At first glance, the video seems laughable. A man calls his favorite pizza place to place an order, and he’s soon roped into a 1984-esque dystopia (with Windows 95-esque graphics) in which everything from his voting and employment history to his health records and library activity are “wired in” to a sinister uber-database, which the pizza place uses to bully him into ordering food he doesn’t want (because it’s better for his health) for an inflated price (delivery costs $20 extra because the customer lives in a high-crime area, according to the pizza place’s records). Uh, I used GrubHub last week and nothing remotely like this happened to me. Ha ha, ACLU #fail! …Right?
“There are companies that do gather most of the information that the pizza shop in the video has. I think it is less likely that information about library books would be available in such a profile, as libraries usually try pretty hard to protect information about what people read. But information about what magazines you subscribe to, travel plans, and clothing sizes is the sort of information that companies are collecting.”
What it gets less right
“Companies don’t necessarily want you to know they have all this information about you, because people tend to find it creepy. So I’m not sure a pizza shop would really let on that they know all this.
The video doesn’t anticipate location tracking or information that can be collected through mobile apps. The pizza shop does not know whether the customer is calling from home or work because he calls from his cell phone. It is not too much of a stretch to believe that companies may be able to pinpoint precisely where you are calling from on your cell phone in the future.”
Privacy as perception: a user-experience design problem
What I find most interesting about Cranor’s comments is the interface-design aspect of privacy. If the pizza place simply didn’t mention everything it was doing behind the scenes to aggregate and interpret the customer’s personal data, and simply offered opt-in recommendations, it might not have seemed so dystopian to the customer. And in fact, this approach is what Google, Facebook, and other “all in the cloud” personal-data-integrators are all about. Don’t show how the data-mining sausage is made; just offer useful functionality.
Tech privacy in this decade is a lot weirder than the ACLU could’ve predicted in the last one. Do our privacy tolerances depend more on the subtleties of design and communication than on the brute-force capabilities of the technology itself?
