Privacy Violations and the Sound of a Tree Falling in the ForestPeople have been lamenting over the end of online privacy since the first Internet wave back in the 90s. Sun Microsystems CEO Scott McNealy sparked a controversy in 1999 when he said “You have zero privacy anyway. Get over it.” Politicians, industry groups like the Electronic Frontier Foundation, and the technology press didn’t like that bold statement and predictably focused on the need for better consumer privacy protections.
15 years later, governments have enacted layers of privacy protection legislation ranging from financial to consumer to healthcare markets. Most of the online industry has adopted voluntary policies for collecting and maintaining customer data, and the latest generation of mobile devices is designed to ask permission before broadcasting sensitive information like the user’s current location.
Why then do we still feel we have no privacy? The nature of our online activity has continued to evolve and at every step it has exposed more information to collection. Overarching the privacy landscape is the network effect of having individual bits and pieces of our online identities indexed and cross-linked. Starting with your name the universe of information linked to you expands and branches to include your employer, email, address, phone number, photos, car, social network, posting history, purchase history, credit, travel, activities, likes, dislikes and more.
You don’t have much privacy if someone really wants to dig in online. With a little social engineering, the purchase of semi-private records, and some search creativity it’s not a stretch for a complete stranger living in another city to follow your digital footprints every day, living your life vicariously at the end of a web connection. For example, this recently revealed software from Raytheon mines social network data to predict a person’s future location, all from publically available information.
We understand that an arbitrary stranger can map our online identities but for the most part we don’t care. Why would it matter to us if someone we will never meet has this kind of information? I’m not talking about people hacking into your bank account, which is a specific security issue. I’m talking about someone collecting a pervasive view of your online activity. Is it really a privacy violation if we’re never in contact? This has the philosophical flavor of the tree falling in the forest with no-one to hear it. It’s only privacy violation if there is someone who feels violated by it.
What we really want is the ability to control our exposure to people we interact with. It used to be that remote strangers would know next to nothing about you, while your neighbors could know nearly everything. In a strong reversal from pre-internet norms we now consider privacy to be the protection of our information from people we actually know, while exposure of significant details to complete strangers matters little. As long as those strangers don’t start contacting our friends and family, they might as well not exist.
This emergent privacy precept places a higher value on protecting information from the people near you. There are already trends in social networks where the backlash against over-exposure created an opportunity for Google Plus to differentiate from Facebook on the basis of limiting the accessibility of personal postings. One can only hope the appearance of a competitive feature will encourage Facebook to enable similar protections.