Is it Time to Capitalize on Privacy?

Looking back, it seems clear that 2013 was quite the year. It brought us a new Pope, record highs on Wall Street, and the ever-entertaining wrecking ball of Miley Cyrus’s career. However, 2013 should perhaps best be remembered as the year that most citizens of the digital age became acutely aware of a long neglected part of their life: online privacy. Pope Francis may have won Time’s “Person of the Year” award, but Edward Snowden wasn’t far behind. He became a household name overnight, and the scandal he revealed continues to pop up in the news every few weeks with a new revelation about the NSA creeping into our emails, our Facebook, and installing backdoors into our commonly used software and cell phones. With the amount of publicity that the subject has received over the past year, it is not surprising that this is now on the minds of the general public, A.K.A. “consumers.”

Armed with the knowledge that consumers are more aware than ever about their privacy, how should companies respond? This could be the time for companies to take advantage of this newfound customer concern, and start selling privacy as part of their service. For some companies and services (likely the minority), this may mean little more than touting the existing privacy and security features already in place. These companies can capitalize on their preexisting dedication to privacy and the trust of their userbase.

Other companies have been created as a result of this concern. The search engine DuckDuckGo, for instance, does not track users’ history or information, in a clear challenge to the practices of search behemoth, Google. DuckDuckGo was founded on the idea that some people actually care enough about their privacy that they would be willing to switch search engines (something which is probably an unfortunately significant part of our lives) based on this aspect. It would appear that this is at least partially true, as the site nearly doubled its queries per day following the NSA revelations. Likewise, the email service Lavabit was founded on a dedication to anonymity and privacy for its users (also reportedly used by Edward Snowden), and while it has since been shut down, the site’s popularity has encouraged its creators to release a new service to “thwart e-mail spying”, even by the NSA.

These services are not re-inventing the wheel. DuckDuckGo is not the first search engine and Lavabit was not the first email client. In fact, little set them apart from the competition except for their focus on protecting the integrity of user privacy. Perhaps then, it is possible we will begin to see more areas of our internet life with privacy-specific alternatives. . . . not necessarily reinventing the wheel, but definitely hiding it better. Regardless, it seems fair to say that there is a growing market for privacy-focused applications that should not be overlooked.

For the vast majority of companies, however, the great privacy revolution of 2013 demands change. For instance, many have long employed practices which allow for the selling of consumer data to third party advertising companies. This went on for years, and was essentially an industry that thrived on consumer apathy. Indeed, as our own Professor Florencia Marotta-Wurgler has noted, less than 1% of consumers have actually read the end user license agreements for software and websites. Since users have become more aware of their online privacy, however, it may be time for companies to tweak these methods. It may be time to make privacy policies easier to read and to include more favorable terms to the consumer (i.e. stop selling their data wholesale).

Even before the Snowden leaks, consumers showed that unfavorable use of their data and online presence could provoke a strong response. When Instagram announced changes to their privacy policy which would allow them to sell users’ data and photographs, the backlash was so profound that Instagram soon issued a new policy which is notably devoid of any such practices. Facebook, a name that few would find to be synonymous with privacy, has actually been making some shifts in its policies to stop the selling of personally identifiable information, a change that occurred immediately after the PRISM scandal went public (though they continue to find other user information to sell). While it may be too late for users to develop trust in Facebook, the implementation and marketing of consumer-friendly privacy policies may be a method for other companies to draw both old and new users into the fold.

Some companies have also begun to distance themselves from the NSA, at least publicly. These companies are often those that might be seen as the biggest potential offenders of user privacy, and so this is a hugely important public relations battle which they need to fight. Recently, Google, Apple, Microsoft, Facebook, Twitter and Yahoo have formed a group called the Reform Government Surveillance coalition which is meant to combat the invasive measures of the NSA, including the NSA’s ability to request user information without meaningful oversight. Not to be overlooked, Cisco (an industry leader in networking equipment) has also come out stating that it is “deeply concerned” over the recently discovered backdoors in their products. While these movements against the NSA are largely superficial at this stage, it will be interesting to see if the Reform Government Surveillance coalition or public statements by companies are successful in making consumers believe in the ability of private companies to protect them from undesirable invasions from the government.

While 2013 was a sobering year for privacy, perhaps it should be looked at instead as a wakeup call for consumers. After all, this is a chance to demand change in privacy practices of companies that have long been stacked against their users. Likewise, this is a chance for companies to market themselves in a new way that customers will appreciate: the vigilant guardian of their information. Maybe, just maybe, the market can prevent “internet privacy” from becoming an oxymoron.

Luke Smith is a J.D. candidate, ’15, at the NYU School of Law.

more »