With all the hand wringing about privacy I have been doing, along with many others, what can we do? Incorporate Article 8 from the European Convention on Human Rights? Throw up our hands and walk through the streets unclothed because we are no longer allowed to have any secrets? With President Obama decrying the patent system as broken, patents themselves as an answer may seem apocryphal. But, where there is a problem, there is an idea, and where there is an idea there may be a patent that describes that idea.
First – What is the Real Problem?
I don’t think the real problem is all the intrusions into our privacy that seem to multiply like rabbits in Australia. The real problem is the value exchange, in my mind. There is not a fair value exchange going on. Even when we think we are getting something of value – a few sheckels of farmville credit for our gender and user network, for instance – we are being undersold. It was estimated, based on Facebook’s IPO that each of us Facebook users was worth $125. Have you gotten $125 worth of value from your participation in Facebook? Perhaps you have. Remember always, if you are getting something for free, you are being sold.
If the value exchange is the problem, perhaps a system of fair exchange of value between user and data consumer might be the answer. The idea would be that I provide information to whatever system I am using at the time. The system stores that information securely, and when requested by an end user some value is transferred back to me. Easy-peezy right? Or perhaps just telling me that my information has been sold to a data broker, who sold it to a retail chain, who sold it to a supplier, who then sold it to another data broker, and there is a company at McMurdo Station that knows what I had for breakfast. Value, control and notice. Maybe that is the triumvirate of privacy protection that we should be shooting for.
Now to the Patent
The system I propose is not something that I came up with on my own. In fact, it is a basic description of inventor Thomas Coleman’s patented idea. Yes, a granted patent. Patent Nr. 8,489,511 titled “Privacy protection system and method.” Awesome. Now before you start throwing tomatoes at me about a patent that covers a very important consumer protection idea, think about a world without something like this. A world where your information is collected (without your knowledge, read yesterday’s post), shared without your knowledge, and used by companies you have never heard of. Plus, claim 1 was written rather skillfully, though it is a bit long for a non-patent attorney to really understand it. I have pasted claim 1 at the bottom of this post for your review. Yes, it is long.
More importantly, I think this highlights something that technologists have always said to us about a host of other problems. Technology will provide. If we are concerned enough about our privacy, like the Europeans are, then someone will come along and build something that will help us all. That is what Mr. Coleman has done. Given us a way out that puts privacy protection in the hands of the user. If they, given this control, still don’t protect themselves, then it is on their heads.
I don’t believe the answer is that companies shouldn’t be allowed to gather and use our personal information and habits. While I think that particular horse has left the barn and is now in the farthest pasture, I think the issue is more practical. I do not want generic stuff served to me. I want some information to be held so that my interactions are easier. How many phone systems ask you your customer number, or account number, and then the call service representative asks you for the same information? Every darn one of them that I have seen.
So if the users of our information need that information for good reasons (let’s leave aside the bad or creepy reasons for the moment) why shouldn’t we build a system that allows for that. A system that not only attaches notice to the information so that the receiver knows what obligations attach. A system that even allows for a small value to be sent back up the stream to the user.
Bad News, and a Hope
This wonderful idea will never be implemented. I am sorry, Mr. Coleman. I believe in you. I believe in your idea. But it will fail. Unless mandated by governmental entities, your system will only be a footnote to a society in which we are being watched, recorded, and tracked every minute of every day. Until the United States moves away from the notion that privacy is protected only so that commerce can occur and moves towards more of it as a fundamental right, we will be right where we seem to be heading.
Yes, this is a bit of a downer post. Sorry. I hope that Mr. Coleman gets all the funding he needs, and that some right-minded legislator or regulator (I’m looking at you, FTC) sees this as an opportunity to truly do what’s right by the user. Stop focusing on how companies should tell us us what they are doing and put the power back where it belongs, in the user’s hands.
Claim 1 of Patent Nr. 8,489,511
A method for a privacy organization to manage a privacy interest for a person, comprising:
acquiring via a website information about the person, wherein the information includes personal information about the person or transactional information about the person;
digitally storing the information about the person as protected information in a secure account for the person within a database accessible by the privacy organization and accessible through the website by the person;
automatically coding a digital profile for the person using the acquired protected information to create an abstracted profile code for the person using at least some of the acquired protected information;
digitally storing the abstracted profile code of the person in the secure account within the database;
automatically entering the protected information into notices asserting data ownership over the protected information for the person;
asserting data ownership over the protected information for the person, including providing the notice that the person is asserting data ownership over the protected information to entities capable of collecting data about the person from transactions, interactions or Internet activity, or capable of using or selling collected data about the person;
providing the abstracted profile code to select entities; and
receiving from the select entities consideration for the person in exchange for allowing the select entities to use the abstracted profile code with at least some of the protected information, wherein acquiring via the website information about the person includes:
receiving information from the person; allowing the person to view and edit the protected information in the secure account;
receiving instructions from the person for managing the protected information, wherein the instructions include instructions for sending the notice and selecting the select entities to whom the abstracted profile code is sent; and
delivering code for installation on an electronic device of the person, receiving the information about the person from the electronic device operating on the installed code including receiving web-browsing activity using the electronic device, and storing the information received from the electronic device into the secure account.