- Denise Anthony: Facebook's new protections, enhancement of e-mail privacy act good news
- Anthony: But we need to protect privacy of purchases, websites we visit, personal data
- The idea privacy is something an individual can own and sell is bad strategy, she says
- Anthony: Privacy can't be regulated alone; it's a social, community bond
Facebook recently announced new privacy controls that enable users not only to limit how their information is shared, but also to better understand how that information is exposed to others. Increased transparency and strong, simple privacy controls like these are practices more companies should embrace.
Facebook's changes follow a recent move by a Senate panel to approve a bill that would require law enforcement to get a warrant before reading private e-mail. This proposed change to the outdated 1986 Electronic Communications Privacy Act is good news -- and not just for the likes of Gen. David Petraeus, who would rather their compromising situations remain private.
Both actions are important steps toward improving privacy protections online, but we have a long way to go -- because it's not only e-mails and social networks we might want to keep private. What about our purchases, the websites we visit, or our personal details?
Consider my own recent experience. A friend reached out to me, concerned over the profile he had seen of me on a dating website. I was listed as a widow and, as he and I both knew, my husband is still very much alive. And married.
To my horror, someone had set up a dating profile for me, using information easily gleaned from the Web: my name, my photo, the university where I teach, the number of my children. All of it was accurate except two claims: I was a widow and that I was "looking for a relationship.''
Many privacy advocates and information security experts react to examples like mine with calls for more consumer control of information. If we treated personal information like private property akin to a home or car, the argument goes, then I would have the power to decide when and to whom to "sell" or license my information, and of course would have a case against the dating website for "stealing" it.
But responding to the ever-expanding market in private information by participating in its sale seems to only legitimatize and promote, not limit, the practice. More important, viewing privacy as an individual problem to be fixed by individual property rights will not lower our risks because it fails to take into account the social value of privacy.
One obvious social value is in protecting personal details -- name, occupation, marital status. The problem with the dating site profile wasn't that I didn't get paid for my information. It's that its misrepresentations could have had serious consequences for my personal life and my reputation.
I have a strong interest in ensuring reported facts about me are correct: We all do. Much of modern social and economic life would be impossible without reliance on such facts.
Privacy enhances social relationships, both private and contractual. I share information with my doctor not simply because I value her services and expect confidentiality, but because I trust her and value our relationship. In health care, patients must be willing to disclose personal and intimate information to clinicians.
If someone exposed to HIV or bird flu were not willing to tell a doctor because of privacy concerns, not only would his or her health suffer, but the health of all would be endangered.
Probably the most important social value related to privacy is its role in civic engagement, which of course includes voting, but also the ability to interact freely without surveillance. Although we worry mostly about government agents snooping on us, corporate and third-party surveillance of online communications, relationships and activities has increased significantly in the past decade.
Most forces in the marketplace encourage companies to exploit rather than protect consumers' private information. Businesses lack information accountability and fair information practice policies are weak. Online tracking of purchases, social networks, and locations for commercial gain could end up harming civic engagement in the same way that we worry government surveillance will do.
Because privacy is social, it is not a property of individuals. My "individual privacy" is actually created, and thus protected, by people I know, and my doctor, my bank, my telephone line, my voting booth, my library card. Privacy depends on social norms, professional ethics, organizational policies, legal rules and regulations and technical standards.
No one of these mechanisms -- technology, norms or laws -- determines or fully protects privacy, but in concert they do. To argue that the best way to bolster privacy is to make it an individual responsibility contradicts its actual social nature.
Another drawback: People might not be very good at managing their privacy by themselves. In the rush to adopt a new device or try a new application, many don't fully consider, or are even aware of, tradeoffs they might be making when they provide a lot of personal details.
New Facebook policies and the proposed strengthening of the electronic privacy act are important steps, but until we follow privacy-by-design technology, strengthen fair information practices, and encourage policies that recognize the social nature of privacy, our online world will continue to lack the mechanisms we need to promote and protect personal privacy.