Future Tense

The Information Welfare State

The “right to be forgotten” doesn’t go far enough. We need mandatory insurance to protect online reputations.

Woman dancing on a table.

Should you have to live down that one crazy night forever?

Ron

The great paradox of today’s Internet is that the Web feels less and less orderly, even as technology companies preach the virtues of control.

Take Facebook: It has recently been caught hosting photos that its users had asked it to delete three years ago. Last year, a bug in its security system made the private photos of its founder, Mark Zuckerberg, publicly accessible. Or take Anonymous, which keeps releasing personal information of private citizens and public officials, with the goal of making broad political statements or just having fun. Or take Path, a popular social network, which was recently caught uploading members’ mobile phone contacts to its servers.

We are lucky that Path has taken at least some security precautions; without them, the address books of its 2 million users might have already been available to Anonymous. This would not only damage their privacy but also their reputations. After all, who knows what embarrassing numbers—for escorts, for exes, for psychiatrists—they are storing on their phones? Something similar happened in 2010, when Google bungled the launch of Google Buzz by revealing the names of one’s most frequent email contacts.

What’s to be done? One solution would be to make the Web a less anonymous place, so that it becomes possible to trace and punish the likes of, well, Anonymous. Another solution would be to accept such disasters as inevitable and focus on managing one’s online reputation. A bevy of startups already advertise their ability to push damaging information about oneself down the search results. This may cost thousands of dollars, creating new digital divides between the rich and the poor.

The third, more popular solution is to embrace the so-called “right to be forgotten”—a right so ambiguous that even its proponents can’t often define what it is. In its weakest form, it is commonsensical: Users should have the ability to delete whatever information they upload to online services. In its strongest form—whereby users are able to delete information about themselves even from third-party sites or search engines—it is too restrictive and unrealistic.

However, “the right to be forgotten” won’t do much to mitigate debacles like Google Buzz and Path, let alone regulate Anonymous. While it may limit the distribution of inadvertently released information, it won’t console those users whose reputation has already been damaged by the first instance of publication. Sometimes, a quick glance at the compromising information is enough; “the right to be forgotten” may force such information to disappear from the Internet—but it won’t remove the memory from the minds of one’s friends or business partners.

Here is a more elegant solution: We need a mandatory insurance scheme for online disasters. For what is an accidental disclosure of information if not an online disaster—a ferocious man-made information tsunami that can destroy one’s reputation the way a real tsunami can destroy one’s home?

Thus, if Facebook fails to delete a photo that you asked it to delete years ago or if Google accidentally releases your entire address book—and, most importantly, if you can show that this has caused you some verifiable harm (e.g., a crazy ex-boyfriend started cyber-stalking you as a result)—you should be entitled to monetary compensation.

Then, you can use the money to start a new life or use one of those start-ups to improve your online reputation. And the sums don’t have to be trivial: Since only a small proportion of users suffer actual harms from such disclosures, a tiny monthly payment from everyone would raise enough funds to help those in trouble.

This scheme has many advantages. First of all, it doesn’t mess with how the Internet works. There is no need to eliminate online anonymity or create a sophisticated censorship infrastructure demanded by “the right to be forgotten.” Second, it gives the victims of information tsunamis at least a semblance of proper compensation. No more vague promises of “It won’t happen again”; victims will actually receive hard cash. Third, it levels the playing field for online reputation services and promotes the ideal of equality: Now it’s not just the rich who can pay thousands of dollars to have their online reputations fixed.

Most importantly, it preserves the innovative spirit of the Internet. Internet companies wouldn’t need to revamp their business models to accommodate the most exotic demands that are associated with “the right to be forgotten.” Likewise, ordinary users who may already be getting paranoid about their reputations wouldn’t need to delete all of their online accounts or become digital hermits. Even if Anonymous discloses every single fact about their lives, they would at least get some monetary compensation.

Such online reputation insurance, of course, is no panacea. It’s not meant to replace the rule of law as the primary tool for advancing public interest. Companies that are careless with user data should still be fined and prosecuted; users should feel responsibility for their data. But such an insurance scheme would offer a modicum of consolation to those of us pressed into the most Kafkaesque corners of the Internet.

Why make it mandatory? Shouldn’t people who don’t use the Internet get a waiver? Alas, one doesn’t have to use the Internet to be violated by it. One can be tagged in an embarrassing Facebook photo without knowing anything about Facebook. Similarly, when Anonymous attacks the online databases of government agencies, every citizen is a potential victim.

Of course, as with every novel proposal, there are hundreds of details that need to be worked out. These, however, are not insurmountable challenges. In fact, some insurance companies—including giants like AIG—already offer similar “reputation insurance” to corporate clients. What’s needed now is to make it affordable and useful to individuals by addressing some of the most pressing concerns.

For example, measuring or even defining “harm” to one’s online reputation may be tricky. However, the growing quantification of our social status on the Web—where we are defined and assessed based on our online friends—may soon make it easier.

Some users might attempt to game the insurance scheme by distributing embarrassing photos of themselves in the hopes that one day they would get paid for it. Ensuring that high-risk individuals—those who have genuine accounts on many Internet platforms—are not discriminated against or overcharged by insurers may prove challenging as well. However, this problem of adverse selection can be overcome if the insurance program is administered by the government.

From an innovation perspective, it may actually be in society’s best interest to have as many early adopters testing as many new Internet services. Thus, providing them with the most comprehensive online insurance may even be a worthy objective for public policy.

Failing to explore the benefits of insurance-based schemes while embracing vague but populist slogans like “the right to be forgotten” is a sure way to misguided Internet policy. Smart Internet policy, on the other hand, would preoccupy itself with maximizing “information welfare” and do its best to create and defend an “information welfare state.” A digital safety net could help make the Internet more humane without harming innovation.