As we increasingly shift our lives and business dealings to online services, citizens, businesses and governments will need to resolve the requirements of data privacy with societal concerns such as law enforcement and national security.
As Bruce Schneier has often pointed out, too often the issue is falsely presented as a direct trade-off between privacy and security. That is, when it is discussed at all and not just taken as a working assumption.
Enhancing security does not necessitate encroaching on privacy, and limiting privacy might or might not deliver improved security.
Our data shadows cast a distorted and partial image of the reality in which we inhabit. We have always cast data shadows, though the information revolution has greatly expanded the number and size of the shadows and the ability to rapidly link the information together and share it with other parties.
Depending where we live, our society places various limits and allowances on what data can or must be collected, stored and used. These rules and societal norms originated when data was stored offline. To discover and correlate this information required effort and old fashioned investigative work.
These rules and societal norms are struggling to adapt to the consequences of still rapidly developing information revolution. Whereas once data items had to be acquired, assessed, stored and integrated one at a time, now we can do it wholesale. No longer just intercept one correspondence, listen to one phone call, or check one financial transaction, but potentially all of them, matched together across a broader statistical landscape.
What we deemed appropriate when it applied only to specific citizens during the period they were under investigation along with appropriate approvals and oversight, steps over the boundary when it applies to everybody, all the time and the information is held indefinitely - just in case it might one day be needed.
The risks to citizens are not as simple as insufficient protection from someone improperly accessing their private information. Systems and processes that are legitimized as being necessary for one purpose, such as counter-terrorism, are prone to scope creep and secondary use. In combination with the inherent uncertainty of wholesale data, this creates a propensity to a Kafkaesque bureaucratic quagmire.
Nothing to hide
The standard argument used against privacy is that if you have nothing to hide, then you have nothing to fear. But what if your combined data shadow generates a false positive for suspicious behaviour?
Regardless of whether you have actually done something wrong, without sufficient controls and protections, you are at risk of being mislabelled and treated accordingly. What if the large datasets of businesses or governments are inadequately protected and used for identify theft affecting you?
Even so-called anonymized data is often not so anonymous and can be vulnerable to re-identification or linkage attacks. For example, the research data set of search queries that AOL released in 2006, with anonymized IP addresses and user names was able to be cross-referenced between different search queries to narrow down sets of queries, re-identifying some individuals with their searches. A good example of a linkage attack was using data from the Internet Movie Database (IMDb) to partially de-anonymize the Netflix prize training data.
The promise of social networks such as Facebook, is that they give their users control over their information, such as who can view and access it. As many users have discovered from multiple privacy incidents, is that in a two-sided market, either you are the customer, or you are the product.
The extensive data that users willingly provide, determines their value to advertisers. The social networks, and other online services, want to maximize the availability and use of that data, but the brunt of the costs of their privacy and security decisions are borne by users.
Users of online services take different approaches to protecting their privacy, including avoiding using these services, using pseudonyms, minimizing the data they provide, being careful about their privacy settings and always using encrypted connections to access the service.
Key tools available for citizens wishing to protect themselves and their data shadows are strong encryption and distributed networks. Whether for encrypting files before storing them in cloud based storage services, using encrypted connections when connecting with online services, moving from centralized to distributed social networks such as Diaspora, or adopting anonymous crypto based digital currency such as Bitcoin.
It is likely that governments will increasingly implement data sovereignty requirements, with locally operating businesses being required to keep either all copies or a local copy of data within the local legal jurisdiction. From the citizen perspective, the hope in the medium to longer term is that they can bring an appropriate level of oversight, control and transparency to their governments without having to resort to the extreme of David Brin's transparent society.
Craig Skinner is a senior consultant at Ovum. For more information go to www.ovum.com