December 18, 2014

The Future of Privacy

The terms of citizenship and social life are rapidly changing in the digital age. No issue highlights this any better than privacy, always a fluid and context-situated concept and more so now as the boundary between being private and being public is shifting. “We have seen the emergence of publicy as the default modality, with privacy declining,” wrote Stowe Boyd, the lead researcher for GigaOm Research in his response in this study. “In order to ‘exist’ online, you have to publish things to be shared, and that has to be done in open, public spaces.” If not, people have a lesser chance to enrich friendships, find or grow communities, learn new things, and act as economic agents online.

Moreover, personal data are the raw material of the knowledge economy. As Leah Lievrouw, a professor of information studies at the University of California-Los Angeles, noted in her response, “The capture of such data lies at the heart of the business models of the most successful technology firms (and increasingly, in traditional industries like retail, health care, entertainment and media, finance, and insurance) and government assumptions about citizens’ relationship to the state.”

This report is a look into the future of privacy in light of the technological change, ever-growing monetization of digital encounters, and shifting relationship of citizens and their governments that is likely to extend through the next decade. “We are at a crossroads,” noted Vytautas Butrimas, the chief adviser to a major government’s ministry. He added a quip from a colleague who has watched the rise of surveillance in all forms, who proclaimed, “George Orwell may have been an optimist,” in imagining “Big Brother.”

This issue is at the center of global deliberations. The United Nations is working on a resolution for the General Assembly calling upon states to respect—and protect—a global right to privacy.

To explore the future of privacy, we canvassed thousands of experts and Internet builders to share their predictions. We call this a canvassing because it is not a representative, randomized survey. Its findings emerge from an “opt-in” invitation to experts, many of whom play active roles in Internet evolution as technology builders, researchers, managers, policymakers, marketers, and analysts. We also invited comments from those who have made insightful predictions to our previous queries about the future of the Internet. (For more details, please see the section “About this Report and Canvassing.”)

Overall, 2,511 respondents weighed in on the following questions:

Security, liberty, privacy online—Will policy makers and technology innovators create a secure, popularly accepted, and trusted privacy-rights infrastructure by 2025 that allows for business innovation and monetization while also offering individuals choices for protecting their personal information in easy-to-use formats?

Please elaborate on your answer. (Begin with your name if you are willing to have your comments attributed to you.) Describe what you think the reality will be in 2025 when it comes to the overall public perception about whether policy makers and corporations have struck the right balance between personal privacy, secure data, and compelling content and apps that emerge from consumer tracking and analytics.

Bonus question: Consider the future of privacy in a broader social context. How will public norms about privacy be different in 2025 from the way they are now?

Some 55% of these respondents said “no” they do not believe that an accepted privacy-rights regime and infrastructure would be created in the coming decade, while 45% said “yes” that such an infrastructure would be created by 2025.

Despite this very divided verdict, there were a number of common thoughts undergirding many of the answers. For instance, many of those answering “yes” or “no” shared the opinion that online life is, by nature, quite public. An anonymous respondent even went so far to say, “Privacy will be the new taboo and will not be appreciated or understood by upcoming generations.” Respondents also suggested that a fluid environment will continue to confront policy makers. Among the common thoughts:

Privacy and security are foundational issues of the digital world

Our question seemed so apt to respondent Breanne Thomlison, the founder and president of BTx2 Communications, a marketing and strategies firm, that she predicted there will soon be a new job title called, “Online Public Safety and Corporate Monetization Director.” Its functions: to monitor, create, gain, and maintain trust on a global level, as well as manage expectations from each group. “Without this, innovation will not happen,” she predicted.

An executive at an Internet top-level domain name operator who preferred to remain anonymous replied, “Big data equals big business. Those special interests will continue to block any effective public policy work to ensure security, liberty, and privacy online.”

A promoter of the global Internet who works on technical and policy coordination, wrote, “By 2025, there will be an international consensus among Internet organizations on how best to balance personal privacy and security with popular content and services. The patchwork approach of national privacy protections will be harmonized globally in 2025, and the primacy of security concerns will be more balanced by such an international consensus. In 2025, the public will see the need to reduce the primary focus on security and create a better, workable balance in favor of protection privacy.”

People are living in an unprecedented condition of ubiquitous surveillance

John Wilbanks, chief commons officer for Sage Bionetworks, wrote, “I do not think 10 years is long enough for policy makers to change the way they make policy to keep up with the rate of technological progress. We have never had ubiquitous surveillance before, much less a form of ubiquitous surveillance that emerges primarily from voluntary (if market-obscured) choices. Predicting how it shakes out is just fantasy.”

An anonymous respondent wrote, “The politics of surveillance and privacy are so broken, particularly when it comes to industry and government interests, that it is unlikely there will be any positive change.”

