Woodrow Hartzog

Contact tracing done wrong threatens privacy and invites mission creep into adjacent fields, including policing. Government actors might (and do) distort and corrupt public-health messaging to serve their own interests. Automated policing and content control raise the prospect of a slide into authoritarianism. But most critics have focused narrowly on classic privacy concerns about data leakage and mission creep—especially the risk of improper government access to and use of sensitive data.

Despite the failures of our current online privacy ecosystem, some lawmakers are considering doubling down on policies that do not work. But no matter how much control companies give us over our data, it will never work online. That’s because control and transparency place the burden on consumers to protect themselves and understand where their data is going. And they must do this for every one of the dozens (or more) online accounts they may have.

The user agreement has become a potent symbol of our asymmetric relationship with technology firms. For most of us, it’s our first interaction with a given company. We sign up and are asked to read the dreaded user agreement — a process that we know signifies some complex and inconveniently detrimental implications of using the service, but one that we choose to ignore. Our privacy hangs in the balance, yet we skim to the end of those tedious terms and conditions just so we can share that photo, or send a group message, or update our operating system… It’s not our fault.