/Big Question/ Social security

04/03/2008 | Filed under Discover > Big Question

As Google, Facebook and other companies continue to draw attention over privacy concerns, what steps, if any, should be taken to protect our privacy online?

Academic
Robert Macredie
Brunel University

If it wasn’t so discredited as a response, I’d be tempted to say: education, education, education. The most important thing that people can do, assuming that they aren’t just going to abandon the internet and its applications, is to appreciate how they make themselves vulnerable by revealing elements of their personal information. Helping people to see the risks and the ways in which their information may be used will help them to protect their identities. But personal responsibility is only one side of this. The mass harvesting of data because of ‘holes’ in the systems, rather than the fault of the individual, is more of a worry to me. I think we’ll see more examples of this. Even if commercial sites manage to protect our data, recent examples suggest that we can rely on government departments to be less careful than we’d like with our personal data.

Rob is head of information systems, computing and mathematics and professor of interactive systems at Brunel University.

Accessibility expert
Julie Howell
Fortune Cookie

I think the mistakes most social networking and social utility sites are making are not around the privacy protection they provide. It’s a failure to communicate the value of privacy to their users. While some of us realise it’s not a good idea to include information about our identity, dodgy photos, etc, on a publicly available site, you only have to spend five minutes on You Tube or Facebook to discover that people aged 20 and below have no such qualms, and seem oblivious to any danger. But whose job is it to make younger web users take online privacy more seriously, and will they listen to a voice of authority anyway? Social networks do appear to be providing lots of privacy protection. But few people seem to make use of it.

Julie Howell is director of accessibility at Fortune Cookie, a UK-based web design agency.

Web filtering specialist
Eamonn Doyle
Bloxx

There needs to be wider education campaigns informing users of the dangers of placing their personal details on sites that could lead to identity theft implications, potential employers reading negative things about their personal lives or even the risk of physical stalking. Social networking sites should have clearer warnings on their sites about these implications so users are completely sure they want to place their details.

Mainly though, it comes down to common sense. You wouldn’t walk up to somebody random on the street and give them your house keys, bank details and family photos, so why would people want to do this online? Then again, common sense is not so common.

Eamonn Doyle is managing director of web filtering and internet blocking company Bloxx.

Activist
Oxblood Ruffin Hactivismo
www.hacktivismo.com

There are several ways of looking at this. There’s a certain school of thought that says, “F*** privacy, there is no privacy, get over it.” Although this statement is somewhat true it’s not exactly consoling. Then there’s another school suggesting that authenticity is more important than privacy. Meaning that it’s more important to prove who you are [digital signature] than protect your secrets [hello, identity theft], which aren’t many these days.

I think it boils down to this. We’re all free to walk around our homes [trusted networks] with the wedding tackle on display. But when we go into public [web space] it’s not a bad idea to zip up your trousers. The easiest way to do this is to use a pseudonym, just like on your chat client. People who know you know your real name and more about you; people who don’t get to interact with you but don’t get the real details. As far as Facebook goes, I cancelled my account two months ago. I don’t trust those morons as far as I can spit. I’m also getting ready to dump my Google mail account. I think it’s idiotic to let web behemoths bait and switch my privacy rights so they can make a dollar.

Oxblood Ruffin is the founder of Hactivismo, and is an active campaigner against web censorship.

Search expert
François Bourdoncle
Exalead

It is important that companies respect a user’s privacy in order to avoid any exploitation of personal information, whether intended or otherwise. This will not only create goodwill for the vendor but piece of mind for the user.
 
Users should make sure that personal information kept across the various online services can’t be linked with one another. This is particularly true with various services of the same portal (eg, search, email, chat, phone, online apps, online payment, etc), which are so easy to correlate through a single user ID and password.

François Bourdoncle is co-founder and CEO of Exalead.

Platform evangelist
Andrew Shorten
Adobe

Individuals need to take responsibility for protection of their identity and personal information online – no one else is going to do it for them. If the site doesn’t disclose a privacy policy or you are unsure as to how and where your personal information will be displayed or used then don’t enter the information. Education and awareness of the issue is needed to advise people as to the risks involved in exposing too much personal information.

Andrew Shorten is spreading the word about Flex, Flash, AIR, ColdFusion and Rich Internet Applications throughout Europe, the Middle East and Africa.

Interactive media
Paul Dawson
Conchango

Education, education, education. We know how to keep ourselves safe on the streets, but nobody teaches us what is and isn’t safe online. The group least concerned about internet security is those that know the internet best, according to surveys we’ve done; so that implies we need to teach kids in school, and the general public more widely.

Paul heads the user experience, design, branding and digital strategy team at Conchango, one of the UK’s top interactive agencies.

Web app expert
Deri Jones
SciVisum

Undoubtedly there will be pressure on politicians to start looking at new laws to protect privacy online, but these are likely to be too late and the wrong kind of approach. Interestingly, a very effective model from the early days of the internet in the UK could help point the way.

Back in the mid 90’s the UK ISPs were in communication through the membership body LINX – London Internet Neutral Exchange (I took part in the early formation of LINX and some of its early committees). At the time, concerns were first being raised about internet and child pornography, fuelled by newspaper columns and the occasional outspoken MP calling for major pieces of law that would make ISPs responsible for the content put up by their customers.

It was an emotional issue, and of course many folks’ first thoughts were that a ban was warranted and ISPs should enforce it. LINX set up a working group to look at the issue, which resulted in the founding in the UK of the IWF Internet Watch Foundation.

This successfully coordinated with police, child welfare groups and charities, MPs committees, etc, and over time prevented knee-jerk responses from Parliament that would have been nobly intended, but quite impossible to police and deliver. Instead, the existing legal landscape quietly expanded from its earlier paper/film/video basis, to cover the new realm of the internet; a sensible, practical transition.

The current privacy issue is also likely to enflame and become a media hot potato. Again, there is a chance for the industry together and help politicians avoid knee-jerk reactions.

Unfortunately, the internet community is much bigger and much more diverse, much less a community with common interests, and there is no equivalent to LINX to draw a joint response together.

As to what measures should be taken – firstly, I’m sure that users will learn quickly to be much less open with their private information online. In that respect the internet ‘culture’ will change quite rapidly over the next few years and it will become a lot less open.

Sensible measures that would enable the industry to self-regulate include: clear explicit advice to new users at sign up, outlining the dangers of exposing private information in forums, etc; links to information and advice on good practice; clear direction on where to get help if you think your information is misused etc; clear statements on what personal information a company or website will be keeping and for how long; and online methods that allow users to have their information removed.

Deri Jones is CEO of SciVisum, a web and application testing service based in Kent.