Privacy
I just published a privacy policy for smedbergs.us. Since I suspect my policy may be a bit unorthodox, I thought I’d post about it.
I, Benjamin Smedberg, will try to do what I think is appropriate with any information collected by this website. I believe that privacy is a tool which should be used to limit the powerful, not a fundamental right. To the extent that I don’t have much power, I don’t feel the need to provide any guarantee of privacy. Any information, including names, email addresses, and other identifying information, may be shared with others or even made public if I believe that is the correct thing to do.
I may make changes to my beliefs or this policy at any time. Please feel free to contact me if you want to ask questions, or change by beliefs.
I get the feeling that I value privacy differently than most of my Mozilla colleagues. I do not think that privacy is a fundamental right of mankind. Privacy is a tool to keep the powerful in check, by limiting how they may use information they have. To the extent that the government has vast information about and power over its citizens, it should be forced to respect their privacy as a counter to its power. This is the true purpose of the fourth amendment to the U.S. constitution.
I do believe that corporations which have information and power should also be limited, especially as they grow in size and scope. But I think that any proposals which treat privacy as a fundamental right instead of a system of checks and balances are ultimately doomed to failure.
January 3rd, 2011 at 1:32 pm
So few words, and yet so much meaning. Bravo at your meaning per word ratio. I wholeheartedly agree. And of course, it is the power of contract that privacy is built upon.
January 3rd, 2011 at 4:46 pm
Hey, Benjamin. I’m not sure I agree with you on this issue (on the other hand, I’m not one to froth at the mouth/lament about Google, et al, and privacy), but I’ve long admired your sporadic moments of dissent with the overarching themes and fads occupying Planet Mozilla.
January 3rd, 2011 at 7:34 pm
I’d phrase the difference of opinion here as the difference between
“information they have”
vs
“information they have at their fingertips”
I.e., you may not be “evil-non-bad big-ass corp”, but you’re surely feeding their data warehouse if you’re putting personally identifiable information out there in the public.
PS: the US constitution and its amendments are of little value to anyone outside of the US, too.
January 4th, 2011 at 5:38 am
Of course, in a hypothetical scenario where your privacy policy were to become commonplace it does not in any way exclude handing that information over to Facebook/Google/etc’s new ‘give us your data’ service for a few coin – and suddenly the data is in the hands of the powerful. Exactly the same kind of business model as, say, Google Adsense. Hell you can even use the same tagline: ‘Maximize revenue from your online content’.
If your privacy isn’t protected at square one, it’s gone. You may trust the initial holder to utilise it nicely but once they pass it on you are screwed – you have no contract with the third-party and cannot hope to police any that did exist.
Whether my data ends up with Google because they systematically paid ‘small’ webmasters for it or they offered a service to me, it still poses the exact same threat.
January 4th, 2011 at 10:16 am
I definitely agree regarding your basic point — individual privacy is completely different from the privacy of governments or large corporations. Governments in particular should function with as little privacy of their own as possible.
However, I’m not sure I agree with your privacy policy in general. At the individual level, privacy is more about respect for the other and acting in good faith than it is about rights. In some cases it might make sense to reveal private information, e.g. in retaliation for a bad faith action — or is that the spirit of your policy?
January 5th, 2011 at 7:43 am
“change by beliefs” I believe you mean “change my beliefs”
I think privacy should be a human right. Information about you should have something like a copyright that is automatically yours. If someone wants to use your information they have to ask your permission and if you at any time revoke permission they should delete it. They can of course collect it for statistics but they shouldn’t be able to connect it to you again. When someone has that information they should take care of it and be held responsible for ‘theft’. Your information should be seen as an expensive car so when the government loses it by storing it unencrypted on a stolen laptop they should buy you a new car and pay a big fine.
This is not because I want to make life difficult. But the internet makes sure that data that is leaked will get used for the rest of your life and beyond. That is a scary thought and the possibility of leaking information should be kept to a minimum. The only way I see to make that happen is when _you_ are in control.
January 5th, 2011 at 12:54 pm
Should privacy be a fundamental right or not? If BigCompany, Inc. says it will respect your privacy, will it? Quis custodiet ipsos custodies? How can I tell? The case is IMHO parallel to the blabbermouth neighbour: «Can you keep a secret? — Oh yes, oh yes, oh yes! — Well, so can I.» If I don’t want something known, I keep mum about it; and if I let something be known, it’s because either I don’t think it can be used against me, or (like my email address at BMO, which can be had from any comment I make or from any bug I report) I think the advantages (such as being able to be reached, without spamming the bug, by someone really concerned) outweigh the disadvantages (such as being open to address collection by spammers). I also take some protection measures (such as, in this case, training the SeaMonkey Junk Mail filters by marking both false positives and false negatives, and reporting whatever spam reaches me so it ends up pushing the “spam score” of whoever sent it infinitesimally towards the bad end of the SpamCop Blocking List scale)
January 7th, 2011 at 3:53 pm
Ferdinand: so if my neighbor X calls and says “do you have neighbor Y’s email address”, should the law force me to get permission from neighbor Y before sharing their email address? Is the situation any different if I’m talking about the name and age of their children? Or the nature of their sickness, if they are sick? What if the situation is classmates of my daughter? Can the teacher give me information another child?
I believe that, on the small scale, if we try to replace civility and trust with laws about theft and not sharing information, we will make everyone a criminal. Even then we won’t solve the real problem, which is that large-scale private data can be used to create power over individuals in ways which will destroy society. Solve that problem, instead of focusing on personal information as a fundamental right.
January 11th, 2011 at 8:05 am
@Benjamin Smedberg: I think my idea would exactly bring civility to the front. Sharing information between each other should be an act of good will but you should also remember that it is their information. If you don’t respect that you can expect your neighbor to talk to you about that. And if you keep disrespecting his privacy he can take the next step if talking doesn’t work.
I don’t want people to share my address, phone number, email etc. without my express permission. And you can’t lighten up about it because when your information is given you can never get it back. Now if you don’t care about sharing your information you can act on that but it should be an opt in.
January 13th, 2011 at 3:07 pm
I generally agree with what you’re saying–especially with contracting with neighbors. I think it’s different on the internet. In personal relationships it works, but online without a privacy policy it’s not difficult for a small site like yours to pass through data to a larger company / spammer for a price. So, I don’t think it’s only “large-scale private data” that’s the problem it can be the aggregation of smale-scale private data.
June 6th, 2011 at 10:15 am
I agree with you about that privacy is a tool which should be used to limit the powerful, not a fundamental right, I think the privacy policy should be only for the big issues, you are totally free to manage your site as you want. I will share this in Facebook.