The Grand Bargain

Season 3: Episode 1

We’re told from a young age to “accept the things we cannot change.” But should this be the case online as well? We click “Accept” every day, but often don’t know what we’re giving away. Is it a fair trade, and should we demand a better bargain? Veronica Belmont and special guest Dave Pell explore if what we get for what we give online is a good deal. We hear how one man’s HIV status was exposed without permission, how a massive data-mining company is using our information to predict how we’ll behave, and why on earth our email inboxes are filling up with privacy policies.
Published: July 2, 2018

Show Notes

Tom Hayes works for an organization called Beyond Positive.

Nora Young discusses the GDPR in this episode. Here are 13 more things you need to know about the GDPR.

Beyond GDPR, check out what else is changing your online rights.

The rest of Jaron Lanier’s talk can be heard on TED Talks Daily.

Subscribe to Dave Pell’s NextDraft newsletter.

Read Mozilla’s take on privacy and the trade-offs we make online.

Transcript

Speaker 1: Do you have any concerns about how much information you’ve got available online?

Speaker 2: Yeah. I’m worried. I’m worried that stuff doesn’t go away. They could sell my information, right, to Russians?

Speaker 3: I guess I’m a pretty open person, and so I kind of realize that all of the information is already available about me, so I just have to be an open book and be okay with that.

Speaker 4: I haven’t faced any problems personally, but yeah, what I see or listen to on the TV does concern me.

Sen. Chuck Grassley: We welcome everyone to today’s hearing on Facebook social media privacy, and the use and abuse of data. Although not unprecedented-

Sen. Richard Durbin: Mr. Zuckerberg, would you be comfortable sharing with us the name of the hotel you stayed in last night?

Mark Zuckerberg: Uh, no.

Sen. Richard Durbin: I think that maybe what this is all about: your right to privacy, the limits of your right to privacy and how much you give away.

Veronica Belmont: So tell me if this sounds familiar. You’re going about your day, jamming on your laptop and you open an app because you’re, I don’t know, trying to chat with your friends. Suddenly, a window pops open announcing a new privacy agreement, an agreement between you and Big Company X. And yeah, you’re going to agree. You scroll to the bottom, click that little button and agree to whatever they want. It feels like we’re entering into these bargains every day of our life, bargains where we’re giving something up for all that free stuff, but what exactly?

“Dude, all your friends are chatting without you. Just click “agree.” And listen, I very much get it. We’re busy and we’re all vaguely aware that online life means entering into these agreements, dozens, hundreds of them every year. But here’s the thing: The more our real lives play out online, the bigger the stakes get. That’s why we’re launching season three of IRL with a deep dive into privacy, all the bits of privacy we sign away when we sign up for video conferences, say, or email or hotel bookings or, well, kind of everything.

It feels like every tech giant has been racing to update their privacy policies these days so we wanted to ask. What did we just sign up for? What is this bargain? All season long, we’re looking at the things you gained and the things you lose when you make those deals with the powers that be. And along the way, we want to figure out how can we start demanding a better deal if we don’t like the one on the table.

I’m Veronica Belmont and this is season three of IRL because online life is real life. So I have a very special copilot with me for today’s ride. He’s the founder and content curator of the Next Draft Newsletter, where every day you get the ten most important weird wonderful stories from anywhere on the internet, Dave Pell. Hi, Dave.

Dave Pell: Hi.

Veronica Belmont: We’re talking about all those moments online where you share a little bit of your data, a little of yourself in exchange for all the internet’s beautiful magic. Let’s start with you. Are there things you wish you didn’t have to hand over in the bargain?

Dave Pell: A lot of the stuff I’m sharing is for self-promotion. In a way, I draw a line there that I’m sharing less personal stuff and more stuff about getting people to read my material or to follow me places or to sign up for my newsletter.

But in that process, even when you’re trying to be fairly careful, you’re always sharing certain things. Sometimes that stuff isn’t even being shared actively you know? You’re sharing material about your purchasing habits and your credit that you don’t even know you’re sharing or you don’t even know the company that has your information so it’s pretty hard to avoid.

Veronica Belmont: Yeah, and I think that these privacy issues can also often feel like a background concern, especially considering all the amazing stuff that we get, literally billions of dollars worth of free services developed for our enjoyment. And when I’m getting so much, do I really care that companies get some personal data in that bargain?

I totally relate to you, too, about sharing stuff for self-promotion and all that comes with that, but there is that trade off. And this is where our first story actually comes in. It’s about the times when losing privacy actually can mean losing everything.

