Customers as a Third Force

Almost all arguments in economics devolve toward one one of two almost opposed positions, which I first saw when visiting two institutions flanking the Charles River in Cambridge: Harvard Business School on one side and Harvard Kennedy School on the other. Above both I saw word balloons in the sky. On the Business School side it said “The answer is the market. What is the question?” On the Kennedy School side it said, “The answer is policy. What is the question?” And between the two I saw a river of customers, all with relatively little power to deal with either or both sides.

So I decided to devote my life’s work toward giving those customers agency—the power to act with full effect—when dealing with both the businesses and governments of the world.

That agency was lost when industry won the industrial revolution, and it remains lost in these early decades of the digital revolution. If it weren’t lost, we wouldn’t have books such as Shoshana Zuboff‘s In the Age of Surveillance Capitalism, Brett Frischmann and Evan Sellinger‘s Re-Engineering Humanity, You are Not a Gadget (and pretty much everything else) by Jaron Lanier, and everything by Nicholas Carr , David Weinberger, and too many others to list.

My own work toward giving customers (and citizens) agency started with Linux Journal in 1994. It became notorious with The Cluetrain Manifesto (co-written with David Weinberger, Christopher Locke and Rick Levine) in 1999. And then (after notoriety didn’t seem to be working) became a development and research community with ProjectVRM at Harvard’s Berkman Klein Center in 2006,.

In 2012, ProjectVRM spun out Customer Commons, which since then has quietly been developing personal data usage terms that each of us can proffer, and the businesses of the world can agree to, rather than the reverse (which the GDPR has, alas, exacerbated by normalizing insincere and misleading cookie notices on the Web—a perfect example of policy failing to fix the market problem everybody two paragraphs above has been waxing wise about).

So, after Linux Journal‘s parent company decided, earlier this month, to end that magazine’s 25+ year run (and I was relieved of my duties as its editor-in-chief), I am at liberty to focus my energies on making Customer Commons what we wanted it to be in the first place: a worldwide organization of customers, ready to assert their powers, both individually and collectively, as a third force in the marketplace.

The term third force has multiple uses already, the most common of which seem especially relevant:

  •  “A group of people or nations that mediates between two opposed groups…” —  Free Dictionary
  • (A humanistic psychology that) focuses on inner needs, happiness, fulfillment, the search for identity, and other distinctly human concerns. Psychology: An Introduction, by Russell A. Dewey, PhD

Since customers and citizens are opposed to neither business nor government, but constantly look for positive outcomes in their dealings and relationships with both, third force works.

Our work as a third force is work toward surfacing, equipping, and institutionalizing, customer and citizen powers that align the interests of all three groups: interests which have thus far been subordinated to “what business can do” and “what government can do” for people.

That work requires heavier lifting than Customer Commons can do as a small and lightweight organization. We need to get big and real enough to earn power and standing when dealing with business, with governments, and with allied organizations doing complementary work.

That means we need funding.

We weren’t ready for that in the past, for two reasons. One was that we wanted to see what the GDPR would do. Now we know: it’s not enough. The other was that all of our board members (which thus far comprise the whole organization) were busy with their day jobs. Now that I’ve been liberated from mine, I’m free to talk. If you want to help make customers and citizens a true third force in the connected world’s commons, write me. I’m doc at searls dot com.

By the way, I have a milestone that I’d like to treat as a deadline for the first commitments of funding for Customer Commons: The Vincent and Elinor Ostrom Memorial Lecture, which I’ll be giving at the Ostrom Workshop at Indiana University, on October 9th. In that lecture (provisionally titled “The Internet as a Commons”) I plan to make the case for a thesis we raised at the start of ProjectVRM: that free customers (and citizens) are more valuable than captive ones—to themselves and to everyone else. Also that our freedom depends on establishing a commons in a connected world—the Internet—that was designed as one in the first place. Toward that goal it will help greatly to make Customer Commons the substantive organization it was always meant to be—and one to which the world’s customers and citizens can all belong.

— Doc Searls

 

New Rules for Privacy Regulations

The Wall Street Journal has an informative conversation with Lawrence Lessig: Technology Will Create New Models for Privacy Regulation. What underlies a change toward new models are two points: the servers holding vast user databases are increasingly (and very cheaply) breached, and the value of the information in those databases is being transferred to something more aligned to VRM: use of the data, on a need to know basis. Lessig notes:

The average cost per user of a data breach is now $240 … think of businesses looking at that cost and saying “What if I can find a way to not hold that data, but the value of that data?” When we do that, our concept of privacy will be different. Our concept so far is that we should give people control over copies of data. In the future, we will not worry about copies of data, but using data. The paradigm of required use will develop once we have really simple ways to hold data. If I were king, I would say it’s too early. Let’s muddle through the next few years. The costs are costly, but the current model of privacy will not make sense going forward.

