Watermarking: Threat to Privacy?

Recently, a mini-firestorm has erupted over the possibility that the recording industry will add watermarks to music files (e.g., articles here, here, and here). The idea behind the watermarks is that they will allow copyright holders to see where files on peer to peer networks came from and file lawsuits accordingly. Whether such tracking would actually allow the RIAA to file suits without being embarassed (e.g., as described in this article, which eventually led to a charge of malicious prosecution) is an open question. However, what I would like to address is not whether the watermarks will help in prosecution of copyright infringers, but what they will do for individual privacy. In a wired.com article on the subject, Evan Hill, CTO of Activated Content, a company that provides watermarking solutions to Universal, Sony/BMG and other labels is quoted as calling watermarks which uniquely identify each file purchased by each user a "privacy nightmare." While there are certainly concerns about watermarking, I don't think those concerns are really that significant. The reason for this is that problems with watermarking are really only a symptom of a larger issue: users being forced to sacrifice their privacy in order to participate in the modern economy. I've blogged previously (see post here) about the threat posed to privacy by the routine enforcement of clickwrap licenses where service providers can basically dictate terms because users either don't or can't understand what they're agreeing to. Similarly, in the case of music distribution, service providers (i.e., record companies) can basically dictate terms to users, because people won't bother to read the licenses provided with the songs and, even if they did, they wouldn't have any choice about accepting them because the record labels have government enforced copyrights (assuming the consumers care about buying licensed copies of the songs, of course). In both cases though, the problem isn't the watermarks (or the clickwraps) it's the economy, and the legal system which allows those tools to be used in ways that strip users of their privacy.

Privacy and Contract Revisited

Two weeks ago today, I wrote that individual privacy was basically dead (original post here). I wrote this in response to an article which discussed the terms of service for the new iPhone, and I pointed out that, since courts routinely enforce clickwrap licenses that are never read or understood by consumers, there was nothing in the world to prevent businesses from writing provisions into those contracts which basically stripped consumers of their privacy. Happily, I may have written too soon.

Since my original post, Wired.com has reported on two court decisions which, contrary to the general practice, have ruled against businesses on the enforceability of clickwrap licenses (stories on the subject are here and here). Does this mean that end user license agreements won't be the death of privacy? It's too early to tell - the cases reported on by Wired weren't directly concerned with privacy, and they might be an aberration rather than a sign of an emerging trend against click licenses. However, it is possible that my conclusion that privacy would be effectively destroyed by EULAs was premature. I hope it was, as that was one circumstance where I would much rather be wrong than right.

Privacy and Contract

Assume that I, without your permission, install a keylogger on your home computer that records everything you type and sends it back to me. Clearly, I have violated your privacy, and probably exposed myself to civil liability as well (e.g., trespass to chattels, as described here). Change the scenario slightly. Assume that you and I meet, and you agree to allow me to install a keylogger on your home computer that records everything you type and sends it back to me. That magic element of authorization changes what would be a privacy violation and a lawsuit into a straightforward agreement between two people. Now change the scenario slightly again. Assume you buy a product from me, but, before the product can be used, you have to agree to a 15,000 word contract which includes as one of its provisions an agreement that a keylogger will be installed on your home computer which records everything you type and sends it back to me. Before arguing that the license couldn't possibly be upheld, think again, clickwrap licenses are routinely upheld as valid contracts by US courts (as described here). Before arguing that no legitimate business would ever put such onerous terms in a license, consider that the terms of service for the new iPhone state that Apple may monitor the users' phones (NOTE: I do not own an iPhone. My knowledge of their terms of service is based on this article).

So what does all this mean for privacy? Well, I think it means that privacy is basically dead. It's insane to think that consumers will actually read and understand the multitude of licenses they are presented with (the iPhone license is 17,000 words long, and apparently so convoluted that many lawyers can't understand it). It's also insane to think that consumers are going to stop buying new products, or that businesses are going to stop using clickwrap licenses. The result is that, as businesses realize that they can get consumers to agree to literally anything, consumer privacy is going to be killed by new consumer toys and the licenses that people will agree to to get them.