Schneier on Security
A blog covering security and security technology.
« The Politics of Fear |
| GINSU: NSA Exploit of the Day »
January 29, 2014
Trying to Value Online Privacy
Interesting paper: "The Value of Online Privacy," by Scott Savage and Donald M. Waldman.
Abstract: We estimate the value of online privacy with a differentiated products model of the demand for Smartphone apps. We study the apps market because it is typically necessary for the consumer to relinquish some personal information through "privacy permissions" to obtain the app and its benefits. Results show that the representative consumer is willing to make a one-time payment for each app of $2.28 to conceal their browser history, $4.05 to conceal their list of contacts, $1.19 to conceal their location, $1.75 to conceal their phone's identification number, and $3.58 to conceal the contents of their text messages. The consumer is also willing to pay $2.12 to eliminate advertising. Valuations for concealing contact lists and text messages for "more experienced" consumers are also larger than those for "less experienced" consumers. Given the typical app in the marketplace has advertising, requires the consumer to reveal their location and their phone's identification number, the benefit from consuming this app must be at least $5.06.
Interesting analysis, though we know that the point of sale is not the best place to capture the privacy preferences of people. There are too many other factors at play, and privacy isn't the most salient thing going on.
Posted on January 29, 2014 at 12:26 PM
• 21 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Some data is better than no data; but I can imagine that this particular marketplace for online privacy is especially efficient.
can't ! I can't imagine. d'oh!
Valueing privacy in money means to give up the dignity of a persons life.
Therefore, we should go back to the more righteous rules of slavery.
Snowden nominated for Nobel Peace price.
IMO it's a huge problem that most people don't understand that privacy isn't mostly an individual right but a social good.
I don't value my own privacy all that much, because I "don't have much to hide" and more importantly am not important enough to be a worthy target.
I value privacy for others---such as people I vote for, activists, and dissenters working in my interest---more than for myself.
But their privacy depends on people like me, because if nobody bothers to obtain privacy, either technically or politically, they're sitting ducks. All the systems remain incredibly insecure, and anybody adopting privacy-enhancing measures sticks out like a sore thumb.
Consider the fact that our political system is largely a system of legalized and gray-area bribery through campaign financing. Everyone knows that money talks, and everyone knows that politicians make deals that one way or another favor campaign contributors. (Even if not all of them, the campaign finance system ensures that on average the outcome is much the same---if you won't take money for influence, they'll get someone who will, or someone who sincerely wants what they're paying for.)
Everyone knows that's how the game is played, and that you just have to make sure you don't get caught, e.g., with specific quid pro quo or obvious enough patterns of timing, etc.
That means that most politicians of all political stripes can be blackmailed by someone with enough of the right information about their business-as-usual corrupt activities.
I might be in favor of systematically destroying elected officials' privacy, if it was done evenhandedly, for the greater good, but you know it's never going to work that way---it will typically be applied quite selectively to give advantage to one side or another.
Imagine what would happen if we exposed the dark side of politics as practiced by one party, and not the other--pick your favored party---or anyone who opposes the national security state agenda.
"These days it's all secrecy, and no privacy."
--Jagger/Richards, "Fingerprint File," 1974, very prescient
"IMO it's a huge problem that most people don't understand that privacy isn't mostly an individual right but a social good."
You can turn it around, too. Stripping us all of that privacy has a real chilling effect on our discourse and behavior. In a very literal sense we are "less free" because of this vast intrusion into our private lives that the state has undertaken and (so far) gotten away with.
In their wildest dreams, the 9/11 terrorists could not imagine how successful they were going to be with their attack. The direct damage looked bad on TV but in the grand scheme of things, was no mortal threat to America. But it gave the authoritarians in the American establishment all the excuse they needed to start destroying the fabric of their own society for their own greedy and short-sighted reasons.
I am will to pay for content AND privacy, just like we do for cable TV. You pay for the transmission AND content.
I want a menu...30 sites for $10 per month. My payment is anonymous as the money goes into one pot to be disbursed.
For that I want them to stay out of my business and not turn over my data to the government.
@ Bob S
Most Cable TV is paid for by advertisements shown on the screen. Only the paid channels are paid for mainly by what you pay the cable company. And the movie channels' content is third hand: it was already paid for in the theater and DVD's before movie channel paid to show it. So, I guess the only content on cable that's truly paid by you enough to count are live Pay-per-view events.
I'm with you in that, far as critical services go, I'd rather have an option to pay for a service with quality and privacy. Legally enforced privacy, I'll add. The market of our type is just so small with products that are inherently less convenient and profitable. It's why I'm a fan of realistic baselines of privacy and security measures combined with independent assessments by firms whose reputation drives their business. Think Common Criteria's better Protection Profiles and evaluators, but with a focus on practice more than paperwork.
Closest thing is probably an red team evaluation by Matasano, Counterpane, etc.
