20.1. IntroductionSoon after I started work on my comprehensive privacy tool, I discovered that I could not decide which features it should include. Privacy tools were a new category of software tools in 1995: many had very specific and novel features that were critical to some people but useless to others. There was no consensus on which features were important to have. Nobody even knew which of the tools that were available for download even worked! Trolling on the Internet I found some web sites that had basic descriptions of some programs; sometimes, these sites even included ratings. But I couldn't find any comprehensive catalogs of the tools that were available. The community of people who were actually developing these tools reflected this state of confusion. Many people were working on many products, but little communication was taking place among them. Without marketing experience, open source and independent developers had difficulty communicating why their products were actually needed. Meanwhile, those companies that had strong marketing frequently promoted their products with explanations that often devolved into impenetrable euphemisms. I realized that I needed to perform a more thoughtful and systematic analysis. No one had yet examined privacy tools from the end user's perspective. How could this be done? At the time my study took place, personal security solutions such as ZoneAlarm , PGP, and The Anonymizer were new and growing in popularity among Internet users. I began examining these tools specifically in terms of what privacy benefits they offered to the user. Upon examining the 134 tools, systems, and services that I thought had some relationship to privacy, I ended up with a large list of privacy features. As the work progressed, I began to see patterns emerge and could place tools and features into categories. At some point during the process, I began to refer to my collection of tools as the privacy space. I gave the tools, systems, and services within the privacy space the generic label of solutions. Time has passed since my initial survey of privacy space solutions. Many solutions have been added to the privacy space and others have disappeared or have become insignificant. Despite the ever-changing nature of the privacy space, the framework I developed remains relevant. However, before I can discuss the Privacy Space Framework and why it is useful to us, first we must place this work into the larger context of privacy, especially online privacy. 20.1.1. PrivacyNoam talks about privacy as the place where the information rights of different parties collide.[1] Everyone needs privacy, but there are no "one-size-fits-all" remedies or equations that can decide how privacy should be balanced against other goods. Privacy is inherently a matter of individual choices and needs, a flux that is bounded by societal factors and personal preferences. To Noam, privacy is fundamentally about the flow of personal information between parties that have different preferences for how that information should be utilized.
Technology has a strong influence on our attitudes toward privacy and on how much (or how little) privacy individuals can attain. This is because the balance that Noam describes is inherently altered by the dropping cost of mass surveillance and data retention technologies. The fact that large amounts of information can be economically collected and used increases the desire of organizations to do so. As online communication becomes more commonplace and as more information becomes available via the Internet, it is imperative that the ability of individuals to control the dissemination of their personal information keeps pace. One common way to help individuals keep pace is to prevent or limit information exchanges through the use of policy, law, and regulation. An obvious problem with such collective solutions is that the individual's perspective and individual choice almost invariably suffer. Another problem with these solutions is that they can produce a smokescreen that results in no real progress toward the goal of enhancing privacy. Another approach to the privacy problem is to engage individuals with an array of technological privacy solutions. These solutions allow individuals to extend their senses into the cyberrealm and become aware of the information that is flowing away from each of us. Each of us constantly makes choices whether to communicate our identities, ideas, and preferences. McLean calls this form of privacy access privacy.[2] Allowing access to personal information may not be a decision that we spend much time contemplating in some cases, but it is a conscious choice.
Despite the dour outlook for privacy in America documented by numerous scholars[3], [4], [5], [6], all is not lost. As individuals, each of us has the ability to retain some control over our personal information flows. Choosing tools that allow us to better understand and enforce our preferences is of paramount importance. Informed choices come from being aware of what information is being passed. The privacy space framework helps inform such choices by giving individuals a tool for making well-considered choices when it comes to their privacy.
20.1.2. ExoinformationWe must expect to reveal a great deal about ourselves in everyday interactions. We continually shed information about ourselves, usually with no thought whatsoever because the process is so unavoidable. This kind of personal information "broadcast" was noted by Singleton during a workshop pertaining to online profiling.[7] Or, as Sanchez says so succinctly: "Merely by walking outdoors, we put ourselves in the public domain."[8]
Exoinformation is the word that I use to describe what Singleton and Sanchez are talking about. Exoinformation has become an important commodity; companies such as DoubleClick, Inc. gather it up and piece it together to build mosaics that more or less reflect the preferences of individuals and society as a whole. Exoinformation is gleaned from the tidbits of information that we give off during information-seeking activities. Like pottery shards, arrowheads, or other disassociated artifacts that archaeologists use to glean knowledge of past civilizations, the string you used in a search query, the timestamp of a request, a logged event on a server, or the URL typed into a browser window are all left-behind remnants of a life. As with archaeology, each individual tidbit is insignificant. But patterns emerge when the fragments are combined. Many people believe that this ability to cross-reference exoinformation and make sense out of it will one day become a powerful tool. Although it is tempting to define exoinformation solely in terms of the human-computer interface,[9] the term can be applied universally to all of the informational byproducts of an individual's life activities.
Westin used the term data shadow[10] to describe exoinformation, and Olsen used the term data exhaust.[11] Why do we need a new term when we have been talking about this concept for years?
Although the concept of exoinformation is not new, never before have we had a clear and descriptive term that was not itself a metaphor that needed to be explained and that opened itself up to argument. McLean[12] noted that our vocabulary on privacy is extraordinarily small. By standardizing on this word exoinformation, I hope that we can stop discussing the existence of this privacy leakage and start discussing what to do about it.
|
[a] Microsoft, "Office 2003/XP Add-in: Remove Hidden Data," rhdtool.exe version 1.1.
[b] See Chapter 23, this volume.