The rest

Privacy is a techie problem… isn’t it?


Last week I gave a presentation at OtaSizzle project’s workshop on privacy. OtaSizzle is an initiative for building a living lab and services on four campuses around the world. Social interaction and related privacy questions are at its core. Here is a short(ish) version of my talk (although with a conclusion I wrote specifically for this blog).

Which is worse: having your credit card stolen and used, or having a photo of you half-naked and drunk publicly available on the Internet? If presented with an option to choose between the two, most of us would rather have our credit card stolen than have a (presumably) unwanted photograph of ourselves in the web.

Embarrassment, losing face, and damages to our reputation are the kind of privacy and security threats we are all familiar with. We have seen and read about social blunders on social networking sites (e.g., forgetting that our mom/boss/ex-spouse can read our status updates). The tabloid newspapers have also found social media to be a goldmine in getting access to private information about the social life of public figures and celebrities.

From the point of view of computer security and privacy protection in the cyberspace this change is fundamental. Traditionally, computer security and privacy has seen the most common threat to ordinary citizens being a malevolent third party hacking into bank accounts and credit card numbers. However, in the age of Facebook, the privacy and security threats people are more concerned about come from our friends, family, friends-of-friends, acquaintances, and their networks. How to protect ourselves from a relative who keeps on posting embarrassing baby pictures? What kind of a firewall can save us from friends who share all photographs, tweets, and status updates with the whole world?

Virus protection, secure protocols, P3P, and other tools from the computer security toolbox are impotent in the face of social media privacy threats.

To make matters even more complicated, we really can’t predict what kind of privacy risks and problems future technology holds for us. The Helsingin Sanomat Kuukausiliite (8/2011) had an excellent column: the journalist was killing time at a café looking at expensive cars, typing in the license plates into a text message service to get the name of the owner, and then googling who they were (and probably using Facebook and LinkedIn as well). Quite easily he was able to get basic information to amuse himself in the sense of “a-ha, so that kind of a person owns that kind of a car… and there he walks away from his car”.

The thing about this mash-up technology is that no one ever designed it as a whole. Nobody ever sat down, planned, and implemented such a service. Rather, the clever journalist only combined common and easy services together. And he was probably not the first one to amuse himself and others with this idea. But because the combination was emergent rather than specifically designed, it just points how difficult it is to predict what the bits and pieces of services and open databases enable tomorrow. Services are like Lego blocks and practically anyone can put them together to make something new. No crystal ball can anticipate all possible combinations and the privacy issues related.

With these two points in mind (a. traditional computer security is impotent, and b. future mash-ups are impossible to anticipate) few questions push themselves to the front row: Can the privacy issues in social media be solved with more computer science and engineering? Are we building technology to solve problems originally created by technology?

To answer the first question: No. The concept of privacy captures so much of our lives that applying solely scientific and/or technological approaches to it is simply silly. Privacy is one of those topics that shows how computer science and engineering has to change and adapt to influences outside its comfort zone, such as social sciences, humanities, and legal studies. Nevertheless, go ahead and google, for example, “privacy as a service” and you get 2 billion results trying to use computation and engineering to solve the problem.

To answer the second question: Yes. We live in a society where technological advancement is intertwined with continuous economical growth, and our way of living relies on the latter, and hence, we rely on the former as well. In other words, continuous technological change is integral to our society and culture. To sustain that, it is actually kind of comforting to think that we will never run out of requirements and needs for new technologies, because the old ones are prone to create the need for the new.

To wrap this up: Yes, the geeks will inherit the Earth (i.e., the technologists will have a growing influence in our society) but the geeks need to open the front door and let in lots of new people with fresh new non-technological (and dare I say antipositivistic) thinking. And once the geeks embrace the non-techies, perhaps our future is not written solely by engineers and scientists.