Culture: On Privacy, McNealy was Right...

TORONTO, ONTARIO - If you lived in Boston in the past decade--or just did any non-technical reading about technology--you likely have run into articles by Simson Garfinkel. Between MIT's "Technology Review" magazine and the Boston Globe, it seems like I read something by Garfinkel just about every time I turned around after the turn of the century. There's a reason why Garfinkel was published so often--he understands how changes in technology affect the consumer experience, and he can write well for an educated but non-technical audience. I've found myself following much of his advice over the years, whether it be converting old documents to .PDF files for archiving or not relying on the resources of Internet Service Providers which might soon go out of business.

Before the whole world seemingly started freaking out about Facebook's privacy policies, Garfinkel wrote an article on privacy for Technology Review, which appeared in the July/August 2009 issue (and isn't available on-line for free). The key point of his article--implied right in the title--was that it is no longer possible to avoid security concerns on the Internet. Whereas it was once possible to "abstain" from participating in the use of the Internet in order to maintain one's privacy at least to some degree, that is no longer possible. Garfinkel cites security cameras, reports on large transactions being sent to the government, and most importantly, commercial networked systems storing customer data even if they pay their bills in person with cash as examples of why an effort to remain immune is futile.

When Scott McNealy of Sun Microsystems made his famous 1999 statement that "You have zero privacy anyway--get over it," he was thought to be speaking about specific privacy features in financial products. Had people made the same case in 1999 that Garfinkel made ten years later, it would have been clear that McNealy was right in the sense of not being able to abstain, and it was time to shift the debate. Ultimately, this is why I consider all the discussion about Facebook to be a distraction--while a slightly different issue, ultimately the battle shouldn't be about individual mechanisms, it should be about broader policies.

Garfinkel said it better than I've ever seen it in the article:

It turns out that we essentially have the technology to solve [the privacy protection] problem in the digital world as well. Yet the solutions that have been developed aren't politically tenable--not only because of perceived costs but also, ironically, because of perceived privacy concerns.

Ultimately, as Garfinkel points out, privacy protection on-line is about trust, much like financial services are in large part about trust. There's a reason people talk about Facebook and not Google right now even though arguably they have similar information on end users--Google has largely earned society's trust, while Facebook has not. Yet, Garfinkel points out that the solution here likely takes the form of a "strong electronic identity system that's free to use and backed by the governments of the world--a true passport for online access." The force of government action would protect against misuse, much like government insurance keeps the financial system stable.

Obviously, the idea of government involvement will kill any serious pursuit of a strong, worldwide identification system because the United States political climate will never stand for it, and doing anything on the Internet without the United States would be futile. So, in the end we'll keep talking about Facebook, and not about trying to do anything substantive to actually protect personal information on the Internet.