The no-nonsense guide to digital privacy (Part 1: Risk)
There was a time when it could be reasonably assumed that doing something in the privacy of your own home meant that it would be private. Not anymore. Society craves convenience and connection. And that intersection is fundamentally incompatible with the definition of privacy: the state or condition of being free from being observed or disturbed by other people.
According to this definition, interaction on social media is not private. Purchasing an item from a company is not private. Hailing and sharing a ride is not private. And asking a search engine - programmed and operated by people, running on the public internet - a very personal question is, well, not actually a private action. And all of this is true no matter how credible the service you are buying from or using.
It’s time to recognize that privacy is no longer black and white. We are in many cases proactively deciding to be observed and disturbed. Within that, we as individuals need to make personal decisions about where we draw our own lines:
Which information we expect to be shared and which we don’t
Who should be allowed to access certain information and under what conditions
When ad targeting transitions from a nuisance to a destructive force
And while we need to hold government and corporations accountable, we also need to take appropriate actions ourselves to limit our exposure to the risks we care about most. That list will vary by the risk tolerance of each individual.
In this post - the first of a three-part series - I’m going to walk through various risks worth considering. In the next post, I explore methodologies and tactics I recommend using to reduce those risks. Finally, in the last installment, I tie it all together by exploring a range of everyday behaviors in which many people engage - posting to Facebook, sending a text, making an online purchase, etc. This collection of case studies will provide you with a clear mental model for how to balance the convenience and connectivity of modern life with the privacy risks.
Civic risk
It’s worth considering three types of civic risk:
The possibility that your own government - using legal, time-tested approaches - might be able to use your data against you (e.g. having reason to believe you are connected to a crime, gaining a warrant to see where you were at a certain time, and gaining circumstantial evidence that places you at the scene)
The possibility that your own government - using more modern, legally questionable approaches - might be able to use your data against you (e.g. doing the above, but using broad and possibly warrantless surveillance)
The possibility that a foreign government - outside of your law and jurisdiction completely - might be able to use your data not only against you, but your own government (e.g. a foreign nation influencing an election by being able to target you and your fellow citizens based on your demographics and beliefs)
Economic risk
Loans, insurance, housing. The markets that enable you not only to achieve upward mobility but in some cases simply survive rely on factors like a good credit score. Increasingly, though, they also rely on a myriad of behavioral factors linked to financial risk. This is bad news for people who are not careful about the privacy of their behavioral data.
Professional risk
It’s one thing to let your personality and humanity shine through at work, but it’s a whole other to let your professional network in on the most nuanced details of your personal life. It’s easier than ever to overshare - purposefully or otherwise - and this can lead to unnecessary bias and retaliation whether you are trying to land a job or participate in a project.
Social risk
Social risk can manifest in a variety of ways:
Highly targeted advertising can manipulate you into making purchases or even electing political candidates you otherwise wouldn’t have.
You can be shamed by close connections and strangers alike if the information gets into the wrong hands.
You can be stalked.