2016 a (now former) faculty member of York University in Toronto posted links on Facebook to anti-Semitic web sites and made a number of derogatory comments about Jews. Also in 2016, a (now former) employee of Express Oil Change and Tire Engineers in Alabama posted on Facebook that the wildfire victims of Gatlinburg, Tennessee are, “….mouth-breathing, toothless, diabetic, cousin-humpin, mountain-dew-chuggin, moon-pie-munchin, pall-mall-smoking, trump-suckin pond scum.” In 2013, the (now former) communications chair of the Democratic Party of Sacramento County, California tweeted to the senior communications adviser to Ted Cruz, “May your children all die from debilitating, painful and incurable diseases”.

These types of posts represent a lack of self-control, something of which the vast majority of us are guilty at one time or another (but, hopefully, in less public ways). But they also represent a massive liability for a company’s brand. In each case, the offender was fired by his or her employer, but that does little to mitigate the enormous damage that these types of posts can inflict on the innocent employers who get caught up in the firestorm that normally ensues after these types of posts go viral.

As an employer, what can you do about this? Here are some suggestions:

  • First and foremost, establish detailed and thorough policies about what constitutes acceptable and unacceptable employee behavior, both during and after work hours. Obviously, an employer has less control over their employees when they’re not at work, but some reference to acting like a decent human being on a 24×7 basis while employed by the company is a good starting point.
  • To back up these policies, provide good training for employees about how to respond to social media posts, how to avoid making inappropriate comments on social media, and how to escalate sensitive issues like customer complaints.
  • Implement good monitoring, DLP and scanning technologies for all work-related systems, including social media. The goal is not only to identify intentionally inappropriate and mistaken posts from employees, but also to protect against data loss and malware infiltration through the social media channel, to identify if a social media account has been hacked, or to identify if someone is falsely purporting to be a representative of your company/brand.
  • Archive content from your social media channels, including any employee posts made using company infrastructure. Having a good archive of social media content will enable decision makers, counsel, etc. to review social media posts for inappropriate content after the fact, and can be useful as part of litigation efforts and regulatory audits.
  • For social media accounts under company control, enable appropriate access controls to minimize the potential for inappropriate posts.
  • Where necessary, implement a supervisory program (something akin to what financial services firms do for broker-dealers) that will sample employee social media posts to look for violations of corporate policy.

We will shortly be publishing a white paper and survey results focused on social media security and archiving. Let us know if you’d like to see an advance copy of the survey results or the paper.