Selective Amnesia There was a point to this. But I forgot.

30Mar/09Off

On privacy and search engines

I received an email a few weeks back from a newly launched search engine which, they say, does not collect information about you and, like totally, respects your privacy.

Meanwhile, around the world, people are getting their twanties (twitter-panties) in a twist about privacy and data collection.

But.
But. How do you buy anything (search is that – buying information) without giving away some kind of information about you? Can you even trade – online or offline – without the seller knowing who you are? Even the smallest store you shop in will know something about you – even if it is just your preference for coffee and what brand of coffee you favour.

It makes sense, and is infinitely better for you as a customer, if the store keeper collected and used information about you. What kind of coffee you like, how many kilos of sugar you buy in a month, do you like your rice packed in plastic bags or paper. And so on. And so forth. In addition to this, if the store keeper knows you well, he will extend credit, undertake additional services for you (such as customizing your shopping bag, or door delivery, or a little extra coffee every 4 months.) and enhance your shopping experience.

On the other hand, if the shopkeeper doesn’t collect such data about you, or (in this instance) forgets all such data the minute you walk out of the shop, imagine what happens. The next time you go there, the shop keeper stares blankly at you, doesn’t recall what is so special about you, doesn’t stock the things you buy or cares not what the customers in his shop are buying, has too many confusing choices in just coffee, and so on.

When you pay for your purchases at a shop – any shop – you are indirectly telling the shop keeper/the world about your social status. If you pay by cash, or pay with your credit card, or pay using clam shells from Tunisia, the shop keeper can and will judge your status. And will store that little tid-bit of information for future use. A store/chain of stores that doesn’t collect information about its customers will not survive long enough. This is true of almost every business.

Why are search engines then expected to be different?
Correct me if I am wrong…is it because, gasp, search engines are online? You know, shops are real buildings – brick and mortar and smelly aisles. But a search engine is nowhere and everywhere. How do you ensure that the search engine is safe?
The same way you ensure the store is safe. By leaving the storekeeper to take any and all actions he sees fit to keep himself in business.

What about other services online? Should your email collect information about you? Should the sites you visit track you? Should the forums you inhabit, the chatrooms you infest, the groups you form, the blogs you flame and the videos you watch all collect potentially sensitive information about you and your computer?

You bet.

If they didn’t, you’d never be able to use them repeatedly. A few months ago, I downloaded and installed Firefox 3 Beta (build 2, I think). It was a fantastic browser, and still is. The problem with that particular build was it couldn’t save my sessions. So each time I fired up my browser, I had to go through hell to login to each and every site that I create content on – this blog, flickr, youtube, twitter, gmail, facebook, blogger, google groups and more – just to keep up with what my friends were doing.

In the offline world, that would be the equivalent of telling your local storekeeper your name, your father’s name, your family history and your street address everytime you walked into his store. And that is just to begin transacting.

So, all right, login information needs to be collected. What about “sensitive” information like your IP address, your browser, your OS’s build and your monitor’s resolution? What justifies a website/service is collecting that information?

What justifies your bank in asking for your monthly income to give you a loan? What justifies the government in asking for your caste to give you a birth certificate? What justifies your employer in asking for your previous experience and a reference to your character? What justifies your bank in asking for an address proof when you open a new account? What justifies the Passport office in demanding an address proof?

Because, information about you is essential to safeguard you. If the services mentioned about didn’t ask for those rather sensitive information, it would be very easy to impersonate someone, anyone, and let the victim pay for a crime he/she didn’t commit.

Once this information is collected, it becomes authentication. Only the person who matches the information given earlier will be allowed access to that particular service. And when there’s a mismatch, a conflict, it becomes easy for both parties to sort out the issue with the information already collected.

If you don’t mind giving ICICI Bank your passport number, you have no cause to complain when websites collect information about you. Of course, the analogy is over-simplified. I even grant you that the second comparison is flawed. But the basic argument remains true – if business don’t collect information about you – the customer – they will not and cannot stay in business for long.

If Spencer’s Daily didn’t collect information about what each customer purchases and monitors such information (for instance, why is Bru selling more in Saligramam and Sunrise selling more in Sowcarpet, why is instant coffee selling more in North India whereas tea bags do not sell enough in Chennai), they’d never be able get their inventory right and it would be far too easy for a competitor to take away their market share.

If my blog (via Sitemeter and Google Analytics) didn’t collect information about my reader, I’d have been writing drivel that would make even Shivam Vij curl his nose up in disgust. (See, I know a lot of my readers like it when I go after SV. Even if SV doesn’t lke it.) If Google didn’t collect information about your monitor’s size and resolution and your IP, search engines even today would be clunky, slow and overloaded with links to a 1000 useless directories.

