The more of our lives that we put online, the less privacy we have. It is as simple as that. And this is a problem that will just get worse over time. You cannot be fully engaged on social networks, blogs, YouTube, Flickr, Twitter, FriendFeed, and all the rest without opening yourself up to phishers, scammers, and identity thieves. Something to think about since today is Data Privacy Day.
I spoke with Peter Cullen, Microsoft’s chief privacy strategist, about some of these issues. People are perhaps more freewheeling than they should be with their private information online, and corporations entrusted with our private data are not fully equipped to protect it. As Cullen put it:
Information is not just a currency of value, but a currency of crime.
That is something we should all be more aware of as we go about broadcasting every meal, plane ride, and bowel movement to our “friends” on the Web. Microsoft recently conducted some focus group research to find out consumer’s attitude toward privacy. He was surprised to find common attitudes toward privacy across different age groups and demographics. In general, people realize they are trading privacy for the value of being connected. Cullen summarized the findings for me.
- Sense of resignation. Once their data is online, they know that it is gone. They say, “I need to have this value, but I’m not sure my risks are being covered.”
- Calming Placebo Effect. All the subjects are employing some technology like anti-virus or deleting cookies, but they are not comfortable these are the right tools. It is like: “I’ll take this pill. I am not sure if it is helping me, but I am just going to close my eyes and feel better.”
- Concept of shared responsibility. They held themselves responsible for their own information. But there was a lack of understanding about how their information is being used.
In the end, consumers can only do so much to protect their privacy: use strong passwords with a combination of letters and numbers; never share personal information such as credit card or Social Security numbers online, and be careful with whom you share your name, address, age, or gender; make sure all on;line transaction are encrypted; look for sites with privacy certificates such as TRUSTe before giving up any personal data.
However, Cullen cautioned against attempts to put too much responsibility on consumers to protect their own data. The companies that store and manipulate the data need to act more like stewards and less like open vaults.
To learn more about data privacy, here are a few starting points. Or you can go to Data Privacy Day events being held around the world today (Microsoft is hosting one at the San Francisco Public Library that is open to the public).
[Image courtesy of Hitchcock via CUA]
This is a very important post.
How many people are truly aware of how much information they reveal online?
You should own your own data and your private information … not social networking sites, not search engines, not government.
I concur with your view that your data is yours to own and control at your discretion. I do believe though that there is room for our application of technology to evolve to a point where the applications are more than just social and fun. More than just sharing ‘interesting’ facts about our lives.
I envisage that we will evolve the use of technology to enable digital sharing our personal data. Call it a digital ID.
Interesting post – thanks for the link TechCrunch (twitter)
Funny you mention the digital ID – that’s a bag of worms!
In one regard it’s great. We can own our info in a centralized place, control access, identify stalkers and e-bullys if needed, etc…
On the other hand, forcing people to identify themselves online takes away net freedoms to some degree. Things like piracy and porn will probably suffer quite a bit, but even more mundane things like jobseeking and whatnot could be affected.
Or, if the digital ID is compromised, it could potentially be on par with real life identity theft…all because someone chose a weak password or something. Scary.
It’s a tough one to sort out…
This is a serious problem, and seems to be getting worse in these hard economic times. Several people I know have had credit cards that were “compromised” and all were used online. Protecting private information is becoming an important issue for all of us who work and shop online.
Mine just got compromised a few days ago. It’s been quite bad!
http://tinyurl.com/7uj5ay
This is why I can’t see Facebook Connect ever succeeding. Kids today never learned about staying anonymous on the web. They’re going to learn very quickly in an economy like this that potential employers can find out way too much about them.
Agreed. Has anyone looked at a potential employee’s social pages during the hiring process?
Here’s a article from last year:
http://www.busi...yers_get_o.html
I predict that in time two things will converge:
1) Kids will get savvier about what they share.
2) Employers won’t care as much.
Regarding #2, we all know that nobody is perfect. I think the culture of a prim and proper workplace being completely separate from our ‘real’ selves will diminish with time. When we see a picture of someone holding a beer or otherwise letting loose a bit, we’ll just say, “Yeah, we all do that once in a while.”
It won’t help with extreme cases, but I think the usual ‘college’ pictures won’t haunt this generation quite like it may have with the Boomers and Gen-X.
While we in tech tend to blend them a bit more, many who have less freedom in work and other areas of their lives like keeping their personal stuff out of work and their work stuff out of their personal lives, just to name one simple barrier that some like to maintain.
Linked In has, unfortunately, figured out ways to conflate my many email addresses, which could otherwise create natural barriers for my different data sets in all the YASNs.
The only way to add someone there is to know their email address in advance. Receiver of a email request is then asked to click on the request link, login (now they associate your new email together with your old account .. because an address they didn’t know you owned is suddenly associated with the account that originally used another email address to begin at linked in…).
It’s complicated.. which is why most people can’t really manage all the different ways companies are using data.
