When Google rolled out Buzz in mid-February, people were angered by the type of privacy breaches which have plagued another social medium. The three main issues for Buzz were:

• auto generation of follower lists from individuals’ private email and chat behavior
• auto completion of some email addresses in a feature similar to Twitter’s @reply
• auto connection to Google Reader and Picasa Web Albums.

Google responded to privacy concerns within days. However, for some who had very real privacy concerns, this simply wasn’t good enough.

I use my private Gmail account to email my boyfriend and my mother.

There’s a BIG drop-off between them and my other “most frequent” contacts.

You know who my third most frequent contact is?

My abusive ex-husband.

Which is why it’s SO EXCITING, Google, that you AUTOMATICALLY allowed all my most frequent contacts access to my Reader, including all the comments I’ve made on Reader items, usually shared with my boyfriend, who I had NO REASON to hide my current location or workplace from, and never did.

There’s still a lot to learn about how we integrate privacy into new products, but we know the golden rule - personal information should never be published without personal consent.

Remember the first time you saw Barack Obama?

If you’re like most Americans, it was roughly four and a half years ago at the Democratic National Convention. I refer you now to one line in particular of that historic speech:

“We worship an awesome God in the Blue States, and we don’t like federal agents poking around in our libraries in the Red States.”

There is a reason the confidentiality of library records is sacrosanct: it is because the use of them for government intelligence virtually guarantees an imposition on civil liberties.

When we think about going to the library and checking out a John Grisham or a Stephen King, it’s hard to imagine what all the fuss is about. But imagine instead that you’re interested in religion and you check out a Bible or a religious reference book. Now imagine that instead of a Bible, you check out the Koran.

There are millions of versions of this scenario. You love planes and you check out a book to see how jetliners work — now imagine you’re of Middle Eastern descent. You’re fascinated with serial killers. Your friend David recommends Devil in the White City. You’re a student of human behavior and pick up a copy of The Lucifer Effect. Any one of these situations could imply suspicious activity — and, in more than 99% of cases, that suspicion would be dead wrong.

In the book Free Expression and Censorship In America, Herbert Foerstel describes the FBI’s attempts to monitor communist activity through the library system:

At [the University of Maryland, College Park], the agents asked librarians to report on anyone with a “foreign-sounding name or foreign accent” who used the libraries. Such a characterization would fit the majority of students and faculty on most American campuses, yet librarians were asked to monitor reference questions and on-line literature searches, including searches of [the National Technical Information Service], in order to establish the subject interests of these suspicious foreigners. All of this surveillance was conducted despite the fact that the UMCP libraries contained no classified materials, and their collections were presumably open to anyone. When the university complained about the surveillance, an FBI representative claimed that the libraries should feel no obligation to protect the access and privacy rights of noncitizens.

This backstory is why I was glad to see that a court is allowing a lawsuit against Blockbuster to proceed. The lawsuit is backlash from Blockbuster’s participation in Facebook’s ill-conceived Beacon program, which shared user purchase activity across the social network.

Just like libraries, it may seem that the potential harm from this program is minimal. You rent a copy of Wild Things, and the next thing you know your out-of-town girlfriend spots it on your News Feed and you’re having to explain yourself. But just like library books, movies can be an indication of who we are. Unfortunately, they are symptoms that point in a million different directions — symptoms that carry with them a potential for misinterpretation as tempting as a serpent’s apple.

We are eternally trying to find the right balance between freedom and security. Thankfully, books and other media coexist with speech firmly on the ‘freedom’ side of the line. Let’s keep it that way.

What do you think?

I had the privilege this week of attending a lecture by Professor Hal Varian, Chief Economist for Google. Varian discussed the advent of computer-mediated transactions and how they transform our business practices.

There were a couple of interesting points he raised: historical (in a pre-literate and pre-numerate era, how could people shipping barrels of olive oil have any confidence that the amount of oil that left was the same amount that arrived?), logistical (computer-mediated transactions enable more and more complex contractual arrangements), and conceptual (behavioral targeting, etc.).

This last, conceptual, is a big thing for Google these days, since they’ve been in the behavioral targeting business for all of two weeks. It’s also where Varian started to get into Web Genome Project territory. I found one thing he said particularly interesting:

In general, people have no problems with the intended use of data (more relevant content, etc.). What people are worried about is the unintended use of data (AOL’s massive data spill, etc.). The problem, therefore, is not so much a privacy problem, but rather a security problem.

That’s a pretty interesting comment, and it certainly rings true to me. “I don’t want Google knowing all this stuff about me,” people say. “Who knows what they’re going to do with it? What if somebody unscrupulous gets their hands on it?”

The core proposition of the Web Genome Project is personalisation with privacy. In light of Varian’s comments, however, it’s worth revisiting that proposition, because in fact it’s much stronger than that. The WGP model means that no clickstream or historical data is ever collected in the first place. If a thief were to break in, the vault would be empty; there’s just nothing there. So the model actually eliminates the entire question of privacy. It doesn’t much matter whether I can keep your data private if I don’t have any data on you to begin with.

Gratifying stuff from someone who’s earned his stripes. What are your thoughts about privacy vs. security?

