Privacy

Electrical

I was asked in an email why I thought that Google Buzz thing was such a big deal, so here goes. Other, smarter people have written a lot about privacy as a human right as well as a practice, notably Bruce Schneier:

Privacy protects us from abuses by those in power, even if we’re doing nothing wrong at the time of surveillance.

We do nothing wrong when we make love or go to the bathroom. We are not deliberately hiding anything when we seek out private places for reflection or conversation. We keep private journals, sing in the privacy of the shower, and write letters to secret lovers and then burn them. Privacy is a basic human need.

But an equally telling anecdote might be an old bit from Cliff Stoll, from The Cuckoo’s Egg, a book now 20 years old, about early forms of data mining:

But there’s a deeper problem. Individually, public documents don’t contain classified information. But once you gather many documents together, they may reveal secrets. An order from an aircraft manufacturer for a load of titanium sure isn’t secret. Nor is the fact that they’re building a new bomber. But taken together, there’s a strong indicator that Boeing’s new bomber is made of titanium, and therefore must fly at supersonic speeds (since ordinary aluminum can’t resist high temperatures).
[...] Now, with computers and networks, you can match up data sets in minutes. [...] By analyzing public data with the help of computers, people can uncover secrets without ever seeing a classified database.

He was talking about classified military information, but that trick was published in a pulp paperback twenty years ago. It’s far easier to do that with people than it is performance specs; just publishing a friends’ list is more enough to figure out where most people live, work and where their kids go to school, and the people most interested in keeping some or all of their private lives private know it.

If you arbitrarily change what people are able to keep private:

  • For most people, nothing happens and life goes on.
  • Some smaller slice of the population might suffer some minor inconvenience, embarrassment, or relatively small financial loss, depending on their situation and the information revealed.
  • Some yet smaller demographic, at the confluence of the wrong circumstances and the wrong information, may suffer some large inconvenience, public humiliation or financial disaster that may be difficult or impossible to ever recover from.
  • And finally, for some small segment of the population, arbitrarily revealing information about them means that someone will figure out who, what or where they are, come to their home and kill them.

There is no way to know which people are which; you have to let them decide for themselves what to share.

Further, I have an obligation as a systems administrator (as does anyone who handles or has access to private information) to protect the people whose information is in my care. Not the information – the people, to risks they might incur via that information. I have no more right to expose that smallest segment of the population to that danger and fear than they would, if they had the capacity, to inflict that on me or anyone else.

Which is all to say, you never expose somebody’s personal information or change their privacy settings without their explicit, informed consent. To do so is wrong.

3 Comments

  1. Posted February 14, 2010 at 3:01 pm | Permalink

    There’s one minor flaw here. If you had already gone in and set up your Google profile when you started using Google’s services however long ago that may have been, and you had already set these preferences, IT DIDN’T CHANGE THEM. If you hadn’t bothered to, Buzz acted on the default settings. Congratulations, being lazy once again proves to have been a bad idea.

  2. Mike Hoye
    Posted February 14, 2010 at 3:06 pm | Permalink

    Buzz _did something new_ with your unchanged default settings, which is makes the distinction pretty hairsplitty and very much irrelevant to those affected.

  3. Posted February 14, 2010 at 5:23 pm | Permalink

    Incidentally, Google is reacting quickly to change things for the better: http://gmailblog.blogspot.com/2010/02/new-buzz-start-up-experience-based-on.html