Skip to content →

Tag: privacy

Private concerns

imageOne reason I love science fiction is that it challenges our morals and beliefs in a way that other art forms rarely do. It asks us difficult questions, like, what if we had the ability to visit other planets and encounter different cultures? What if we could genetically “design” our children? What if we could go back in time and change history?

Unsettling questions aren’t they? But, why are they unsettling? My personal belief is that they are unsettling because our intuitions, our values, our beliefs, our laws, and our institutions were not designed to handle those questions. If you assume that Western culture is heavily derived from Ancient Greek and Roman humanism, is it any wonder that society has trouble understanding what to do with our nuclear arsenals or with humankind’s new ability to genetically alter the people and animals around us? After all, the foundations of today’s laws and values predated when people could even conceive that humans would ever have to think about such things.

So, when people ask me what I think about all the press that privacy concerns about Google or privacy concerns about Facebook or any of the other myriad social networks have garnered, I view it as manifestation of the fact that we now have technology which makes it super-easy to share information about ourselves and our location but we have yet to develop the intuititions, values, and laws/institutions to handle it.

Lets use myself as an example: I personally find auto-GPS-tagging my Tweets to be oversharing. However, I frequently Tweet the location I’m at and even the friends I’m with. Is this odd combination of preferences an example of irrationality? Probably (I was never the brightest kid). But I’d argue its more about my lack of intuition on the technology and the lack of clear cultural norms/values.

image And I’m not the only one who is beginning to come to terms with the un-intuitiveness of our digital lives. My good friend, and prominent blogger, Serena Wu recently went through a social network consolidation/privacy overhaul as a result of understanding just what it was she was sharing and how it could be used. All across the internet, I believe users are beginning to understand the consequences to privacy of their social network and search engine behavior.

Now, the easy reflex thing to do would be to simply cut off such privacy issues and cut out these social networks like one would a tumor. But, I think that would be a dramatic over-reaction akin to how the Luddites reacted to factory automation. It ignores the potential value of the technology: in the case of sharing information on social networks, this can come in the form of helping people advertise themselves to employers, assisting friends with keeping in contact with one another, and/or even delivering more valuable services over the internet. Now, that shouldn’t be construed as a blanket defense of everything Facebook or Twitter or Google does, but an understanding that there is a tradeoff to be made between privacy and service value is necessary to help the services, their users, society, and the government realize the appropriate changes in intuition, values, and rules to properly cope.

I’m not smart enough to predict what that tradeoff will look like or how our intuitions and values may change in the future, but I do think we can count on a few things happening:

  • Privacy will remain a big issue. Facebook and Twitter’s early years were marked by a very laissez-faire approach by both the users and the services on privacy. I believe that such an approach is unlikely to persist given the potential dangers and users’ growing appreciation for them. There is no doubt in my mind that, whether it be through laws, user demand, advocacy groups, or some combination of the above, data privacy and security will be a “must-have” feature of great significance for future web services built around sharing/accessing information.
  • Privacy policies and settings will become more standardized. I believe that the industry, in an attempt to become more transparent to their users and to avoid some of the un-intuitiveness that I described above, will build simpler and more standardized privacy controls. This isn’t to say that there won’t be room for extra innovation around privacy settings, but I think a “lexicon” of terms and settings will emerge which most services will have to support to gain user trust.
  • Data access APIs will become more restricted and/or use better authentication. The proliferation of web APIs has created a huge boom in new web services and mashups. However, many of these APIs use antiquated methods of authentication which don’t necessarily protect privacy. Consequently, I believe that the APIs that many new web services have grown to use will face new pressures to authenticate properly and frequently as to avoid data privacy compromise.

In the meantime, the few tips I listed below will probably be relevant to users regardless of how our rules, values, and intuitions change:

  • Understand the privacy policy of the services you use.
  • Figure out what you are willing to share and with whom as well as what you are not willing to share. Only use services which allow you to set access restrictions to those limits.
  • Check with your web service regularly on what information is being stored and what information is being accessed by a third party. (i.e., the Google Dashboard or Twitter’s Connections)
  • Advocate for better forms of authentication and privacy controls

No matter what happens in the web service privacy area, we are definitely in for an interesting ride!

(Image credit – ethics) (Image credit – Big Facebook Brother)

One Comment

Project Bunnyrabbit


Consulting, for better and for worse, involves a great deal of secrecy. On the one hand, it means my firm pays for each consultant to have a company laptop (Thinkpad T60) with encrypted hard drive and a 3M privacy filter. On the other hand, it makes it extremely difficult to talk about my work, or to request information.

My firm, for example, makes it a point to never mention client’s names. Even with our dealings with senior management (at the VP level), treating information on a “need to know” basis would be considered a very loose policy. This may seem odd, but makes sense seeing how we are oftentimes discussing potential acquisition targets and potentially sensitive issues (e.g. laying off a division). If such information were to leak, it could lead to a particularly tricky situation for management (e.g. if the division which was to be axed caught wind of this), or, worse, lead to an investigation by the Securities and Exchange Commission.

The bar for confidentiality is set even higher for private equity clients. Because private equity firms basically make large bets on companies by either buying up entire firms or divisions (e.g. like how Cerberus bought all of Chrysler from Daimler-Chrysler, or how KKR bought up all of RJR Nabisco) financed by borrowing all the money, their success depends strongly on getting the best deal for an acquisition. This means that if even the slightest word got out that a certain company or strategy was under consideration, there is a big chance that the acquisition price will go up or a competitor will move to neutralize that strategic opportunity.

It’s no small wonder, then, that in private equity cases, and in situations dealing with potential acquisition targets, case teams at my firm follow the strictest of privacy guidelines. We even take it to the next level by assigning each acquisition target a code name, making it a practice to never use the actual target name, not in slides, not in written correspondence, and not even in face-to-face discussions.

This may seem absurd, but it’s happened on more than one occasion, that two separate case teams at a firm will be working with two different private equity groups, but both be considering the exact same target. Going this extra mile insures that confidentiality is protected, and conveys to the clients that we as a firm take their priorities very seriously.

On a lighter note, though, case teams occasionally use more “colorful names” — “Project Bunnyrabbit” comes to mind as one example from my firm — leading to very bizarre conversations, which, when overheard, sound absolutely ridiculous:

CONSULTANT 1: Yeah, Bunnyrabbit looks really good.

CONSULTANT 2: I agree. Especially this past year, it did really well compared to its peers.

One Comment