The answer is to have collective policy like the EU data policies.. though they have been dramatically weakened because the US has no data privacy laws to compare. And for users to always own their data, so that they are ultimately in control of it if they do find something that is problematic. But it’s a really hard problem to solve, and in the end, having different faceted identities (as in OpenID facets that allow users to keep conflation at bay) all seems like a much better way to manage all this than our current methods.
I didn’t know Optimus Prime worked at Microsoft!
Interesting then that this post about privacy should be published on the same site who willingly used private comments shared only between “friends” not so long ago for all to see! But then again, I guess that didn’t hurt anyone, right? http://www.tech...rolling-at-cbs/
Very good post.
People don’t understand (or care?) the privacy issues, including the young techy who are so confortable with Web 2.0 stuff and MySpace / FB / Twitter, FriendFeed, etc.
As an encryption software vendor, we meet two kind of people:
1 – People who are *very* concerned and use privacy/encryption techniques.
2 – The opposite : People who are not at all concerned and do not care.
In France, a newspaper published thie month the whole real life of a faceboook user (randomely choosen) !
The poor guide could not sleep after that : his all life, including very private stuffs were captured on FB without any hacking!
He did not understand what happened to him, not because he was not clever, but because he gave no thought on it when registering/setting on FB.
It seems if you’ve mixed two issues: security and privacy. Protecting your online identity and information like credit cards numbers from crooks is a different from not wanting co-workers and friends from discovering personal information about yourself that you’d rather not share with everyone.
The steps you need to take differ with both cases. There are solutions to the security issues, but I’m not sure we’ve figured out how to keep personal and professional lives separate online. It’s an interesting topic though.
I try my hand in tackling the privacy issue: http://tinyurl.com/dkpalb. I welcome any feedback.
I think people really don’t realize that people could get into there privet things that they have online.
I might like to remind the author of this article to: http://www.tech...rolling-at-cbs/
People need to remember that big companies like Google, Flickr and Facebook don’t always have YOUR best interest in mind either.
Take a look at one example here –
http://www.groo...casa-literally/
Something as innocent as Google Picasa poses serious Privacy concerns… and you might not even know it.
Do you know who has your face?
I think in the next few years this will be one of the biggest battles social networks will face. As the market matures and the interest somewhat fades (people start to lose potential job opportunities), I think the percentage of terminated accounts will start to rise. At some point, I think users will start to wonder about how wise it is to trust others with personal information.
Good points made by all and being in healthcare I try to put the word out to all, we are all mined on the internet today, so be very careful when using a real name on what you put out there, “what goes on the internet, stays on the internet”, called cache.
Unfortunately there are those industries who can mine and have the potential to use information for gain or denial of benefits, like health insurance, so use an alias or make sure everything you talk about jives all the way around to avoid problems. Clinical Trials now are becoming a big “social” event as they are being marketed, one through Facebook and My Space, so again I just say be careful and think about what information you want floating around out there. Just my 2cents worth here.
One way a person can protect their privacy is to create a separate online identity or a pen name like writers do. I think common sense should prevail in what is divulged online. Naturally you wouldn’t put your exact address, phone number and place of work or school online for identity thieves and weirdoes to use. You also hopefully wouldn’t talk in great detail if at all about where you work because that could cause you some headaches with your employer. Sadly common sense isn’t all that common.
Sapphire: I think lots of people do that on bulletin boards and forums. But how is that really possible on LinkedIn or Facebook?
And what happens when you personally use Twitter, Facebook, LinkedIn, etc. and then your company begins to push their employees to use social media at work (as part of their jobs)? Now you’re being forced to mesh professional and personally — and that can be awkward and even fatal to your career.
For example: What if you’re gay and not out of the closet at work – yet it’s obvious from your Facebook profile?
What if you support all kinds of liberal/green organizations with buttons, widgets, etc. and your boss in a die-hard, angry Republican who hates liberals?
I could go on and on. Privacy is a very delicate and once its gone — its gone.
First off, I have used the same online alias since AOL 3.0. But now since I have been cross connected with employees and personal contacts on sites like Facebook, I am only hiding from unknown viewers of my profile. I feel secure enough with that.
When it comes to your private life and your public life, it reminds me of some guidence i had when I was younger at one of those Leadership camps. they said if you do things in your private life that you can be proud of, then you have nothing to hide in public. Your boss being politically opposite should be something you can share openly. If you can’t then you are probably not in a good environment to begin with. If you are gay and not out at work, maybe you should be. People should be accountable for what they believe in, if it offends them or not. I think it is better to know the bigots from the non-bigots, then to think there are none. At least then you can agree to disagree and stop pretending you’re on the same page. (I preach) Love yourself for who you are not and others will follow your example.
well said – thank you for the much needed reminders.
Protecting confidential information is largely the consumer’s responsibility. However, businesses must also take precaution to protect the confidential information of clients and employees. The Information Security services that we provide to our customers help to prevent online security breaches that can result in significant damages and expenses.
