Friends or Fish? The Erosion of Privacy in an Online World
Marshall McLuhan and Bruce Powers predicted in 1981 that "the future holds for us a corporate individual who will accept the goldfish bowl as a natural habitat..."
I recently saw The Social Network. While everyone loves to hate Facebook—and some audience members who weren't already disposed to hate it now will—the film focuses mostly on the things we don't see when we use Facebook: the personality quirks and nasty competitive strategies of founder Mark Zuckerberg.
But most people's complaints about Facebook centre on its apparent contempt for privacy. Each time Facebook rolls out a new feature, it also sneaks in a few more ways that our personal information can be shared beyond what we intend unless we tweak some new privacy settings (that is, if we even noticed that they suddenly appeared). It is tempting to blame Facebook for intentionally obfuscating the process in order to nudge people towards sharing everything with the whole world. Zuckerberg doesn't deny this. He writes, "I'm trying to make the world a more open place." Ironically, he is a very private person himself. But he bets that you want people to know more about you.
Privacy is precious. Like virginity, it cannot be recovered once lost. But we usually take it for granted. It is recognized in retrospect once it has been violated.
In the Harvard Law Review of December 15, 1890, Samuel Warren and Louis Brandeis defended the right to privacy—"a general right of the individual to be let alone." Specifically, this principle protects people's character, confidentiality, and property. In the digital age, we might say it's the right to be left alone by telemarketers, spammers, and stalkers; to not have personal or embarrassing details of our lives revealed online; and to not have our identity appropriated by someone else. Strong legal precedents exist, but the courts are still constantly struggling to determine when our right to privacy can be overridden.
Marketers have a strong vested interest in getting us to give up our privacy. Companies compete for our attention and money in an ever-more saturated marketplace. They pit their right to "freedom of speech" against our right to be left alone. The more they know about our demographics, lifestyles, political preferences, and purchasing history, the better they can target us with new offers we can't refuse. They claim that the more precisely they can pigeonhole us, the more their ads will be interesting and useful, rather than annoying.
Yet we have increasingly and voluntarily given up information about ourselves—sometimes knowingly, and sometimes not. In The Naked Consumer: How Our Private Lives Become Public Commodities, Erik Larson details ways in which companies have been surreptitiously collecting information about our personal preferences and consumption habits for years. When combined with census records, that data can make a very powerful assault on our shopping resistance. Credit card purchases, consumer loyalty programs, rebate coupons, questionnaires on warranty cards about our income level and hobbies—all of these contribute to vast databases of consumer info that is traded around by secretive consumer intelligence companies.
"Web 2.0" and social networking have taken it a step further. The amount of personal information we knowingly share on sites like Facebook, Classmates.com, Ancestry.com, Pandora, and Yelp, is staggering: birthdate, gender, mother's maiden name, educational background, work history, musical tastes, where we live, where we've travelled, what shops and restaurants we frequent, how we vote, and so on. Many sites now link up with each other under a single login (Facebook, Google, and Microsoft are major gatekeepers). Needless to say, anything you share about yourself on one of those sites will be commingled with all your info from the other sites that use the same login, and a pretty accurate profile of who you are emerges. Advertisers are paying big money for such profiles. And identity thieves are on the prowl as well.
Nearly every website that asks for personal information now contains a link to its "privacy statement"—a clear indication that they are aware we're worried about these things. They assure us that they will not do anything untoward with our information. But who is to say that one company won't someday be bought by another who will disregard the privacy statement? And how many of us actually read the privacy statements anyway? I receive an email from PayPal about once a month saying they've updated their privacy statement yet again. I think they are wearing me down so that I won't notice someday when they introduce a clause that says "we will disclose your bank account number to anyone who will pay us enough for it."
Every time some new technology comes along that threatens to whittle away more of our privacy, we balk a little, then we get used to it—like the proverbial frog in the boiling water. When Gmail was first introduced, people were appalled that Google planned to fund the free service by scanning people's emails looking for keywords that could help focus advertising. But now nearly 200 million people worldwide are happily using Gmail. Google says they don't have time nor interest to actually sit there and read our emails, which is probably true, but the technology exists to be more invasive if the desire should ever arise. And it has. Earlier this year a Google engineer, David Barksdale, was fired for snooping into the email and voicemail accounts of several minors. Thankfully, he was caught. But he wasn't the first. I wonder how many others go undetected.
