The timeframe between a privacy mistake and its
impact is getting shorter, as access to information becomes more immediate.
However, the duration of privacy mistakes are lasting longer, since the
Internet archives everything. We are also more comfortable with trading privacy
for convenience. These three trends means that we must become much more aware
of the impact of our digital lives on our privacy, and our privacy on our
future digital lives.
Social networks is a primary example of this
tension. Facebook’s Mark Zuckerberg in 2010 said that: “People
have really gotten comfortable not only sharing more information and different
kinds, but more openly and with more people."
The power of the network derives from the number
of connections and the amount we share; the greater each dimension, the greater
the value we derive from it. However, Zuckerberg is conflating the need to
communicate, which is fundamental to our psyche, with our need for privacy,
which is also fundamental to our digital well-being.
Privacy means different things at different
ages. Teens, with no credit card or history to protect, are less concerned with
credit card fraud. They are more concerned with their ability to control their
own social situation and their position within it - e.g. railing against
parents insisting on being friends on Facebook. However, when a cursory search
of their Facebook history will reveal their date of birth, Mother’s maiden
name, first school - all data points used by financial institutions to
supplement your password - there’s a potential future breach being prepared.
Context is therefore important; we communicate
in Real Life differently with a bank than our pub friends, so the same true of
our online communications. However, context is one of the key difficulties
of our online lives - though our RL context changes as time passes, everything we’ve
ever shared online can be found in the future. This is unnatural to
us, and so we don’t deal with it particularly well.
We may use different services to distinguish
between circles of recipients and keep them separate; potential employers on
LinkedIn won’t see my embarrassing photos on Facebook. Studies have found
that teens use many more services to finer define circles of
friends. Encryption is seldom used; they prefer obfuscation through
use of slang, and even steganography (hiding messages within unencrypted
messages). But unless the account is deleted immediately afterwards, the
communication remains searchable for ever more.
I think the solution is to take complete control
of our own Privacy (settings) as its own entity. Every time I post to
Facebook, Facebook should communicate with my Avatar to check my most
up-do-date privacy settings applicable for that post. My Avatar should be
hosted by me, perhaps in an app on my mobile phone, and should only be
alterable by me. I should decide if changes should affect historical posts as
well as future ones. And it should remain within my gift to change my mind as
often as I wish.
Facebook should be encouraging me to post and
retain posts, by reminding me of the benefits. If targeted advertising is of
benefit, I will choose to continue to receive them. Facebook should be free to
make money from its platform, but not from me. A fine, but important
distinction.
-----------
An aside: In this post, I’m considering
that each of our privacy should be respected - the “happy” scenario. The
“unhappy” scenario is when privacy should not be respected for the good of
society. Recently, UK Prime Minister David Cameron has received criticism for
seeming to ask for a “back door” for security services to review even encrypted
communications. According to The Guardian “The changes
[to the counter-terrorism bill] would give the Home Secretary new powers
to require telecommunications operators to retain data and disclose it to
relevant public authorities, so that they can read, copy and analyse it."
There is the immediate difficulty that
implementing such a back door in the encryption techniques commonly used in the
Internet are impossible, as they are open source, and therefore no single
entity can mandate changes. Setting that aside, weakening security for the
security services, will inevitably put the tools in nefarious hands, and
therefore weaken privacy for all of us, and therefore harm our digital
well-being.