Ambassadors of Privacy, on Data Privacy Day
Last Thursday was Data Privacy Day, and I decided to reprise a version of a privacy-related non-experiment/performance art/stunt/educational event that we had held on campus in 2014. Back then, in collaboration with Bob Henry, who is Santa Clara University’s Chief Information Security Officer, I distributed free chocolate-chip cookies in exchange for password changes. (As is the case with many Internet services, the cookies were “free” in the sense that they didn’t cost money, but getting them did involve a trade.) This year, I decided to do something slightly different. I would distribute offline cookies in order to raise awareness of online ones.
I figured that, in order to take any steps to protect their data privacy online, people need first to understand a bit about how the Internet works and how data is collected and by whom. I was curious to see whether most folks on campus (students, staff, visitors) would know what Internet cookies are and understand why some of those cookies might need clearing (repeatedly). I also hoped to spread some awareness among the people who didn’t already know about cookies.
Bob Henry enthusiastically joined me again, and together we set up our Data Privacy Day table on the plaza in front of the campus bookstore, just outside the Benson Student Center where many students go for lunch. We offered any passers-by free cookies, accompanied by a bit of information about what online cookies are and what they do. We also had, however, rolls of stickers with a picture of a cookie and the phrase “Smart Cookie”—and we asked our IRL cookie recipients a favor: Would they allow us to stick one (or several) of those cookie stickers on their backs? That way, if and when other people asked them why they had a “smart cookie” on their backs, they could explain that websites often drop such cookies on us online; that many people don’t realize that they’ve amassed such cookies (thus the stickers on the back, suggesting lack of awareness); and that most websites (unlike us) don’t ask for permission to drop such cookies on their users’ devices. The bestickered cookie recipients would thus become our data privacy ambassadors.
We learned several things. First, a shocking number of Santa Clara students will actually turn down free cookies. (Further investigation is warranted to determine what that is all about. Are SCU students more concerned about healthy eating? Is lunchtime a bad time of the day to offer cookies? Are college students these days so concerned with data privacy hygiene that they will reject all cookies?!) Second, college students are not too old to love stickers—and puns: Most of the people who stopped for cookies agreed to let us put stickers on their backs so they could tell others about online cookies, too. Third, yes, most of the people we spoke to were generally aware of the existence of online cookies, though less aware of the purpose of such cookies, and very much less aware about ways to clear the cookies they might not want on their computers.
Comments from folks who stopped to get cookies: from quite a few people: “I’ve heard of cookies, but I don’t know how to delete them.” From a guy walking by with his girlfriend: “I keep telling her to delete them…” From two guys who stopped to ask what we were doing: “We’re IT. We know what they are.” (They didn’t want any cookies, but they did let me put stickers on their backs and promised to talk to other students about them.) So there is plenty of consumer education work to be done, by any of us with even little understanding of the online privacy arena, and especially those of us on university campuses.
On that note—Bob Henry has informed me that, this year, Data Privacy events are scheduled to extend for a whole month, not just one day. As part of those month-long activities, on February 11, from noon to 1, again on the plaza outside the bookstore, Bob and his team will give SCU students and guests the opportunity to participate in various privacy-related games and quizzes, with prizes even better than cookies and stickers! I will be there, too. If you’re nearby, come join us; hopefully we’ll all learn something, and, if we spread the word, we’ll help others protect their privacy a bit better, too.
As to why we should do that, Michael McFarland, S.J. (a computer scientist with a special interest in the intersection of technology and ethics, who served as the 31st president of the College of the Holy Cross) lays out the case, compellingly, in his article “Why We Care About Privacy”.