Thursday, May 31, 2007

Is the Web Built on a Lack of Privacy?

There are some interesting observations in this TimesOnline article triggered by a BlueCross privacy breach: The web is built on a lack of privacy. The writer is Jonathan Weber, the founder and editor in chief of NewWest.Net, a regional news service focused on the Rocky Mountain West in the United States. As co-founder and editor in chief of the Industry Standard, Mr. Weber is no stranger to the vagaries of the digital age. I'm sure many of us share his righteous indignation:

A few weeks ago I got a letter from Empire Blue Cross, my one-time health insurer, explaining that there had been an unfortunate incident regarding my personal information (and that of my wife and children too, as it turned out). The letter explained at some length how the company had rigorous policies to insure the confidentiality of patient information, requiring that such information be encrypted and so forth. But the company didn't take the trouble to ensure that it's high-minded – and legally required – policy was actually being implemented, and a CD containing unencrypted personal information on many people, including me, had gone missing.
(To digress from privacy for a moment, this letter sounds like it was written by the same BlueCross hack that penned a recent letter to my wife and I informing us that, as a result of cost savings, increased efficiency, and improvements in health care, our monthly premium was being increased by 20%.)

Weber goes on to muse about the potentials for abuse now that so much data about us is stored somewhere out there, by somebody over whom we have scant control (often somebodies who themselves have less than complete control). Yet at the same time, it is our willingness to share information about ourselves that has enable many features of the web, not least of which is the amazing amount of valuable content that is dished up for free (where 'free' equals 'in return for knowledge about the person accessing the infrormation').


The extent to which people accept, or feel comfortable with, this state of affairs varies greatly, as you might expect (particularly if you have listened to my podcast on The Privacy Meter--plug, shameless plug). This is reflected in the comments on the article which display a range of privacy attitudes. They include the infamous quote from Scott McNealy, founder of Sun Microsystems: "You have no privacy. Get over it." (Note: This quote is almost always used out of context but has become a handy verbal marker, serving as everything from a rallying cry or portent of end times, depending upon the quoter's point of view).

The fact is, this stuff is complicated. Some people are more 'open' about their lives than others but you can be very 'open' and still object to careless handling of your data. On the other hand, some people who like their right to privacy have a tendency to confuse it with a right to anonymity, which gets even less of a mention in the Constitution and Bill of Rights than privacy.

There is also a non-trivial socio-economic element to choices about personal privacy. Some people can afford to let the world know all about them without fear of the economic consequences. As someone well-established in his profession, I don't see that much harm would come to me from announcing to the world that I am gay (I am not) but other people fear, sometimes with very real justification, that they will be discriminated against if some of their private choices are made public. The U.S. military's "Don't ask, don't tell" policy towards homosexuality would seem to be a case in point. (During the first 1o years of this policy some 10,000 members of the armed forces were discharged for being homosexual--suggesting that the policy's intent, respect for the privacy of military personnel, was somehow not met).

The whole area of medical privacy, which is where this post started, is a massively complex can of worms. Suppose I present myself to my doctor with a huge bruise on my leg. If the 'fact' that this bruise was caused by me skydiving (it was not) gets into 'the system,' then the cost of various insurance policies involving me could go even higher (yes, there is a data bank somewhere that stores information on your lifestyle and yes, insurance companies do consult it). In other words, if you're Bruce Willis and command $20 million per movie, you can do and say just about anything you like and not care who knows it. The rest of the world needs, for economic reasons, to be, to varying degrees, more circumspect.

No comments: