August 30, 2009

Privacy vs. Exhibitionism

We are a nation torn between on one hand wanting our privacy safeguarded and on the other hand wanting to share ourselves openly and often on the Internet—through Social Media, e-Commerce, e-mail, and so forth.

These days, we have more information about ourselves available to others than at any time in history. We are information exhibitionists—essentially an open book—sharing virtually everything about ourselves to everybody.

Online, we have our personal profile, photos, videos, likes and dislikes, birth date, addresses, email and phone contacts, employer, resume, friends and family connections, banking information, real estate transactions, legal proceedings, tax returns, and more. We have become an open book to the world. In a sense we have become an exhibitionistic nation.

While we continue to friend, blog, tweet, and post our thoughts, feelings, and personal information online, we are shocked and dismayed when there is a violation of our privacy.

How did we get to this point—here are some major milestones on privacy (in part from MIT Technology Review--July/August 2009):

1787—“Privacy” does not appear in Constitution, but the concept is embedded in protections such as “restrictions of quartering soldiers in private homes (Third Amendment), prohibition against unreasonable search and seizure (Fourth Amendment), prohibition against forcing a person to be a witness against himself (Fifth Amendment).

1794—Telegraph invented

1876—Telephone invented

1890—Boston Lawyers Samuel Warren and Louis Brandeis wrote in Harvard Law Review of “the right to be let alone” and warned that invasive technologies threatened to take “what was whispered in the closet” and have it “proclaimed from the house-tops.”

1914Federal Trade Commission Act prohibits businesses from engaging in “unfair or deceptive acts or practices”; has been extended to require companies to write privacy policies describing what they do with personal information they collect from customers and to honor these policies.

1934Federal Communications Act limits government wiretapping

1969—ARPANet (precursor to Internet) went live

1970Fair Credit Reporting Act regulates collections, dissemination, and use of consumer information, including credit information

1971—First e-mail sent.

1973—Code of Fair Information Practices limits secret data banks, requires that organizations ensure they are reliable and protected from unauthorized access, provides for individuals to be able to view their records and correct errors.

1974—Privacy Act prohibits disclosure of personally identifiable information from federal agency.

1988—Video Privacy Protection Act protects against disclosure of video rentals and sales.

1996—Health Insurance Portability and Accountability Act (HIPPA) protects against disclosures by health care providers.

1999Scott McNealy, CEO of Sun Microsystems states: “You have zero privacy anyway. Get over it.”

2000—Children’s Online Privacy Protection Act prohibits intentional collections of information from children 12 or younger

2001—USA Patriot Act expands government’s power to investigate suspected terrorism acts

2003—Do Not Call Implementation Act limits telemarketing calls

2006—Google Docs release for creating and editing docs online

2009—Facebook 4th most popular website in the world

As anyone can see, there is quite a lot of history to protecting privacy. Obviously, we want to be protected. We need to feel secure. We fear our information being misused, exploited, or otherwise getting out of our control.

Yet, as technology progresses, the power of information sharing, collaboration, and online access is endlessly enticing as it is useful, convenient, and entertaining. We love to go online and communicate with people near and far, conduct e-commence for any product near seamlessly, and work more and more productively and creatively.

The dichotomy between privacy and exhibitionism is strong and disturbing. How do we ensure privacy when we insist on openness?

First, let me say that I believe the issue here is greater than the somewhat simplistic answers that are currently out there. Obviously, we must rely on common sense + technology.

From a common sense perspective, we need to personally safeguard truly private information—social security numbers and mother’s maiden name are just the obvious. We need not only be concerned about distinct pieces of information, but information in the aggregate. In other words, individual pieces of information may not be easily exploitable, but when aggregated together with other publically available information—you may now be truly exposed.

In terms of technology, we need to invest more time, money, and effort into securing our systems and networks. Unfortunately, businesses are more concerned with quarterly revenue and profit targets than with securing our personal information. We have got to incentivize every business, organization, and government entity to put security and privacy first. Just like we teach our children, “safety first”, we need to change our adult priorities as well or risk serious harm to ourselves and our nation from cyber criminals, terrorisms, and hostile nation states.

But the real issue is, why do we continue to treat technology as if it is more secure and private than it truly is? In a sense, we shut our eyes to the dangers that we know are lurking, and tell ourselves “it only happens to somebody else.” How do we curb our enthusiasm for technological progress with a realism of recognizing the very real dangers that persist?


No comments: