Boztopia.com

Two really interesting and potentially far-reaching developments occurred in the past few days relating to online privacy and how we interact with each other through the Internets.

The first was Obama’s speech on cybersecurity, accompanying a massive review of the nation’s cyber-defense practices and recommendations for the future. In his speech, Obama admirably restated his commitment to protecting net neutrality while promising that coordinated cybersecurity would improve our fortifications against everything from careless employees with laptops to brute-force attacks on DOD firewalls.

The second was Microsoft’s announcement at E3 (Massive videogame convention here in L.A.) that XBox Live would soon contain social networking capability, e.g. the ability to use Twitter and Facebook directly from the XBox itself. You can sign in with your Twitter or Facebook account (just as you can on a host of other sites, even those that don’t use OpenID), and you may have the potential to do everything from play games against or with people in your network or post tweets from within the game when you’ve accomplished something, e.g. “@martinboz pwned @nickbollaert at Left 4 Dead.”

These two announcements may not seem to have a lot in common. To find the tying thread, I urge you to read Kevin’s post at Grinding, where he postulates that Facebook and its like will soon be the means by which the government profiles us. Quoth Kevin (mostly from Annalee Newitz at io9):

Just as the (currently, temporarily scrapped) National ID card system would have been carried on the backbone of private interests, it’s entirely likely that any form of identity policing on the internet would end up being, by and large, maintained by a pre-existing entity in the private sector.

More about what this means after the jump.

I’ve been warning for several years that more and more intelligence gathering by the government would be outsourced to the private sector, through use of massive data-sifting and scraping tools that comb everything from credit bureau records to medical histories to property taxes, and can build detailed profiles of Americans with a granular level of detail that would amaze the NSA. Worse, because private-sector entities are not bound by even the weak privacy laws that govern private entities, they will be free to do what they want with whatever they get. And what they get is a lot, because people are:

1) Too willing to hand over anything and everything about themselves without a second thought to a private entity

2) Too conditioned to do anything but offer the Pavlovian response that “It’s a business, and they can do what they want.”

The wide push towards a single, unified identity on the Internet has been underway for some time now, designed as a means of convenience, openness, and trust. That’s fine. But one of the great strengths of the Internet is not only its anonymity, but its ability to free you from the confines of identity and be who you wish to be. No one knows you’re a dog, but you can also be a cat, as I often say. Malleable identities mean lack (or loss) of reputation, but they also grant freedom from the confines and strictures of worrying that you’re going to be fired for what you say on FB–or that you’ll be targeted for surveillance as a result.

Let’s not forget that Obama, at a crucial moment, failed us when it came to protecting our rights against unconstitutional invasion of privacy.  I’ve forgiven him for this awful transgression, but I’ve never forgotten it, and I’ve been watching every development related to his stance on privacy and surveillance warily. I don’t have a lot of faith that he will consider the repercussions of letting the surveillance state (both governmental and corporate) trawl our social networks for data on us.

Consider also the big push for electronic medical records as part of the health care reform debate. There’s some good news on that front–my colleague Anne Zieger reported that the stimulus bill included a provision mandating that any data holder must inform the public if the breach is large enough, and that HIPAA (the nation’s medical privacy law) has been updated with new privacy protections. But the potential for abuse is monstrous. Imagine being denied medical coverage because you posted something about a particular illness on Facebook and it was found to not match your medical history, or being denied a job because your tweets about your illnesses were linked to your health care profile. Google, which has tremendous clout with the Obama administration, is all on the EMR train, and as I’ve written at length, they have both light and dark sides to contend with when it comes to your information.

I’m completely in favor of making social networks open and interoperable with each other, but I don’t favor the current system of closed, opaque entities like Twitter and Facebook having that level of control. Open networks and open microblogs (Dreamwidth and Identica, to name two) are good examples of an evolution beyond the closed system to the open one. I’m also completely a backer of the concept of democratized transparency, advanced by everyone from Jamais Cascio to Clay Shirky, where someone with a cameraphone and YouTube has as much power to tip the balance of a debate as any policymaker. But let’s not kid ourselves into thinking that we’re on a level playing field solely because of that. The ball is still squarely in the court of those who control the data flow.

In addition to promoting a culture of transparency, we should also, paradoxically, promote a culture of deception. I periodically will insert a few half-truths or great big fibs into my Twitter stream just to see who catches them. So far no one has. Either I’m a very good liar (likely), you don’t really care (equally likely), or the sheer amount of information we’re ejecting into the Internet-o-sphere makes it nigh-impossible to discern truth from lie. This is why data mining is no substitute for good-old-fashioned intelligence gathering–there’s so much noise and chaff that it can be nearly impossible to detect the signal without the most powerful tools.

Unfortunately, big business and big government alike have access to those tools, which means we need stronger laws and stronger oversight to ensure our privacy remains ours, not a commodity to be traded and sold among whichever social network will be hot in the next few years. The choice to give our information must be ours for a truly open Internet to flourish, and without knowing all the costs and benefits of creating a unified online identity, we can’t make the most informed choice.

And if we don’t make the choice, it’ll be taken away from us.