The benefits and costs of privacy

Issue 37/2019

Economists like to point out, to many people's disdain, that there's no such thing as a free lunch. Even free things have a price, regardless of whether it's clearly visible, and every decision involves trade-offs, i.e. there are benefits and costs.

That's why well-intentioned regulations that have benefits may actually, on balance, cause harm. Privacy on the internet (or lack thereof) - often misunderstood by those criticising it - is an area prone to regulatory miscalculation, with the European Union's General Data Protection Regulation (GDPR) the most well-known example. It was designed to protect people's privacy in the wake of a serious of scandals involving the likes of Facebook and, without a doubt, has some benefits. After all, as privacy expert Bruce Schneier wrote back in 2018, privacy is important:

"People change their behavior when they live their lives under surveillance. They are less likely to speak freely and act individually. They self-censor. They become conformist. This is obviously true for government surveillance, but is true for corporate surveillance as well. We simply aren't as willing to be our individual selves when others are watching.
...
If there is no privacy, there will be pressure to change. Some people will recognize that their morality isn't necessarily the morality of everyone—and that that's okay. But others will start demanding legislative change, or using less legal and more violent means, to force others to match their idea of morality.

It's easy to imagine the more conservative (in the small-c sense, not in the sense of the named political party) among us getting enough power to make illegal what they would otherwise be forced to witness. In this way, privacy helps protect the rights of the minority from the tyranny of the majority.
...
Privacy makes all of this possible. Privacy encourages social progress by giving the few room to experiment free from the watchful eye of the many. Even if you are not personally chilled by ubiquitous surveillance, the society you live in is, and the personal costs are unequivocal."

I'm all for privacy and exposing firms and governments which try to undermine it. But I have a problem with large, one-size-fits-all privacy regulations such as the GDPR, which add enormous compliance costs to virtually everyone. For while the GDPR helps to protect people's privacy online, it also has plenty of costs. For example, it erodes competition as smaller firms - especially those just starting up - are forced to divert valuable resources away from say engineers towards lobbyists, accountants and lawyers. Given the compliance costs, the GDPR tends to help large, established firms secure their place at the top in exchange for less disruptive competition and innovation. Such costs tend to continue to accumulate unseen for many years as innovation, and subsequently productivity growth, are artificially reduced.

Thankfully there are solutions emerging that look to reduce those costs:

"As privacy regulations like GDPR and the California Consumer Privacy Act proliferate, more startups are looking to help companies comply. Enter Preclusio, a member of the Y Combinator Summer 2019 class, which has developed a machine learning-fueled solution to help companies adhere to these privacy regulations."

Will companies such as Preclusio be successful? Perhaps. But much like countries with tax codes that require a university course to comprehend, everyone would be better of with a simple set of rules rather than a good tax accountant. In other words, to fully capture the benefits of privacy that Schneier outlined above, it needs to be protected but in a far less costly manner than the likes of the GDPR, which has created an even worse outcome.

Enjoy the rest of this week's issue. Cheers,

— Justin


The bits


Another 90 days

Is Huawei a national security threat or not? Are American tariffs paid by American consumers or not? For Trump, logical consistency clearly doesn't matter, as last week he delayed tariffs leading up to Christmas (to prevent higher prices for US consumers) and extended the exemption of sanctions on Huawei by another 90 days. Neither decision fits the previous rhetoric, which as I have pointed out many times is an absolute bunch of crock.

Learn more:




Image of the week

View source

Countries that have banned Huawei

The United States may have extended its "temporary" Huawei exemption for another 90 days but that doesn't mean Huawei is resting on its laurels. Last week it announced its new (and very rough around the edges) Harmony operating system, and this week its founder and CEO Ren Zhengfei announced his plan to create an "iron army", which is basically an attempt to convince other countries to allow Huawei to build their 5G mobile networks. As this map shows he has his work cut out for him, with countries worth about a third of the world's GDP having already banned Huawei in some form.


This week's data breaches


The title of the WSJ article (Huawei spying in Africa) is incredibly misleading. As it admits, the "Journal investigation didn't turn up evidence of spying by or on behalf of Beijing in Africa. Nor did it find that Huawei executives in China knew of, directed or approved the activities described. It also didn’t find that there was something particular about the technology in Huawei's network that made such activities possible."

The real spying was done by the governments of Uganda and Zambia. If you don't think Huawei's competitors, e.g. Cisco, would do/are doing the same then I have some magic beans to sell you.

The breaches:


That's all for now. If you enjoyed this issue, feel free to share it via email


Issue 37/2019: The benefits and costs of privacy was compiled by Dr Justin Pyvis and delivered on 20 August, 2019. Feel free to send feedback, suggestions for future issues, ideas, insults, or pretty much anything that crosses your mind to his Keybase or Twitter account.