If the websites didn’t collect information about you, you’d still be stuck with black text and white backgrounds and pathetic animated gifs and BLINK tags. If companies didn’t know their customers, they’d be selling acidic soap and lobbying governments to protect them from foreign competition. If websites don’t know you, and the things you do online, they’d never help you find the things you want to find.

And, oh, finally, Caveat Emptor.
It’s a pity the world has forgotten that beautiful phrase.

(Apologies for blindly using the masculine pronoun to refer to keepers of shops. It is both convenient, and in my experience, true. Almost every shop (not supermarket chains) I’ve shopped in were run by men. See, I the buyer, know something about the seller too. I’ve collected data!)

(Apologies too (and two) for tense slips, grammatical flaws and inconsistent sentence structures. Also apologies for invoking Shivam Vij in this post. It was done only to illustrate a point and not to slander/libel Shivam Vij. I concede that I’ve misrepresented him, and turned him into a caricature. In my defense, I’d like to state that caricatures are usually based on some truth.)

Update: Ravikiran made the same point, in a lot fewer words, and with a very simple, fitting analogy on the Satin mailing list. He made this point on 12th March. I didn’t read the post because a) 12th March was (and is) my birthday and I was doing other things then and b) the volume on Satin is staggering and to keep track of all discussions there is a task beyond my current capacity.
I just finished reading that particular thread on Satin. There are some points raised, which you can read if you are on Satin. If you aren’t, you should read this post from top.

Filed under: Web Comments Off
Comments (9) Trackbacks (1)
  1. When it comes to search engine behavior, it is not the fear of the data collection in itself as much as the fear of misuse of the collected data that people seem to be concerned about. Not that we have too much choice, nevertheless, the possibilities of misuse are huge, and the consequences grave.

    I see two major kinds of misuse – criminal and commercial.

    Criminal misuse is about my personal data landing up in the hands of ID thieves, and me being impersonated in things such as planning a terrorist attack, or trading in child porn, or looting banks online etc…

    Commercial misuse, a more likely case than the criminal misuse, is about my data being sold to advertisers, who see in me a sitting duck.

    The online world is very different from the brick-and-mortar store. While your corner grocery store keeper knows what kind of rice you buy and how much, it is unlikely (and relatively difficult) for him to share this information with all other kinds of vendors such as silk saree shops, fruit stalls, the neighborhood priest (who can arrange alliances), travel agents, the local plumbers, taxi wallahs etc etc…And even if he did, the value of the information will be limited, because of lack of processing tools that combine this info with other related nuggets to make a complete picture.

    The online world is designed to make it easy to share and mine data. And if there are not enough checks and balances of the spread and usage of the data, we are in for more/severe nasty surprises—not only the nice ones such as the amazon recommendations.

  2. That depends. In my opinion, it is criminal if a service provider offers a product for free in an attempt to collect personal information, which enables them to share that information with other sources (whether it is for financial gain or not). Coercing people into business for the purpose of sharing consumer data lends itself to monopoly building. Offering a product for ‘free’ as an attempt to get consumers to do something that will damage them in the long run, but benefit ‘the provider,’ is a form of entrapment.

    So when all my information gets sold from a search engine, and later I become a victim of identity theft, can I seek damages from the search engine?

    The identity and personal information of people on the internet whether they are consumers or browsers should be given utmost protection. It stands to reason that the lack of protections will be reflected in consumer confidence for doing business online.

  3. Prasanna:
    Actually, it is only online that you know what and how information about you is collected. You know – from cookies – that your IP address, you OS, browser and other mechanical details are collected. And at times, the kinds of sites you go to is collected.

    Offline, you have no control about what sort of information about you is collected and even worse, you cannot prevent people from collecting such information about you.

    Where you shop tells people about your economic status. What you shop tells people about your buying patterns and your social standing.

    Take this example.

    If you buy a condom people will automatically assume you are sexually active, without you telling people that. If you buy a case of beer people will think of you as a drinker. When you buy shampoo – say clinic all clear – people will think and assume you have a dandruff problem. When you buy a shirt – people will judge you depending on what kind of shirt you buy. If it’s a cotton-blend full sleeve shirt, people will know roughly what salary bracket you fall under.

    When you pay for your shopping with cash, the denomination and kind of notes you give the shopkeeper will tell him a little about you. When you pay using your credit or debit card, that is more information given about you that you may not want to give out. And this is just when you buy your monthly supplies at a store.

