7: A Private Moment

I can't forget what I do not know.

[This is an installment of a serial article that is being gathered here. -D ]

---

Nothing is simple

“Privacy,” when applied to information, is a relatively new idea. I like it because it’s one of those concepts that gets more fuzzy and ill-defined the closer you look.

Peel back the term “privacy” and you’ll find the expression “personal information.” Peel that back and you’ll find feints at “information that can be used to identify me” or, put another way, “information that could be used to distinguish me from others.”

Data privacy regulations are based on the premise that Personal Information is “owned” by the individual — and that the businesses (but not governments, by the way) who generate, curate, and use that information do so only at the pleasure of we the owners of that data.

This is the thing. It’s when it got creepy that we really started to react.

(To own is a legal thing, meaning the right to possess and use and dispose an asset. In this case we’ll think of the “asset” as your likeness, since there’s legal precedent in the US that gives you some ownership over the use of your likeness. For the sake of simplicity, we’ll think of your Personal Information as a kind of likeness of you.)

So here we are: my personal information / digital likeness is mine, and I’ll let you use it in exchange for this free service called (for example) Instagram. Or I may not.

It’s a digital likeness. Gimme a break.

It’s not (just) about Cookies: A Privacy Primer

The introduction of browser cookies in 1994 by Netscape Communications (no, I wasn’t there, you can’t blame me) stirred the pot of online privacy. Cookies allowed websites to store small pieces of data on users' devices, enabling the sites to “remember” user preferences, login information, and browsing behavior. While cookies were initially designed to improve user experience, they were adopted and adapted for tracking users across multiple websites.

As online advertising grew in prominence (as described in prior articles), third-party cookies became increasingly prevalent. These cookies allowed advertisers to track users across different websites and build detailed profiles (likenesses) of the users’ interests and behaviors. Social media, mobile platforms, and the ever-expanding family of targeting algorithms shaded and added depth to these likenesses, resulting in advertising and other targeting that was unsettlingly aware of us.

(This is the thing. It’s when it got creepy that we really started to react. )

The European Union, already with a chip on its collective shoulder over American businesses dominating the digital landscape, came out with the General Data Protection Act in 2016. The loudly progressive US State of California enacted the (functionally similar) California Consumer Privacy Act in 2018. Dozens, if not hundreds, of regulations worldwide followed suit, all with basically the same rules:

• Right to access: Individuals should have the ability to access and obtain a copy of their personal data that is held by organizations.

• Right to correct: Individuals should be able to rectify or update any inaccurate or incomplete personal data.

• Right to delete: Individuals should have the right to request the erasure of their personal data when it is no longer necessary for the purposes for which it was collected.

• Right to consent: Individuals should have the power to give or withhold consent for the collection, use, and sharing of their personal data.

Nothing up my sleeve

In 2020, Google pledged that its Chrome browser (then about 66% of consumer web traffic) would stop supporting third-party cookies. Safari and Firefox had already done it, and Microsoft made the same commitment. Right now Google is saying they’ll begin the phase-out in 2025.

The thing I need you to remember right now is that Google (Alphabet), unlike Apple and Microsoft and Mozilla, is an advertising company, to the tune of $65.52 billion in Q4 of last year. Targeted ads are, as the kids say, their thing. Why aren’t they leading the charge to preserve third-party cookies?

Answer: because they’re outmoded.

The GDPR and related regulations make a few key assumptions about the technology used by the CTAI:

1. Data is gathered in a few observable, up-front ways, namely via registration forms or via tracking cookies.

2. Data is stored in a manner that lumps all of an individual’s information together, like a row in a spreadsheet.

Regulatory compliance, or at lest the appearance of compliance, is to allow the user to manage their cookie preferences and to request that action be taken on their information— their record in the database.

Oh right, the push thing

If you’ve been following along on this journey, you remember that the Big Trend we’re discussing is away from pull-based content and toward push-based content, which is to say content spoon-fed to us by algorithms that pick and choose from available content. That aggregator/feeder, who we named Algernon, has a few notable quirks:

1. He doesn’t rely on third-party cookies.

2. He doesn’t store information in a traditional, rows-and-tables database.

In fact Algernon’s methods of learning about you are already far more sophisticated than a few bytes of encoded text that has to be retrieved from your browser. As he gets smarter, he’s going to start restructuring his data stores on his own to accommodate relationships and datapoints that his human designers didn’t plan for (remember what we said about Generative AI) — and, and here’s the trick, those human designers very likely will not be able to navigate the data in that datastore. We’re talking about a black box like how your mind is a black box. Only you can search it and even you don’t know how it works.

The probable future landscape is a handful of very knowledgeable and well-connected Algernons with rapidly evolving databases that are gathering and synthesizing both content and user data from thousands of satellite sources. These Apex Algernons will represent the convergence of advertising, information, and entertainment into one new information ecosystem that is genuinely opaque to its operators - and completely out of the reach and scope of today’s privacy regulations.

And if you had to pick, right now, who would control one of those Apex Algernons, you’d likely have Google on your short list. I know I would.

The other way to look at this, of course, is to say that if our personal information is not a tangible, retrievable, exportable asset, but simply a series of fleeting impressions in the fever-dream of a hyperintelligent mouse, then our privacy concerns have been addressed! Yay!

If you don’t like the rose-colored glasses, though, then a serious re-thinking of data privacy - nay, the very concepts of likeness and identity in the “cyber” context, is warranted.

Maybe start with some of the science fiction of the late 1980s.