Ad industry representatives have long said that collecting data from anonymous Web users can only benefit consumers by enabling companies to provide customized ads. But law professor Paul Ohm, who will start work at the Federal Trade Commission on Monday, says the data collection efforts now underway could prove more harmful than people think.
He warns that businesses are busy amassing so many facts about individuals that their most tightly held secrets could be exposed. "I've argued that these databases will grow to connect every individual to at least one closely guarded secret," he writes. "This might be a secret about a medical condition, family history, or personal preference. It is a secret that, if revealed, would cause more than embarrassment or shame; it would lead to serious, concrete, devastating harm."
He adds that companies are in the process of combining information into a single database -- which he calls the Database of Ruin. "Once we have created this database, it is unlikely we will ever be able to tear it apart," he warns in a Harvard Business Review blog post.
Ohm -- a leading expert about the risks of "de-anonymization," or how people can be identified based on non-personally identifiable information -- is urging businesses to voluntarily "slow things down" and "say 'no' to some of the privacy-invading innovations they're pursuing."
The big companies that can afford to hire privacy attorneys, and think through the implications of new technology, might take that advice. In fact, several years ago Netflix canceled a contest that Ohm had warned could have inadvertently exposed people's movie-watching history.
But small startups are a different story, especially given their history of moving forward new technology before considering privacy implications.
Consider that earlier this year the rapidly growing Socialcam was caught exposing clips that people viewed with their friends -- including the types of not-safe-for-work videos that many people likely didn't want to publicize. The app allowed users to disable sharing for particular clips, but then automatically resumed sharing-by-default the next time people accessed the service. (In May, after concerns were flagged by the Future of Privacy Forum, Socialcam revised its program.)
In February, mobile social network Path was caught uploading users' contacts without informing them, as was mobile social network Hipster.
Ohm says he hopes the industry will regulate itself and "devise ways to better balance the burdens on privacy and the benefits of Big Data."
For now, he proposes that companies must think long and hard before launching new features that could have an impact on users' privacy. "Executives should require those who work for them to justify new invasions of privacy against a heavy burden, weighing them against not only the financial upside, but also against the potential costs to individuals, society, and the firm's reputation," he writes.