Monday, February 15, 2010

Don't Do Anything You Would Not Want Your Mother To Know About

Last time I wrote about government not being the one to protect your privacy. Now it is time to look at business as the guardian of your privacy.

The critical element, the one piece you should take away from this article, is that businesses are not here to help or protect you, they are here to make money any way they can. Businesses do not have a moral compass, they have a financial one. If they can make money at it, and the ramifications of getting caught are less than the financial benefit of the action, a business will probably take the action. It's a cost-benefit analysis, and that is all it is. Any business that claims they don't do something because it is not the right thing to do, because then they would not be a good corporate citizen, has done the analysis and determined that the financial impact of the action is too great.

But business climates change with the net result being that the business you trusted can suddenly turn on you. Witness Google, the company with whom mantra “First, do not wrong” is associated. Now, when the money is in linking people together, the new catch phrase is “If you don't want anyone to know, don't do it.” So if you've trusted Google with your address book, your bookmarks, your documents and your email, you have to start asking, what can they mine from that? What can they deduce that you haven't told your mother yet?

Consider the company that you do not directly interact with, like Omniture, Double Click, and AdBrite, who track your movement across the internet. How much information do they have about you, what sites you visit, who you buy from, what advertisements you click on. How much misinformation do they have about you? What can they deduce from your online actions that is just plain wrong?

What restrictions are placed on any of the data that these giant companies collect? The only restrictions are the restrictions placed by government, and then the only restrictions that are effective are the restrictions where the price for getting caught is higher than the benefit derived from the action. Remember it is a cost-benefit analysis.

So as the lowly consumer, as a natural person, what can you do to protect yourself from the behemoths of industry? There are two courses, first is to work with your government to limit what may be done with collected personal data. This puts me in the strange position of relying on the entities that I reproached in my last article. However, the reality is that only the legal system has the ability to direct the actions of legal persons with no moral compass, and the legal system is created and constrained by the government.

The second, and most effective means to protect your data, is to educate yourself. Learn how to enable all the privacy settings on all the system that you use. Keeping in mind that many of those systems benefit financially when you share more information, so they have an incentive to make it difficult to keep your data private.

I suppose there is a third option: Don't do anything you would not want your mother to know about.

Tuesday, February 9, 2010

Liberty, Privacy and Security

Relying on the government to protect your privacy is like asking a peeping tom to install your window blinds.” – John Perry Barlow

I find it amazing that a country with over 200 years of “liberty and justice for all”, can't seem to figure out that liberty and privacy and security are all tightly bound into a single knot. The RAND corporation figured it out and the European Convention on Human Rights spelled it out in 1953. But here in the states we seem to be muddling along under the impression that if everyone knows everything about everyone then no one will be at risk.

The number and breadth of the changes to US policy, laws and rules around personal privacy is staggering. While there is no explicit mention of privacy in the US Constitution or its Amendments, the Supreme Court has held on several occasions that privacy is one of the values served and protected by various amendments. Our government seems to be destroying those protections, asserting that if we give up a little more privacy at the airport, if we suffer the indignity of undressing for the inspectors, if we just allow the government access to our banking data, if we just require that all drivers licenses function as identity cards, if we only allow........ If we, the people, do not assert that the Constitution does apply to privacy and that we have the right to be private individuals then the cherished Constitution and it's Amendments will not be worth the parchment they are written on.

And so we find ourselves in interesting times. It may take our European brethren, survivors of more terrorist attacks than the US, to point out the folly of our ways. Perhaps by not allowing the US government access to the SWIFT banking records they will send us the message that a reduction in privacy does not translate to an increase in security. To paraphrase Ben Franklin: If we restrict privacy to attain security we will lose them both.

Perhaps it is time for the US to start considering who owns the private data of its citizens. Here we find a fundamental difference from our European counterparts. There a person owns their private data, they specify who can have it and for what purpose. In the states whomever holds the data owns it and can do with it as they wish – subject to certain legal restrictions aimed at curbing identity theft and preserving specific legally recognized confidential situations (e.g. lawyer/client, and physician/patient). How different it would be if each of us were in control of our data. Perhaps it would be safer too.