"Market failure" in privacy?

Ed Felten discusses the low cash value which people seem to place on privacy, and concludes that this demonstrates a "market failure." The cause of the failure is that businesses are allegedly unable to guarantee long-term data privacy in a convincing and understandable way. However sincere the management of a company may be, it can't guarantee the behavior of future buyers.

The words "market failure" should be regarded with concern. They're usually followed by "and the government has to do something about it." Is there really a market failure in privacy, or do people simply put a low premium on privacy in their economic choices? To try to answer this, we can look at people's behavior where their privacy is entirely under their own control. There's a lot of evidence, anecdotally and from my personal experience, that they don't value their privacy enough to significantly change their behavior. I'm talking about actions such as limiting the duration of cookies, disabling JavaScript, and declining to provide their e-mail addresses. I do it, and maybe you do, but how much attention to most people pay to these things? My experience suggests not much.

This may not be totally unreasonable. The result of losing privacy to businesses is mostly annoyance. You get more junk mail and telemarketing calls, but nothing really disastrous is likely to happen.

The situations which are of greatest concern are loss of information to criminals and to the government, but neither of these are affected by a business's privacy policy. A business which is sloppy and lets crooks steal large amounts of customer data is going to suffer in its reputation; there's no market failure there. Having governments demand information, on the other hand, is something which no business can control. There is a market failure for privacy in this case, but it's government-induced. The potential consequences of having overly suspicious or hostile government officials intercept your private communications are much worse than having your phone number fall into the hands of a telemarketer, but you can't expect your ISP or phone provider to prevent it. (Indeed, your phone provider may well have broken the law to provide the government with access to private communications.)

The only market failure in privacy is in protection of your information from governmental bodies. In this case, "the government has to do something about it" isn't the solution, but the problem.