Does Anyone Care About Privacy?
You are reading Economic Forces, a free weekly newsletter on economics, especially price theory, without the politics. You can support our newsletter by signing up here:
There was a time when transactions were mostly done in-person. Two people would meet and exchange goods for gold or silver or even pieces of paper. These trades could be anonymous. Neither party to the trade needed to know anything about the other. One had the good that the buyer wanted and the other had money that the seller wanted and they were able to trade.
There was a time when passing messages required writing the message on a piece of paper and delivering the piece of paper to the intended recipient of the message. If the message was secret and one wanted to be especially careful, the writer could fold the paper and put a special seal on the paper. If the paper was delivered with the unique seal intact, the recipient would know the source was genuine. The recipient would then read the message and set the paper on fire thereby destroying the message.
In each of these examples, there is a high degree of privacy. Nonetheless, it isn’t hard to think about slight deviations from these circumstances. For example, when it comes to transactions, the person might not hold money. They might deposit money in a bank. Instead of giving money to the seller, they might write a check to the seller. The seller then goes to the bank, presents the check, and receives money or a credit to his or her own account.
Nothing about the transaction really changes here. However, now there is a third-party involved. As a result, some degree of privacy is lost. The two parties to the trade might not mind. If the marginal benefit of the convenience of banking services is greater than the marginal cost of the loss of privacy, then people are better off.
When it comes to the letter, the fact that the letter will have to be delivered is a threat to the privacy of the message. If the sender was going to present a message to the receiver in-person, the sender might as well pass the message verbally. The delivery of the letter by a third-party risks the privacy of the message.
Note, however, that in each of these cases, there are limits to who can observe the transaction or the message. The bank keeps a record. Conceivably, even if they are not permitted to do so, the employees of the bank will have access to the ledger of transactions. Nevertheless, the threats to privacy are confined to the physical security of the ledger within the bank. Similarly, threats to the privacy of the message are limited to the delivery person and anyone else who has the knowledge and ability to intercept the message.
Technological advancements tend to improve methods of transacting and communicating, but also create more numerous threats to privacy.
Moving the bank ledger from a physical book to a computer meant that anyone who could access the computer was now a threat to privacy. The ability to access a computer from remote locations meant that physical barriers were no longer the limiting factor on privacy. The telephone, and later the internet, allowed for messages to be sent without writing the message on a piece of paper. Although the telephone and the internet didn’t require a messenger in the same way that the delivery of the paper did, these innovations did increase the threat of the message being intercepted to beyond the messenger or the physical location of the messenger.
Casual observation suggests that the increased prevalence of the use of telephones and the internet to send messages is a sign that people prefer these modes of communication even though they reduce privacy. After all, if the costs to privacy exceeded the benefits of the technology, people would simply forgo use of the new technology. But that conclusion is a little too simple.
Widespread adoption of a privacy-reducing technology might be delayed by the reduction in privacy. Yet, entrepreneurial minds will have an incentive to come up with privacy solutions that potentially unlock otherwise valuable technologies. One such example are the people who foresaw the threats to privacy of electronic bank records stored on networked computers and messages passed over the internet. The ensuing battle over private sector encryption is well-documented.
Furthermore, revealed preference arguments also miss information asymmetries. While sometimes privacy considerations are obvious, this is not always the case. Some might learn of the extent to which privacy is threatened or compromised only after they have adopted a particular technology.
This brings me to the contemporary debate about privacy as it relates to mobile devices, social media, and the internet more generally. There are two observations in the modern world that are hard to square. On the one hand, many people voluntarily (and, it seems, happily) use devices, apps, social media platforms, and other services that cause a quite dramatic sacrifice in privacy. At the same time, people are very upset about how devices, apps, and social media platforms violate their privacy.
The public policy debate on the issue of privacy seems to separate into two camps. The one camp argues that these are valuable tools, but the privacy costs imposed are too high. Therefore, the government needs to step in and … well, it is not exactly clear, but do something. Essentially, this side of the debate wants to design some sort of policy that would allow people to continue to use these devices, apps, and services, but without the degree of sacrifice in the form of lost privacy.
On the other hand, others argue that there is no role for policy here. People on this side of the debate argue that if the cost of foregone privacy is really that high, then people will stop using the devices, apps, and services. The fact that they don’t alter their use is evidence that they value the devices, apps, and services more than the privacy they had to give up.
I think that both of these arguments miss the mark. The revealed preference argument doesn’t seem to take into account informational asymmetries. For example, when people started using theses devices, apps, and services they might have had some expectation that they would lose privacy. Nonetheless, the degree of privacy loss might be much greater than they anticipated. Having adopted these new technologies, there can be significant switching costs. Part of that switching costs might be due to the fact that many of these apps and services have a value that is driven by network effects.
At the same time, the argument for regulation seems to ignore the potential for technological innovation around privacy. This might come in the form of adapting existing technologies to new use cases, such as recent proposals to add end-to-end encryption for private messages on Twitter.
But it could also mean a dramatic change in the way that people store their messages and their data. There are some companies, for example, that are developing easy-to-use personal servers. One threat to online privacy is the fact that there is a lot of consumer data that is being stored on servers around the world. In theory, anyone could simply set up a server in their own home and use that to store a lot of the things that are currently stored at some server farm. In practice, operating your own server turns out to be difficult. Efforts to get people to run their own personal servers therefore requires something on the order of what developers had to do to make the personal computer easy to use for a broad user base that wasn’t technologically savvy.
Ultimately, we seem to be in the midst of a dramatic change in the nature of communication. This change presents what seems like a conundrum: a lot of people seem to be complaining about the loss of privacy while voluntarily opting for devices, apps, and services that create that loss of privacy. These complaints should not be easily dismissed by revealed preference arguments. At the same time, policymakers should be careful not to make hasty regulations when such solutions are not obvious. In short, if this greater demand for privacy is genuine, consumers will be pushing for new or modified products, apps, and services and entrepreneurs will have an incentive to create products that prioritize privacy in the digital world.