In Collaboration with Charles Hoffman and Paul Wilkinson
The debate about privacy versus transparency is swirling around the world, as well as on the Wall Street Journal’s pages with Gordon Crovitz’s recent piece, “Julian Assange, Information Anarchist.” From diplomatic communications and Wikileaks to the Journal's landmark reporting on information collected by web site owners and advertisers, protecting information that information creators might prefer to keep confidential is the topic d'jour.
How we think about the questions is as important as the answers. The shift from paper and the phone to the Internet is an order of magnitude larger than the shift from scribes and their scrolls to the Gutenberg press. Just like a pre-9/11 mindset no longer works for our intelligence agencies, a pre-Internet mindset leads to proposals like Do Not Track.
The answer is not to treat the limitless potential of the Internet to give people and organizations ultimate control over their personal and corporate information as if the network were run by telemarketers using dumb phones to interrupt the dinner hour. Nor is the answer to leaked diplomatic communications the creation of barriers to information sharing eerily reminiscent of the silos that blocked communication that might have disrupted 9/11. The answer is to change how we see the issues.
Without a change in mindset, our current policy debates around privacy and transparency are on a collision course. Seen as two sides of the same coin, however, we can create a framework in which innovation, experimentation, and the ruthless rigor of the market can combine to incubate the development of standards as powerful as TCP/IP and HTML were in the development of the Internet and the web itself.
In such an environment, we believe the market will quickly develop open and effective standards giving the creators and owners of data full control over who makes use of their information, as well as how they use it. One such standard already exists. eXtensible Business Reporting Language (XBRL), tags any kind of business information so that the information can be automatically tracked and validated. Rather than whole documents, like the ones being released by Wikileaks, XBRL allows information to be more granular and data driven, and thus more transparent.
XBRL is already being used in this country for reporting by public companies and banks to the Securities and Exchange Commission and the FDIC. It has been mandated for similar uses by countries around the world, and the Financial Industry Transparency Act of 2010 proposed by Rep. Issa (R-CX) requires that this same open technology standard be extended to additional financial data. Except for its last minute excision from Dodd-Frank, this provision would be law today. The Federal Financial Assistance Management Improvement Act of 2009 seeks to advance this same goal for the reporting of government data, embedding transparency into the process. Both will likely need to be reintroduced in the new Congress.
As the Congressional Privacy Caucus and the Federal Trade Commission have already made clear through their hearings and reports on privacy, full transparency can have its complications, an issue made equally clear by both Mark Zuckerberg of Facebook and Julian Assange of Wikileaks. It’s one thing to be transparent and an entirely different matter to have personal information kept private.
As evidenced by the FTC’s Do Not Track proposal, new technologies and legislation alone aren't enough. New perspectives are equally vital. Quite simply, privacy, security and data portability are not separate issues but three axes of the same core dilemma. The dilemma is the Internet has been trapped by web pages and the data silos that result. Google and Facebook's recent fight over access to user data is emblematic of this issue and a pre-Internet mindset. We can see this mindset around data replicated in other policy arenas, from electronic health records to our financial information. Just because I enter my data on a website doesn’t change its ownership. It’s still mine.
Unlike XBRL’s ability to advance transparency, the standard to unify the tripartite goals of privacy, security and data portability does not yet exist. Many attempts have been made separately, but none have tackled the answer as a whole cloth. The Consortium for Local Ownership and Use of Data (CLOUD) is taking this wholistic approach and is a non-profit organization seeking to develop standards that will effectively give any information creator, including consumers, ultimate control over who might do what with our information.
Without such an approach, privacy and transparency are on a collision course. New approaches, not just new legislation or new technologies, will be critical to avoiding the crash.