The 463: Inside Tech

So far, it sounds a lot like privacy 2007 and 2008.

But, nevertheless, thanks to the Tech Policy Central folks for pulling together a discussion on Internet privacy today at Facebook HQ that featured Center for Democracy and Technology's Jim Dempsey, Chris Hoofnagle of the Berkeley Center for Law & Technology and Chris Kelly, Facebook's Chief Privacy Officer (and potential California AG candidate). Kara Swisher of All Things D moderated and promised to ask "the really hard questions."

Below are the highlights of the talk... Please don't trust my sporadic and distracted note taking as a transcript......

Kara Swisher:  Privacy is something that gets ignored until Britney spears gets her twitter account hacked.

Jim Dempsey: Big issue for 2009 is the issue of government access to information. We have a set of laws that somewhat protect against privacy invasions. Yet, we have a regulatory regime that is based on a 1986 rule for technologies that are moving fast.

While we are encouraging companies to improve their privacy policies, even the best privacy policy in the world is exposed to a subpoena.

Chris Hoofnagle: Prediction for 2009: Privacy is not going to highly prioritized this year in DC because of other big issues. But, states are running ahead and need to be watched. Calif, Mass, Wash, NJ, NY. I would look the states as prime leaders.

Chris Kelly: Big issue for 2009: How we give people as much control as possible while allowing them to do what they want to do.

KS: Do people really know what they are doing when they shove their information on their services?

JD: The love/hate relationship with tech is a constant struggle for consumers. You can’t legislate common sense, but we can use education, better tech design and legislation to create an environment where there is proper balance.

When you think about medical records, you hit the outer levels of consent. Most people consent to things that are put in front of them. But governments can take the issue of consent off the table. For example, consent for access to genetic records by employers have been take off the table by law.

CH: We have a long way to go to get to proper public understanding. Doing a series of consumer surveys. Consumers think that privacy policies prevent a baseline series of protections that don’t exist.

KS: Should we be parternalist to correct this?

CK: there has been a binary approach to rules. But, most people don’t want their choices to be binary and this is the way that FB sets up its privacy settings.

CK: Facebook hasn't taken a formal approach to a federal Internet privacy bill. We have take a tech first approach that would get us ahead of legislation, but we are monitoring.

There are bills that already exist. For example COPA for under 13s.

Our philosophy is that they manner of how people want other people to see them is housed in the privacy settings. But, if you used anonymity, then the workings of the privacy setting loses value. I think privacy is about control, not anonymity.

CK: Anonymity could degrade the political discourse. Responsibility for comments can enhance the dialogue. Anonymity in every context is not necessarily a good thing.

KS: Beacon and advertising?

CK: Beacon was about letting people to share actions on third party sites with friends. Where we made the mistake was that we made it too easy to share.

KS: Why did it hit such a nerve?

CK: I think it was a generalized concern about data and where it is going on the Internet and we didn’t get the product right in terms of giving people control.

Newsfeed was much the same way. We surprised people with it. It was the same info that already existed, but when it was in one package they were surprised.

CH: this just shows how naïve consumers are. I loved beacon and how it showed how consumers react to when information about them is exposed. I think consumers don’t like to be tools of advertising.

KS: What about generational differences and privacy?

JD: I question and reject that kids don’t care about privacy. I think this more about the definition of deviant behavior.

CH: We don’t know if this is a generational or maturational issue. Kids don’t have the same development.

KS: Who are the most dangerous players? Who should we worry the most?

CH: we need to look at the intermediaries: like the ISPs and google is looking more and more like a intermediary. A lot of companies have the same info like Axiom and Lexis, but it’s all about the analytics and how they figure this information out.

KS: Nightmare scenario in terms of privacy?

CK: A hacked system and major security breach.

JD: The single cross platform identity -- personal data linked across the Web

Audience Q: Where do we see things going in the Obama admin?

CH: Obama’s record on privacy is fairly thin, but his appointements will be very important. Promotes Ed Felten for CTO. A change in posture at these agencies will be important. “Self-regulation” will be harder. Need to be better data driven.

JD: The CTO position is likely be more inward looking than outward looking. There will be an improvement in transparency. Who will be the most powerful person. No one knows yet.