As we have judged past generations for their mistakes, we will be judged by future generations on how we dealt with data in the information age.
So said BT chief security technology officer, Bruce Schneier, during his keynote at the RSA conference in London, yesterday. “We will be found wanting, we are giving away our privacy on social networking sites and search engines.”
He said people make the mistake of thinking they are the customers of social networking sites such as Twitter and Facebook. “In fact, we are the product that they sell.”
Several tech CEOs have said the age of privacy is over, he added. Facebook founder Mark Zuckerberg, Google head Eric Schmidt, Sun's Scott McNealy and Oracle's Larry Ellison have all mouthed similar sentiments.
“However, he said people still care about privacy, even the younger generation that is perceived to be nonchalant about the matter. Certainly, the youth are far more public on the Internet than their parents: writing personal details and posting embarrassing pictures on Facebook, but they take steps to protect their privacy complain loudly when they feel it violated.”
Although the younger generation is not technically sophisticated about privacy and make mistakes all the time, this is mostly due to the companies and Web sites that make changing privacy settings difficult, he explained.
“All these Web sites have privacy controls, if you look for them. The thing is, more often than not, you have to look really hard for them.”
Schneier said for the older generation, privacy is about secrecy, and once something is no longer secret, it is no longer private. “However, privacy is really about control. If your personal details are sold without your permission, or a social networking site you use changes your privacy settings, the real issue is about your loss of control over that information.
“We may not mind sharing personal details and thoughts, but we certainly want to control whom we share them with, and importantly, when we share it. A privacy failure is a control failure.”
He also stated that salience matters, that people are more likely to protect their privacy if they're thinking about it. “Social networking sites manipulate this, constantly reminding us how great it is to share pictures, and comments, and links, downplaying the security risks.
“Some sites take this to a whole other level by deliberately hiding information about how little control and privacy users have over their personal data.”
Group behaviour also matters a lot, he added. “We are far more likely to share personal information when all our friends are doing it. We mind losing privacy a lot more than we value its return once it's gone. An illusion of control assures us, and we are poor judges of risk.”
At the heart of the matter, said Schneier, is that the very companies whose chiefs eulogise privacy make a fortune by controlling vast amounts of their customers' information. “Whether through targeted advertising, or tempting their users to spend more time on their site and sign up their friends, more information shared in more ways, more publicly, means more profits.”
This in turn motivates these businesses to continually lower the privacy of their services, while at the same time pronouncing privacy erosions as inevitable and giving users the illusion of control.
He said one should bear in mind the different types of data gathered by sites like Facebook. This includes service data, such as name, date of birth, e-mail address used to access the site; disclosed data, such as wall postings, photos and messages; and entrusted data that users write on others' pages.
There's also incidental data that someone writes about the user, or a picture that is tagged by a third party; behavioural data gleaned from users' online habits; and derived data, based on the averages of the people the user is connected to, Schneier explained. “The balance of privacy and technology is changing.”
With all this privacy erosion, CEOs who heralded the death of privacy may actually be right, but only because they are the very ones working to kill privacy. “On the Internet, our privacy options are limited to the options those companies give us and how easy they are to find.”
As long as privacy isn't salient, and as long as these companies are allowed to forcibly change social norms by limiting options, we will increasingly get used to less and less privacy, concluded Schneier.
Share