March 09, 2010, 12:32 PM — If the public wants online privacy it had better fight now for laws to protect it because businesses won't and individuals don't have the clout, security expert Bruce Schneier told RSA Conference.
Facebook's New Privacy Settings: 5 Things You Should KnowThe longer information-privacy policies go unset, the more likely it is that they never will be set, says Schneier, an author of books about security and CTO of security consultant BT Counterpane. As young people grow up with broad swaths of information about them in the public domain, they will lose any sense of privacy that older generations have.
And they will have no appreciation that lack of privacy shifts power over their lives from themselves to businesses or governments that do control their information. Laws protecting digital data that is routinely gathered about people are needed, he says. "The only lever that works is the legal lever," he says. "How can we expect the younger generation to do this when they don't even know the problem?"
As Schneier sees it, the problem is one of balancing control over data to maximize individuals' liberty. If individuals control data about themselves, that gives them liberty. If their information is controlled by the government, they lose liberty and power, he says. "If you give an individual privacy, he gets more power," Schneier says.
Similarly, if government is forced to work in the open and its information is public, that gives the people power over the government. Government secrecy shifts the power balance to government, he says.
Now routine transactions such as credit card payments, paying tolls via transponders and opening social media accounts such as Facebook all generate digital records that are much easier and less expensive to store than to sort and delete, he says. As a result, digital data never dies.
That is very different than what has happened for the rest of human history when fewer records or none at all were kept and after awhile, people forgot details about particular incidents. "We're a species that forgets stuff," he says. "We don't know what it's like to live in a world that never forgets."
Social networking puts more information about individuals in front of the public with the illusion that it is private. But social networks don't try to help preserve privacy, Schneier says, citing U.K. research that found all 43 social networking sites reviewed make privacy control settings difficult to find and to understand. And defaults are almost always set to allow maximum dispersal of data, he says.