[alac-admin] Yes, On Line privacy really matter

["Sebastian Ricciardi" <sricciardi@xxxxxxxxxxxxxxx>]

A few days ago, Eric Goldman wrote an interesting thinkpiece in CircleID
regarding users' feeling about privacy.
(http://www.circleid.com/article/250_0_1_0/).  His seems to conclude that
the existent regulations and policies on the matter are unnecessary, since
Privacy doesn't "really" matters to the consumer.



Eric based his argumentation on a number of surveys, stating that, even when
the user expresses concerns about their privacy, on line behavior shows a
different reality. We don't want to discuss here the soundness of surveys as
a reliable source of information, but the author could be assuming too much
in his analysis.



 It is true that user's don't read privacy policies. At least not me, nor
those who I know. However, I do have strong feelings about on line privacy
as a fundamental right for the average Internet User. To read those policies
is bother, take time and in some cases is considered as a waste of time.
Happens the same in the brick & mortar world every day: How many times do
you carefully read the security policies of you parking lot? Do you ever
read the terms of service of your energy company? Even better, how many
times you read the terms of service of your credit card ??



At the end of the day, it's a matter of trust. If I do trust well known
sites as Yahoo.com, ebay.com, MSN, etc., I don't want to waste my time
reading their privacy policies. The users only provide personal information
(considering it "sensitive") in the websites they trust. In the other
websites, they don't read privacy policies; they just avoid bringing them
that kind of information.



Sweepstakes and promotions are another interesting issue, and the same
arguments apply. Yes, the user may give a lot of personal information to
Amazon.com in order to win a book, but how many people do you know that
reply unsolicited messages announcing that you win a fortune in a lottery?
Once again, it is a matter of trust.



* * * * *



When considering on line behavior, you need to be very careful in order to
get reliable conclusions. Think how difficult is to analyze consumer
behavior in the real world, and you'll get an idea of how difficult could be
to draw conclusions in the virtual space.



It may be true that users like to participate in sweepstakes and sometimes
get clumsy in providing personal information. But it is also true that the
use of nicknames, web mail services and fake e-mail addresses is well spread
around the net. Those are tools used by the average user to protect their
privacy.



To segment users in groups in activists and apathetic seems to be, at least,
risky. I would say that the real segmentation could be defined between
experienced and not-so experienced users. Then you will realize that
experienced users are often "activists" and don't surprise if you find out
that they're the younger ones. These users have a better understanding of
the way the Net works. They know that "cookie" is not about snacks, and they
understand the risks involved. They get less spam because they already
learned not to fill every space with their e-mail address, and definitely,
they don't want to pay a nickel for the protection of their privacy. We'll
get to that point in a few paragraphs.



On the other hand, you have the other kind of user. The user that used to
answer every single survey because it is amazed of this new virtual world,
that replies e-mails coming from the former prince of Nigeria, and gets tons
of spam in their inbox without questioning himself why. If you ask this kind
of user about their privacy, they may put it at the top of their priorities,
and then act different when surfing the Net, because they don't have a clear
understanding of how the information is being handled.



Privacy regulations are indeed useful in order to protect this  kind of
users.



* * * * *




To consider Privacy as a "service" is a common mistake. There was a big
interchange about this subject when discussing WHOIS database access. In
fact, this is still an ongoing debate. Rod Dixon wrote enlighten articles
about this subject in CircleID, also Vittorio Bertola, Thomas Roessler, Ross
Rader and many other committed personalities have expressed their opinion.
The GA list of the DNSO is full of comments and views on the matter. You can
also find a lot of information in ALAC discussions (see
http://alac.icann.org ).



You could consider privacy protection as a "service" only in some occasions.
The general rule should be to consider it a double-sided coin of rights and
obligations. You are obligated to handle information about the users as
"sensitive" information, and you shouldn't share it with anybody unless you
have an express consent form the user to do so. In the same line of thinking
the user have the right to get their intimacy and privacy protected without
paying form it.



You can only consider it as a "service" in some occasions, when an
 "enhanced" privacy is needed for special reasons. Then you will be
receiving a value added service, and you could be willing to pay for it. In
many countries you pay to get your name off the telephone book, for example.



* * * *



Privacy regulations protect unaware users form those who abuse the flaws in
the system to make money or to do harm in any way. It's not about chasing
ghosts, but to assure the user the free exercise of their legitimate rights.