A call for privacy standards

A call for privacy standards

It’s easy to take a defeatist attitude towards things we once considered undefeatable, like privacy and getting paid for producing content. For the most part I agree with the argument, which goes: there are millions of people using the internet across international borders. Preventing any behavior (bittorrent and copying text verbatim as two examples) is fighting an unwinnable arms race. Either there are too many people doing it, or the technology you develop will quickly become hacked or defeated. It’s a mishmash of challenges that come from an open internet, but the defeatism that comes from it is too often universally applied.

You can regulate Facebook, and you can regulate them hard and effectively. Same with Google. They are not bittorrent, they are small centralized companies that can be held accountable for their actions. But effective regulation in the digital age does not rely on laws; it relies on working with a company and its users.


My effective regulation strategy is certification. Agree upon several tiers of privacy awareness through a consensus-building process. As an example, the lowest-tier level would include deleting data immediately from a database when it is deleted on the site (Facebook probably has photos you deleted years ago) and protecting personal data from employees. A higher tier would require all privacy-related changes to be opt-in.

Next, establish companies that perform extensive security audits, with full access to the practices and systems of the companies. Establish peer reviews to keep them better than bond rating agencies. (Easier said than done, but c’mon this stuff is doable.)

Integrate this system into consumer products like Firefox’s site identity features. Firefox can warn users when they are entering a username and password with a site that is not privacy-certified.

Only now can we call on the government for a little help. Establish a mandate requiring companies above a certain size that operate in the US to be certified. Require web browsers developed in the US to integrate awareness of the privacy certification.

This model can be set up by the government and encouraged by the government, but it would ultimately succeed because of the consumer. On the one hand it’s a decline in the power of government; on the other it is an affirmation of their continued role in keeping the internet working well.