- Date published:
- Author:Brian Wood
The article below by Mark Stockley in Naked Security is the yang to yesterday’s yin on the same topic — so be sure to read both.
The essence of the debate is whether we are gearing up to fight the last war rather than recognizing that the threats (and what we value) have changed over time.
Emphasis in red added by me.
Brian Wood, VP Marketing
Is data privacy more important than ever?
This article is inspired by another piece we’ve published in which Naked Security’s John Bryan asks ‘is data privacy an out of date concept?‘. For the most rounded perspective, I highly recommend you read both.
John points out that the Facebook generation are increasingly putting their lives online – posting information about who they are, where they are, what they’re doing and who they’re with – the very information that organisations often go to great lengths to protect.
All that openness is bound to have a profound impact on our social norms and it could well be that things that are considered embarrassing or shameful today won’t be tomorrow.
As John asks in his article:
…are we trying to protect privacy based on past social values? Are we old-fashioned in trying to keep a lid on the social media generation?
It’s a good question and after careful thought my answer to that is this; not only is it not old fashioned, I think that trying to stem the rising tide of spilled personal data is the very height of modernity.
Who pays the price today?
Firstly, there is an immediate cost to consider.
Profound change in social norms does not happen overnight and anyone ahead of the curve is putting themselves in the firing line, and in this particular social revolution, a lot of those in the firing line are minors.
We might be comfortable letting adults push the envelope with brave or ill informed privacy choices but we have a legal and moral duty to protect our children from damaging themselves.
We have to find a way to make our kids the beneficiaries of social change rather than the cannon fodder – when it comes to data privacy that means erring on the side of caution.
Their generation might grow to adulthood in a world where fewer things are considered shameful or embarrassing but, right now, that isn’t even true in their own closed social circles – cyber-bullying is real, widespread and damaging.
So, whatever the future holds, we have a job to do today, and part of that job is leading by example.
Will the future be more liberal?
But what of the future? Will all this copious sharing of private, personal information lead to a more open and tolerant society?
Well, it might. But then again it might not.
It’s easy to look at very recent changes in the western world’s attitudes to sexuality, race, or even bathing costume choices, and see a positive trend that’s here to stay.
Unfortunately, societies don’t move steadily and inexorably towards greater openness, tolerance and liberalisation.
Who in the liberal 1920s would have imagined the sudden and horrific rise of fascism in the 1930s? There are countless examples of how social attitudes ebb and flow over time.
And of course, whilst data crosses national borders, social attitudes do not. Uganda is not San Francisco.
Finally, whilst technological progress and the sharing it brings might make us more open and tolerant it is not the only factor that will impact how our culture will develop.
Predictions of the future are, by their very nature, doomed to be confounded by the unforeseen. Better to hope for the best but plan for the worst.
Shared once, shared forever
For me, the biggest difference between today and the past is not how liberal our attitudes are but how permanent our data privacy choices have become.
An internet user might have some choices about what personal data they put online but, once there, that data can be impossible to erase.
To make matters worse, it’s becoming increasingly difficult to determine what data is being recorded and why data might be significant.
Data points that are individually innocuous can be enormously powerful and revealing when aggregated – that is the essence of Big Data.
How can we possibly know what aggregations will be possible next week, next year or next decade and, faced with our ignorance, can we really claim to understand the consequences of the data privacy choices we make today? And if we can’t do that then how can we say with any certainty what data we shouldn’t consider private?
We can either accept that the genie is out of the bottle and that private data is part of the commons or we must guard our privacy more jealously than ever before.
It’s possible of course that the genie is already long gone: if nobody can reasonably protect all of their private data then data privacy really is an out of date concept.
Quite reasonably John asks, in a world of Google Glasses and commercial video satellites, “Where will you hide tomorrow?”
I think the answer to that will depend on how much money you have. So long as private data has a value there will be a market for those acquiring it and a market for those protecting it.
If always-on video surveillance makes it harder for individuals to be private then I suspect it will simply increase the value of privacy, the amount somebody is prepared to pay for privacy and the financial rewards for anyone who can provide it.
Far from an egalitarian data commons that renders privacy moot, I expect that we’ll see stratification with the wealthy being able to afford more and better privacy options than the poor.
Data is the crop that powers the information economy and we’re all smallholders. That economy is still only in its early years but your personal harvest of private data is already valuable (if it weren’t there would be no identity theft and no such thing as a supermarket loyalty card).
4,000 years ago, farmers got together to build city walls around their grain surpluses. In 2014 we’ve only just realised we should be encrypting the connections between our data centres.
We have a long way to go before we can say we understand the significance of our data or that we’re managing it well. Until we can say that, and until we understand the long term consequences of our privacy choices, I think we must act with great caution before making any of our personal data less private.