The challenge, notes Lessig, is “a corrupt Congress” that is more interested in surveillance than markets and doing business. Perhaps that isn’t a problem, according to an Associated Press poll (which has no bias, of course!):

According to the new poll, 56 percent of Americans favor and 28 percent oppose the ability of the government to conduct surveillance on Internet communications without needing to get a warrant. That includes such surveillance on U.S. citizens. Majorities both of Republicans (67 percent) and Democrats (55 percent) favor government surveillance of Americans’ Internet activities to watch for suspicious activity that might be connected to terrorism. Independents are more divided, with 40 percent in favor and 35 percent opposed. Only a third of Americans under 30, but nearly two-thirds 30 and older, support warrantless surveillance.

Right. After all, who needs business?

Volvo’s In-Car Delivery Service

In Volvo launches in-car package delivery service in Gothenburg, Volvo’s new service “lets you have your Christmas shopping delivered directly to your car.” Intriguing idea that saves on parking hassles like those people who are waiting/idling around the favored spots.

With just days to go before Black Friday and Cyber Monday – the busiest online shopping days of the Christmas season – Sweden’s Volvo Cars has unveiled a brand new way to take some of the hassle out Christmas shopping.

The premium car maker has launched the world’s first commercially available in-car delivery service by teaming up with PostNord, the Nordic region’s leading communication and logistics supplier, Lekmer.com, the leading Nordic online toy and baby goods store, and Mat.se, a Swedish online grocery retailer, to have Christmas toys, gifts, food and drinks delivered to its cars. …

The Volvo In-car Delivery works by means of a digital key, which is used to gain one-time access to your vehicle. Owners simply order the goods online, receive a notification that the goods have been delivered and then just drive home with them.

Alas, not available everywhere. Yet.

Customer Commons Research: 92% of People Engage in Some Strategy to Hide Personal Data

We launched our first research paper today:  Lying and Hiding in the Name of Privacy (PDF here) by Mary Hodder and Elizabeth Churchill.

Our data supporting the paper is here:  Addendum Q&A and shortly we’ll upload a .xls of the data for those who want to do a deep dive into the results.

We all know that many people hide or submit incorrect data, click away from sites or refuse to install an app on a phone. We’ve all mostly done it.  But how many?  How much is this happening?

We’re at IIW today and of course, the age old dilemma is happening in sessions where one guy in the room says: “People will click through anything; they don’t care about privacy.”  And the next guy will say, “People are angry and frustrated and they don’t like what’s happening.”  But what’s real?  What’s right?

We conducted this survey to get a baseline about what people do now as they engage in strategies to create privacy for themselves, to try to control their personal data.

The amazing thing is.. 92 % hide, lie, refuse to install or click, some of the time. We surveyed 1704 people, and had an astonishing 95% completion rate for this survey. We also had 35% of these people writing comments in the “comment more” boxes at the bottom of the multiple choice answers. Also astonishingly high.

People expressed anger, cynicism, frustration. And they said overwhelmingly that the sites and services that ask for data DON’T NEED it.  Unless they have to get something shipped from a seller. But people don’t believe the sites. There is distrust.  The services have failed to enroll the people they want using their services that something necessary is happening, and the people who use the services are mad.

We know the numbers are high, and that it’s likely due to many not having a way to give feedback on this topic. So when we offered the survey, people did vent.

But we think it also indicates the need for qualitative and quantitative research on what is true now for people online. We want more nuanced information about what people believe, and how we might fix this problem.  Many sites only look at user logs to figure out what is happening on a site or with an app, and therefore, they miss this problem and the user feelings behind them. We want to see this studied much more seriously so that people no longer make the conflicting statements at conferences, so that developers say the user’s don’t care, so that business models are developed that think different than we do now, where sites and services just take personal data.  We want to get beyond the dispute over whether people care, to real solutions that involve customers and individuals in ways that respect them and their desires when they interact with companies.

 

 

 

Lying and Hiding in the Name of Privacy

Authors: Mary Hodder and Elizabeth Churchill

Creative Commons licenced: by-nc-nd CCLICENSE

©Customer Commons, 2013

Contact: Mary Hodder, hodder@gmail.com

Abstract

A large percentage of individuals employ artful dodges to avoid giving out requested personal information online when they believe at least some of that information is not required. These dodges include hiding personal details, intentionally submitting incorrect data, clicking away from sites or refusing to install phone applications. This suggests most people do not want to reveal more than they have to when all they want is to download apps, watch videos, shop or participate in social networking.

