It's great to be speaking here at SVASE. I've been to several SVASE events before and always find them interesting and informative. I hope you'll find this one the same way. Events like this are a unique part of Silicon Valley culture and they bode well for the future here.
Our topic is "Privacy: Where's the Profit?" Obviously, if any of us up here knew the answer, we wouldn't be telling you. We would be off making our fortune by delivering that total, consumer-friendly privacy solution. But a lot of good information resides on the podium tonight. Also, I think that there is a lot to be said about "Privacy: Where's the Peril?" because privacy is a threat to many business models - at least from a PR and legal perspective - and only a real opportunity for one or two.
A few words about myself: I am the Founder and Principal of PolicyCounsel.Com, which is an Information Age lobbying and public policy consulting firm. I'm also the Editor of Privacilla.org, which is a Web site that tries to capture privacy as a public policy issue from top to bottom. I'm also an Adjunct Fellow at the Progress and Freedom Foundation, which is one of Washington's outstanding think-tanks that addresses New Economy issues. And, yes, there is still a New Economy.
The most important thing I can share with you, I think, is some of the thinking I have done about privacy. And I think we've put together a diverse group of panelists who will each bring a different perspective. After we all speak for ten minutes or so each, I'll be eager to get into questions so that you can get the most out of the minds we have assembled here.
I'd like first to explode some of the assumptions you may have about privacy, assumptions that you may be incorporating into your business planning.
One of those assumptions is that privacy is some kind of absolute. People often talk about a "right to privacy," or they say that privacy is a "business imperative," but these phrases and slogans shouldn't replace solid thinking. If you apply the best economic reasoning to the rest of your business, there's no reason why you shouldn't do this with privacy.
A good starting point is simply to define what privacy is. My own assessment is that privacy is a subjective condition. It's a state of affairs brought about by an individual's exercise of control over personal information about him- or herself. Importantly, it's a personal condition. I can't tell you what gives you your sense of privacy and you can't tell me what gives me mine.
Let me try to illustrate how privacy is not an absolute. Most of you are here tonight because you want other people to know you, you want them to know about your ideas, and you want them to know your business plans - at least up to the point of being willing to sign an NDA. One of the worst things that can happen to an entrepreneur is to have perfect privacy. Your business goes under and you lose money if investors and customers won't deprive you of at least some of the privacy you're stuck with.
Now, that's a cute way of talking about privacy, but if you look at almost any interaction between people - or between people and businesses - there's a beneficial exchange of information, and people give up privacy intelligently and willingly. That's not to say that privacy is not important. The point is that privacy is not an area where you can talk in terms of absolutes. Whether they're explicit about it or not, people are balancing their privacy against other interests and values all the time.
Now, I've been talking about privacy as I think it's best understood, but not everyone understands it that way. A friend in Washington said to me once that "privacy" is the word used to describe just about every complaint in the modern world, and sometimes I think that's true.
I would say that about eighty percent of the privacy debate in Washington and in the news is driven by the problem of "identity fraud." We need to separate "identity fraud" from privacy. Identity fraud - or "identity theft," as it's often called - is a very real crime problem. Is it also a privacy problem? It does affect people intimately and they feel violated by this crime. So, maybe it's privacy, too. But it's already really a crime problem. People should be going to jail.
Spam is often discussed as a privacy problem and there's no doubt that it's a problem. But it is much more of an annoyance than an offense to privacy. Ask yourself, is it humiliating to receive spam? Do you feel shame and exposure knowing that somewhere a computer has your e-mail address? Maybe some of you do. But most people don't. What's happening when we get spam is that we are being inconvenienced and annoyed. It's like being jostled on a city street or getting junk mail in the mailbox. I think calling it privacy describes the problem badly and prevents us from getting to intelligent solutions.
There are real concerns about privacy, correctly understood. The growth of the Internet has created a worthwhile public discussion about information practices that have been evolving for years - the fact that information about consumers is collected, bought, and sold.
But the depth of actual consumer concern is unclear. Business-to-consumer e-commerce, for example, should be absolutely devastated if consumers are acting on their concerns about privacy. They should turn away from e-commerce in droves. But e-commerce is still growing rapidly - just not as rapidly as the outsized predictions from a year or two ago. Consumers are supposedly up in arms about "cookies," but almost nobody disables them on their browsers. Consumers report to poll-takers that they routinely check the privacy policies of Web sites, but the folks who have the numbers report infinitesimal visits to their privacy pages. So it's unclear that privacy actually motivates consumer behavior.
Finally, let me just briefly discuss the privacy plans of Washington as I see them. It is fairly clear that no legislation will pass Congress this year. It is too late in the year for any serious proposal to get traction and the Senate Commerce Committee only this week had its first hearing on the subject. This means that the issue will be kicked over into next year, which is an election year. Privacy will threaten to be a big political issue. But the bigger a political issue it is, the smaller will be Congress' ability to deal with it seriously and intelligently.
Because of the nature of privacy, I don't see any solution to privacy problems coming from moving control over information practices from business to government. The true solutions will move power over information from business to consumers. Those solutions are much more likely to come from this room rather than from Washington. You folks are the ones who will put people in a position of authority over the information they want to keep private, while allowing them to freely share information or ignore their privacy if they want to. When you have done this, you will know where the profit is in privacy.
I may have already said enough outrageous things to fill a whole evening with discussion, but we have great panelists here and I'd like to welcome them, introduce them, and hear from them for hopefully about ten minutes each. Then, we'll throw it open for discussion and your questions.
You know much of their qualifications from the SVASE announcements so I'll be fairly brief.
Mark Uncapher is Vice President and Counsel at the Information Technology Association of America. Mark is about as well dialed-in on technology policy as a person could be. You should be thankful that he exists because when legislators talk about regulating the Internet, he tells them that the Internet won't always come out of a PC and it won't always have just words, text, and pictures. In short, he's got an eye on both the policy and the direction of the technology, which is very helpful when Congress is thinking of taking action with its eyes closed.
Dave Kramer is a litigation partner with Wilson Sonsini Goodrich & Rosati. Some of you may have heard of his firm. Dave is Mr. Cutting Edge when it comes to legal issues on the Internet. Dave is an outstanding lawyer and a great person to debate with over a couple of beers because he doesn't necessarily even agree with himself.
And Ray Everett-Church has been at the forefront since privacy was recognized as a key business issue. He was the first-ever Chief Privacy Officer, he is the Principal of PrivacyClue, and he sits on the Board of Advisors of PrivacyRight.com, a company that may have figured out where the profit is in privacy. He may be the one who can give us all a clue.