Monday, February 11, 2008

Who Cares About Privacy? has an article up about a startup called Credentica, which uses multi-party computation to allow people to verify information about themselves (e.g., age) without sharing that information, thereby eliminating data leaks which can lead to identity theft.

While the technology of the new service is neat, the headline of the article asks what I believe is an important question: Does Anyone Care? As discussed here, studies show that people always place greater value on even small amounts of money than they do over the privacy of their personal information, meaning that even a startup with a great new privacy protection product is likely to have a tough time in the market. In my opinion, that's too bad. To my mind, protecting your personal information is like playing poker against the world with all your cards exposed. Perhaps my profession as an attorney makes me more vigilant about privacy than other people, after all, lawyers have affirmative duties to protect information. One great example of those duties is this opinion which states in part that
The employees of the public defender's office must be the only individuals who have access to client information, including that which is stored on the computer system. If any component of the computer system is linked or somehow shared by other county offices, the public defender must take whatever reasonable and necessary precautions there are to ensure that this information cannot be accessed by the other offices. This is the public defender’s primary responsibility in this scenario. If the public defender is not satisfied that client confidentiality can be secured, then the ethical alternative is to either maintain a separate computer system from the other county offices or discontinue storing client information on the shared system. (emphasis added)

In other words, for lawyers, if a system isn't secure, it shouldn't be used to store client information. If all individuals had this same type of regard for data privacy, companies like Credentica would be almost sure to succeed. However, my experience, backed up by empirical data, is that most individuals have little to no regard for their personal data, which means that companies like Credentica, even if they have a great product, will likely have a difficult time in the market.

No comments: