There is a saying that roughly goes “you’ll never understand someone until you walk a mile in their shoes.” So, let’s do that with privacy. Well, not exactly, but it is tempting. A recently completed Kickstarter campaign, Data Dealer, puts you in control of a a data broker. It’s a great satirical look at how you gain, control and sell information. I suggest you head over to their website and play the demo. I learned quite a few things playing the demo that are quite illustrative.
It’s All About the Risk, Baby
One of the game’s metrics is Risk. As the Risk of your venture increases the greater chances you take. You can strike deals with hackers and social engineers, but doing so adds to the risk. The more risk you have, the greater the chance that a “concerned citizens’ brigade and privacy nuts might start breathing down your neck.” As the info bubble for Risk further points out, though, “there’s no problem that you can’t solve.”
While this post is not about how to play the game, Risk seems to be the one metric that matters. If you can make the risk of a proposed activity zero, than you can indiscriminately go about your data gathering activities. Gather more user information, and sell that. Restricted only by the energy to do those activities, you can easily go about collecting information from the sites you operate and then sell that information to the government, in one example.
Data Dealer is all fun and games, but there are things to be learned by how you decrease risk. While poking fun, the game actually highlights a few problems with consumerism and consumers.
Long Privacy Policies are your Friend … NOT!!!
This is my favorite part of the game. Tongue in cheek, Data Dealer tells us that the longer and more complicated a policy is, the more people trust it. In a journal article published by the Association for Computing Machinery (ACM), the author found that in a majority of cases you need a college degree to understand them. Further, that such language actually “discourages users from reading policies.” This article was written in 2007, but the climate hasn’t changed. There is no trend towards more readable privacy policies.
Lawyers are your Friend … Sometimes!!!
Of course, I had to look at how they handled this. This one was great, too. While it starts off like every company should, “just to be on the safe side during your data gathering,” it goes ridiculous. They are there to “check your tricky phrasing.” Come on folks, the lawyers are there to write the tricky phrasing. If the regulatory rules around privacy protection wasn’t written by lawyers, you wouldn’t need lawyers to comply, but they are, and you do.
Celebrity Endorsements are Worth Their Weigh in Gold
Every celebrity endorsement you get drives your risk down even more. I don’t know if I agree with the game designers that the mere endorsement by a real estate mogul with a bar hair-do helps me trust them. I think they are right though. The numbers prove it, too. 92% might base buying decisions on peer reviews. This is a proof point for the article titled “Why Celebrity Ads Fail.” What that misses is that almost 1 out of 2 customers will buy based on a tv ad, as well. The game does get it right.
Other Items of Note
PRISM may have scared you. It definitely scared the designers of the game. The best return on your information sale seems to be to the government. True? Probably not, but definitely funny. The next best return was with employment screenings for a large employer.
For folks that abhor astroturfing, the game designers included that as well. Spending some money to hiring some ‘net slaves’ who will give you positive reviews will help your risk profile. Just remember to have them ‘add a little criticism’ and you should be in the clear. Maybe that’s the piece that a famous astroturfer missed?
The game does include some nefarious actors as well. The intriguing thing though is that you don’t need them. You can collect data from your online websites with no risk and sell it, adding dollars to your piggy bank. The more information you can sell, the more money you make. The more effective your website is, the more information you can collect.
While you don’t need those bad actors, if you manage your risk well in your online properties you can every now and then engage one of those bad people to source out really personal information. All in all, play the game, and you will be a bit nervous about where your information is right now.
Once you have your little emplire setup you actually have to try and get yourself in hot water. So I did just that. In response to a protest I spent a pittance to run a PR campaign to make it go away. Further abuses get the same response. Pay your fine and your risk number goes way back down. Lesson? If you are violating user privacy, have some money squirreled away to deal with the problem?
What You Can Learn From This
I think the answer is transparency to your users and ethical practices. Do the right thing now and when opportunities present themselves. Design privacy into every product and service. Think about what information you really need from the users and only collect that. Tell the users what you will be collecting and why – in plain language.