Ad industry representatives have long said that collecting data from anonymous Web users can only benefit consumers by enabling companies to provide customized ads. But law professor Paul Ohm, who
will start work at the Federal Trade
Commission on Monday, says the data collection efforts now underway could
prove more harmful than people think.
He warns that businesses are busy amassing so many facts about individuals that their most tightly held secrets could be exposed. "I've argued that these
databases will grow to connect every individual to at least one closely guarded secret," he writes. "This might be a secret about a medical condition, family history, or personal preference. It is a
secret that, if revealed, would cause more than embarrassment or shame; it would lead to serious, concrete, devastating harm."
He adds that companies are in the process of combining
information into a single database -- which he calls the Database of Ruin. "Once we have created this database, it is unlikely we will ever be able to tear it apart," he warns in a Harvard
Business Review blog post.
Ohm -- a leading expert about the risks of "de-anonymization," or how people can be identified based on non-personally identifiable information -- is urging
businesses to voluntarily "slow things down" and "say 'no' to some of the privacy-invading innovations they're pursuing."
The big companies that can afford to hire privacy attorneys, and think
through the implications of new technology, might take that advice. In fact, several years ago Netflix canceled a contest that Ohm had warned could
have inadvertently exposed people's movie-watching history.
But small startups are a different story, especially given their history of moving forward new technology before considering privacy
implications.
Consider that earlier this year the rapidly growing Socialcam was caught exposing clips that people viewed with their friends -- including the types of not-safe-for-work videos
that many people likely didn't want to publicize. The app allowed users to disable sharing for particular clips, but then automatically resumed sharing-by-default the next time people accessed the
service. (In May, after concerns were flagged by the Future of Privacy Forum, Socialcam revised its program.)
In February, mobile social network Path was caught uploading users' contacts
without informing them, as was mobile social network Hipster.
Ohm says he hopes the industry will regulate itself and "devise ways to better balance the burdens on privacy and the benefits of
Big Data."
For now, he proposes that companies must think long and hard before launching new features that could have an impact on users' privacy. "Executives should require those who work for
them to justify new invasions of privacy against a heavy burden, weighing them against not only the financial upside, but also against the potential costs to individuals, society, and the firm's
reputation," he writes.