Nothing to hide
The standard argument used against privacy is that if you have nothing to hide, then you have nothing to fear. But what if your combined data shadow generates a false positive for suspicious behaviour?
Regardless of whether you have actually done something wrong, without sufficient controls and protections, you are at risk of being mislabelled and treated accordingly. What if the large datasets of businesses or governments are inadequately protected and used for identify theft affecting you?
Even so-called anonymized data is often not so anonymous and can be vulnerable to re-identification or linkage attacks. For example, the research data set of search queries that AOL released in 2006, with anonymized IP addresses and user names was able to be cross-referenced between different search queries to narrow down sets of queries, re-identifying some individuals with their searches. A good example of a linkage attack was using data from the Internet Movie Database (IMDb) to partially de-anonymize the Netflix prize training data.
The promise of social networks such as Facebook, is that they give their users control over their information, such as who can view and access it. As many users have discovered from multiple privacy incidents, is that in a two-sided market, either you are the customer, or you are the product.
The extensive data that users willingly provide, determines their value to advertisers. The social networks, and other online services, want to maximize the availability and use of that data, but the brunt of the costs of their privacy and security decisions are borne by users.
Users of online services take different approaches to protecting their privacy, including avoiding using these services, using pseudonyms, minimizing the data they provide, being careful about their privacy settings and always using encrypted connections to access the service.
Key tools available for citizens wishing to protect themselves and their data shadows are strong encryption and distributed networks. Whether for encrypting files before storing them in cloud based storage services, using encrypted connections when connecting with online services, moving from centralized to distributed social networks such as Diaspora, or adopting anonymous crypto based digital currency such as Bitcoin.
It is likely that governments will increasingly implement data sovereignty requirements, with locally operating businesses being required to keep either all copies or a local copy of data within the local legal jurisdiction. From the citizen perspective, the hope in the medium to longer term is that they can bring an appropriate level of oversight, control and transparency to their governments without having to resort to the extreme of David Brin's transparent society.
Craig Skinner is a senior consultant at Ovum. For more information go to www.ovum.com