Tom Hayes: Hi. My name is Tom Hayes. I was diagnosed in August, 2011, which is seven years ago now.

Veronica Belmont: Tom Hayes found out he was HIV positive in 2011.

Tom Hayes: My immediate questions were how long have I got left to live? Will I ever have sex again? Will I ever have a relationship again?

Veronica Belmont: Slowly, Tom got on with his life. He even began an anonymous blog called UK Positive Lad. It gained a big following. Meanwhile, Tom set himself a deadline.

Tom Hayes: It was March, 2013.

Veronica Belmont: That’s when he would tell the important people in his life, family and friends, about his HIV status. There can be a whole raft of assumptions and mixed feelings that go along with disclosures like that, so he was working up a plan to do it right. In the end, he’d be able to open up to the people who mattered and, most important, he’d be in control of who knew what. That was the plan.

Tom Hayes: I was out for a night with friends in a Chinese restaurant and my phone kept buzzing and buzzing and buzzing. I tried to ignore it again because I’m at a meal with friends and I try not to be rude and play with my phone at dinner. It kept going and going so I pulled it out and I looked. My ex-boyfriend and his friends were posting on my Facebook and other people’s Facebooks and Twitter accounts that Tom has AIDS and he’s going around infecting people.

Veronica Belmont: Tom had recently broken up with his partner and his ex decided to get revenge by weaponizing what he knew about Tom’s status.

Tom Hayes: I - you know I froze. I didn’t know what to do. I didn’t know how to react. I turned my phone off and I put it back in my pocket and carried on with the evening as best I could. When I got home, I sat on the sofa and I turned my phone back on. I read these hundreds of messages. Half of them were very supportive. The other half of them were basically burn the witch. He’s got AIDS. He should be in prison. He should be killed.

And I just had no idea what to do. I had no idea how to handle it. I sat there for hours reading every single one of these 300 or 400 messages. And by two o’clock in the morning, I had made the decision that the only way out of this was to kill myself. I put a plan together to go into the city center and jump off of one of the highest bridges in the city center. I was getting dressed and then my friend, Ben, came in from a night out. He asked what was going on and I just broke down into tears.

Veronica Belmont: Tom was pulled back from the brink but he still had to figure out how to go on living after his privacy and his safety had been stolen.

Tom Hayes: I did a whirlwind tour in about three days of all my friends and family and told them. And everybody was so supportive. It’s sad it took a crisis point like somebody outing me to sort of force my hand. It hurt because, not only was it somebody revealing something so very personal that was then out there and it wasn’t their place to reveal, but it hurt doubly because it was somebody who I’d spent six to nine months of my live in a relationship with, who I’d made a conscious decision to share this secret part of me with. They had weaponized my HIV status and used it against me to get revenge. It just make me feel sick to the bottom of my stomach when it was happening.

Veronica Belmont: So Dave, how do you feel about this kind of information being so easy to share these days? It’s something like that that can be so life-changing can be shared to hundreds, thousands of people instantaneously.

Dave Pell: Yeah, it’s scary that it can be shared, and also I think what’s really telling from that story is the feeling you have when that information gets out there and you start getting attacked from every end. Sometimes it’s people attacking you. Sometimes it’s strangers. Sometimes it’s even bots, but you don’t necessarily know what’s coming at you. When it’s really happening, there’s such a sense of internal panic and you listen to a story that’s so much more personal and about so much more about a traumatic topic. You can just give yourself some idea of how terrible it is. It really is a bad feeling when that happens.

Veronica Belmont: I mean here was a guy who had really lost control of his personal data and through no fault of his own. He hadn’t publicized it. He just shared something with someone he thought he could trust. Tom’s story actually reminds me of a recent news piece about the gay dating app, Grindr. They’ve got millions of users and while they aren’t in a personal relationship with the Grindr app, they are trusting it in a really powerful way.

It turns out the app was making data about their HIV status available to two other companies. Grindrs’ users were sharing private information expecting to just get dating services in return. But they got a massive breach of privacy in the bargain, too. That’s millions of people just like Tom who then had to wonder who knew what about them and here’s the kicker. Every one of them had clicked agree to Grindr’s terms and conditions, which made that privacy breach perfectly legal. In Grindr’s case, it wasn’t malicious, but there is still this fallout. And that’s the thing. Right? All those little seemingly benign decisions that we’re allowing others to make on our behalf, they’re not neutral. There’s a lot at stake.

Dave Pell: Well, even if something isn’t malicious in intent of somebody who shared your information or a software that shared your information with other software, it still feels malicious when it happens, whether it’s people talking behind your back or software talking behind your back. That’s why I always say the only privacy policy that really matters is your own. You can’t really not use credit cards and not share anything on the internet.

