Doc Searls argues that if your privacy is in the hands of others alone, you don’t have any privacy.
If you think regulations are going to protect your privacy, you’re wrong. In fact they can make things worse, especially if they start with the assumption that your privacy is provided only by other parties, most of whom are incentivized to violate it.
I think Mr. Searls makes some good points. I’m in favor of privacy regulations, but I also agree that individuals need to manage their privacy better. Privacy should also be the default, and not a feature you have to pay for.
Check It Out: Your Privacy Can’t be Left up to Others
Andrew:
The Doc Searls article makes an important point, but ignores empirical evidence from other industries and disciplines.
It is true that, if one leaves privacy or even security entirely to others, then one effectively does not have it. Faith is not due diligence, let alone a business model. There is even a Hadith (saying attributed to the Prophet Muhammad) that says, ‘Trust in God, but tie your camel’. Sound advice.
That corporations may violate the spirit, if not the explicit terms (I’m looking at you, FB) of agreements or even regulations is no justification for not having them. Healthcare is a prime example of the reigning in of abuse by virtue, not simply of regulation alone, but oversight, a reporting system and serious criminal penalties for violation. All three of these must be brought to bear, and all of that before we get to two other tools of the trade.
The first is informed, written consent, based upon a document that is reviewed and approved by a third party tasked with protecting the public interest. The document must be understandable and sufficiently short that an average person without technical training can read and understand it; otherwise consent cannot be truly ‘informed’. The signee must ‘understand’ the terms.
Second is a question not being discussed, but relevant; confidentiality. The individual must not simply be vigilant about what they share, but be clear on whether or not this is to be kept confidential, and be apprised as to whom, and under what circumstances, others may be have access to such information.
Privacy and confidentiality are not the same, and both need to be protected not simply by regulation, but by the individual consumer as well as a third party monitor that either has punitive authority or will notify law enforcement if such violations occur.
Though imperfect, this model does work in other industries and needs to be applied to the tech world. We can sort out its imperfections later, as we do with other safeguards.