Privacy op-ed in Sydney Morning Herald

Stephen had an opinion piece published by the broadsheet Sydney Morning Herald on 17 Feb 2010.

Home » Library » Privacy » Privacy op-ed in Sydney Morning Herald

See “An uphill battle for online privacy”.

The opinion piece embodies several themes:

  • it tries to redress the way that privacy advocates are unfairly portrayed by many
  • it provides a very personal counterpoint to the misconception that ‘if you’ve done nothing wrong, you’ve got nothing to hide’
  • it critiques Google’s Buzz
  • it argues that technologists are sometimes complacent about privacy.

As published, the article was heavily (but well) edited. The original text appears below, which is a little longer and more detailed, and perhaps a little more pointed.

An uphill battle for online privacy

[original text]

From time to time we’re told that “privacy is dead”. Yet the furore sparked last week by Google’s new Online Social Network “Buzz” proves that people don’t want their candour taken for granted.

With Buzz, Google plans to overtake Twitter and even the market leading Facebook. Buzz has the inside running, because it uses the information Google already has to mash up your g-mail account, your Picasa photos, and maybe even your search history.

A major misstep was for Buzz to create an instant circle of followers from the user’s address book. This is arguably an abuse of information collected for a different initial purpose, in what privacy advocates call function creep.
Re-use of information is the essence of Web 2.0, the latest phase of the Internet evolution. Advertisers try to guess your interests from your search history. Retailers promote their products direct to your smart phone when geo-location reveals your proximity to the store. And now the whole world can tell what football team I follow, because the bumper sticker on my car is visible outside my house on Google Maps.

The implicit assumption is that customers wish their digital lives to be all joined up. The temptation to take liberties with our personal information is heightened by the apparent lack of inhibition of the Web 2.0 generation.
The erosion of privacy suits the agendas of many. Like politicians on a post 9-11 national security bender, or Internet entrepreneurs who seek to cash in on their eye-in-the-sky knowledge of their customers’ habits.
Make no mistake: anyone who asserts that “privacy is dead” is trying to sell you something, whether it’s an ideology, or a new pair of runners as you leave the gym and walk through the mall and your mobile phone announces the presence of a exercise junkie.

There is some patchy evidence that Generation Y has a more carefree attitude to privacy, but whether this complacency will last as long as the typical teenager’s hotrod remains to be seen.
We should take these laissez faire attitudes with a grain of salt. Online social networking is tremendous fun. And there’s a suspension of disbelief at work when we surf the web that adds to the alluring tell-all environment. But even if Facebook is not just a fad, how should we extrapolate from adolescent risk taking to sober privacy law making?

We don’t let 21 year old males set road safety policy, and we shouldn’t let them set privacy policy either.

Privacy advocates tend tragically to be caricatured as extremists, hippies or paranoiacs. They’re regarded with suspicion, for a popular misconception is that “if you haven’t done anything wrong, you’ve got nothing to hide”. Privacy is far more complex than these clichés allow. It’s not just about secrecy; it’s about control.

I reckon I’m a fine upstanding citizen: middle-aged, respectable, and no criminal record. But I do have things to hide, or more subtly, revelations that I would want to control the timing of. For example, there are the inevitable episodes of youthful exuberance I’d prefer were kept secret (especially from my teenage kids!). And I rarely mix business with pleasure, so my politics for example is something that only my close friends know.
I imagine that if I bought St Johns Wort at an online supermarket I wouldn’t want the database administrator to work out I had depression, especially if nothing stopped the supermarket selling their shoppers’ behavioural data to a marketing company.

We must also be wary of technology. As the old saying goes, To err is human but to really foul something up takes a computer.
Imagine a future data-drenched society where your every movement is tracked, by tollbooths with number plate recognition, public transport tickets linked to credit cards, and biometric scanners at ATMs. Can you seriously imagine this matrix never making a mistake? Facial recognition may work perfectly in the movies but in real life biometrics are riddled with errors, with false alarms usually running at one or two percent. So it’s only a matter of time before a data mining computer goes ‘ping’, suggesting that I was in the wrong place at the wrong time. The march of progress means the onus of proof will increasingly fall on the falsely accused to explain themselves.

Truly, I am not paranoid, just principled. A decade of Internet experience proves what happens when information is collected: it’s exploited in ways that few predict. So when they say “information wants to be free” they’re not just talking about cost, but friction too. Information is a super-fluid.

The best way to head off these nightmare scenarios is to invoke fundamental privacy protections at every turn. Nobody should collect information about me without a clearly defined need. And no information about me should be used for unforeseen purposes without my consent.

The complacency of technologists and the easy contempt shown for principled privacy advocates means we face an uphill battle to retain control over our own affairs.