We caught up with B.J. Mendelson to chat about his book, privacy, getting paid by companies for using your data and the future of the privacy space.
Andy: How did you get into the privacy space and come to write a book on privacy?
B.J: I felt that privacy was really a growth that grew out of from my book ‘Social Media is Bullshit’. For me the privacy issue kept coming up. For those who haven’t read ‘Social Media is Bullshit’, the book is not me dismissing the types of platform. Rather it’s the way we think about them is kind of backwards. Especially when it comes to marketing and public relations. The book required a number of years of research into the tech companies, business practices and what other employees thought about social media. In that research the thing that kept coming up all the time was that without someone’s data these large tech companies are useless. There is no economic model behind them, they would have no way to raise money and so it’s completely in their benefit to hoover up as much data as they can. I didn’t get into that area in my last book so I saved all my privacy research and said, ‘Ok, once the social media stuff is done I’m going to move onto that’.
Andy: Why does online privacy matter?
B.J: This is one of those questions that I kind of struggle with because the answer only matters to a certain point and to certain generations. What I mean by that is, so I have recently turned 35, so people my age and younger don’t really look at privacy as something that matters. However there is a general awareness that they’re giving up something in return for something.
Andy: Doyou think younger generations don’t take online privacy as seriously as older generations?
Mendelson: I think as humans we know that if someone gives us something we have to give something back. But that’s the way we are hard wired. So for my generation when I was in middle school and they were like ‘Hey this is a computer, and this computer will let you talk to everyone around the world for free, using this thing called the world wide web’, your expectation of it was that it was not free and you kind of knew there was a cost involved. I was 14–15 when the internet came out so I was pretty young but if you’re like a baby boomer or Gen-X you kind of grew up with this and the Cold War mentality that existed till the 1990s. Privacy was very important because the Russians could be listening in or if you grew up in the 1960s the government could be spying on you.
Andy: What do you make of the recent European General Data Protection Regulation (GDPR) and the recent Californian Data Protection Act?
Mendelson: I think any big legislation no matter how well intended has flaws in it. But on the whole these things are very good and better late than never. When it comes to these things I completely support it. I think that Canada is working on cloning GDPR. Likewise some people I spoke to in Australia and New Zealand it looks like their governments are looking to clone the GDPR. I would love to have one global rule saying hey don’t be creepy to tech companies and this is what we mean by creepy and this is the consequence of being creepy.
I don’t know if you follow the news too much in the US but we’ve elected an idiot as our president so I can confidently say on a federal level that nothing is going to get done when it comes to these things. So at least in the states, such as California is sort of the best we can do at the moment. As long as we have put the president aside, in the US we had Mark Zuckerberg come and testify before congress and the questions he was getting was more or less ‘how does the internet work’ and ‘can someone hack my microwave’ which was the level of knowledge that we’re dealing with on a federal level. For that reason a state by state and country by country is sort of what we’re going to see. I’m a big Star Trek guy, I think someday we’ll move away towards these different governments and just have the united fed. It’s like that one rule.
Andy: The last chapter in your book on Privacy is titled, ‘Then Again, So What’ and talks about the similarities between people caring about privacy as much as they do about climate change. Do you think people care about what companies are doing with their personal data?
Mendelson: It’s all in the presentation. The problem with climate change is that without walking around with maps of Miami saying hey you live here right, then guess what your neighbourhood is going to be underwater in 10 years. We talk about climate change in a very academic way. It’s done very abstractly. Privacy is also done in a similar way to climate change. There’s a lot of great privacy books out there, but the problem is they are very much concerned with what the government does and doesn’t do.
For many, including myself, I don’t care what the government does or is concerned with. Then the other part is that privacy is done in a very academic and inaccessible way. There’s a lot of privacy books but they assume the audience understands all these deep technical things. I found that just talking about Tor Browser is pretty advanced for most people. Most people don’t even understand that it’s not the website that loads up but a dozen of ad-trackers. That’s been the problem as far as I can see and why it’s hard to get people to care because we don’t talk about privacy on a very intimate or concrete level. We talk about privacy on an academic level and so a lot of the discussion doesn’t pull people in the way that it should.
Andy: What do you make of the recent scandals such as the Cambridge Analytica and Facebook?
Mendelson: Well the crazy thing about Cambridge Analytica is that they weren’t doing anything that no-one else was doing. That’s the funny thing if you go back and search the term growth hacking plus Facebook you see a lot of that going on where people had quizzes and apps and different things that were siphoning data from Facebook. It’s hard to get people to care about that because you get a lot of ‘what aboutism’ and ‘what about this stupid quiz app’ that I played with what about the zinger apps.