There is some confusion about how much can be known about our web surfing habits through the use of Internet "cookies." A basic cookie, which is a small file saved on our hard disk, just allows one particular website to remember what data we entered into it the last time we visited, in order to save us time on subsequent visits. But then there are "third-party cookies" which can be shared among websites. Ever noticed how uncanny it is that websites seems to serve you banner ads that relate to something you mentioned in a post on Facebook? Some people don't mind it. They want ads to be more relevant to them. Frankly, I find it creepy.
Concurrent with and intertwined with the development of privacy-invading technology are societal changes that have led to people being increasingly willing to divulge personal details. Jaded by watching the messed-up lives of celebrities, we now crave "reality TV" and other shows where self-disclosure is the norm (Jerry Springer, Judge Judy). Isolated from one another by our own technology, we long for meaningful connection with others, so we share our personal lives and thoughts on our blogs and Twitter. With cell phone cameras now ubiquitous, young people post compromising photos of themselves without regard to how that might affect future job opportunities. People now videotape their most intimate liaisons and share embarrassing vignettes of their loved ones' lives on YouTube. We forget the dignity of what it means to be human, created in the image of God.
In the realm of what should still be private, almost nothing is sacred anymore. There is even a website called Blippy that lets you share your credit card transaction history with all your friends. Who, you might ask, would want to do that?! But people do. We increasingly allow our friendships to be co-opted and monetized by external forces. What our friends "Like" will influence what we buy. Of course, it is nothing new to ask our friends for product recommendations on occasion, but in the past it was our choice, and it didn't dominate our relationships. Now it is becoming the driving motive behind these "free" websites that we think exist purely for our social enjoyment or convenience. (Guess again.)
Marshall McLuhan and Bruce Powers predicted in 1981 that "the future holds for us a corporate individual who will accept the goldfish bowl as a natural habitat, having recognized that electronic espionage has already become an art form." Thirty years later, we have arrived at that reality.
People have not always been as privacy conscious as we were in the West until recently. More communitarian societies privilege the group over the individual, and one's personal space or identity isn't as sacrosanct. However there is evidence of people valuing what we'd call "privacy" as far back as biblical times. Noah cursed his son Ham for revealing his nakedness, but blessed his sons Shem and Japheth who protected his privacy by covering him up. Joseph went to a private room so his brothers wouldn't see him weeping. Jesus often used to go off by himself for some private time to pray and be "left alone" by all the crowds who sought him out. He also taught in the Sermon on the Mount that our giving, praying, and fasting should be done in private. And he wanted certain things about himself kept secret: "Don't tell anyone," Jesus exhorted about the Transfiguration, "until the Son of Man has been raised from the dead."
These examples—and common sense—suggest that the right way to handle the erosion of privacy online is to be cautious and circumspect. One of the words for wisdom in Proverbs is mezimmah, translated variously as "shrewdness," "circumspection," or "discretion." It connotes hidden, private thinking. It can be negative (as in scheming) but it can also be positive, as "discretion will watch over you, understanding will guard you." And "I, wisdom, dwell with prudence, and I find knowledge and discretion."
There will always be a trade-off between the benefits of sharing more of our private information online and the risks associated with it. We must seek wisdom and be prudent, analyzing the costs before giving up a precious gift that we can never get back. Information published on the Internet, or aggregated in market intelligence databases, lasts forever. And identity recovery is very costly and time-consuming.
I leave you with some specific bits of advice:
- Don't disclose anything online that you wouldn't want to share with your mother, your future employer, or the most unethical company you can imagine.
- Always verify the security of any website you do trust with your personal data (be sure the URL starts with https: not http:, and that the security lock icon appears in your browser), and navigate there yourself by typing or pasting the URL, not by clicking on a link.
- Set your browser to block third-party cookies.
- Don't post your email address in machine readable format on any public forum; if you do want to share it, mask it with some clever scheme such as "john underscore doe at gee mail dot com."
- Use strong passwords (longer, mixed case, include numbers—not plain words or guessable data).
- Request your (free) credit report periodically from any or all of the big three credit reporting agencies—Equifax, Experian (TRW), and TransUnion—and look for any suspicious activity.
- Check your Facebook privacy settings regularly and keep them at the highest possible level.
Finally, honour and protect the privacy of your friends online just as you would in person. Don't ever give out your friends' email addresses without their permission. Don't forward emails without removing the addresses of the people who sent them to you. Don't post photos of your friends that they wouldn't have spread around themselves. Don't use your friends as leverage for getting better deals on products. If you want to have real friends and keep your friends, be a real friend.