Privacy is not dead, it is distributed unevenly

A famous oneliner from the CEO of Sun, Scott McNealy, in 2001 was “Privacy is dead, get over it”. It sounds true. This generation is growing up with Google, social networking, and having all relevant data on the web. We exchange private details of our live in order to receive service and value. We willingly share personal information in order to connect and interact with friends on the web. We are used to services exploiting our user data and don’t mind getting advertisement served in return.

The early adopter crowd jumps on every new social service inviting the rest to join in as well. In a Friendfeed discussion recently, Robert Scoble called privacy dead too. I responded by saying that that’s a stupid thing to say. Robert then explained what he meant. He exchanges privacy for service and gets value. I think that is a perfectly legitimate way of controlling privacy on the web.

Unfortunately, most do not understand the dangers of publishing or sharing personal information on the web. Nor do they know how to control this trade off Robert talks about. Privacy is currently diminished to privacy settings of Facebook. Not only are users not even aware of the availability of these settings, but they fail to realize that these settings do not protect them from Facebook. People don’t realize when they enter a zip code to find a restaurant, or look at the weather, they are giving away crucial information that can be used to determine an identity. Zip code, gender and birth date are often enough to figure out someones identity.
Most people are not aware that their Internet Service Provider has access to everything you do on the web. They know exactly which sites you visit and when. Your e-mail is available to your e-mail provider, unless you use encryption. Even openly deployed schemes, such as having to hand over private and personal information about yourself when signing up for a service like Facebook doesn’t make users worried.

Let’s look at 5 reasons why the sound byte “Privacy is dead, get over it” shouldn’t be taken for granted:

1. Financial theft
The most obvious problem related to a lack of privacy is theft. Credit card theft is big business. Spyware, malware, unprotected transactions on the web, phishing sites where you think you are signing up for a trusted serves that asks for a credit card nr, the possibilities are endless. It is relatively easy to get access to long lists of stolen credit card details. And once your credit card details are known it opens the door for fraudulent financial transactions. It sometimes takes months to figure this out yourself. I bet that everyone that reads my post knows a person that has been a victim of credit card fraud. It is a widespread thread.

2. Identity theft
Identity theft has become relatively simple on the web. We leave many traces of ourselves and our personal information behind on the web. Each piece of information in itself might not be harmful, but we tend to forget how easy it is to collect a much larger collection of personal information using Google, or for example a more personalized people search engine. For identity theft we really only need a few pieces of information. Birth date, gender, zip code. With any luck you can find out where a person lives, which college he went to, who he is married to etc.etc. The possibilities are endless. Chances are a person has published his mail somewhere on the web. Combining relevant personal information from that person his e-mail account can be hacked. And that same e-mail account is likely to be used for bank services. From identity theft we get back to financial theft and more.

3. Reputation
Our reputation in the old days was contained within the social relationships we were involved with. These relationships were naturally confined to locations, time and people we knew. On the web this has changed dramatically. Now everybody has access to personal information of anyone online. You do not have to meet someone to find out about him. Use Google or any other search engine to find out information about a person. You may argue that since you have nothing to hide there can be no harm done. But what if an insurance company sees that you love to skydive, or a photo of you smoking at a party? What if a company that you contacted for a job sees your old college photos where you and your friends were just having a good time? Or they see you having an online quibble with a friend and wonder about your ability to handle conflicts? Or notices that a blog post you wrote gets negative comments from (anonymous) readers? What if a bank investigates you on the web when you apply for a loan, only to find out that you haven’t been working at a job for more than 6 months in a row? Each of the pieces of information are totally harmless when places in one context, but are quite damaging to your reputation in another. Your reputation is now publicly searchable and without the context of a social environment you are acting in, this can lead to harmful situations.

4. Gossip
This is probably an unexpected danger when we build up an online profile. We are much more vulnerable to rumors and gossip. Where this used to remain within the social borders you moved in, they can now reach the entire online world. Anyone that wants to do you harm has a platform to (anonymously) start gossip and rumors about you. As your online reputation gets harmed you will find that it is extremely difficult to protect yourself from this.

5. Databases never forget
When we go online we leave traces everywhere. The site we visit, the things we search, the people we interact with, the transactions we perform. Everything is stored in databases. Often the information stored contains errors. There is no way for us to control what is being stored about us. But once stored, that information doesn’t disappear. And in most cases it doesn’t harm us. A friend of mine once was denied a loan because investigation showed that he was a bad debtor. It took him weeks to figure out that he once forgot too pay a bill of $10 for goods he bought online. He corrected his mistake, but nevertheless, the store had reported his behavior and it was stored away in a database that gets accessed when you apply for a loan. An example of how a small mistake can lead to considerable damage.

There are many more examples thinkable in which the public accessibility of personal information can lead to harm. We are so used to publicizing and sharing personal information that we simply can’t imagine the potential harm it can do us. Just because everyone shares personal information as if it has no value doesn’t mean we should accept that. Just because we all use Google and social networks doesn’t mean we should also accept that privacy is dead. Just because social networks let you sign up for free and encourage you to connect to as many people as possible doesn’t mean you shouldn’t be aware of the possible consequences.

I feel that one of he most dangerous aspects of the “Privacy is dead, get over it” sound byte is the unequal relationship between those that have power over those that do not. A government, take the United States as an example, demands full transparency and doesn’t accept privacy as a constitutional right. But these same rules do not apply to the government itself. It doesn’t provide us transparency. We do not know what the government is doing with our personal information. There is no way for us to gain insight.

The same thing holds for services on the web. In order to join a service we have to disclose personal details. Yet we are not allowed to see or know what that web service is actually doing with our personal data. We disclose personal information to receive value. But we do not have a clue what we are giving away and how it will be used at some point.

This is the fundamental flaw in privacy on the web. It isn’t dead, it is unevenly distributed. The powerful enforce full disclosure without disclosing anything themselves. And as long as this inequality exists we shouldn’t accept the mantra that “privacy is dead” but instead actively work on solutions to help users control their own privacy.