Who Owns Your Cyberwake, and Why it Matters Jim Cole, Covero Consulting Group, Inc. February 24, 2000 Copyright 1995-2000, Covero Consulting Group What is a cyberwake? A rather ineffective manager I once worked for was said to be "a nice guy, but he leaves a narrow wake," meaning he didn't have much impact on the people he worked with. As you surf the Net, you also create a wake. This cyberwake shows where you've been on the Net, what information you've searched for and looked at, and what you've bought. Your cyberwake is tracked via sites' personalization engines and by browser cookies. Right now, you don't own your own cyberwake, and that's why your privacy is at risk online. What can someone do with a cyberwake? DoubleClick serves ads to a large number of popular web sites, such as AltaVista. After acquiring Abacus Direct, the country's largest catalog shopping database firm, DoubleClick quietly changed its privacy policy. The new policy allows DoubleClick to link online information collected via cookies with offline consumer profiles Abacus has collected. At the same time, a new initiative by DoubleClick allows them to collect names, addresses, and other information from sites when people register at those sites. DoubleClick will now be able to link its cookies with people's identity and thus, with their offline purchasing habits. Because DoubleClick serves ads to over 1,500 web sites, DoubleClick will be able to track individuals' cyberwakes when they visit any of these sites. In the face of consumer pressure from campaigns launched by organizations such as the Center for Democracy and Technology, DoubleClick has backed off and says it won’t link online data with offline data, although it won't rule out doing so in the future. The FTC is now investigating DoubleClick. In fact, the Internet industry in general is under fire from privacy advocates and the Federal Trade Commission for not safeguarding, or in some cases, allegedly violating Internet users' privacy. Some Web sites are more blatant about collecting private information by asking for it directly, even from children. The industry has promised to regulate itself to ensure that web surfers are notified when information about them is collected, that they are given choices about how this information is used, and that the information is kept secure, and that it is accurate. Who owns the cyberwake information that's collected? It's information about you, so maybe you own it. But it was collected or developed by the Web site and the data warehouses, so maybe they own it. It turns out that this question of ownership is fundamental to determining whether the Internet industry will be able to successfully regulate itself to protect your privacy. The answer today is that you don't own this information. If you did, you could simply choose not to sell it to mailing lists. Your privacy would be protected. What are the incentives that have created a system where your privacy is at risk? Can a system be created that returns ownership of this type of information to the people it's about? Can the companies that currently "own" this information work together to regulate themselves to protect your privacy? Or is government regulation the only way to protect your privacy? Why Is Your Privacy At Risk? Your privacy is valuable to you. It's not valuable to the people buying and selling the information that violates that privacy. In economic terms, the marginal social cost of this information gathering is the value of lost privacy among all the people affected by this information gathering. The marginal private cost is the actual cost incurred by the Web site, the data warehouse, and the companies that buy the mailing lists. These companies decide how much information to gather by weighing the money they'll earn by selling the information they've gathered versus the marginal private cost of gathering it. They do not take into account the marginal social cost of their activities. On the Internet, the marginal private cost of information gathering is typically very low. As you visit a Web site, it costs almost nothing for that site to store your cyberwake in a database. Similarly, the cost to the data warehouse of matching up one email address with a name and phone number is very small. Thus, it's likely that the marginal private cost of gathering information about you is lower than the value you place on the subsequent loss of your privacy. When the marginal private cost of an activity is less than the marginal social cost, too much of the activity occurs. A common real-world example is a fishery. Fisheries are often what economists call an open-access resource. That is, the fishery isn't owned by a person or a corporation. Anyone with the proper equipment can show up and fish. The marginal private cost of catching a boatload of fish is the cost of the boat's crew, the fuel, bait, etc. Each fisherman takes these costs into account when deciding how often to fish. What the fisherman may not take into account is the effect of their fishing on the overall stock of fish in the fishery. So each fisherman takes his catch, and over time, the stock of fish is depleted to the point where there are too few fish left to sustain the fishery. This has occurred, time and time again, in fisheries around the world. Your cyberwake is also an open access resource. No one owns this meta-information; it's there for the taking. Any Web site that you visit can gather information about you, and their cost to gather that information is very small. What happens, in economic terms again, is an overuse externality. The information is overused, just as the fishery is over-fished. Overuse externalities occur when property rights that define who owns a resource are unclear. Who owns a fish in the fishery? Whichever fisherman catches it. Who owns meta-information on the Internet? Whichever Web site gathers it. To correct overuse externalities, clear property rights must be established. There are three conventional property rights systems: private property rights, state property rights, and common property rights. Private Property Solutions Most economists, and many Americans, especially those who are more conservative politically, believe that a private property rights system is usually preferable to a system of government regulation. Certainly, the Internet industry, and the computer industry which spawned it, have a widespread distrust of government involvement, and prefer private property solutions to government regulation. Private property solutions to overuse externalities consist of giving ownership of the scarce resource (e.g., the fish in the fishery) to entities (typically a person or company) that then exploit the resource to maximize their benefit. The owner will most likely take care not to overuse the resource, because they would suffer the entire consequence. But privacy is created and maintained by not collecting, using, or disseminating information. A person's privacy is violated by the actions of others, in this case, meta-information gatherers. This creates a problem that is similar to problems examined by a famous economic theorem called the Coase theorem. The Coase theorem states that an efficient allocation of rights is obtained via negotiation, regardless of the initial allocation of rights. It is based on the assumption that parties can bargain with zero transaction costs. That is, it doesn't matter which party owns the resource initially. As long as they can bargain cheaply, the party that values the resource more will end up owning it. If, however, there are high transaction costs to bargaining, the Coase theorem suggests that the rights will remain with the initial rights holder. If the initial rights to meta-information are given to the individuals who are using the Internet, then meta-information gatherers would have to negotiate with them to obtain the right to use this data. If instead, the initial rights to this data were given to meta-information gatherers, individuals would have to bargain with them to avoid having meta-information gathered. Today, technology and law contribute to a system that allocates these rights to meta-information gatherers. That is, you don't own your own cyberwake. Because meta-information can be gathered by many different entities, the transaction costs of individuals bargaining with meta-information gatherers is prohibitively high. Imagine, for example, that before you visited any Web site, you had to enter into negotiations with its owner over the rights to the meta-information you were about to create. Thus, the Coase theorem implies that high transaction costs will prevent individuals from efficiently bargaining to regain control over meta-information, and thus, privacy. The rights bundle will probably remain with the meta-information gatherers. If people could surf the Web anonymously, they would, in effect, be transferring initial ownership rights in meta-information back to themselves. Any Web site that wanted to gather meta-information about an individual would have to negotiate with that person for those rights. Such a system would also have to provide untraceable forwarding of email from a placeholder email address to a person's real email address. This is similar in concept to giving out a P.O. Box when someone requests your address. This system would allow people to begin a dialogue with the operators of a Web site without revealing their actual identity. One can envision a system that initially provides anonymity, but can also negotiate on behalf of its user. A Web site could ask the user's Web browser (or her encrypted digital ID) if it would be willing to reveal the user's identity for certain uses. One user might be willing to reveal his identity on the condition that the Web site not resell that information. Another user might not be willing to reveal her identity under any circumstances. A third person might be willing to reveal not only his identity, but also his income and net worth, in exchange for a direct cyber-payment from the Web site. Until this type of technology is developed, however, a private property solution does not appear likely to protect people's privacy on-line. State Property Solutions The second type of property rights system is state property systems. State property solutions involve governmental control and public administration of a resource. The FTC is warning the Internet industry that if it fails to self-regulate to protect privacy, especially children's privacy, it will regulate the industry. Such regulation could encompass anything from the requirement for every Web site to post a privacy warning, through an outright ban on collecting or reselling meta-information. The industry would like to avoid any of these steps. Therefore, it's in the industry's self interest to find a way to self-regulate to ensure people's privacy. Common Property Solutions The third type of property rights system is common property rights. These systems occur when a group gets together to manage the use of a resource. Common property systems are not the same as open access systems, such as a fishery. An open access system is one of no property rights. A common property system is one where a group owns and manages a resource. A common property system would occur, for example, if all the fisherman in an area formed an association to ensure that the overall catch taken by all members did not exceed the carrying capacity of the fishery. In order for this common property system to work, the fishing association would have to be able to exclude non-members from using the fishery. If not, these non-members would not abide by the associations catch limits, and the fishery would still be over-fished. Self-regulation by the Internet industry is analogous to a common property rights system. Is meta-information on the Internet a resource that could be managed by a common property system? Robert Wade examined criteria for estimating the likelihood of successful formation of common property solutions by resource users (The management of common property resources: collective action as an alternative to privitisation or state regulation , Cambridge Journal of Economics, volume 11, number 2, pages 95-106). Some of these criteria do not apply to information goods. The relevant criteria for successful common property rights creation are listed below, along with the applicability of each criterion to meta-information on the Internet: Criterion Applicability to Meta-Information Small, well-defined resource boundaries make it possible for a group to manage the resource’s use No: Resource boundaries are ill-defined High costs of privatizing property by excluding others technologically or physically make a common property solution attractive Yes: Virtually impossible to privatize these information flows High demand for the resource makes it worthwhile for the group to manage the resource for their own use Maybe: Many entities demand it, but unlike physical resources, the use of information by one entity does not prevent its use by another entity (its consumption non-rivalrous) Some arrangements for managing the common property system already exist No: Few systems exist now There are a small number of resource owners, bound together by mutual obligations No: There are a large number of resource owners (Web sites), and they are operate completely independently. Moreover, their goal of gathering and disseminating meta-information is exactly the opposite of individuals’ desire to keep this information secret.   