A mobile security consultant has laid out a couple of important principles which should guide business and government privacy discussions. He argues that government and big business do us a disservice when they argue that privacy is a binary thing –- you either operate completely out in the open, or completely in private. In fact, privacy is nuanced and layered.
Government and many big businesses are trying to press the case that we give up our privacy whenever we use the Internet or go outside, says Jonathan Zdziarski, a senior forensic scientist at the mobile security firm viaForensics.
But that's not how society works. In reality, if we make an effort to keep our communications private, others should not violate that privacy. That's how it works offline; if you have a conversation where no one can hear you, you should have a reasonable expectation of not being overheard. Somebody making an extra effort to snoop on your conversation is wrong, even if it happens in public.
Digital law follows that principle, at least sometimes. Consider password protection: Even if you have a bad password on your computer –- the word "password," or the numbers "123456" -– that doesn't mean other people have a right to crack open the lid and rifle through whatever they want, Zdziarski says.
"Many governments (including our own, here in the US) would have [their] citizens believe that privacy is a switch (that is, you either reasonably expect it, or you don't)," Zdziarski says in a blog post: "On Expectation of Privacy." "This has been demonstrated in many legal tests, and abused in many circumstances ranging from spying on electronic mail, to drones in our airspace monitoring the movements of private citizens."
But in reality, privacy has layers -- or "scope," he says.
While the legal system might have us believe that privacy is switched off the moment we step outside, the intent of our Constitution's Fourth Amendment (and our basic right, with or without it hard-coded into the Constitution) suggest otherwise; in fact, the Fourth Amendment was designed in part to protect the citizen in public. If our society can be convinced that privacy is a switch, however, then a government can make the case for flipping off that switch in any circumstance they want.
Zdziarski is right. But where things get tricky is when people use tools as they are designed to be used. Facebook and Google both track your behavior for the purpose of customizing results and displaying ads. Web servers dispense cookies, and browsers store them, for the purpose of tracking user activity. That is how those tools were designed -- and yet some people complain about the services doing just that.
On the one hand, it seems ridiculous for some people to complain about services that do precisely what they were designed to do. On the other hand, it's unclear where the line should be drawn on how Facebook and Google -- and companies like them -- should be allowed to use the information they collect.
Likewise, if a company like Target tracks your purchase history, that's fine. If it makes recommendations on products you might like based on your past purchase history, that's fine too. But when those recommendations make it obvious that you're pregnant, so that everybody who can see your mail can figure it out – then the company has crossed the line.
That example isn't hypothetical. Not too long ago, the father of a teenage girl angrily confronted a Target manager because the company was sending her promotional materials for baby care products. The father quite reasonably believed that the company was encouraging teen pregnancy. But then the father confronted his daughter and found she was, indeed, pregnant; Target knew that before she told him, based on her purchase records.
We're still making up the rules for digital privacy. But Zdziarski sets out an important principle, which should be enshrined both in company policy and in law: Privacy guidelines should respect the intentions of the person whose private information is being used. If that person has a reasonable expectation that information will be kept confidential, that intention should be honored. And if government is going to violate privacy, there are centuries-old mechanisms for doing so, by obtaining search warrants.
Younger Workers More Relaxed About Privacy
'Technopanic' Mounts Over Google's WiFi Privacy Violations
How Facebook Bucked the Privacy Trend
– Mitch Wagner , Editor in Chief, Internet Evolution