Intelligent Capital in the Network Society

1
Privacy and Security of Personal Information
Technological Solutions and Economic Incentives
Alessandro AcquistiHeinz School, CMU
2
An APE Act?

• On May 6, 2002, the Washington Post reported
  that the National Zoo refused to release a
  deceased giraffes medical records on grounds
  that it would violate the animals right to
  privacy. Politech, May 2002
• Soon, an Animal Privacy Entitlement Act?

3
Three myths about personal information

• Is too much privacy bad for you?
• or, privacy can act against the interests of
  society or the individual
• Do we have zero personal information security?
• or, the loss of control on personal information
  is simply necessary to make the networked society
  work
• Do people really care about privacy?
• or, people would sell their DNA for a Big Mac

4
Question n.1 Is too much privacy bad for you?

• Free flow of information helps and economy and
  the individual.
• True, but what else do the economic arguments say?

5
Economic incentives

• Recent economic studies show something
  interesting about the flow of personal
  information
• Acquisti and Varian (2001) allowing firms to use
  cookies can make customers and society better off
• Calzolari and Pavan (2001) sharing information
  between sellers reduces distortions
• Taylor (2002) with strategic customers, firms
  better off respecting customers privacy

6
The economics of privacy

• Acquisti and Varian (2001)
• Monopolistic firm/competition case
• Customers can be myopic or strategic
• With and without commitment
• Customer can use anonymizing technology, and
  suffer a certain cost
• What is the optimal strategy for the seller?

7
The economics of privacy contd

• Monopoly
• If firm just offers the same good, optimal not
  to use cookies! I.e., behavior-based price
  discrimination is not optimal.
• If firm can use customer information to provide
  targeted services, price discrimination will be
  optimal for seller, and
• Society can be better off

8
The economics of privacy contd

• Competition
• No flat price equilibria
• Lock-in equilibria
• Cost of anonymous technology

9
Off-line vs. on-line identities

• Previous results refer to information about the
  customer type being shared
• E.g., tastes, risk aversion, etc.
• Not necessarily her real identity
• Lets separate
• Friedmand and Resnick (2001) legal versus
  persistent identities
• Here
• On-line identity
• Off-line identity

10
On-line identity some trade-offs
11
Off-line and on-line other trade-offs
12
On-line identities, linkages, and costs

• Confusion arises in the debate from mixing
  on-line and off-line identities
• Econ says
• more on-line info is good market laws can allow
  right amount of on-line info to be shared
• not in contradiction with protection of privacy
  (off-line identity)
• Problem
• Why are the two identities instead always linked?
  
• Getting there is costly

13
Question n. 2 Do we have zero personal
information security?

• You Already Have Zero Privacy
• Is loss of privacy necessary to make the
  networked society work?
• IT can
• both link and unlink online and offline
  identities
• or make linkages costly enough
• PETs

14
For example Anonymous payments

• For example, is it possible to have a reliable
  (from charges to shipping) payment system for
  goods and services which is also anonymous?
• Yes Tygar et al. (1999).
• Implementations
• ECash (blind signatures)
• Probabilistic acid mix approach

15
Acid mix approach to anonymous payments

• The story
• Bob, Alice, and Kevin enter a room.
• The Protocol
• Let them swap payment tokens with other
  customers, until satisfied
• Put customers in control of the operation!
• Let them decide how much privacy they want
• Problem before swapping, customers cannot
  see/copy their own tokens
• For details Acquisti (2002)

16
And yet.

• Economic arguments show that trade-offs between
  sharing and protecting personal information can
  be reconciled
• Technology could do it
• So, why econ technology did not do it?
• Solve the following equation
• Find a privacy combination convenient for
  customers (e.g. Bob), profitable for vendors
  (e.g. Amazon.com), advantageous for other
  existing players (e.g. credit card networks),
  non replicable by competitors

17
Question n. 3 Do people really care about
privacy? Who should?

• Anedoctical evidence, Surveys, Experiments
• Privacy advocates cameras Spiekermann,
  Grossklags, and Berendt (2001)
• Independent Studies
• 18 Billion in lost e-tail sales (Jupiter)
• Top reason for not going online (Harris)
• PGuardian marketing studies
• Confirm privacy awareness, but
• Expect privacy at no cost offered by the merchant

18
How to conciliate the two views?

• Some ideas from economics
• Bounded rationalities (how to calculate the
  negative financial shock of identity theft?)
• Economics of immediate gratification (enjoy now,
  worry later)
• Experiment. Hypothesis individuals strategic
  wrt to on-line identity, myopic wrt to off-line
  identity
• So free decision, but not necessarily optimal
  for individual or society
• A Parable Geo Trust
• A second parable Motorbikes and Helmets

19
Economics of off-line identity

• Costs
• Both sides, both cases
• Customers
• Bounded rationalities, hyperbolic discounting
• customer decides not to protect herself
• Other parties
• Asymmetric information, moral hazard
• seller decides not to protect customer

20
Economics of off-line identity contd

• Hence
• too much off-line info re-distributed
• not paid for
• chilling effects
• real effects
• Lost sales
• Unsatisfied demand
• Identity thefts
• Frauds
• Or, rich, disagreeable niche markets

21
The approaches

• Market
• Econ does not work alone
• Technology
• Dot-com death bed
• Does not work alone
• And Law?

Data Marketing
Data Protection
22
Law

• Patriot Act (APE Act?)
• Or, different approaches
• Liability
• Adapting trade secrecy rules to licensing
  personal data - Samuelson (2000)
• Driven by economics, drives technology
• (third party market)

23
Seven (very personal) answers

• Privacy easier to protect than to sell
• We are all myopic, but not necessarily careless
• Privacy is about trade-offs. Good trade-offs
  could satisfy both privacy advocates as well as
  free data marketers
• Distinguish between on-line and off-line
  identities. Share on-line identities, protect
  off-line identities. Make linkages expensive
• Econ to see what to protect, what to share
• Law to send to signal the market
• Technology to implement chosen directions

24
Backups
25
An economics of privacy?

• Difficulties in conceptualizing privacy
• A right? A need? A gift?
• Too many things for different people
• Price discrimination
• Telemarketing
• Blackmailing.
• and even for the same person
• web-cam in the house
• and refuses cookies when browsing cnn.com
• Recognize privacy is about trade-offs