Recently Ben Way (@bway) tweeted the following question to me:
That is an outstanding question, and since this topic is so broad, the greatest challenge is where to begin.
Though news of PRISM certainly shocked many people, information technology professionals appear to have been more surprised by the fact it was exposed than by the fact that it existed. I believe it would be naïve to think there are not other, similar programs. In addition, reports of deliberate, coordinated, well funded intrusions by organized crime, nation states, and hacktivists are certainly on the rise. Many people, and certainly information technology professionals, have been long aware of the precautions required in order to protect information that is internet accessible. However, I do believe these risks have evolved dramatically.
With the advent of extremely inexpensive high performance computing and big data analytics – now accessible to virtually everyone – we can no longer protect our information simply by hiding our teaspoon of information in the internet’s ocean of data. Though I believe our definition of privacy began to change long before the rise of these increased threats.
People have gradually become more comfortable sharing more and more information publicly. Certainly social networks have done a lot to drive this trend. Social networks like MySpace and Facebook, which cater to well-bounded social groups (e.g.: families), provided people with at least the perception of a “safe place” to hone their digital-social skills. Whether that safety was real or simply perception, people of all ages have become more skilled at sharing.
People are much more savvy than ever regarding what they should and should not share – what might be harmful to themselves or others. Some of this was learned within the “safety” of their own social circles, and much has been learned from the mistakes of others. (Anyone for some Tiger Blood?) I believe that this increased knowledge and comfort brings with it the side effect that people are now thinking a little less about their own privacy. They are less conscious of it. This has also led to a change in our perception of both what is private, and how to ensure things are private.
This evolution started a long time ago. I recall reading about a study that asked why Millennials, who were then teenagers, shared so much incredibly personal information on social media sites like Facebook. The article stated that the teens perceived the social media sites in the same way they might think about physical locations such as their own bedroom. There were certain things that were obviously private, and they would be upset about an unsolicited comment from a parent, relative, or even a friend not directly involved in a conversation even though it was open to all of them. They were upset about this in the same way they would have been upset if you had put a stethoscope against the door to their room and listened to a private conversation they were having with one of their friends. They expected everyone to understand their privacy boundaries and to respect them. They did not believe that any privacy measures (i.e.: account security) should be required for that. “You should know better”. So their expectation, and definition, of privacy was even further evolved. And it is still evolving.
A recent study by Cisco found that only 60% of Millennials were aware of IT compliance policies at work, and 80% of those who were aware did not comply. Think about that. Only 8% paid attention to, and were compliant with, IT policies. In addition, 66% felt that IT had no right to monitor their activity even when they were using a company owned device on a company owned network. That expectation is strongly aligned with what was learned about them in the social media study earlier in their lives.
So our definition of privacy has certainly changed. And though there are some differences between generations, I think everyone’s definition of privacy is evolving. I also believe this began long ago, perhaps long before we began to really think about it. This evolution in our privacy expectation is not only an information technology phenomenon. Disagree? Consider the following. For years we have accepted surveillance cameras watching us go about our daily tasks. It’s not a new phenomenon. While writing this I found an article from 2007 that stated people in the United States were then on camera an average of 75 times a day, and another from 2004 entitled “How average Briton is caught on camera 300 times a day”. Whether you agree those numbers are exact it is clear that we have accepted this as routine. It is no longer a headline story. Perhaps something for a “slow news day.”
So, back to the question: “Do you think privacy is dead?” I think the easy answer is “yes” if we stick strictly to a comparison of its former definitions. Though I do not think that is the most useful way to consider this topic. I believe our perceptions and expectations of privacy are changing. Privacy as we knew it is most certainly dead. So we need to ask whether our current definition, our current expectations are good for us. And we need to make sure that everyone knows: though many, perhaps even most, people will respect your expectation of privacy, many will not. And those that will not are likely those you most want to protect it from.
Is our privacy expectation evolving in the right direction? Please add your voice to the discussion. This is one we had better get right.