The timeframe between a privacy mistake and its impact is getting shorter, as access to information becomes more immediate. However, the duration of privacy mistakes are lasting longer, since the Internet archives everything. We are also more comfortable with trading privacy for convenience. These three trends means that we must become much more aware of the impact of our digital lives on our privacy, and our privacy on our future digital lives.
Social networks is a primary example of this tension. Facebook’s Mark Zuckerberg in 2010 said that: “People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people."
The power of the network derives from the number of connections and the amount we share; the greater each dimension, the greater the value we derive from it. However, Zuckerberg is conflating the need to communicate, which is fundamental to our psyche, with our need for privacy, which is also fundamental to our digital well-being.
Privacy means different things at different ages. Teens, with no credit card or history to protect, are less concerned with credit card fraud. They are more concerned with their ability to control their own social situation and their position within it - e.g. railing against parents insisting on being friends on Facebook. However, when a cursory search of their Facebook history will reveal their date of birth, Mother’s maiden name, first school - all data points used by financial institutions to supplement your password - there’s a potential future breach being prepared.
Context is therefore important; we communicate in Real Life differently with a bank than our pub friends, so the same true of our online communications. However, context is one of the key difficulties of our online lives - though our RL context changes as time passes, everything we’ve ever shared online can be found in the future. This is unnatural to us, and so we don’t deal with it particularly well.
We may use different services to distinguish between circles of recipients and keep them separate; potential employers on LinkedIn won’t see my embarrassing photos on Facebook. Studies have found that teens use many more services to finer define circles of friends. Encryption is seldom used; they prefer obfuscation through use of slang, and even steganography (hiding messages within unencrypted messages). But unless the account is deleted immediately afterwards, the communication remains searchable for ever more.
I think the solution is to take complete control of our own Privacy (settings) as its own entity. Every time I post to Facebook, Facebook should communicate with my Avatar to check my most up-do-date privacy settings applicable for that post. My Avatar should be hosted by me, perhaps in an app on my mobile phone, and should only be alterable by me. I should decide if changes should affect historical posts as well as future ones. And it should remain within my gift to change my mind as often as I wish.
Facebook should be encouraging me to post and retain posts, by reminding me of the benefits. If targeted advertising is of benefit, I will choose to continue to receive them. Facebook should be free to make money from its platform, but not from me. A fine, but important distinction.
An aside: In this post, I’m considering that each of our privacy should be respected - the “happy” scenario. The “unhappy” scenario is when privacy should not be respected for the good of society. Recently, UK Prime Minister David Cameron has received criticism for seeming to ask for a “back door” for security services to review even encrypted communications. According to The Guardian “The changes [to the counter-terrorism bill] would give the Home Secretary new powers to require telecommunications operators to retain data and disclose it to relevant public authorities, so that they can read, copy and analyse it."
There is the immediate difficulty that implementing such a back door in the encryption techniques commonly used in the Internet are impossible, as they are open source, and therefore no single entity can mandate changes. Setting that aside, weakening security for the security services, will inevitably put the tools in nefarious hands, and therefore weaken privacy for all of us, and therefore harm our digital well-being.