Andy: In a recent podcast you touched upon the idea of Twitter and Facebook paying a salary fee for every user, a bit like compensation. Could you tell me a bit more about that idea?
Mendelson: Well it’s definitely a very American thing, most people I talk to in the European Union talk about privacy as a human right and you shouldn’t commoditise a human right. I respect that argument but being an American you’re sort of inundated with making money. For the most part if you live in a capitalist or capitalist leaning society money is pretty much the bedrock of society. So that was my approach.
You know Facebook is a multi-billion dollar company and they don’t pay their taxes, they routinely go out of their way to not pay tax. I don’t know if you saw the commercial apology on TV. The crazy thing about the commercial and it starts out sweet but then the last line goes “then something happened” which implied it was someone else’s fault. They realised how much money they can make from your data when they had their initial public offering (IPO) and they had no business model. It was only after the IPO that they thought crap we actually have to monetise our model. So the reason I mentioned the idea of monetising data back to the end user is that Facebook since the beginning has fundamentally taken advantage of users at a point where they have commoditised you. I feel that there should be some compensation for that. If you’re not going to pay your taxes or continue to be crappy in terms of what content you allow on your platform. We saw that recently with Mark Zuckerberg and the holocaust deniers. Where he’s like that’s not hate speech and everyone has their right to express themselves.
So my answer was like ‘Hey, there’s a few different things you can do here’. One if you’re going to syphon and sell my data. Which is what you do on a second by second basis on the platform. There’s this micro-transaction that takes place between the data broker and other ad-tech providers. There’s no reason why you couldn’t just insert someone in between the process. So as this micro-transaction takes place there’s no reason why you can’t be cut into that. Ultimately you are the one that is at the centre of that transaction and that transaction doesn’t happen if you don’t use Facebook.
The other thing is that Jaron Lanier quotes this a couple of years ago. They were like ‘if we accept that you are the product of all these services, then at the very least what should happen is they should give you an annual licence fee’, that you would say pay for an office or photoshop or something like that. We’re not talking big big dollars but at the centre of this multi-billion dollar enterprise the least they could do is say ‘Hey, ok, we make a dollar a day from you we think at the end of each year we should pay a licence fee of 365 dollars or whatever it is’.
The other thing is Facebook is researching heavily into blockchain. I think the technology itself is amazing and there’s a lot of things that could come from blockchain. One of those things is now on a microscopic level we can track these thousands of ad transactions. Before it was a black box and people didn’t want to know how it works. If they were to utilise the blockchain we can track and trace these transactions. Then by knowing these transactions took place I believe you should be compensated for those transactions. A bit like the fees we pay when transferring money.
Andy: Do you think there’s a problem with the current state of privacy policies? Do you think it’s time for a different approach?
The GDPR lays the framework where you now have to opt in. And in the US right now you have to accept or in California it’s something you will see in 2020. You have to opt out and the fix is making people opt in. Tech companies don’t want that moment of; ‘Wait, what are you doing? What is it that you plan to do with my granddaughters picture? Are you going to use it for advertising?’ The fix is here. It’s a question of rolling it out globally and getting people to stop, and in the EU you can now say; ‘I don’t want you to do this or after 30 days I want you to delete my data’. I think it’s great for consumers and I think it’s honestly great for the tech companies too as it forces them to say; ‘Hey, I think advertising is a very bad business model, maybe we should be doing something else’, and in turn it forces them to innovate.
Andy:What is the future of privacy?
Mendelson: I think the United States is going to have its own GDPR in one shape or form so that is coming. You can see it happening within the next few years. Of course it doesn’t mean those laws are perfect but it’s better than what we have. I think we’ll have more opt in available and even be able to monetise our own data.
I’m more concerned with self driving cars and augmented reality. How does privacy impact say if I’m walking around with some Apple augmented glasses and I’m scanning things and then I scan people and the glasses start telling me about the different brands someone is wearing. Is that being creepy or is that ok?
Andy:What do you think of the idea of users controlling more of their own data and getting rewarded for it?
Mendelson: I think things like that are exciting, I think anything that puts more control in the hands of the consumers is great. For the past twenty four years since we’ve had the internet economy, starting with Netscape, we’ve treated data and privacy like a black box. We don’t understand how these things work but they just work. I think people are starting to go, ‘If you’re making millions of dollars from my data maybe I should get a cut of that’. Anything that gets rid of that black box I would fully endorse.