Keywords:  privacy, personal data, control, invasion, convergence

Download a PDF of the paper here.

 

Survey

Customer Commons’ purpose in conducting this research is to understand more fully the ways in which people manage their online identities and personal information. This survey, the first of a planned series of research efforts, explores self-reported behavior around disclosure of personal information to sites and services requesting that information online. We believe the results of this survey offer a useful starting point for a deeper conversation about the behaviors and concerns of individuals seeking to protect their privacy. Subsequent research will explore how people feel and behave toward online tracking.

This research is also intended to inform the development of software tools that give individuals ways to monitor and control the flow and use of personal data.

For this research project, Customer Commons in late 2012 surveyed a randomized group of 1,704 individuals within the United States (1,689 finished the survey, or 95%). Respondents were geographically distributed, aged 18 and up (see the appendix for specifics), and obtained through SurveyMonkey.com. The margin of error was 2.5%.

Respondents gave checkbox answers to questions and in some cases added remarks in a text box. (Survey questions and answers are in an addendum to this paper.)

Key Findings

Protecting personal data

This survey focused on the methods people use to restrict disclosure of requested personal information. Those methods include withholding, obscuring or falsifying the requested information.

Only 8.45% of respondents reported that they always accurately disclose personal information that is requested of them. The remaining 91.55% reported that they are less than fully disclosing. If they decide the site doesn’t need personal information such as names, birthdates, phone numbers, or zip codes, they leave blank answers, submit intentionally incorrect information, click away from the site, or — in the case of mobile applications, decline to install.­

Most people withhold at least some personal data. Specifically,

  • 75.7% of respondents avoid giving their mobile numbers
  • 74.8% avoid “social” login shortcuts such as those provided by Facebook or Twitter
  • 73.4% avoided giving sites or services access to a friend or contact list.
  • 58.3% don’t provide a primary email address
  • 49.3% don’t provide a real identity

The concept of trust was raised in 22% of the written responses explaining why people hide their information. Some examples include:

  • “I cannot trust a random website”
  • “I do not want spam and do not want to expose others to spam. I also don’t know how that information could be used or if the people running the site are trustworthy.”
  • “If I know why info is needed then I might provide, otherwise no way”
  • “I felt the need to cover my I.D. a little bit — like age and gender.  And I still withhold my social security #.”
  • “If I feel they don’t need it to provide a service to me they don’t get it even if I have to enter in fake info”
  • “Worries on identity theft and general privacy.”
  • “i would never give out my friends or and familys (sic) info ever”

Many respondents said sites and services request more data than required. Others suggested that providing requested information would result in an increased risk to their security. More results:

  • When the 71% of respondents who reported withholding information were asked why, they said they didn’t believe the sites needed the information. Specifically,
    • 68% reported they either didn’t know the site well when they withheld their data or didn’t trust the site.
    • 45% of those who felt they knew the site or service well still withheld information.

Respondents lied about various line items as a strategy to protect their privacy. For example, 34.2% intentionally provided an incorrect phone number, and 13.8% provided incorrect employment information. Here are some reasons they gave:

  • “I didn’t want them to have all my information, or feel it was necessary.”
  • “I have obscured various information so that I would not have further contact with a vendor who won’t leave me alone”
  • “Faking it is the best to avoid unwanted contact”
  • “Sometimes you just want to use a service without them knowing every thing about you.”
  • “I don’t like websites to have very much information on me. I regularly give out spam email addresses, bad birthday dates, and bad location information.”
  • “Registering for many mundane website often requires some pretty detailed personal info. I generally fudge this. None of their business”
  • “Because information is so easily found and transferred on the internet I do provide false info quite often to protect my identity.”

Even those who had never submitted incorrect information made statements such as:

  • “Have never made up info – just ignored requests :-)”
  • “i just don’t use that website”
  • “I have an email address that is purly (sic) for junk mail. I use this email address for websites that request my email address and then I go into that email and delete all email monthly.”
  • “I have never given incorrect information, but I have thought about it.”
  • “I don’t lie, but I omit as I feel appropriate.”

 

Going with the flow

Correcting already obscured or falsified information appears to be too much of a chore. Specifically,

  • Over 50% have rarely or never corrected data they submitted incorrectly
  • 30% correct their data “sometimes.” Of that 30%,
    • 55% said a purchase required correct information
    • 56% had a growing feeling of comfort with the site or service
    • 46% cited the ability to realize new benefits from the site with corrected information
    • 30% said they noticed others’ incorrect data at Facebook or other social sites, or in phone applications, and —
      • 80% of this group assumed that the data was falsified as a way to protect privacy
      • 40% believed the incorrect data was there to mislead marketers
      • 12% believed secretive associates were trying to mislead them
    • 13% believed services always needed correct personal information
    • 75% believed the services needed it only sometimes
    • 12% said it was never needed.

Respondents also believed that other users of these services always needed or expected correct personal data about each other 27% of the time, whereas 23% said it was sometimes needed, and 48% said it was never needed.

 

Privacy online

The results of this survey support the hypothesis that people limit, refuse to give or obfuscate personal information in an attempt to create a measure of privacy online.

On July 30, 2010, in the first article in its “What They Know” series, The Wall Street Journal reported, “One of the fastest-growing businesses on the Internet … is the business of spying on Internet users. The Journal conducted a comprehensive study that assesses and analyzes the broad array of cookies and other surveillance technology that companies are deploying on Internet users. It reveals that the tracking of consumers has grown both far more pervasive and far more intrusive than is realized by all but a handful of people in the vanguard of the industry.”[i]

Adds Doc Searls, in The Intention Economy, “Tracking and ‘personalizing’—the current frontier of online advertising—probe the limits of tolerance. While harvesting mountains of data about individuals and signaling nothing obvious about their methods, tracking and personalizing together ditch one of the few noble virtues to which advertising at its best aspires: respect for the prospect’s privacy and integrity, which has long included a default assumption of anonymity.”[ii]

This survey showed one result of this system. Respondents expressed a general lack of trust in their relationships with online businesses. Many feelings ran strong. Here are some of the comments:

  • “Scary world out there, and I am a bit angry about the fact that all these website ‘track me’ as if that is OK, and then they sell MY data, obviously making money in the process.  How is that OK or even legal?  Don’t I control MY information?  Apparently not…”
  • “So if I think it might be ‘harmful’ to give out info, I don’t do it.”
  • “I want cookies outlawed 🙁
  • “My ex-husband was abusive and has stalked me. I don’t need to let the greedy sellers of my personal information draw him a map to my front door.”
  • “While I doubt I have any real protection of privacy, I have a desire to try to send a message that I want my right to protection of privacy. I regret how much we as a society have lost to the powers of marketing.”
  • “I don’t trust the security procedures of most companies. Security costs money, which cuts into profits, thus most companies have limited incentive to protect PII from cyber criminals.”
  • “The web is far less secure than commonly known.”
  • “Just as I have disconnected my land line because of a flood of unwanted calls, I refuse to give online/ access information for the same reason.”

These survey responses show people resort to withholding data or submitting false data to avoid feeling exposed online. When deciding whether to share personal information, the majority of respondents doubt that sites or services need to collect more than a minimum of obviously necessary personal data.

Conclusion

When people withhold personal data, it is to create a sense of privacy and control of their personal lives.

People are afraid or distrustful of sites, services and phone apps that request their personal data. They withhold or falsify information because they do not believe the sites need their data, and because they do not want to disclose information that might lead to spamming or other intrusions. Moreover, the techniques that people employ to preserve their sense of privacy online are largely improvised, informed by fear, and based on their subjective evaluation of entities that solicit personal information.

For the sake of privacy, people contribute to and tolerate the presence of incorrect personal data online, and attempt to correct it only when they see the clear upsides of accuracy. And, despite the failure of businesses and other organizations to convince users of the need to provide personal details beyond an email address, most users remain comfortable disclosing additional personal data only with those they know and trust.

Research Funding Grant

This research project was funded with a grant from CommerceNet, a not-for-profit research institute working to fulfill the potential of the Internet since 1993.

Customer Commons

Customer Commons is a not-for-profit working to restore the balance of power, respect and trust between individuals and the organizations that serve them, especially in the online world. We stand with the individual and therefore do not take contributions from commercial entities.

ADDENDUM:  Questions and Answers

Click here to see the complete questions, answers and written answers offered by people to provide additional information.


[i] Julia Anguin, “The Web’s New Gold Mine: Your Secrets” The Wall Street Journal, July 30, 2010. http://online.wsj.com/article/SB10001424052748703940904575395073512989404.html

[ii] Doc Searls, The Intention Economy: When Customers Take Charge. (Cambridge, Massachusetts: Harvard Business Review Press, 2012). P. 28.