As more personal, economic and political activity relies on electronic communications, with data centers as the network hubs, the question of privacy arises continually. But the fight for privacy in the age of Facebook runs up against a number of competing factors, not the least of which is human nature.
First, let’s address the technical aspects of electronic privacy. Most people who use electronic gadgets lack the hardware and software expertise to protect their communications, online anonymity, precious data and so on. Many, of course, choose to employ helpful tools developed by others—encryption, for instance—but these tools still involve a level of trust with third parties. They also operate under the assumption of effectiveness: that is, users assume (perhaps wrongly) that hackers, the NSA and others have yet to compromise these technologies. And unfortunately, every time you share data, even with an individual or organization you trust, you’re simply expanding the target base for malicious actors. News headlines are rife with stories of retailer and service-provider breaches that expose consumer information, mobile-device and cloud hacking that exposes compromising media and on and on.
Thus, any information that a user provides—wittingly or unwittingly—to a connected device is in danger of public exposure. The working assumption should be that digital information either is public or will be public; that’s simply a result of the fact that information transmitted over a network falls into many hands. Few users know where their information goes, and even those who have solid technical knowledge can’t be aware of everything that’s going on. Consider, for instance, the recently revealed fleet of FBI spy planes roaming the country in search of terrorists (and if you believe that, I have a bridge you might want to buy). Unfortunately, you need not even use a digital device to compromise your privacy: simply having one may be enough, thanks to built-in GPS capability.
Of course, much of what we do electronically is of no particular interest: emails to Mom, searching recipes and browsing for clothing (although some marketer somewhere can likely make use of that information). But scattered among the electronic “noise” are transmissions of credit-card data, location (perhaps proximity to a certain store, or a crime), trade secrets and intellectual property, intimate personal data, sensitive business information and so on. The question is how valuable that information is relative to the risks associated with communicating it electronically.
Privacy Versus Security: A False Dichotomy
Privacy and security are often portrayed as two competing values that must be balanced. Although they are different in a sense, they also overlap almost to the point of being the same. In an imperfect world, communications cannot be private unless they are secure. Furthermore, security necessarily involves an element of privacy: private encryption keys, private passwords and so forth.
The government understands this connection, at least implicitly: although it engages in all sorts of spying, often using private companies as informants, it nonetheless is extremely secretive about its own actions. How often did we hear, for instance, that the Edward Snowden revelations (a breach of government privacy?) compromised national security? Regardless of whether such accusations are true, the important point is that privacy and security are more complementary than competitive. Unfortunately, citizens are conned into thinking they are separate matters that require balance. What the government (in this case) is really saying is that citizens must sacrifice their privacy for the security of the state, and that they must sacrifice their security for the privacy of the state. Hence the drive for encryption backdoors and the reluctance to reveal software flaws discovered by spy agencies.
For citizens and consumers, the effort to maintain privacy is virtually futile from the start, since they are facing organizations with much larger budgets (in the case of the federal government, an essentially unlimited budget). Even many privacy tools and initiatives depend on these organizations, which have strong incentives—financial and otherwise—to collect private data. Furthermore, individual identities and even economic activities are increasingly tied to electronics, and necessarily so. For instance, cash is facing an imminent demise (thanks in no small part to the government’s desire to track and tax economic activity), and our identities are bound tightly to Social Security numbers, which are regularly compromised.
Facebook and Narcissism
Regardless of the complaints about privacy, little action on the part of consumers has been forthcoming—at least if Facebook’s numbers are any indication. Despite the complicity of the company (and other technology giants) with NSA spying, the drive to share personal information online often trumps privacy qualms. Privacy settings may provide surface-level protection, but they cannot stop motivated hackers, and they certainly cannot stop well-funded government agencies.
Again, however, not all information is worthy of state-of-the-art protection. The issue is how the value of that information weighs against the convenience of electronic media. For instance, most people consider online credit-card transactions to be fairly safe. Of course, from time to time, a credit-card number is compromised, but most credit companies offer some consumer protections in the event of fraud and will readily provide a new card with a new number. On the other hand, celebrities who, in their infinite wisdom, store compromising photographs online are simply asking for potentially reputation-ruining revelations thanks to enterprising hackers. Like any secret, private information becomes increasingly public—and increasingly at risk of becoming public—the more it is shared. The Internet, which includes all your smart gadgets, is no place for your deepest, darkest secrets that you wouldn’t share face to face with anyone.
Spectrum of Privacy
So, privacy in any absolute sense is a myth. Ira Winkler said at MIS Asia, “Most people suffer from the delusion of privacy. They think it can be guaranteed somehow for their various electronic gadgets. But that is a delusion, and sadly even many in the information security field don’t know it.” Instead of thinking of privacy as a black-and-white, all-or-nothing matter, we must think of it as a continuum that relates to the shelf life of information. Information that can be changed, is of little value or that loses value over time may only require readily available privacy protections. More-critical data may require more-advanced protection, and extremely sensitive information may be unfit for electronic consumption.
Here again, the intersection (not competition) of privacy and security becomes apparent. In addition, it points to the fact that privacy rests more in each individual’s hands than we might like to admit. Sure, the government might track us to some extent, but that’s partly life in an imperfect world. Much more damaging than government spying is a lack of consideration and discipline with regard to making sound judgments about electronic privacy versus convenience. That’s not to say all companies and governments stay within the bounds of reason when it comes to surveillance, but those situations can and should be dealt with separately, whether through boycotting or political action.
The reality for electronic communications is that absolute privacy is impossible. Information cannot be kept private when it is shared, particularly with organizations over which the user has little or no control. Instead of thinking in terms of privacy as all or nothing, individuals and businesses must weigh different types of information versus the convenience and risks of electronic media and decide according to their own values. In that sense, electronic communication is no different than personal communication: it’s a matter of trust and discretion.
Image courtesy of Safoxy