    Where you live, how you travel to work, do you drink coffee or tea – all this and more will tell people about you, they will collect these little tidbits about you and store it somewhere without you giving them the authorisation to do it.

    Trade is essentially an exchange of information. At the very least, the information given out is you are short of Commodity X and you require commodity X and are willing to pay Money Y for quantity Z of commodity X. And as I demonstrated above, every time you buy something, people collect information about you and use it to judge you in many ways.

    Why treat organisations/companies online differently?

    I give my social security/ passport to banks because I get that it is privy only to me… but if the bank turns around and sets up a passport piracy scam by mis-using that information, I could get screwed there too! Telling us why they need the info and adhering to that is important.

    Exactly. You, as a consumer/customer, have to be careful and wary always and ensure your bank does not turn traitor. There is enough of an incentive for you and others like you to ensure banks toe the line. You, the BUYER, is AWARE.

    Why not apply the same logic to companies online? If websites change privacy policies, ensure you are up-to-speed on the policy. Collect together like-minded people to ensure that websites do not betray your confidence. Work with organisations that protect consumer rights to ensure websites stick to a certain commonly held beliefs and practices.

    And, be aware, as a consumer/customer, that any and all kind of information will be collected about you, and you cannot prevent it, online or offline. And in most cases, such information is used to customise products and services to you so your experience is enhanced.

    Radman: 😀

    Karthi:
    You say

    It’s good to collect relevant information for customization but it is bad to eavesdrop. It doesn’t matter if it is online or offline.

    But how can you prevent people from eavesdropping or collecting information you don’t want to give out? For example, when you shop offline, unconsciously, you are giving away information about you to the shopkeeper and others around you.

    Like I said to Prasanna above, where you shop tells people about your economic status. What you shop tells people about your buying patterns and your social standing. If you buy a condom people will automatically assume you are sexually active, without you telling people that. If you buy a case of beer people will think of you as a drinker. When you buy shampoo – say clinic all clear – people will think and assume you have a dandruff problem. When you buy a shirt – people will judge you depending on what kind of shirt you buy. If it’s a cotton-blend full sleeve shirt, people will know roughly what salary bracket you fall under.

    When you pay for your shopping with cash, the denomination and kind of notes you give the shopkeeper will tell him a little about you. When you pay using your credit or debit card, that is more information given about you that you may not want to give out. And this is just when you buy your monthly supplies at a store.

    Where you live, how you travel to work, do you drink coffee or tea – all this and more will tell people about you, they will collect these little tidbits about you and store it somewhere without you giving them the authorisation to do it.

    If you are okay with that offline, why treat companies online with a different yardstick?

    Online makes data gathering/profiling a cake walk and most of the time people do not know that they are being profiled.

    Like I said above, the same kind of profiling is done offline. Even your friends are constantly judging you and slotting you in different categories. Shopkeepers, canteen managers, bus drivers, employers, employees, research organisations, banks, and so on.

    The store owner has all the liberty to profile the trends about what sells and he should not be worried about details other than what is relevant from the customer.

    Now, who judges what is relevant and what is not? It’s in the best interest of a company to collect any and all kinds of information about the customer so the company can then create new products specifically tailored to the customer, or make enhancements to existing products that will appeal to the customer.

    This is true of both online and offline companies. My question is simply, if we are okay with companies and people doing it offline, why judge online entities differently?

    WA: I have no idea, apparently.

  4. Ippo enna solre nee?

  5. It’s good to collect relevant information for customization but it is bad to eavesdrop. It doesn’t matter if it is online or offline.

    Online makes data gathering/profiling a cake walk and most of the time people do not know that they are being profiled.

    The store owner has all the liberty to profile the trends about what sells and he should not be worried about details other than what is relevant from the customer.

  6. “twanties” me like this

  7. I tend to agree that for a better experience, information needs to be collected. In fact, I hold a lot of the store loyalty cards (kroger/ tom thumb, etc in the US) and feel that they do NOT use any information except to give you the better price advertised for loyal customers.
    However, the issue online is that no knows WHAT information is being collected and HOW it is used. Websites change their privacy policies every so often and you cannot tell who bought your information from whom and for what… that is the issue.
    I give my social security/ passport to banks because I get that it is privy only to me… but if the bank turns around and sets up a passport piracy scam by mis-using that information, I could get screwed there too! Telling us why they need the info and adhering to that is important.

  8. Indeed you do, sir. Permit me to apologise for this and my previous, unprovoked digs at you? I haven’t been very gentlemanly. Sincerely, apologies.

  9. While I could also be similarly cheap, I have better sense sir.