Saturday 22 May 2010

Why make privacy complicated?

The current 'row' about Facebook's privacy settings, and the similar 'affair' about privacy on Google Buzz raise one significant question: why do companies like Facebook and Google make privacy so complicated? That, it seems, is one of the key problems, particularly in Facebook's case. According to the New York Times, Facebook's privacy policy has 50 different settings and 170 options, and the policy is longer than the US Constitution - closing in on 6,000 words.

Why? Is it complicated simply because privacy itself is complicated? Well, it's certainly true that privacy isn't as simple and clear cut as some might imagine, but does that really mean that privacy policies, and privacy options need to be so complex as to require a law degree to even begin to understand? It's hard to justify - and for companies that demonstrate immense creativity when it comes to designing new products and services, and excellent ways to make those products and services simple to use and easy to understand, it does seem quite surprising that they can't make their privacy policies easy to understand and their privacy options simple to use. They have the experience and the expertise to find a way - if they really want to.

So why don't they? Two reasons immediately spring to mind, one simple and in some ways reasonable, the other much more pernicious. The first is that until recently they simply didn't care enough about it - and didn't think their users cared enough about it. A privacy policy was something that only concerned lawyers (to cover their potential liabilities) and geeks (who are those who bleat on about privacy), and lawyers and geeks don't need things to be simple to understand and use - they need things to cover all the relevant issues in a logical and coherent fashion.... which leads to documents the size of the US constitution and 170 options and 50 different settings. What's more, they want their creative minds and experienced programmers to be working on the 'important stuff', not wasting time and money on something like privacy policies that no-one really care about. So, from a business point of view, putting effort into making privacy simple and understandable would be wasteful. And boring, too, for the creative people.

The second possible reason is far more shady - maybe they want to make privacy complicated because they don't want people to know what they do and what the implications are? If an ordinary user has to wade through a document the size of the US constitution, and spend their time choosing between 170 options and 50 settings, the chances are that they simply won't bother. And if they don't bother, and leave the settings on what Facebook choose as the defaults, then everything's much happier, at least for Facebook.

I wouldn't like to suggest that the second is true - the first is far more likely. However, if the second does have an element of truth to it, we might start to see that over the next year or two. Public interest in privacy appears to be growing - the question is how companies like Facebook respond to it. If things change, and change quickly, that would tell us a lot. If they don't, and if there is more prevarication and less action, that would tell us something else entirely.

Monday 10 May 2010

The politics of privacy - does privacy matter?

A few weeks ago I attended Privacy International's 20th anniversary party - a fascinating event, celebrating a truly admirable organisation which has done sterling work over the last twenty years, from a time when privacy seemed to be very much a 'niche' subject, one that most people didn't think mattered much at all. Over the last few years, however, that seems to have changed - privacy issues regularly make headlines, from lost data to the sell-out of Chinese dissidents, from ID cards to data retention. Emphasising that, one of the two keynote speakers at the party was Nick Clegg - and this was BEFORE the first of the UK's leadership debates, so before Clegg had etched himself on the public consciousness. He spoke powerfully, quite eloquently, and fairly passionately about privacy - and at the same time, since he and we all knew that the election was just aroung the corner, he used the occasion as an 'electoral address', suggesting that his party, the Lib Dems, was the best party for privacy, and would protect all our rights much better than the other two. No to ID cards. No to centralised databases for Data Retention. No to fingerprinting our children....

....well, now he's become the 'kingmaker', it will be interesting to see how high up his agenda privacy really is. Is it one of the points he makes to his potential coalition partners? Will he get his way? It's a very interesting test of both his political will and his judgment as to the views of his supporters. We should know in a week or two....