The above list shows that there are several key impediments to creating a common property solution to protect people's privacy on the Internet. First, the resource that needs to be managed, meta-information, cannot be contained. Each time you click on a link or fill out an on-line form, you're creating new meta-information. Second, the use of information is non-rivalrous. Physical resources, such as fish, can only be used by one person. When one fisherman catches a fish, that fish cannot be caught by any other fisherman. If a group of fisherman agrees to protect a group of fish, others can't use those fish. But the same information can be used over and over, by many different parties. One person's use of information doesn't prevent someone else from also using it. Thus, even if one data warehouse agrees not to use meta-information collected on the Web, three other data warehouses can still use the same information. And as more parties agree not to use meta-information, it becomes scarcer, and consequently, more valuable. This, of course, creates stronger incentives for its use. Third, there are currently few systems in place to manage the use of meta-information. Various Web sites are posting privacy policies, but there's no independent enforcement mechanism to ensure that these policies are followed. The TRUSTe organization demonstrated that its allegiance is really to web sites, and not to privacy, when member site Real Networks violated its policies, and was not punished. The creation and use of privacy policies is entirely voluntary. Perhaps the greatest impediment to a common property solution is the huge numbers of parties involved. Tens of millions of people use the Internet. Tens of thousands, perhaps even hundreds of thousands of Web sites collect information about them. Moreover, a goal of Web sites is to gather information and maximize the benefit from its use, while a goal of Internet users is to keep much of that information secret. Thus, the two groups' goals are diametrically opposed. Web sites can argue that the money they earn by selling meta-information subsidizes their freely-available Web site, but individual users are likely to say, "Fine, subsidize it with someone else's privacy, not mine." Conclusion Internet users' privacy is at risk because of the low cost of collecting and using information about them, and because the property rights for this information currently reside with the Web sites that collect it, not with the people whom it describes. A private property solution is not feasible with available technology. A system of anonymous browsing and automated negotiation between user's software and Web site software could shift the property right for meta-information away from information gatherers and back to individuals; this would enable the creation of a viable private property solution. Governments could also regulate the ownership of meta-information, in essence transferring ownership of people's cyberwakes back to them. If enforceable, this could also protect people's privacy online. The Internet industry wants to avoid government regulation, and promises to do a better job of self-regulating. This is analogous to creating a common property rights system to regulate the use of meta-information collected about Internet users. Such a system is unlikely to succeed for several reasons. First, the meta-information is too widespread, and cannot be contained. Second, one party's pledge to refrain from using meta-information does not prevent other parties from using the same information. Third, there are currently no systems in place to regulate meta-information usage. Fourth, the number of people and companies involved is in the tens of millions. And most importantly, a primary goal of Web sites, to collect and use meta-information, is directly contrary to a key goal of Internet users: keeping information about themselves private. I believe that for industry self-regulation to effectively protect people's privacy, the following systems would need to be in place: An industry-wide association that virtually every commercial Web site belonged to Strict privacy policies for association members Strict monitoring and enforcement of those policies by the association The ability for users to configure their Web browsers to disallow visiting any Web page that could not prove it was created and owned by a member of the association Stiff penalties for violating the association's policies, including temporary or permanent expulsion from the association, which would cause a significant drop in traffic at the member's Web site Such a system even could implement a handshake protocol that created a feedback loop to encourage adherence to the strictest privacy policies. Assume that each user can configure their browser for various desired privacy levels. If a particular Web site has implemented a looser privacy policy, that user's browser will not display that site. If the protocol allows the Web server to capture this information, the Web site owner will be able to monitor the number of users they're turning away. As this number grows, there will be an incentive for them to adhere to a stricter privacy policy. The historical example of Caller ID in California, where a very high proportion of homes immediately signed up for automatic caller ID blocking on outgoing calls, suggests that many people will immediately configure their browsers to reject any site that doesn't provide maximum privacy. Such a system would help align Web site owner's goals with individuals' goals. In order to maintain good standing in the association, and thus, enable everyone's Web browsers to view their pages, these companies would work hard to ensure that they followed the association's privacy policies. The association would also be somewhat self-policing. As a hypothetical example, wouldn't eTrade love to catch a competing online broker selling name lists, get that broker kicked out of the association, and thus prevent many people's browsers from visiting that broker's site? If such a system were in place, and if public pressure to protect privacy on-line continues to mount, industry self-regulation might be able to sufficiently protect people's privacy. Without widespread adoption of an easy-to-use, effective privacy protection mechanism, however, it's unlike that industry self-regulation will adequately protect people's privacy online. About the Author Jim Cole holds a B.S. degree in Computer Science, and an M.A. degree in Economics. He is a principle at the Covero Consulting Group, which provides Web technology analysis, architecture, and development services.
			Return to top Return to the Resources page Contact us