When Edward Snowden slipped out of Hawaii with a treasure trove of classified NSA documents, he started a chain of events that have led to an intense and unstoppable public debate on the topic of government surveillance. As an unintended consequence, he also threw a monkey wrench into larger discussions of privacy in the information age.
Pre-Snowden, most discussions of privacy focused on data collection by giant advertising and analytics companies. That was the impetus for the Do Not Track initiative, whichand is lurching towards failure today.
Post-Snowden, discussions of online privacy have taken on a darker tone, one that regularly verges on scenarios that would have been considered paranoid only a year ago.
Tuesday marks the first observation of Data Privacy Day in the new era. The event, which is a spin-off of Data Protection Day in Europe, was originally a way for the event's sponsors (National Cyber Security Alliance in the U.S., the Committee of Ministers of the Council of Europe on the other side of the pond) to try to get coverage for a topic that most reporters frankly didn't care about. That coverage is no problem now, given that the long list of sponsors includes big corporate names that have themselves been victims of the NSA's indiscriminate data collection, including Google, Microsoft, and Verizon.
For its part, Microsoft commissioned a survey of technically sophisticated customers in the United States and four key countries in the European Union: Belgium, Germany, France, and the United Kingdom. The survey's results display a depressingly consistent confusion over the very definition of privacy. In addition, there's little consensus over who's responsible for protecting privacy. And, not surprisingly, there are some big differences in attitudes between consumers in the U.S. and those in the more privacy-sensitive European Community.
By a significant margin, people on both sides of the Atlantic agree that privacy protection starts at the personal level. The survey asked "Who should be responsible for protecting your online privacy?" In response, 46 percent of Americans and 40 percent of Europeans said that responsibility belongs on individuals. In the U.S., only 23 percent answered governments, perhaps betraying an ongoing mistrust of the NSA and other government agencies.
Roughly 30 percent of respondents in the U.S. and Europe think companies should take a lead role in protecting privacy, and an even higher number (45 percent in the U.S. and 42 percent in Europe) want technological solutions, rather than detailed transparency reports or more sophisticated privacy policies.
Microsoft sees that result as an endorsement of its investment in technology like its tracking protection lists for Internet Explorer. That might be true, but simply giving users more privacy-enhancing knobs and dials isn't likely to make much of a dent in the real world. The same survey says fewer than a quarter of the respondents who use online services do more than skim privacy policies. (And remember, these are tech-savvy customers, not average users.) Asking those customers to install add-ons and enable features that frustrate the business models of Google and other advertising giants isn't likely to end well.
A cynical reader of this survey might conclude, in fact, that nothing is likely to change soon. In response to the question, "For what activities are you willing to trade privacy for ease of use?" nearly half of U.S. customers said "Shopping," and 39 percent or more said they'd also be willing to give up privacy for gaming, social networking, and banking.
There are profound reasons to rein in indiscriminate NSA surveillance, not the least of which is that it doesn't seem to be a good use of scarce government resources. But hopefully the fascination with NSA data collection will end soon and we can get back to having a real discussion of the risks of indiscriminate data collection in the private sector.