IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

The Heavy Price We Pay for ‘Free’ Wi-Fi

New York City is developing a "free" public Wi-Fi network to be deployed throughout the city, but the poorly appreciated price is our privacy.

the-conversation.png
For many years, New York City has been developing a “free” public Wi-Fi project. Called LinkNYC, it is an ambitious effort to bring wireless Internet access to all of the city’s residents.

This is the latest in a longstanding trend in which companies offer ostensibly free Internet-related products and services, such as social network access on Facebook, search and email from Google or the free Wi-Fi now commonly provided in cafes, shopping malls and airports.

These free services, however, come at a cost. Use is free on the condition that the companies providing the service can collect, store and analyze users' valuable personal, locational and behavioral data.

This practice carries with it poorly appreciated privacy risks and an opaque exchange of valuable data for very little.

Is free public Wi-Fi, or any of these other services, really worth it?

Origins of LinkNYC

New York City began exploring a free public Wi-Fi network back in 2012 to replace its aging public phone system and called for proposals two years later.

The winning bid came from CityBridge, a partnership of four companies including advertising firm Titan and designer Control Group.

Their proposal involved building a network of 10,000 kiosks (dubbed “links”) throughout the city that would be outfitted with high-speed Wi-Fi routers to provide Internet, free phone calls within the U.S., a cellphone charging station and a touchscreen map.

Recently, Google created a company called Sidewalk Labs, which snapped up Titan and Control Group and merged them.

Google, a company whose business model is all about collecting our data, thus became a key player in the entity that will provide NYC with free Wi-Fi.

How free is ‘free’?

Like many free Internet products and services, the LinkNYC will be supported by advertising revenue.

LinkNYC is expected to generate about US$500 million in advertising revenue for New York City over the next 12 years from the display of digital ads on the kiosks’ sides and via people’s cellphones. The model works by providing free access in exchange for users’ personal and behavioral data, which are then used to target ads to them.

Yet LinkNYC’s privacy policy doesn’t actually use the word “advertising,” preferring instead to vaguely state it “may use your information, including Personally Identifiable Information,” to provide information about goods or services of interest.

It also isn’t clear the extent to which the network could be used to track people’s location.

Titan previously made headlines in 2014 after installing Bluetooth beacons in over 100 pay phone booths, for the purpose of testing the technology, without the city’s permission. Titan was subsequently ordered to remove them.

But the beacons are back as part of the LinkNYC contract, though users have to choose to opt in to the location services. The beacons allow targeted ads to be delivered to cellphones as people pass the hotspots, but their use isn’t spelled out in the privacy policy.

After close examination, it becomes evident that far from being free, use of LinkNYC comes with the price of mandatory collection of potentially sensitive personal, locational and behavioral data.

This is all standard practice in the terms of use and privacy policies for free Internet-based products and services. Can we really consider this to be a fully informed agreement and transparent exchange when the actual uses of the data, and the privacy and security implications of these uses, are not clear?

A privacy paradox

People’s widespread use of products and services with these data collection and privacy infringing practices is curiously at odds with what they say they are willing to tolerate in studies.

Surveys consistently show that people value their privacy. In a recent Pew survey, 93 percent of adults said that being in control of who can get information about them is important, and 90 percent said the same about what information is collected.

In experiments, people quote high prices for which they would be willing to sell their data. For instance, in a 2005 study in the U.K., respondents said they would sell one month’s access to their location (via a cellphone) for an average of £27.40 (about US$50 based on the exchange rate at the time or $60 in inflation-adjusted terms). The figure went up even higher when subjects were told third party companies would be interested in using the data.

In practice, though, people trade away their personal and behavioral data for very little. This privacy paradox is on full display in the free Wi-Fi example.

Breaking down the economics of LinkNYC’s business model, recall that an estimated $500 million in total ad revenue will be collected over 12 years. With 10,000 Links, and approximately eight million people in New York City, the monthly revenue per person per link is $0.000043.

Fractions of a cent. This is the indirect valuation that users accept from advertisers in exchange for their personal, locational and behavioral data when using the LinkNYC service. Compare that with the value U.K respondents put on their locational data alone.

How to explain this paradoxical situation? In valuing their data in experiments, people are usually given the full context of what information will be collected and how it will be used.

In real life, though, a lot of people don’t read the terms of use or privacy policy. Those that do are not always able to understand what these documents are saying owing partly to the legalese used and partly to the intentionally vague wording of some passages.

People thus end up exchanging their data and their privacy far less than they might in a transparent and open market transaction.

The business model of some of the most successful tech companies is built on this opaque exchange between data owner and service provider. The same opaque exchange occurs on social networks like Facebook, online search and online journalism.

Part of a broader trend

It’s ironic that, in this supposed age of abundant information, people are so poorly informed about how their valuable digital assets are being used before they unwittingly sign their rights away.

To grasp the consequences of this, think about how much personal data you hand over every time you use one of these “free” services. Consider how upset people have been in recent years due to large-scale data breaches: for instance, the more than 22 million who lost their background check records in the Office of Personnel Management hack.

Now imagine the size a file of all your personal data in 2020 (including financial data, like purchasing history, or health data) after years of data tracking. How would you feel if it were sold to an unknown foreign corporation? How about if your insurance company got ahold of it and raised your rates? Or if an organized crime outfit stole all of it? This is the path that we are on.

Some have already made this realization, and a countervailing trend is already under way, one that gives technology users more control over their data and privacy. Mozilla recently updated its Firefox browser to allow users to block ads and trackers. Apple too has avoided an advertising business model, and the personal data harvesting that it necessitates, instead opting to make its money from hardware, app and digital music or video sales.

Developing a way for people to correctly value their data, privacy and information security would be a major additional step forward in developing financially viable, private and secure alternatives.

With it might come the possibility of an information age where people can maintain their privacy and retain ownership and control over their digital assets, should they choose to.
The Conversation


Benjamin Dean is a fellow for Internet Governance and Cyber-security at the School of International and Public Affairs, Columbia University. This article was originally published on The Conversation. Read the original article.