I have been saying for some time now that our biggest unsolved problem is not a need for more information, but more assistance in finding what we want, when we want it, without getting bogged down in the infinite content made possible by UGC and Web 2.0.

In other words, what the market needs right now is clarity, not quantity.

Ideally, one type of entity that should be able to assist in clarifying the landscape is thinktanks. Ostensibly independent organizations, whose job it is to, well, think, these groups should be acting as advocates for us, collating, analyzing and synthesizing information so that we mortals can bypass all that messiness and cut straight to the heart of the matter.

Would that it were so.

Two weeks ago, a new thinktank was launched: The Future of Privacy Forum. Now, if ever there were a topic that called for clarity, online privacy is it. Nobody knows where the lines are or how gray is gray, and only the die-hard evangelists have any idea what data portability even means.

This Future of Privacy Forum is just one of several — there are also SafeCount, the Network Advertising Initiative, and the Center for Democracy and Technology, for example. The FPF (they don’t call themselves that, but I’m a lazy typist) was founded by Jules Polonetsky, former AOL Chief Privacy Officer, and is funded by AT&T. Where it gets a bit tricky, though, is in its first recommendations: delete your cookies and use AskEraser.

Wendy Davis at the Daily Online Examiner points out the inherent conflict of interest with this recommendation: AT&T has a long-running feud with Google over net neutrality and privacy. So is the FPF merely a way for AT&T to take a one-step-removed dig at the search giant?

At the same time, SafeCount and the Network Advertising Initiative both point out that cookies are what allow us to access all of that great free content. The “complex advertising and marketing mechanism” warned of by the FPF is the same mechanism that makes sites like YouTube possible.

Finally, just today, the Center for Democracy & Technology called on the Obama administration to pass new privacy laws, starting with a new definition of PII (personally identifiable information). We need one, by the way. Privacy and anonymity are two different things.

Anyway, all these recommendations are starting to make my head spin. What we need is a thinktank of thinktanks. What do you think?

Would you do it?

Or let’s start with an easier question: would you let your cell company send ads to your phone in exchange for a discount on your bill? If you said yes, you’re in good company: so did 61% of the 810 people surveyed in a recent study by Transverse and iGR.

That number sounds good, but MediaPost’s Steve Smith dug deeper, and found consumers are pretty savvy about valuing their attention and pretty particular about what they’re willing to give up in exchange for the financial benefit.

For example, that 61% gets whittled down quickly when people have to provide usage information in exchange for the discount. Nearly 50% of those surveyed said no way, while only 13% said no problem. For everyone else, it was a question of, “How much are you going to pay me?”

Consumers felt they could be more demanding the more intimate the information became — some data comes cheaper than others. More than 74% said they wouldn’t mind sharing the number of texts they sent or received, but only 22% would be willing to expose the content of their downloads. (Frankly, I thought that last number would be even lower.)

The ramifications of this study go far beyond the specific numbers; they speak to the conceptual shift that we as a society have undergone in the past decade or so. In an attention economy, our time and data are real assets with tangible value. That value is being continually negotiated on the open market, and it’s up to every individual to determine what it’s worth.

So how much would you sell your text quantities for? How about your clickstream or download content?

Last week, several reputable sources including The Telegraph and The Independent reported on a government plan to capture every email and web visit in the UK.

The data would be captured in ‘black boxes’, which would be installed upstream from ISPs and paid for by the government, thereby removing a major obstacle to implementation.

Nonetheless, the plan, which has been given the adorable name of IMP (Interception Modernisation Programme), does have to go out for consultation, and early indications are that it will be met with significant resistance.

The Telegraph reports that ‘Richard Thomas, the Information Commissioner, has described [the black box plan] as a “step too far”.’ The Independent adds that ‘the Government’s own terrorism watchdog said that as a “raw idea” it was “awful”.’

The government, however, says they only want to go back to the same amount of monitoring they could do before the Internet existed, and that they need the data to support anti-terrorism efforts.

At first blush, this idea sounds absolutely horrible. The government appears to be distinguishing between ‘content’ and ‘traffic’, but it isn’t clear what the difference is. There’s no mention in any of the articles I read about warrants and due process. Even the United States’ warantless wiretapping program isn’t this broad; back in 2005, then-Attorney General Alberto Gonzalez said that the surveillance could only be undertaken when there’s “a reasonable basis to conclude that one party to the communication is a member of al Qaeda, affiliated with al Qaeda, or a member of an organization affiliated with al Qaeda, or working in support of al Qaeda.” and that one party to the conversation is “outside of the United States”.

So here I go again, with what’s beginning to seem like a repetitive chant: the ever-increasing nature of our connectivity requires ever-increasing sensitivity to privacy and civil rights issues.

I don’t claim to be any sort of expert on government intelligence, terrorism monitoring, or international law. What I do know is that a civilized and humane society is engaged in a continuous balancing act between the security of its people and the freedoms of its people.

So I applaud the consultation process, and I am heartened by imagining that it will be authentic and fair. And I hope that the people who respond do so thoughtfully. And I hope that the UK government bears in mind that its duty is not to protect its people at the expense of its people.

Do you think I’m overreacting? That this plan is no worse than anything that’s been done a million times before? Or do you think that privacy should be maintained unless there’s a demonstrated need to see a specific communication? I’m looking forward to hearing from you.