Veronica Belmont: Yeah. It’s not like we want to run away from all these free services entirely. They do actually have value. That’s why they’re there. That’s why we’re there on them. But at the same time, there’s that balance of understanding what’s potentially at stake. Here’s Tom Hayes again.

Tom Hayes: We mustn’t dismiss apps like Grindr out of hand immediately because they have a purpose, whether it’s finding sex, finding love, or finding support for something like HIV. I just think we as users and companies like Grindr and our government as well need to think very seriously about data protection but also our data rights on what should we expect from companies that hold our data.

Veronica Belmont: Tom Hayes lives in London. He works for an organization called Beyond Positive. I’ve got a link in the show notes for you.

Whether we’re on Grindr or Facebook or Google, we’re always making these trades. A bit of personal data for a free service, but how deep does that bargain go and can any of us really demand a new one?

So yeah. Your Google searches come back from the dead and live as advertisements, cookies trail behind you like you’re a Keebler elf, and now some shops are notified the moment you walk through the door. These little privacy grabs crop up everywhere and there’s usually one big money shaped reason.

Advertisements.

Nora Young: Well, think at base, the bargain is analogous to something that we’re familiar with, which is the bargain that we make when we watch network broadcast TV. Right? You agree to be exposed to advertising in exchange for being at somewhat of a targeted demographic and getting free programming in exchange for that.

Veronica Belmont: This is Nora Young. She’s the host and creator of the tech podcast and radio show Spark on CBC. She’s also the author of The Virtual Self.

Nora Young: The challenge is that we are obviously in a hyperdrive state of targeting and micro targeting in a way that really has no parallel with our earlier analog era. There’s obviously a lot of benefits to that. There’s access to bottom up continually refreshed, highly dynamic sources of information that can be used in the public interest. The negative side of that, there are proprietary businesses that feel like they own our data and that is very dangerous. In many ways, I feel like we entered into this world using a lot of legacy systems for a largely analog era.

Veronica Belmont: So I want to pause on something Nora just said, the idea of legacy systems from the analog era. That’s so important. We’re still thinking about these bargains the way we thought about TV advertising. In a lot ways, we haven’t updated them to fit the realities of the digital age.

This is IRL: Online Life is Real Life and with me for today’s episode is Dave Pell, founder of the Next Draft newsletter. I’ve been a subscriber for many, many years. So Dave, just to underline how out of whack these legacy systems have become, we can’t continue without mentioning data harvesters like Cambridge Analytica, those jumbo political targeting apparatuses that feed off all the personal data that we’re really giving up. The thing that’s really freaked me out was the story of Palantir Technologies. Dave, I imagine you’ve heard about this.

Dave Pell: Yeah. Palantir’s a great reminder of the fact that everybody you think knows all your information, it’s the people you haven’t heard of or don’t know much about that know even more about you. So Palantir is a great example of that.

Veronica Belmont: Now, you’ve got me even more freaked out because I feel like I tend to know about the people who know about my information. Now, I’m like who do I not even know knows about my information.

Dave Pell: Yeah. Taking a concern that somebody has and making them feel even worse is sort of my brand.

Veronica Belmont: So for those of you out there who don’t know, Palantir really into data mining, kind of like Cambridge Analytica. It makes its money harvesting massive amounts of data points from financial records, from online reservations, from social media postings, really wherever its 2,000 engineers can get them. Then, it uses the portrait of people that emerges to help its clients. It was created by the billionaire Peter Thiel. He is one of the guys who started PayPal. Palantir started out as a way to help the CIA and the FBI comb through data and find international terrorists, but it didn’t end there. Lizette Chapman is a journalist over at Bloomberg who writes about Palantir.

Lizette Chapman: Palantir Technologies makes data mining software. The software pulls together different chunks of data, different data silos that previously couldn’t be connected and it pulls them all together in one spot and then mines them for meaning. It pulls up different connections that would otherwise be impossible to see by the human eye. For example, it is used in law enforcement agencies in Chicago, in New York, in New Orleans, and in Los Angeles. In Los Angeles for example, one of the ways that officers there have used it and are continuing to use it is to identify people of interest that could be potentially a higher likelihood, according to the officers, of committing crime. Kind of like Minority Report kind of predictive policing.