@ Nick P
I'll add. The market of our type is just so small with products that are inherently less convenient and profitable. It's why I'm a fan of realistic baselines of privacy and security measures combined with independent assessments by firms whose reputation drives their business. Think Common Criteria's better Protection Profiles and evaluators, but with a focus on practice more than paperwork.
To some degree I find concurrence with your statement, on the other hand I can see the balkanization of privacy as a result. Of course one could argue the merits or relativism of privacy in the 21st century and find much to discuss. It is the lack of socio-political discourse above more than a dinner table chat that is problematic. I whole-heartdly agree that tangible results versus mere words are that are of true value. As with Common Criteria, people will come to it much like Microsoft--kicking and screaming. The problem I see is that privacy lacks a "deliverable". Ah, absence does make the heart grow fonder. Tis my muse, or my vise? What makes either a compelling act that must be shared--are they not my privation.
I think the decimal place was in the wrong position. $50.6 makes a little more sense to me considering the potential for psychological damage, shareholder value potentially lost and, of course, heartbreak. -DT
Great article nonetheless. Thanks! :)
Paying for privacy? Sort of like a move from the Hoover model to the Al Capone model of secuity?
What if someone Kickstarted a machine that magically bestows complete privacy upon you? How much would you be willing to pay for such a hypothetical device?
One has to wonder how much consumers trust promises of privacy, especially in the absence of a permissions manager. In my own case, the answer is 'not much'. If that is typical then I suspect the estimated values the study has produced considerably understate the true value customers attach to privacy.
@ magic machine
"What if someone Kickstarted a machine that magically bestows complete privacy upon you? How much would you be willing to pay for such a hypothetical device?"
If such a thing was provably secure then people would pay any reasonable price and many would pay unreasonable prices.
"If you want my information, I'll license it to you personally for $1,000 per year." That's how I always reply when some store clerk asks me for personal information when I am paying with cash.
The question is wrong. You should be asking "How much would a company have to pay you to have this information forever and to use it in any way they want."
A question that has been asked for other reasons than security/privacy as well: how to ensure trustworthy data erasure?
@ Nick P
legally enforced privacy? all that government hacking is illegal, Its just that the new paradigm is that no part of the constitution that says the government shall not, or shall make no law such, is completely trampled by the de facto police state and the government can kill or imprision anyone because the government is a criminal organization and the people expect it to break all the laws and never have them enforced against state actors.
Remember Snowdon has not endangered anyone who did not first allow the NSA or some other criminal arm of gov to put them in a compromised position.
Was Cheneys outing of Valerie Plame any different? did Cheney get people killed? Hell Yes he did but high privelege allowed him to do it for political reasons (starting a war on false pretenses for oil)
People who get killed for betraying their country have their personal motives, if the US has agents to encourage this, its them who are endangering the anonymous dupes
@ ric p
" all that government hacking is illegal, Its just that the new paradigm is that no part of the constitution that says the government shall not, or shall make no law such, is completely trampled by the de facto police state and the government can kill or imprision anyone because the government is a criminal organization and the people expect it to break all the laws and never have them enforced against state actors."
Why do so many of you quickly forget there's more threats than US govt agencies? Vast majority of damage is done by general black hats, malicious insiders, organized crime, and foreign states. For businesses, let's add shady customers, B2B partners, and contractors. Most people don't have a story about how NSA wiped out their data, ruined their business, etc. They usually have an experience with one of the other threats I mentioned.
So, I'm not just designing to deal with domestic TLA (DTLA). Most of my design effort is to deal with everyone else while contributing to anti-DTLA efforts on the side. The anti-DTLA solution looks *totally different* from solutions to other problems in most cases. It's also horrible to build, use, and maintain compared to a COTS SOC or board. It also comes with requirements on inspections, supply chain security, EMSEC, etc. Whoever uses it can't make a single mistake in any of that. Suffice to say, even most people concerned about DTLA won't pull that off so my assumption for them is they'll be compromised. It's a safe assumption that almost always panned out.
The solution to govt problem will be political, require voting, maybe require other forms of pressure, and be performed by majority of the public. Nothing less will work. Tech won't work. The opponents are simply too powerful: organizations of analysts, hackers, technologists, spies, soldiers, and drones with billions in funding operating at global scale for decades. How does your cryptoscheme running on black box hardware by amateurs in your house compete with *that*? It doesn't. Their power has to be cut or restricted at the source: the people. Sadly, the people have been letting me down on this one for over a decade & I've been unable to convince them otherwise.
re legally enforced privacy
I may be reading it wrong, but does this study really make the assumption that your privacy is something you need to buy because you have no right to it in the first place?
Wouldn't it have made more sense if they presented a privacy respecting app at price X and asked the consumers how much of a discount it would need to make them consider a less privacy respecting version instead?
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.