The potential of fortune waiting in the nebulous wings which will come pouring from the skies based on significant effort applied to my personal brand means absolutely nothing to me.
I never post one single word online with my actual name. I won’t blog with my actual name. I have much going on online- you’ll just never know who runs it, does it and produces it.
If I fail because I prefer my personal privacy over good fortune then I do so with complete and utterly satisfaction. Particularly since shiny cars, big houses and elitism also mean absolutely nothing to me.
It’s just sad how many pathetic people post their entire lives on the Internet just to get a moment of attention from a few people they don’t even really know. I just didn’t realize how many people are so insecure they need constant feedback from anyone willing to give them a minute or two of time.
One of the bigger privacy threats out there are not actually identity thieves but the state and big multinationals who will force to give up your personal data to get basic services.
Agreed. It’s ironic that one of the best ways to protect your privacy is to pirate instead of buying.
If you *have* got something to hide, and act accordingly, you have nothing to fear.
Price Waterhouse Cooper and Carnegie-Mellon’s CyLab have recent surveys that show the senior executive class to be, basically, clueless regarding IT risk and its tie to overall enterprise (business) risk. Data breaches and thefts are due to a lagging business culture – absent a new eCulture, breaches will, and continue to, increase, and identity and data are at risk. As CIO, I look for ways to help my business and IT teams further their education. Check your local library: A book that is required reading is “I.T. WARS: Managing the Business-Technology Weave in the New Millennium.” It also helps outside agencies understand your values and practices.
The author, David Scott, has an interview that is a great exposure: http://business.../DScott_02.html –
The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.
In the realm of risk, unmanaged possibilities become probabilities – read the book BEFORE you suffer a bad outcome.
Yep, since I give presentations about technology safety, just as a test, I did the following with some very tech-savvy individuals:
1. Became Facebook friend
2. Subscribed to their Twitter account
3. Checked out their Flickr account
4. Used whitepages.com to find their home address
4. Google Mapped directions to their home
Heck, these folks make it so easy. All the links are right on their page.
Now, think how many creeps are online doing the same thing.
Oh yeah, another interesting item. If you do email correspondence with someone on Craigslist, Facebook will be very happy to identify them for you. Ah, ain’t technology grand?
Price Waterhouse Cooper and Carnegie-Mellon’s CyLab have recent surveys that show the senior executive class to be, basically, clueless regarding IT risk and its tie to overall enterprise (business) risk. Data breaches and thefts are due to a lagging business culture – absent a new eCulture, breaches will, and continue to, increase. As CIO, I look for ways to help my business and IT teams further their education. Check your local library: A book that is required reading is “I.T. WARS: Managing the Business-Technology Weave in the New Millennium.” It also helps outside agencies understand your values and practices.
The author, David Scott, has an interview that is a great exposure: www dot businessforum dot com/DScott_02 dot html –
The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.
In the realm of risk, unmanaged possibilities become probabilities – read the book BEFORE you suffer a bad outcome.
Interesting post, i think it highlights some of the issues… but there are alternatives.
for instance — drop.io, our company, takes a totally different approach to the privacy question, attempting to make it simple and accessible. As much our thesis is about being a simple private data-sharing app, it is also about Foucault and how to avoid the dismal internet-as-panopticon tendency we face.
while stronger passwords, etc are nice – those don’t actually solve the longterm problem. Security IS a war of attrition.
Privacy, however, can and does take other forms. By focusing on transmitting only necessary data, ditching metadata, and moving away from identity centric/search/social applications we can go a long long way to building and leveraging great apps without sacrificing privacy.
I totally agree that people are right now forced to trade privacy for utility, but that is more symptomatic of a monolithic approach to app development — there are other ways…
and just wait until we and many others start getting aggressive about misinformation
— http://drop.io/swl goes deep on that one
I had a 450 lb. stalker guy show up at my office once. He found me on facebook. I no longer us a REAL NAME for anything online.
Amen
So you were that stalker guy ?
Hallo,
Ich hab mit der Tecadress AG aus der Schweiz sehr gute Erfahrungen gemacht.
Die Tecadress AG aus der Schweiz ist Europas führender Email List Provider.
Mit über 50 Millionen Email Adressen aus dem Deutschsprachigem Raum und bis zu 3000 verschiedenen Selektions-Möglichkeiten finden die auch deine Kunden.
Sie bieten eine Full-Service-Lösung für erfolgreiches E-Mail-Marketing. Von der richtigen Adresse bis zum Versand und Ausführlichem Report.
4 Millionen Email Firmen Adressen ( Direkt und Persönlich )
50 Millionen Privat Adressen
Professionelle Full Service Lösung im Email Marketing Bereich ( Adressen, Versand, Layout, Statistik, Beratung, Response )
Antispam Lösung Rechtlich Einwandfrei ( Double Optin Adressen )
http://www.tecadress.com
–