Veronica Belmont: So Palantir is using data to try to predict how people will behave. Just by having data points that are similar to criminals in the past, you become a suspect. You’re treated as a criminal. Lizette summarized the problem brilliantly in a recent article. She wrote that with Palantir “data is destiny.” And in case you’re thinking that’s somebody else’s problem, I don’t have friends with dirty data points, well not so fast. Palantir isn’t just for law enforcement anymore. As the company looked for more profits, they started doing deals with Coca-Cola, with Nasdaq, with Walmart. Half it’s revenue now comes from the private sector, which means this hard core terrorist tempting software has been trained on, well, you.

Okay, Dave. I keep thinking about those legacy bargains with TV companies that Nora Young mentioned and I just think the old advice to read the fine print isn’t nearly good enough anymore. If things go all Minority Report on us, do you think we’re going to end up with a dramatic confrontation here between the all seeing privacy busting authorities and some kind of, I don’t know, privacy renegades?

Dave Pell: Well, I think there’s always a couple of scales that people use to measure these things. One thing about Palantir is we hear about all the information they have on us individually. As people hear that, I think they tend to think well, I’m not doing anything wrong, so I’m willing to pay the price of having people know my information if that means they’ll also know the information of somebody who might be up to no good. Recently, there was a serial killer in California who was arrested based on DNA that was found at one of the genealogy sites.

Dave Pell: Yeah. After that, of course, there was a lot of articles about how much we’re sharing right down to our DNA. And on one hand, you’d expect people to be a little concerned about that, but on the other hand they’re thinking well if it means they’re going to catch serial killers, maybe that’s a deal I’m willing to make. It really never comes into play as being a personal issue or a real big factor for you personally until that information is either weaponized, used against you, or it feels personal. In the election when Cambridge Analytica used some of our information against us in a way on an area that we felt so sensitive about, which is politics, that’s one of the first times I think people really started to take it personally and think wait, if I’m sharing information that can ultimately be used to get a result that I don’t want, now I’m starting to get mad.

Veronica Belmont: So let’s say we want to avoid a privacy Armageddon, say we do manage to hammer out a better agreement, what exactly would that be?

All right. We know we want action. How do we take action that’s actually big enough, substantial enough to help me wrestle with a beast as big as Palantir? Here’s Nora Young again.

Nora Young: So I think that the utopian goal is to think about a new way in which we can share information with the public, we can share information with research and so forth and get the benefits out of it, but we can protect our privacy at the same time. I think something that is a good first step is what the European Union has just brought in, the GDPR.

Veronica Belmont: You’re probably thinking GDP what?

Nora Young: The General Data Protection Regulation, which brings in a lot more control over what is being done with data.

Veronica Belmont: So the spring of 2018 is going to be remembered as the great privacy agreement flood. You remember those weird few weeks there, when all of a sudden everybody wanted you to agree to a new set of rules. That flood was because of the GDPR, the European Union’s new online privacy regulation. It messed things up for a lot of companies that had gotten used to some pretty handsy relations with your data. But after GDPR, they had to come asking you for permission. The ins and outs of GDPR can feel a little wonky. But imagine it this way. You’re online company X, and you’re used to driving on the Autobahn. Wind in your hair. No speed limits. Then all of a sudden. You cross the border into GDPR land. Suddenly you’re going to get fined for the exact same behavior. You can get fined 4% of your annual global revenue. Facebook’s revenue, just for example, is about $27 billion, so yeah 4% of 27 billion, it’s more than the output of some countries. In fact on day one of GDPR being implemented. Facebook and Google were hit with $8.8 billion in lawsuits. So that speed limit in GDPR land actually matters. A lot.

The hope is, we’ll get speed limits posted by other countries too. But the plan is far from perfect. Some say it’ll strangle the growth of new startups. And then there’s what they call dark patterns. All those sneaky ways companies get you to sign away your rights by making things too annoying or too cumbersome to bother protecting them. In the end we may have to dream bigger than a bunch of speed limits. Maybe a lot bigger. If you want to find out more I’ve got a link to a Mozilla article in the show notes. It’s got the 13 things you need to know about GDPR. One of the most optimistic Visions for a genuinely new bargain, is coming from the Silicon Valley guru, and all-around brilliant guy Jaron Lanier. At the 2018 Ted conference in Vancouver, Lanier laid out an argument for an alternative to the ad driven strategy that’s been dominating the internet and interfering with our privacy, all this time. Here’s Jaron Lanier talking about our duty to always be remaking the internet.

