WikiLeaks And Web Tracking: Will Secrecy And Privacy Ever Be The Same?

by Dave Morgan, Dec 2, 2010, 5:00 PM

• Comment
• Recommend
• Tweet
• 

This week began with the extraordinary disclosure, orchestrated by WikiLeaks, of hundreds of thousands of once-secret U.S. diplomatic communications. Yesterday, the Federal Trade Commission called for a do-not-track List to put Internet users in control over what information is captured and stored about their Web browsing habits. In a world of ubiquitous digital networked communications, will secrecy and privacy ever be the same? Just because both involved the Internet, will some confuse the issues of personal privacy with the purposeful leaking of state secrets? Probably.

The U.S. government, its diplomats and its allies would clearly prefer that all of their internal communications be kept secret. Of course, they also want the contents of those communications to be available in real-time to other officials and contractors across the world who could potentially act on the intelligence contained in them. That is why diplomatic cables were transmitted and stored on a digital computer network accessible to many hundreds of thousands of people.

Many people would like to keep secret almost all of the information related to where they go, what they do, and even what media they consume online. Of course, they also want easy real-time access to all of the world 's information 24 hours a day, 7 days a week, and they want it for free on the Internet. Some perceive ad tracking as "theft" of their personal information, although very little of it can be tied back to anything more personal than their IP address.

I do not condone the actions of those who stole the secret diplomatic cables or WikiLeaks for promoting that theft (or "leak" depending on your perspective). Nor do I condone Web companies that track users without providing appropriate notice, transparency and choice. However, I do believe that as our society and government deal with each of these issues, I hope that their responses are rooted in the recognition that secrecy and privacy are not exactly the same. Also,  under any circumstances -- as we have known them in the past -- secrecy and privacy will not be the same in a digital future. Much less will be secret, and much less will be private. That may be a good thing. That may be a bad thing. But, that thing is our new reality nonetheless.

What might this transformation mean for us? Here are some thoughts:

Leaking of secrets is becoming easier. Lots of government secrets have been leaked throughout history. Anyone in the media business knows that. How do you think journalists get some of their more spectacular stories?  The Valerie Plame incident is a great example. Of course, formerly only a few top government officials controlled what secrets were leaked. But, today, a non-commissioned officer stationed in a war zone with the right passwords or hacking skills has that power.

The protection of privacy will be build into digital technologies. While providing foolproof privacy protection won't be easy, it will be possible  -- and we will see much more of it. Many digital and web companies will build it into their offerings from the beginning. They will do this not so much because governments require it. They will do it because their users will want  and will value it -- and it will give them a competitive advantage.

More focus on harms, not practices. It is very hard to regulate technologies and processes related to protecting secrecy and privacy, particularly in a digital world. They change too fast. Rather, governments and regulators will find themselves focusing more on policing and preventing harm - prosecuting leakers that break the law and tracking companies that harm users. This will not only be easier to do, but easier to define.

Public sensibilities on privacy will evolve. Over time, Web users will recognize that the Internet is a public space, not unlike public malls or streets. You may surf the Web from your bedroom, but your surfing takes you out of that private, protected place. Just as people can be recognized when they walk through public malls or streets, they will be recognized online if they haven't taken steps to prevent that recognition, which will probably mean that there will be many parts of the Web where they won't be able to go if they want to remain cloaked.

I have biases here for sure. As a former First Amendment lawyer for newspapers, I have always favored more transparency in government. Having worked in data-driven ad delivery in digital media, I have always believed advertising and recognition are costs that consumers who want free content and services may have to pay -- even if it seems on the surface to compromise their privacy.

What do you think?

• Comment
• Recommend
• Tweet
• 

0 comments on "WikiLeaks And Web Tracking: Will Secrecy And Privacy Ever Be The Same?".

1. Paula Lynn from Who Else Unlimited
   

   commented on: December 2, 2010 at 6:18 p.m.

   Freedom is not free; neither is privacy. Unless one/company is doing something illegal, it is mostly marketers who want our information for their own use to influence our decisions (to take our money or vote, etc.), blackmail or theft.

   Who has the right to find out what library books we read or books we buy in a store? Who pays for this? The same people who pay for our book privacy?

   We pay for an internet service. Perhaps it hasn't been made clear enough to content creators that the risk to earn a profit from their content is a .....risk. Value has a price. When one buys a computer program/service, is one not paying enough for privacy or secrets? What price privacy? Government transparency is not the same as hindering finding and prosecuting felons. What cost to medical facilities to keep people's privacy? What cost to people's multi-million dollar company investment to keep their recipes under wraps?

   What are we entitled to as in just taking things that we do not pay for - earned or gifted ?

2. R.j. Lewis from e-Healthcare Solutions, LLC
   

   commented on: December 2, 2010 at 8:38 p.m.

   Great piece Dave.
   - anonymous - ooops... ;)

3. Chris Simpson from AU/SOC
   

   commented on: December 3, 2010 at 4:45 p.m.

   
   Dave and many others are misleading readers with the claim that "very little of it [data captured online] can be tied back to anything more personal than their IP address."

   In reality, any data field or collection of data fields can be exploited to link different data harvests together to create a mosaic of identity. Thus, the IP address is a convenient identifier to link one record with (say) online browsing information with (say) data on name, address, affiliation, job title (etc.) gathered by online webinars and news services such as, well, Media Post, for example. This can in turn be linked via name and address to almost anything that turns up in google map, google earth or a score of geographic databases, or to a wide variety of public record data, and so on.

   The same basic process can be exploited using almost any data field; the IP address is a convenient starting point, but not required.

   Obviously, this process is prone to error, and particularly to false positives. Two things about that. The first is that the company that is holding the data can run iterative comparisons to (allegedly) improve statistical confidence in the compiled profile. Second and more important: The person being profiled is presently barred from seeing, correcting, or even knowing of the existence of the accumulated file. That means the digital 'profile' can readily be sold, repackaged, traded, etc., with impunity, regardless of the errors in its content.

   The claim that 'all we know is the IP address' is useful blather to tell to naive users, media, the Chamber of Commerce and other child-like creatures. But don't mistake it for reality.

   simpson@american.edu

4. Dave Morgan from Simulmedia
   

   commented on: December 3, 2010 at 6:22 p.m.

   Chris, Actually, I agree with you. I am a big believer and follower of the FTC's definition of "personal" as "any information which can be related to a particular person or device." I believe that such information should only be captured with explicit consent from users.
   Dave

Leave a Comment