Infiltrating the privacy movement

I had a fantastic teacher in high school named Rick Takagaki, who once played a class of mine two speeches in a row: Martin Luther King Jr.’s “I Have a Dream,” and Malcolm X’s “Message to the Grassroots.” The speeches, while both incredibly compelling, couldn’t be more different (and certainly couldn’t be more different from what passes for rhetoric today). “Grassroots” contains a famous passage in which Malcolm X derides the March on Washington (at which King gave his “Dream” speech) as a watered-down revolution, infiltrated and controlled by the white power structure:

It’s just like when you’ve got some coffee that’s too black, which means it’s too strong. What you do? You integrate it with cream. You make it weak. If you pour too much cream in, you won’t even know you ever had coffee. It used to be hot, it becomes cool. It used to be strong, it becomes weak. It used to wake you up; now, it’ll put you to sleep.

While the topic is far less momentous, I always think of that quote when I read privacy stories like the one in today’s New York Times: “Online Marketers Joining Internet Privacy Efforts.” Marketers joining a privacy movement?

It’s not like there’s a privacy revolution in the United States; there never has been. But there are certainly a lot of “Chief Privacy Officers” whose Orwellian role seems to be spinning encroachments on privacy to look like a revolution of freedom. The closest the U.S. has gotten to a privacy uprising is the National Do Not Call Registry. According to a January, 2007 Times article, since its launch in 2003, “more than 137 million phone numbers have been placed on the list by people tired of interruptions during dinner or their favorite TV show.” 137 million! The seeds of a movement are there, at least. While probably nothing else has risen to that level of response, news coverage of ChoicePoint, identity theft, and the like make privacy a popular topic of lip service — but usually, unfortunately, little else.

The significant quote in today’s Times piece comes in the fifth paragraph:

There is a silver lining for marketers, however: the AOL site will try to persuade people that they should choose to share some personal data in order to get pitches for products they might like. Most Web sites, including AOL, already collect data about users to send them specific ads — but AOL is choosing to become more open about the practice and will run advertisements about it in coming months.

I don’t have a problem with AOL’s effort — it seems like a good development to me. Explicit labels are good. It’s definitely interesting to see search engine providers competing on how comfortable they can make people with their practices. But this isn’t a privacy effort. The goal here is to find tracking that consumers will accept.

Back to Malcolm, who warns that the only one who would resent his teachings would be “a wolf, who intends to make you his meal.” Real privacy comes from removing tracking altogether, not adding small labels to it, festooning it with compliance badges, and providing an opt-out from it buried somewhere on a site. (I’ve put my money where my mouth is on this topic; see “Super Ninja Privacy Techniques for Web App Developers” in (IN)SECURE number 11 [PDF], pages 47-53, which I co-wrote with my colleague Brad Greenlee.) Marketers can’t join a privacy movement without it being an infiltration; the headline of the Times piece is in itself an impossible contradiction. Having more options for types of marketing is fine, but don’t mistake this wolf, or his intentions, for anything else. My old teacher, Takagaki, would never have let me get away with calling something what it isn’t, and this isn’t privacy. It’s marketing.