Jaron Lanier: Remaking it would mean two things. It would mean first that many people, those who could afford to, would actually pay for these things. You’d pay for search. You’d pay for social networking. How would you pay? Maybe with a subscription fee. Maybe with micropayments as you use them. There’s a lot of options. If some of you were recoiling and you’re thinking oh my god, I would never pay for these things. How could you ever get anyone to pay. I want to remind you of something that just happened. Around the same time that companies like Google and Facebook were formulating their free idea. A lot of cyber culture also believed that in the future televisions and movies would be created in the same way. Kind of like the Wikipedia. But then, companies like Netflix, Amazon, HBO, said actually you know, subscribe. We’ll give you great TV. And it worked. We now are in this period called peak TV. Right? So, sometimes when you pay dor stuff things get better. We can imagine a hypothetical world of peak social media. What would that be like? It would mean when you get on you can get really useful authoritative medical advice instead of cranks. It could mean when you want to get factual information, there’s not a bunch of weird paranoid conspiracy theories. We can imagine this wonderful other possibility. I dream…

Veronica Belmont: Lanier goes on to question this myth we’ve all bought into. The idea that this is the only possible way for the internet to work. He says if we can just get past those preconceptions …

Jaron Lanier: It’s a win-win solution. It’ll just take some time to figure it out. A lot of details to workout. Totally doable. I don’t believe our species can survive unless we fix this. We cannot have a society in which if two people wish to communicate, the only way that can happen is if it’s financed by a third person who wishes to manipulate them.

Veronica Belmont: Lanier’s argument is so powerful because here you’ve got a guy who knows Silicon Valley. Who spent his whole life being ten steps ahead of what the industry is doing and where it’s moving. And he’s saying this whole bargain can be rewritten. Not only that, it has to be rewritten. The rest of Jaron Lanier is talk can be heard on TED Talks daily or wherever you listen to podcasts. Ted actually has a new podcast called work-life with Adam Grant, that is worth checking out too. So Dave, when you listen to Lanier’s version of a better internet, how practical does that sound to you?

Dave Pell: Well I think people would have to have the desire to do something like that. I mean he said that if we keep more of our privacy intact and maybe pay for some services as it’s a win-win. But I think if you ask the average internet user watching porn from their laptop without paying for it is the win-win that they’re looking for. So people people will share this information. I don’t really see this grand bargain as that much of a realistic future but it’s not because it’s not a good idea and it wouldn’t necessarily be a better internet. The problem is, is that people have to value privacy. Privacy is a currency on the web like anything else, and at this point we value privacy at a lower rate than we value dollars.

Veronica Belmont: And on that note, we have to say our goodbyes. Dave Pell thank you so much for being my co-pilot on this episode.

Dave Pell: Thanks a lot it was great. I hope none of this is going to get out to the public.

Veronica Belmont: No, no. Totally private con. Just you and me. This is just meant to be a conversation between two like-minded folks.

Dave Pell: Okay good that’s a relief.

Veronica Belmont: And approximately 2 million other people out there in the podcast listening world. We’ve got a link to Dave Pell’s Next Draft newsletter over in the show notes.

So maybe you’ve seen this tweet that went around from author Jac Rayner. It goes like this: “Dear Amazon, I bought a toilet seat because I needed one. I do not collect them. I’m not a toilet seat addict. No matter how temptingly you email me, I’m not going to think, oh go on then just one more toilet seat. I’ll treat myself.” It’s a pretty good tweet. Like a hundred thousand retweets sort of good. But the fact is, we’re all being chased around the internet by toilet seat advertisements. Because just living our lives we’re handing over reams of data. And that data is being sold to big toilet, big pharma, and big everything else. The targeted ads that result can be creepy. But we know by now they’re also a symptom of way bigger issues underneath. The GDPR tries to get at those issues. It’s a start. But we’ve got a long way to go. And honestly I don’t know if Jaron Lanier’s vision of an internet golden age is the answer. After all, if we did start paying for privacy. That might leave those who can’t afford it, out in the cold.

But here’s what I do know. Change is possible. Because we’re already starting to demand a new relationship with the powers-that-be. And we understand it now. We get these bargains touch every part of our lives. Online and off. Season three of IRL is all about how we negotiate those new deals. It’s everyday people, and a few tech giant monopolies, coming to the table and saying okay, status quo isn’t good enough anymore. Time for a new deal. Because online life isn’t just an add-on anymore. It’s a reflection of what makes us human. And I figure that means we’ve got a lot of incentive to make it more humane. For more of Mozilla’s take on privacy and the trade-offs we make online, check out the show notes for this episode at irlpodcast.org. IRL is an original podcast for Mozilla, and not-for-profit behind the Firefox browser. I’m Veronica Belmont, and I’ll see you online. Until we catch up again, IRL. Like I never heard that phrase before in my life and I was like Bob’s your uncle. Who’s Bob? What? What is that? Huh?