If the public wants online privacy it had better fight now for laws to protect it because businesses won't and individuals don't have the clout, security expert Bruce Schneier told RSA Conference.
The longer information-privacy policies go unset, the more likely it is that they never will be set, says Schneier, an author of books about security and CTO of security consultant BT Counterpane. As young people grow up with broad swaths of information about them in the public domain, they will lose any sense of privacy that older generations have.
[ InfoWorld's Roger Grimes explains how to stop data leaks in an enlightening 30-minute Webcast, Data Loss Prevention, which covers the tools and techniques used by experienced security pros. ]
And they will have no appreciation that lack of privacy shifts power over their lives from themselves to businesses or governments that do control their information. Laws protecting digital data that is routinely gathered about people are needed, he says. "The only lever that works is the legal lever," he says. "How can we expect the younger generation to do this when they don't even know the problem?"
As Schneier sees it, the problem is one of balancing control over data to maximize individuals' liberty. If individuals control data about themselves, that gives them liberty. If their information is controlled by the government, they lose liberty and power, he says. "If you give an individual privacy, he gets more power," Schneier says.
Similarly, if government is forced to work in the open and its information is public, that gives the people power over the government. Government secrecy shifts the power balance to government, he says.
Now routine transactions such as credit card payments, paying tolls via transponders and opening social media accounts such as Facebook all generate digital records that are much easier and less expensive to store than to sort and delete, he says. As a result, digital data never dies.
That is very different than what has happened for the rest of human history when fewer records or none at all were kept and after awhile, people forgot details about particular incidents. "We're a species that forgets stuff," he says. "We don't know what it's like to live in a world that never forgets."
Social networking puts more information about individuals in front of the public with the illusion that it is private. But social networks don't try to help preserve privacy, Schneier says, citing U.K. research that found all 43 social networking sites reviewed make privacy control settings difficult to find and to understand. And defaults are almost always set to allow maximum dispersal of data, he says.
That's because these sites and search engines such as Google gather data about the activities and interests of individuals as an integral part of their businesses, he says. "We're Google's product that Google sells to their customers," Schneier says. "We get all the privacy that Facebook allows."
Mediating interactions with other people through computers -- social networking -- calls for setting policies about how information in those interactions is handled. "It's not natural," he says. "We now need policies where we didn't before."But people growing up living more of their lives in public won't know anything else. "By the time you graduate high school, you've been dumped on Facebook, and you're used to it," he says.
This rubs many older people the wrong way, because control of that data alters the quality of their lives. "It's not our data, it's our life, and we want control," he says.
Technology is not the problem because technology is neutral. Policies about how technology can and cannot be used determine privacy, and the balance is changing away from privacy. "We can accept the new balance or set the balance," he says.
Read more about wide area network in Network World's Wide Area Network section.