Another anonymous respondent wrote, “There will be a subset of the public rebelling against this surveillance and data-driven society through either withdrawal from the online world or acts of ‘civil disobedience’ against the powerful.”

People require little more inducement than personal convenience to disclose their personal information

Bob Briscoe, chief researcher in networking and infrastructure for British Telecom, wrote, “Lack of concern about privacy stems from complacency because most people’s life experiences teach them that revealing their private information allows commercial (and public) organisations to make their lives easier (by targeting their needs), whereas the detrimental cases tend to be very serious but relatively rare.”

Niels Ole Finnemann on the future of privacy

An information science professional responded, “Individuals are willing to give up privacy for the reasons of ease, fastness, and convenience… If anything, consumer tracking will increase, and almost all data entered online will be considered ‘fair game’ for purposes of analytics and producing ‘user-driven’ ads. Privacy is an archaic term when used in reference to depositing information online. Unlike writing a note of secrecy and keeping it safely guarded inside a vault, keeping information hidden and secure online is radically different. Any vault can be ransacked, but imagine the robbers are hundreds of thousands of miles away, invisible and while traceable, takes time and resources the victim may not have. We live in an age where we all feel like rulers to our information, kings and queens of bank accounts, yet we are not; herein lies the problem.” Relatedly, Gina Neff, an associate professor of communication at the University of Washington, wrote, “People will be increasingly more accepting of exchanging privacy for services and customization, unless advocacy and education efforts are increased now.” And Niels Ole Finnemann, a professor and director of Netlab, DigHumLab in Denmark, said: “The citizens will divide between those who prefer convenience and those who prefer privacy.”

Norms are always evolving, and privacy will certainly change in coming years

Nick Arnett, business intelligence expert, and creator of Buzzmetrics, wrote, “Society’s definitions of ‘privacy’ and ‘freedom’ will have changed so much by 2025 that today’s meanings will no longer apply. Disagreements about the evolving definitions will continue.”

Homero Gil de Zuniga, director of the Digital Media Research Program at the University of Texas-Austin, responded, “By 2025, many of the issues, behaviors, and information we consider to be private today will not be so… Information will be even more pervasive, even more liquid, and portable. The digital private sphere, as well as the digital public sphere, will most likely completely overlap.”

Rebecca Lieb, an author and an industry analyst for the Altimeter Group, wrote that today’s Millennials will be policy makers by 2025: “My optimistic viewpoint is that, with just a bit more time, those who will attempt to balance the interests of personal privacy and business interests will do so from a more informed perspective, legally, culturally, and with a better perspective on disruption.”

And a longer-term perspective was offered by David Ellis, course director for the Department of Communication Studies at York University in Toronto: “Like so much in online culture… privacy has no end game; the ‘right balance’ today will not be seen as workable tomorrow.”

An arms-race dynamic is unfolding

Peter Suber, the director of a US-based project working for open access to research, wrote, “We can be sure that privacy technology, like encryption, will continue to improve in ease and power—but so will privacy-penetrating technology. It is an arms race today, and I do not see that changing anytime soon. There will always be smart and motivated people on both sides.”

An attorney at a major law firm predicted, “The current arms race of privacy between individuals who want it and governments who wish to eliminate it will continue unabated. As cryptography grows stronger, so, too will the ability to break it. As new methods of maintaining privacy are created, the government, particularly the US government, will continue to do what it has done since the days of the Clipper chip—demand back-door access in public, while figuring out how to circumvent it in private… As Google Glass and attendant projects grow, the so-called Internet of Things becomes increasingly aware of literally everything, and as programmers begin jumping on algorithmic schemes to sift, curate, and predict the data, notions of privacy will be considered a fetish. The more data that is captured, the more algorithms will be able to predict, the less privacy we will have, as there will be an assumption that the predictive algorithm is right, and behavior will modify to address actions which have not yet occurred but are likely to a high statistical probability.”

Renegotiation and compromise will be a constant in privacy-security policy space

Joe Kochan, chief operating officer for US Ignite, a company developing gigabit-ready digital experiences and applications, observed, “I do not believe that there is a ‘right balance’ between privacy, security, and compelling content. This will need to be a constantly negotiated balance—one that will swing too far in one direction or another with each iteration… Public norms will continue to trend toward the desire for more privacy, while people’s actions will tend toward giving up more and more control over their data.”

An entrepreneur and electrical engineer active in ACM and IEEE wrote, “I foresee a minor increase in privacy due to legislation and/or regulation but expect the current tension to continue as innovators find ways to induce people to sacrifice some of their privacy to various compelling (or apparently compelling) applications.”

And an anonymous respondent wrote, “Advocacy groups, service providers, large e-commerce companies, Google/Amazon/Facebook/Twitter, secret services, security officers in companies and consultancies, and individual Internet users… are also very much involved. There will be ongoing tension between these groups, and I expect media panics and strategic games.”