Five Solutions To The Privacy Problem: Why They Work And Why They Don’t

Last week brought alarming accounts about how a firm called Carrier IQ may have used key logging technology to record millions of phone messages. These reports coincided with a federal regulator’s findings about how Facebook has been misusing its customer data. These sort of stories are taking on a depressing regularity. Every week, there seems to be a new incident involving an internet company abusing customers’ data, followed shortly after by a media outcry and some political grandstanding. And then it happens again.

At this rate, any privacy incident short of Google (NSDQ: GOOG) and Apple (NSDQ: AAPL) rifling through someone’s underwear drawer may not even make the news anymore. Meanwhile, many consumers seem increasingly fatalistic that a loss of privacy is simply the price of living in the digital age. This doesn’t mean the privacy problem is intractable. There are a variety of proposed solutions to let people assert control over how their personal information is used. Here are five popular options and the strengths and weaknesses of each:

Solution 1: Class Actions and the Courts

Class action lawyers have brought hundreds of lawsuits against companies like Facebook and Google in recent years, demanding that they pay cash for violating consumers’ privacy. Last week the lawyers were at the forefront again, demanding hundreds of millions of dollars from Carrier IQ and various phone companies.

Why It Works and Why It Doesn’t

Class actions level the legal playing field by letting let consumers, who don’t have the resources to take on big companies, band together and sue. The lawsuits can also provide a powerful financial deterrent that makes companies think twice about how they treat customer data.

But even though consumers have “won” a number of multi-million dollar class action settlements over incidents like Google Buzz and Facebook’s Beacon, they have little to show for it. These settlements typically call for a company to donate money to privacy activists like the EFF and, of course, pay all the lawyers. The payments to activists may improve privacy in the long run but the average citizen is unlikely to even know about the settlement in the first place. The effectiveness of privacy class actions is also limited because they are often based on state-level consumer protections laws (typically California) and not on federal ones.

Solution 2: Technology To Control Our Own Data

The idea here is to use computer tools that ensure private companies don’t collect your personal information in the first place. Recent examples include an open source search engine and an ad-free social network.

Why It Works and Why It Doesn’t

Brilliant radicals like Columbia law professor Eben Moglen argue that the legal system is ill-equipped to respond to the digital age and that technology is instead the best hope to preserve privacy. He practices what he preaches – creating a device called the Freedom Box that lets people shield their online information from companies and the government.

These technology-based solutions offer the promise of letting people use the internet without the creepiness factor. For now, though, they are likely to remain the preserve of technological high priests –average citizen who are puzzled by ‘internet cookies’ would likely blanche if asked to run their own server. Also, projects like Diaspora, a would-be Facebook rival, have stumbled after attracting an initial bout of publicity and goodwill. These technology-based privacy solutions may be the future but they are for now a long way off.

Solution 3: Have the Federal Government Step In

The Federal Trade Commission has already imposed 20 year privacy agreements on Google and Facebook and is actively investigating other alleged privacy incidents. Meanwhile, a number of bills are circulating in Congress to create comprehensive privacy rules for the country.

Why It Works and Why It Doesn’t

The federal government has the power to pass a privacy law that could bring about a fundamental shift in how companies collect and use personal data. Most Western countries have already created federal privacy commissioners to protect consumers and to spread awareness about privacy issues in general.

Unfortunately, the various privacy bills in Congress, including one sponsored by Senators McCain and Kerry, appear to have little traction and political observers predict that nothing will pass for years. In the meantime, the FTC is taking the lead on privacy issues. But despite a number of well-publicized investigations, it is unclear if the regulator is up for the task. This could be because the FTC is designed to stop “unfair or deceptive” business practices rather than address specific privacy issues.

Solution 4: Leave Privacy Issues to the Market

It may be time to simply embrace the fact that privacy has become a commodity. If consumers begin to look at their personal information as the valuable data that it is, companies may begin to compensate them for it accordingly.

In practice, this could lead to a market in which consumers choose a company on the basis of how much privacy they provide – some may willing to share their information with advertisers in exchange for better prices while others might choose to pay more to use a company or website that guaranteed privacy.

Why It Works and Why It Doesn’t

From an economics perspective, this may be the most efficient solution because it would spare companies the burden of costly and possibly useless regulation. If Silicon Valley moves nine times faster than Washington, it might be best for the government to get out of the way and let the technology market itself address privacy concerns.

The problem here is not simply that market solutions may not work but that many big technology companies are quasi-monopolies with a firm lock on their customers. Services like iTunes or Facebook in many ways resemble public utilities in that consumers can’t simply switch them without considerable cost or inconvenience.

Solution 5: Industry Self Regulation

Internet companies, especially advertisers, are implementing their own measures to address consumer privacy consumers. The Digital Advertising Alliance, which represents dozens of major media and tech companies, has created a system where internet users can view which companies are monitoring their web surfing and even instruct them to stop serving targeting ads. They hope to create a Better Business Bureau type system that encourages best practices and excludes bad actors.

Why It Works and Why It Doesn’t

Self-regulation is based on the idea that companies themselves have an interest in protecting privacy to ensure that consumers don’t become alarmed and desert them. They also believe that they are better poised to create rules than an outside regulator whose actions could harm an innovative and growing sector of the US economy.

But even though companies appear to be developing these initiatives in good faith, it is unclear they will work for two reasons. The first is that the system they propose requires a degree of computer savvy that is beyond many internet users. The other is that the self-regulation scheme they have created only addresses how data is used, and not how it is collected in the first place.

Final Thoughts

These solutions are intended to provide a way to think about privacy the next time a company is caught plundering our personal information — based on recent experience, this will happen sooner than later. An effective solution to the privacy problem will be based on a combination of measures, including some of those described above. In doing so, everyone – consumers, companies and government – will have to agree on an approach that restores privacy protections without also harming innovation.