Over at Gizmodo Australia, Luke Hopewell’s written a passionate piece about Uber and privacy, and why anyone using a smartphone doesn’t get to complain about privacy any more. I think he’s dead wrong on this one.
Disclaimer: I know Luke personally, and he’s a great bloke, and, obviously, I have been employed by Allure Media, Gizmodo Australia’s publisher in the past. I also get that opinion pieces are designed to stimulate debate. Take that for what you will.
The background to this is the story surrounding Uber executives who have been actively considering using media smear teams to attack journalists and used the data from their own service to track the movements of those reporting on them, there’s been a lot of furore about the implicit privacy implications of that kind of data.
Luke’s piece argues, and with some force, that, and I quote “If you’re using a phone, you don’t get to complain about privacy anymore.”
Sorry, Luke, but I think you’re dead wrong on that one.
Absolutely and without exception wrong.
But before I go on, I should link to Luke’s piece, because it’s well worth reading.
Here’s the story, which should open for you in a new tab. Come back when you’re done, wont you?
Luke’s argument is that “you gave them everything they ever wanted to know, and then built a window inside your life for them to watch you with”, and as such, you’ve signed away your right to complain about business privacy breaches. He correctly identifies that there are privacy issues worth fighting for — government collection of metadata, for example, or outright privacy breaches such as the Jennifer Lawrence leaked iCloud photos affair — but seemingly has no problem with companies actively examining individual user data, as in the Uber affair. Why?
“Are you scared yet? If you’re the sort of person who got angry about this week’s Uber privacy breach news, you probably are. And you know what? You gave them all of that data on your own. Nobody forced you.
You don’t get to be shocked.”
He’s not incorrect that, no doubt, the EULA that nobody reads contains sentences that cover the legal eventualities around that. I’ve had interesting discussions with lawyer-type-people around this issue, but I’ve never heard one of them swear on a stack of religous-texts-of-their-choosing that those EULAs would stand up to every bit of legal scrutiny if tested, because by and large it just doesn’t happen. People back down.
But that’s not actually the point, or why I think Luke’s on the wrong side of this argument. His essential point is that services like Uber, Spotify, Netflix et al use the data you give them for the purposes of improving their services.
The reason this doesn’t pass the privacy sniff test is because while those services do use your personal choices to suggest recommendations for further use of their services, which means you keep using said services, they do so from a computational level, not a personal one. Yes, Amazon suggests all sorts of things to me based on my prior searches, and I’ve got little problem with that aside from those instances when it suggest I buy a Doctor Who DVD that I’ve already got… and purchased from Amazon itself.
The thing there is that these are recommendations built off provided data that are computationally built and recommended. It’s not like there’s a little Amazon, Spotify or Netflix person sitting there thinking “Alex likes episodes of Doctor Who with Roger Delgado in them A LOT — better recommend them”. That would be grossly inefficient, but what it also means is that this data, while sloshed around in the databases of these services, can be used as bulk statistics — I like Doctor Who episodes, so somebody who looks up, say, Broadchurch might also like it — there’s still implicit privacy in my own account unless I chase up Amazon about it, or my credit card bounces or similar.
What Uber’s talking about isn’t that kind of data usage. It’s talking about tracking users at an absolute personal, target-an-individual way. It’s precisely the kind of data retention that Luke’s against when it comes to governments, but if a business is doing it at an individual level, it’s somehow OK?
I don’t think so. That’s a breach of privacy, because it’s taking the power of the consumer to business — which is a one-to-many relationship — and tilting the axis of power irrevocably away from the individual. As consumers, the power we hold in relation to business is our value to that business, and the relationships within. If business is going to abuse that relationship — no matter the data provided — then the best thing to do is complain, and force those businesses to change their processes. Yes, that can take the form of a boycott, but equally a public outcry, shining light on abuses like this, can be effective.
Ultimately, Luke’s conclusion is thus:
“I’m a man of very few secrets and I’m not someone who is about to be “hunted”. Some might call me naïve for viewing the world that way, but let’s face it, I’m no Julian Assange.”
The reality is that the world is about more than just me and Luke, and that feels like a simple rewriting of the old “I’ve got nothing to hide” privacy bullshit excuse.
I’m sorry, Luke, but what I have to hide is my business, and the exact use of my private data is something I feel is going to be a key issue for anyone online — or should be. Dismissing the right to fight against abuses, whether government or business is simply giving up the fight because you like riding around in a shiny car.