Privacy is a critical area for IT, and as social media and mobile extend potential privacy invasions into areas once considered safe, reasonable safeguards must be taken. But it has to be acknowledged that many restrictions — you’re not allowed to save this or to track that — are simply not going to work. If data can be accessed, it will be used and retained, and no rules or laws to the contrary will make any difference.
Two recent events make it clear how such attempts are futile. In Germany, a country where privacy is generally valued much higher than in the U.S., a mini-uproar erupted when the government was asked to not store the IP addresses of web visitors. A European Union court ultimately told the government it could go right ahead and save the addresses. And if the court had gone the other way, are we supposed to believe that thousands of government employees would have simply done without the data?
Then there was the dust-up when law enforcement started using a social media monitoring tool to pursue alleged criminals.
I understand the sensitivities involved, but tools and data that are generally accessible to people can’t be put into a box that’s off-limits to government, corporations or law enforcement. Restricting access to private data — think tax returns or medical exams — is a very different issue.
Data is sort of like the dinosaurs in the movie Jurassic Park as described by mathematician Ian Malcolm when he pushes back against park management for attempting to control dinosaur breeding: “The kind of control you’re attempting simply is not possible. If there is one thing the history of evolution has taught us it’s that life will not be contained. Life breaks free, it expands to new territories and crashes through barriers, painfully, maybe even dangerously.”
Data is no more controllable. Once data enters the internet, it will be accessed and logged and stored and analyzed and compared with a billion other pieces of data. You can’t legislate data access away.
This is why we need to rethink privacy expectations and make them more realistic. It’s often been said that privacy doesn’t exist anymore. That’s not true. But what is true is that a massive number of things that could be considered private 20 years ago no longer are.
Often, we have no one to blame other than ourselves. Years ago, Social Security numbers were considered sensitive and private. Then companies and schools started asking for them routinely and they became a makeshift identification number.
As that data became easy to find in web searches, Social Security numbers were no longer private. Impact: In 1970, asking for a Social Security number could be a reasonable identity verification. Today, not so much. And given how remarkably difficult it is to change one’s Social Security number, it is a huge privacy and security problem.
Sign up for Computerworld eNewsletters.