Privacy: A fragile boundary between private and public spheres
Privacy, the dictionary says, is a question of seclusion, retreat, retirement and the avoidance of notice or display. Privacy has to do with maintaining a frontier between the public and the private. It is generally thought of in spatial terms corresponding to the home and the family. In information terms, privacy is a question of protecting certain personally defined categories of information from use and abuse by others whether they represent market forces, the media, the State, politicians, criminals or other malevolent groups or individuals. Doing so is not so easy. Not only is the line between public and private a personal question which in addition varies according to circumstances, but also, in the Information Society, it is not always clear what information is being given away and to whom. Thanks to information technology, apparently insignificant fragments of information can be pieced together to create a significant if not revealing picture of the individual. The major question is, what personal information the individual wants to give away in electronic transactions with others and to what extent he or she is aware of and can control this process.
There are four broad categories of "loss" of privacy depending on how information is given away: willingly, unwittingly, unwillingly... or taken without permission.
Information given willingly
In many cases, people willingly give away information about themselves to companies or administrations in exchange for some service. It is becoming common on the Web for sites who ask visitors to hand over information about themselves to promise special treatment in return. The risk lies in possible abuse of this information. To what extent can the user have confidence in the site owners or those using it.
The most elaborate form of mutual exchange (and trust) is the virtual company as described by William H. Davidow and Michael S. Malone in "The Virtual Corporation" in which the company, its suppliers and its customers form a large community with shared vested interests and intense information exchange between them. The impact of shifting a part of the private sphere within such an alliance, dictated as it would be by market logic, remains to be seen.
Information given away unwittingly
Rumour has it that Beta versions of Windows 95 contained agent software capable of drawing up a list of all software on the PC where it was installed and downloading the information to Microsoft when the unwitting consumer linked up to Microsoft Network. Whether that be true or not, it is clear that, depending on how they are configured, Web Browsers are in a position to provide considerable information about their user. Moving around the Web leaves significant traces that the user may be quite unaware of. Increasing awareness of un-informed users seems a partial answer to the problem. Introducing codes of practice might be another.
Information given away unwillingly
Certain transactions require giving away information, not all of which is necessary, yet the electronic transaction may be configured in such a way that the user has no choice than to acquiesce or move on. This is particularly so in the payment and delivery of goods over the Net. Once again, establishing codes of practice or quality labels might be a partial solution. However, as network users are rarely organised in pressure groups, who is going to defend their interests?
Information taken without permission
Prying into people's private lives has always had its adepts. In the Information World, prying involves breaking into the person's personal computer space be it on his or her own computer or on a server containing information belonging to that person. It is interesting to wonder what will happen to this personal "space" - the inviolable area on your own computer where nobody else has access - with the introduction of distributed object software like the applets of Java. Prying can also involve intercepting messages. E-mail, for example, unless it is encrypted, can be read by almost anybody.
This brings us to the question of security. Security consists of protecting things of value. Clearly privacy could be a question of security, but the latter involves much more. Security of information involves not only protecting against theft, but also against malicious damage or wilful modification (fraud, forgery, misrepresentation,...). This task is all the more difficult in the intangible world of information where the very functioning of exchange and commerce requires that "goods" be readily accessible and duplicable. As such security becomes a question of finding the right balance between accessibility and protection.
A two-tier security system
Walter De Backer during a meeting of the security and privacy workgroup of Round Table #2 put forward the idea that two levels of security are needed. The first - a threshold security using low level encryption - acts as dissuasion rather like the envelope around a letter. It is a sign that says "Open me and you transgress!". In reality it offers no real guarantee of security, but for most cases - in particular concerning questions of privacy - it would be sufficient to discourage prying eyes. It is interesting to note that the feeling of security is not necessarily the result of a tangible reality. Take for example the communicating of credit card data. People are afraid of providing such information over the Internet but will willingly provide it over the phone or by fax, neither of which offers much additional security. The second level of security with strong encryption methods would be reserved for a limited number of cases where it is essential.
ISSN: 1664-834X Copyright © , Alan McCluskey, firstname.lastname@example.org